Oracle by Example brandingIntegrating Oracle Cloud Infrastructure Container Engine For Kubernetes and Registry with Wercker

section 0Before You Begin

This 20-minute tutorial shows you how to push an image in Wercker to OCI Registry and deploy the image as a container to an existing OCI Container Engine for Kubernetes (OKE) cluster.

Background

As part of the Development process, developers write new code, and merge their code back into the master (source code). In this tutorial, the repository of this source code is GitHub.

Wercker is integrated into GitHub so that, for example, when there is a commit (new code, or changes are made to a branch or the master), Wercker can automatically build a container image.

In the case of a commit to master, Wercker runs a pipeline and builds the image, pushes the image to OCIR and then deploys the container to an instance of OKE, replacing the running containers/pods, and thus updating the application.

Process for Oracle Service Cloud integration
Description of the illustration [background-image.txt]

What Do You Need?


section 2Create Wercker application

In this section, you create a Wercker application of a GitHub application.

  1. Login to your GitHub account. Open the application wercker-oke-demo in Github and click Fork.
    GitHub Application File List
    Description of the illustration [t1a.txt]
  2. Select the wercker.yml file to open it.
    GitHub Application File List with wercker.yml selected.
    Description of the illustration [t1b.txt]
  3. Any Docker Image created by the Wercker application will be tagged with the corresponding Git commit that triggered its run. This is a Wercker best practice that ensures a given revision of your source is included in a known single artifact image. This aids in observability as well as making it easy to point Kubernetes at new changes to the application. The environment variables that need to be passed to Wercker will be:
    • DOCKER_USERNAME
    • DOCKER_PASSWORD
    • DOCKER_REPO
    werket.yml displayed
    Description of the illustration [t1c.txt]
  4. Open and login to your Wercker account. Click Create your first application.
    Wercker - Create your first application
    Description of the illustration [t1d.txt]
  5. Make sure your user is selected for #1 and GitHub is selected for #2 and click Next.
    Create New Application Wizard - Select User & SCM
    Description of the illustration [t1e.txt]
  6. Select the wercker-oke-demo application you previously forked and click Next.
    Create New Application Wizard - Select Repository
    Description of the illustration [t1f.txt]
  7. Accept the default to checkout the code and click Next.
    Create New Application Wizard - Setup SSH key
    Description of the illustration [t1g.txt]
  8. Click Create.
    Create New Application Wizard - Review
    Description of the illustration [t1h.txt]
  9. Your application was created successfully. In the next section, you define the environment variables. Click the Environment tab.
    Wercker Application Created successfully
    Description of the illustration [t2a.txt]

section 2Set Application Environment Variables

  1. Create each of the following environment variables and click Add after each one.
    • Docker Username must include the <tenancy name>/<username>
    • Docker Password is the auth_token for your cluster. Click Protected checkbox. NOTE: It must not contain a $ character.
    • Docker Repo must include <region-code>.ocir.io/<tenancy name>/<registry name>
    When done, click the Run tab.
    Wercker Application - Environment tab
    Description of the illustration [t2b.txt]
  2. Test that the application can be built and pushed to OCIR. Click the trigger a build now link at the bottom of the page.
    Wercker Application - trigger a build now
    Description of the illustration [t2c.txt]
  3. The build is completed successfully.
    Wercker Application Build completed successfully
    Description of the illustration [t2d.txt]
    Wercker Application Build push messages
    Description of the illustration [t2e.txt]

section 3Check OCI Registry

  1. To check that the images pushed successfully to the OCI Registry, login to your OCI instance.
    Oracle Cloud Infrastructure Sign In page
    Description of the illustration [t3a.txt]
  2. Choose the menu icon to display the options.
    OCI Home Page
    Description of the illustration [t3b.txt]
  3. Select Containers > Registry.
    OCI Left Navigator
    Description of the illustration [t3c.txt]
  4. The list of repositories in the OCI Registry is diplayed. Expand the repository to see the images you pushed.
    OCI Registry
    Description of the illustration [t3d.txt]

section 4Configure Cluster to Pull Images from OCI Registry

In order for the images to pulled during deployment, you need to configure the cluster by creating an image secret and setting some additional parameters in your Wercker application.

