When you've finished the development work for your Appsody project, you will have a containerized application that's ready to deploy to a suitable runtime infrastructure such as a cloud platform that hosts a Kubernetes cluster.
The Appsody CLI provides various options to help you with the transition from the development phase to the deployment phase:
appsody buildcommand to generate a deployment Docker image on your local Docker registry, and then manually deploy that image to your runtime platform of choice.
appsody deploycommand to build and deploy a Docker image directly to a Kubernetes cluster that you are using for testing or staging.
appsody build, which builds the application image and generates a deployment manifest. You can use the manifest to deploy your application to a Kubernetes environment where the Appsody operator is installed.
These deployment options are covered in more detail in the following sections.
When you use the Appsody CLI to develop your applications, a development Docker image of the target runtime is downloaded and run for you. This image differs slightly from the image that is used at deployment time, because it configures tools that are useful only during the development phase.
If you want to generate a deployment Docker image , use the
appsody build command.
appsody build command completes the following actions:
docker buildagainst the Dockerfile that was extracted on the previous step to produce a deployment image in your local Docker registry. If you want to give the image a name, specify the
-t <tag>parameter. If you run
appsody buildwith no parameters, the image is given a name that matches the name of your project.
app-deploy.yamlthat can be used to deploy your Appsody application.
If your project includes uppercase characters these are converted to lowercase characters in the image name because Docker does not accept uppercase characters in image tags. Also, if your project directory includes underscore characters, those will be converted to dashes (-), because certain areas of Kubernetes are not tolerant of underscore characters.
Here is an example of the output produced by the
appsody build command on a project named
appsody-project$ appsody build Extracting project from development environment Running command: docker[pull appsody/nodejs:0.2] Running command: docker[run --rm --name appsody-project-extract --entrypoint /bin/bash appsody/nodejs:0.2 -c if [ -f /project/Dockerfile ]; then echo "/project/Dockerfile"; else find / -type f -name Dockerfile; fi] Running command: docker[create --name appsody-project-extract -v /Users/mchilant/appsody-project/:/project/user-app appsody/nodejs:0.2] Running command: docker[cp appsody-project-extract:/project /Users/mchilant/.appsody/extract/appsody-project] Running command: docker[rm appsody-project-extract -f] Project extracted to /Users/mchilant/.appsody/extract/appsody-project Running command: docker[build -t appsody-project -f /Users/mchilant/.appsody/extract/appsody-project/Dockerfile /Users/mchilant/.appsody/extract/appsody-project] Built docker image appsody-project Created deployment manifest: /Users/mchilant/appsody-project/app-deploy.yaml
There are many options to deploy your Appsody applications to a Kubernetes cluster. The best approach depends on the specific scenario:
appsody deployis your best bet
appsody deploy command provides a way for you to deploy your application directly to a Kubernetes cluster. The stack contains a deployment manifest that can be consumed by the Appsody operator.
appsody deploy will install the operator, if necessary, and deploy your application to the cluster using that deployment manifest.
If you want to deploy your application without rebuilding the application image, or modifying the deployment manifest, you can run
appsody deploy --no-build
Kubernetes operators offer a powerful way to provide full lifecycle maintenance of a wide range of resources on Kubernetes clusters. In particular, they can install, upgrade, remove, and monitor application deployments. The recently published Appsody operator automates the installation and maintenance of a special type of Custom Resource Definitions (CRDs), called AppsodyApplication.
The Appsody stacks that are currently available include a template of such a CRD manifest. When you run
appsody deploy on a project created from one of the stacks enabled with those manifests, the CLI customizes the manifest with information that is specific to the deployment (such as namespace and project name), and submits the manifest to the Appsody operator on the Kubernetes cluster.
In fact, if your cluster does not already provide an operator,
appsody deploy will install one for you. You can also use the Appsody CLI to install an instance of the Appsody operator, without installing any applications. This can be achieved by running the
appsody operator install command.
Let's discuss some of the details behind the
appsody deploy and
appsody operator commands.
Before we delve into the details of
appsody deploy and
appsody operator, we need to spend a few words on how the Appsody operator works.
An operator monitors certain resources - it can detect when resource definition instances are added, removed, or changed, and take the appropriate action.
The Appsody operator monitors instances of the AppsodyApplication resource. It does so by "watching" a certain namespace, which is defined when the Appsody operator is installed. The operator can watch a single namespace, or all the namespaces in the cluster.
The operator itself, however, can be installed in its own namespace, which not necessarily coincides with the namespace it is watching. You can have an Appsody operator in namespace "abc" watching namespace "xyz".
You can also have multiple Appsody operators in a cluster, but only one operator can watch a certain namespace. Also, only one operator can be installed in any given namespace.
Lastly, if you have an Appsody operator that watches the entire cluster, that can be the only Appsody operator in the cluster.
When you run
appsody deploy on a project that is based on a stack that is enabled for the Appsody operator, this command will do the following:
The command can be run with or without a
-n flag. If that flag is omitted, you are targeting the
The command also accepts an optional
--knative flag, which instructs Appsody to deploy your application as a Knative service. More on this option in this section
When you want to remove your application, you can run:
appsody deploy delete
This command must be run from your Appsody project directory. It will attempt to remove the application you installed, but it will not touch the Appsody operator.
In certain cases, you may want to deploy one or more Appsody operators on your cluster ahead of time, and let developers deploy their applications to the cluster without them having to meddle with operator deployments.
appsody operator commands can be used to install or uninstall those operators. They take this form:
appsody operator install --namespace <operator namespace> --watchspace <watched namespace> appsody operator uninstall --namespace <operator namespace>
The first command attempts to install an Appsody operator in
operator namespace, watching the
watched namespace. If the
--watchspace flag is omitted, the watched namespace will default to the operator namespace. If both flags are omitted, both namespaces will be assumed to be the
The second command attempts to remove the Appsody operator installed in the
operator namespace, if there is one. When you run that command, the Appsody CLI will check whether there are Appsody applications that are present in the watched namespace associated with that operator. If there are any, the command will take no action and produce a message that suggests using the
--force flag to force the removal of the apps, as shown below:
appsody operator uninstall --namespace <operator namespace> --force
You can also install an Appsody operator that watches the entire cluster, using the following command:
appsody operator install --namespace <operator namespace> --watch-all
appsody deploy and
appsody operator commands involve the lookup and creation of a number of different resources, both in specific namespaces and at the cluster level.
In a typical local testing scenario, developers have full administrative rights on the entire cluster. In that case, no specific provisions need to be made in terms of granting permissions.
However, if a single cluster is shared across many development groups, it is common practice to restrict full access to resources by limiting it to a single namespace. An individual developer or a group of developers would have the ability to create, modify, and delete resources only in a certain namespace.
The use of
appsody deploy and
appsody operator commands, however, requires granting the following permissions:
In a shared cluster scenario, with developers limited to access their own namespace, we expect the most common pattern of usage will be the following:
Developers can use
appsody deploy -n <namespace> to target their own namespace. The first time
appsody deploy is used, the operator is installed and it watches the namespace of choice.
Only cluster administrators can use
appsody operator install -n <namespace> --watchspace <another namespace> to enable operators to watch across namespaces.
Under these assumptions, developers need to be granted the following permissions:
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: $NAMESPACE-user-full-access namespace: $NAMESPACE rules: - apiGroups: ["", "extensions", "apps", "autoscaling", "appsody.dev", "rbac.authorization.k8s.io"] resources: ["*"] verbs: ["*"] - apiGroups: ["batch"] resources: - jobs - cronjobs verbs: ["*"]
This role grants full access to resources in a certain namespace (substitute the
$NAMESPACE placeholder with the namespace name), including the Appsody operator resources.
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: $NAMESPACE-user-node-readonly-access rules: - apiGroups: ["", "apps", "autoscaling", "extensions"] resources: ["*"] verbs: ["get", "watch", "list"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["*"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["rolebindings"] verbs: ["get", "watch", "list"]
This ClusterRole allows users to lookup the necessary resources across namespaces, and to create CRDs anywhere in the cluster (which is required by the installation of the operator, in certain cases).
Once you have these roles in place, you need to create the appropriate RoleBinding and ClusterRoleBinding to bind your users or groups to them.
Appsody operators can be installed through different means - the Appsody CLI is one of the ways to get them installed.
The Appsody CLI assumes you have at most one Appsody operator per namespace. If you install the operator with the Appsody CLI, this constraint is enforced by the CLI itself. If you use different techniques to install the operator, make sure you do not install multiple operators in the same namespace.
The Appsody operators created by
appsody operator install or
appsody deploy watch only one namespace. However, the Appsody CLI operations
appsody operator install and
appsody deploy can tolerate an Appsody operator created by a different mechanism which watches multiple namespaces.
You can deploy your application as a Knative service on your target Kubernetes cluster by using the
--knative flag with the
appsody build or
appsody deploy commands. This action sets the flag
createKnativeService in the deployment manifest to
For your app to work as a Knative service, the following pre-requisites apply:
kubectlCLI to point to your Kubernetes cluster.
appsody deploy --knative command completes successfully, the Knative Service is operable at the URL specified in the command output.
If you have installed a Kubernetes cluster on your development workstation and want to use your local Docker image cache instead of pushing the image to Docker Hub, make sure you set up your Kubernetes cluster to consume images from the local Docker cache.
To deploy your Appsody project locally, run:
This command completes the following actions:
appsody buildand creates a deployment Docker image and a manifest file named
app-deploy.yaml, as described in the previous section.
--knativeflag, or if Knative is the only deployment option for your stack, the command tags the image with the special prefix
dev.local, making it accessible to your Kubernetes cluster (assuming you followed these directions)
app-deploy.yaml, is used to issue a
kubectl apply -fcommand against the target Kubernetes cluster so that the application can be deployed by the Appsody Operator.
If your cluster is configured to pull images from Docker Hub, use the following command to deploy your application:
appsody deploy -t <mynamespace/myrepository[:tag]> --push --namespace mynamespace [--knative]
The command completes the following actions:
appsody buildand creates a deployment image, as described in the previous section.
-t mynamespace/myrepository[:tag]flag tags the image.
--pushflag tells the Appsody CLI to push the image to Docker Hub.
app-deploy.yamlin the project directory, if one doesn’t exist already. If a deployment manifest file exists, this command updates the following entries within it: application image, labels, and annotations. In addition, the
createKnativeServiceentry is set to true if you specified the
kubectl apply -fcommand against the target Kubernetes cluster. The Yaml file is set to use the Appsody operator.
--namespace mynamespaceoption provisions the deployment under the specified Kubernetes namespace within your cluster.
If you don't specify
--push, the image is available only on your local Docker registry and the target Kubernetes cluster must be configured to have access to your local Docker registry.
If your cluster is configured to pull images from a custom registry, use the following command to deploy your application:
appsody deploy -t <mynamespace/myrepository[:tag]> --push-url <registry-url:PORT>
If you are specifying different push and pull registries, for example, you might want to push to an external registry and pull from an internal registry, use the following command:
appsody deploy -t <mynamespace/myrepository[:tag]> --push-url <external-registry-url:PORT> --pull-url <internal-registry-url:PORT>
Note: The pull registry url gets injected into the deployment manifest for Kubernetes to pull the correct image.
If you are running multiple Appsody projects on your workstation, you can use
appsody deploy and
appsody operator commands to get them deployed to a Kubernetes cluster. However, make sure that you run these commands one at a time, because those commands create temporary files that might lead to conflicts if created concurrently.
Some users have noticed that their code changes do not seem to be published to the target Kubernetes cluster after an initial deployment of the Appsody project through
The sequence of actions that leads to this behavior is as follows:
appsody deployto publish it to your test Kubernetes cluster.
This behavior can be explained by the fact that - if you simply issue
appsody deploy without explicitly tagging the image - you end up with a deployment manifest (the
app-deploy.yaml file) that is identical to the one that was used to deploy the application the first time. Therefore, Kubernetes will detect no differences in the deployment yaml, and will do nothing to update your app.
To ensure that the latest version of your app is pushed to the cluster, use the -t flag to add a unique tag every time you redeploy your app. Kubernetes then detects a change in the deployment manifest, and pushes your app to the cluster again. For example: appsody deploy -t dev.local/my-image:0.x, where x is a number that you increment every time you redeploy.
This deployment option is under development
Most likely, the deployment of apps created with the appsody CLI is going to occur through the invocation of a CI/CD build pipeline.
As a developer, you develop your app using the appsody CLI, and when you are ready to deploy, you push your code to a repo or create a pull request on GitHub.