Building services with Kustomize¶
Omnistrate supports deploying Kustomize-based configurations as part of your service topology. Kustomize is a configuration management tool for Kubernetes that allows you to customize raw, template-free YAML files for Kubernetes deployments. This provides flexibility when handling multiple environments and customizing resources.
As part of the deployment, Omnistrate manages the following:
- Deploying a VPC / Subnets in the chosen region and chosen account (customer's or yours)
- Deploying a Kubernetes cluster in the chosen region
- Deploying NLBs w/ Nginx Ingress Controllers
- Deploying a Kubernetes Dashboard for you to monitor your deployments
- Deploying a Route53 Hosted Zone for your workload endpoints that you can configure through Kubernetes Service annotations
- Deploying an IAM role / Google Service Account for your workload to invoke Cloud Provider APIs / Services like S3
- Deploying a Kubernetes Role / RoleBinding for your workload to manage Kubernetes resources within the namespace of the deployment
- Configuring ACME TLS certificates that are auto-rotated
- Deploying your Helm charts with any customer specific configurations
Omnistrate fully supports these deployments as long as they are in a remote repository accessible to your deployment Kubernetes environment, rendering and deploying Kustomize templates with any customer or environment specific configurations.
Integrating Kustomize on your Service Plan¶
Before deploying your service, you should prepare a Kustomize stack, which enables various customizations for each deployment. Here is an example of a Kustomize stack designed for a specific deployment:
kustomization.yaml
resources:
- pg.yaml
- pgpv.yaml
- pgpvc.yaml
namespace: "{{ $sys.id }}"
configMapGenerator:
- name: pg-config
literals:
- defaultPassword=admin
- pgDefaultUsername={{ $var.username }}
- pgDefaultPassword={{ $var.password }}
pg.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-deployment
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:13
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: exampledb
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: pg-config
key: pgDefaultUsername
optional: false
- name: POSTGRES_PASSWORD
valueFrom:
configMapKeyRef:
name: pg-config
key: pgDefaultPassword
optional: false
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-storage
subPath: postgres
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: omnistrate.com/resource
operator: In
values:
- '{{ $sys.deployment.resourceID }}'
volumes:
- name: postgres-storage
persistentVolumeClaim:
claimName: "{{ $sys.id }}-pvc"
pgpv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: "{{ $sys.id }}-pv"
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
storageClassName: gp2
hostPath:
path: /mnt/data/postgres
pgpvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: "{{ $sys.id }}-pvc"
spec:
accessModes:
- ReadWriteOnce
storageClassName: omnistrate-platform-default
resources:
requests:
storage: 5Gi
Kustomize templates need to be available on a Github repository. One repository can contain multiple Kustomize stacks, and can be referenced using a specific git reference (tag or branch) and a folder patch withing that repository. Omnistrate allows you to configure a reference to a Git repository and path where the Kustomize stack is stored. When selecting a path for your repository Omnistrate expects the entire Kustomize definition to be under that folder structure.
Within the Kustomize templates, the Omnistrate platform provides system parameters that can be used to reference to information about the current cluster, for instance:
$sys.deploymentCell.publicSubnetIDs[i].id$sys.deploymentCell.privateSubnetIDs[i].id$sys.deploymentCell.region$sys.deploymentCell.cloudProviderNetworkID$sys.deploymentCell.cidrRange
You can inject these values into your Kustomize templates, and these values will be dynamically rendered during deployment.
Info
You can use system parameters to customize Kustomize templates. A detailed list of system parameters be found on Build Guides / System Parameters.
Registering a Service using a Kustomize Stack¶
Kustomize stacks are managed through a specification file that defines your overall service topology on Omnistrate. A complete description of the service plan specification can be found on Getting started / Service Plan Spec
Here is an example of using Kustomize to configure a SaaS service:
name: Kustomize
deployment:
hostedDeployment:
AwsAccountId: "<AWS_ID>"
AwsBootstrapRoleAccountArn: arn:aws:iam::<AWS_ID>:role/omnistrate-bootstrap-role
GcpProjectId: "<GCP_INFO>"
GcpProjectNumber: "<GCP_INFO>"
GcpServiceAccountEmail: "<GCP_INFO>"
services:
- name: kustomizeRoot
compute:
instanceTypes:
- name: t4g.small
cloudProvider: aws
- name: e2-medium
cloudProvider: gcp
network:
ports:
- 5432
kustomizeConfiguration:
kustomizePath: /correct
gitConfiguration:
reference: refs/tags/12.0
repositoryUrl: https://github.com/omnistrate-community/sample/TestKustomizeTemplate.git
apiParameters:
- key: username
description: Username
name: Username
type: String
modifiable: true
required: false
export: true
defaultValue: username
- key: password
description: Default DB Password
name: Password
type: String
modifiable: false
required: false
export: false
defaultValue: postgres
You can register this spec using our CLI: