This project demonstrates using docker and helm to deploy a django application to a k8s cluster.
The django project being used is https://github.com/shacker/gtd which is a full implemtation of https://github.com/shacker/django-todo application.
-
ansible - build and deploy helm chart to k8s cluster
-
docker - container engine
-
helm - package k8s resources
-
helmfile - install multiple charts at once
-
podman - to install minikube in M1 Apple Chip Macbook
-
minikube - setup a basic k8s cluster
-
kubernetes - container orchestration
-
uWSGI - python server
-
Caddy - web server
-
Supervisord - to run uWSGI and Caddy
- Apple M1
- MacOS Monterey
- Docker Desktop https://docs.docker.com/desktop/mac/install/
# Install Homebrew
bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install Ansible
brew install ansible
# Run Ansible Script
cd ansible
ansible-playbook playbook.yaml | tee output.log
minikube tunnel
Finally to access the webapp; headover to https://localhost
# Clear minikube
minikube delete --all --purge
# Stop Podman Machine
podman machine stop podman-machine-default
# Remove Podman Machine
podman machine rm podman-machine-default
Start docker-desktop on your computer then run the following command in your terminal
sudo docker-compose up --build -d
- Run the application
- Take settings from env
- Dockerize the application for development
- Docker compose for development mode
- Postgres docker container for development
- Setup k8s cluster using minikube
- Dockerize the application for prod
- Create a basic helm chart
- Add a deployment for the django app
- Install postgresql chart
- Make postgresql chart volume persistent
- Add config map and secrets for env
- Add an nginx ingress controller
- Install cert manager for self signed ssl key
- Encrypt helm secrets
- Write ansible task for generating trusted selfsigned CA cert
- Write ansible task for installing all dependencies
- Write ansible task for building docker image
- Write ansible task for deploying helm chart
- Instead of building the docker image in host system, the image is being built inside podman using minikube docker daemon. Although this significantly increases the build time, its a quick fix for avoiding M1/Arm architecture related issues.
- Wanted to implement encryption of secrets in helm values, but thought maybe its not too important right now. implemented them as b64 encoded k8s secrets for now.
- Automation of the steps are implemented as Ansible Tasks rather than roles for simplicities sake. Will change them to roles later on.