  1. Create an Image Secret for accessing OCIR. Open a Terminal Window and execute the following command:
    export KUBECONFIG=~/kubeconfig
    kubectl create secret docker-registry <SECRET NAME> --docker-server=<REGION.ocir.io> --docker-username='<TENANCY/OCI_USERNAME>' --docker-password='<AUTH_TOKEN>' --docker-email='<EMAIL>'
    Terminal Window - create image secret
    Description of the illustration [t4a.txt]
  2. Switch to GitHub and select the kubernetes_deployment.yml.template file.
    GitHub Application files
    Description of the illustration [t4b.txt]
  3. The Kubernetes configuration file that references the newly created image secret using the environment variable OKE_IMAGESECRET which you need to create as an environment variable in your Wercker application.
    Kubernetes configuration file
    Description of the illustration [t4c.txt]
  4. Switch to Wercker click the Environment tab.
    Wercker application - Runs
    Description of the illustration [t4d.txt]
  5. Enter the Key OKE_IMAGESECRET and Value <secret name> and click Add.
    Wercker Application - Environment
    Description of the illustration [t4e.txt]
  6. To review the script when a deploy to kubernetes is performed, switch to GitHub and open the wercker.yml file.
    GitHub Application files
    Description of the illustration [t4f.txt]
  7. Scroll to to the deploy-to-kubernetes area. The first step is that all the .template extensions are removed. Then it will move all the Kubernetes configuration files to a clean directory for consumption by kubectl commands.
    GitHub wercker.yml file - deploy-to-kubernetes
    Description of the illustration [t4g.txt]
  8. These steps in the configuration file do the following:
    • Set a timeout on the deployment of 60 seconds, giving the deployment time to successfully start the application's container before timing out.
    • Watch the status of the deployment until all pods have come up. If the timeout is hit this will immediately return a non zero exit code and cause the pipeline run to fail. This means your pipeline will succeed only if your application has been successfully deployed, otherwise it fails
    GitHub wercker.yml file - timeout change
    Description of the illustration [t4h3.txt]
  9. You can get the values for OKE_MASTER and OKE_TOKEN from the kubeconfig file. From your terminal window, enter
    cat kubeconfig
    Make a note of the server URL.
  10. cat kubeconfig file
    Description of the illustration [t4h1.txt]
  11. Scroll down to see the value for token.
  12. cat kubeconfig file continued
    Description of the illustration [t4h2.txt]
  13. Switch to Wercker to create the the following parameters under the Environment tab.
    • Key: OKE_MASTER: <server value from kubeconfig>
    • Key OKE_TOKEN: <token value from kubeconfig>
    Wercker Application - Environment variables
    Description of the illustration [t4i.txt]

section 5Add Workflow to Pipeline in Wercker Application

To deploy the OCI container to Kubernetes, you need to create a Deploy-to-Kubernetes workflow in your Wercker application.

  1. Switch to your Wercker application and click the Workflows tab.
    Wercker Application - Workflows
    Description of the illustration [t5aa.txt]
  2. Click Add New Pipeline.
    Wercker Application - Add pipeline
    Description of the illustration [t5a.txt]
  3. Enter deploy-to-kubernetes for both Name and YML Pipeline name and click Create.
    Wercker - Create New Pipeline
    Description of the illustration [t5b.txt]
  4. Click the Workflows tab.
    Wercker Application - Workflows tab.
    Description of the illustration [t5c.txt]
  5. In the Workflow Editor, click the ' + ', to create a new pipeline chain after the build. Select deploy-to-kubernetes for Execute pipeline and click Add.
    Wercker Application - Create Chain Pipeline
    Description of the illustration [t5d.txt]
  6. The new change in the workflow was created successfully. In the next section, you deploy the OCI image to kubernetes.
    Wercker Application - Workflow Review
    Description of the illustration [t5e.txt]

section 6Deploy the OCI Container to OCI Container Engine for Kubernetes

The pipeline automatically starts when you make a change to one of your application files in GitHub.

  1. Switch to your GitHub application and select the werker.yml file.
    GitHub Application files
    Description of the illustration [t4f.txt]
  2. Edit the file.
    GitHub wercker.yml file
    Description of the illustration [t4f1.txt]
  3. Scroll down to the set deployment timeout area and change the timeout to 300 seconds to make sure there is enough time to complete the deployment. Enter a description for commit and click Commit changes.
    GitHub wercker.yml file - timeout change
    Description of the illustration [t4h.txt]
  4. Your change was commited. Switch to Wercker and click the Runs tab.
    Wercker Application - Workflows tab
    Description of the illustration [t6k.txt]
  5. Note that the pipeline was executed automatically.
    Wercker Application - Build Execution
    Description of the illustration [t6m.txt]
  6. After the build completes the deploy workflow runs.
    Wercker Application - Deploy-to-Kubernetes Execution
    Description of the illustration [t6n.txt]
  7. Your deployment completed successfully. Click deploy-to-kubernetes to view the details.
    Wercker Application Deployed Successfully
    Description of the illustration [t6q.txt]
  8. Scroll to the bottom to verify that all the steps completed successfully.
    Wercker Application Step Results
    Description of the illustration [t6r.txt]
  9. Switch to Wercker and click the Runs tab.
    Wercker Application Results messages
    Description of the illustration [t6s.txt]


section 7Verifying Service in OCI Container Engine for Kubernetes

You can verify the service by running the app in OCI Container Engine for Kubernetes .

  1. From your terminal window, execute the following:
    export KUBECONFIG=~/kubeconfig
    kubectl proxy
    Terminal window - kubectl proxy
    Description of the illustration [t7a.txt]
  2. Open a NEW terminal window and execute the following. Copy the EXTERNAL-IP for get-ip to your clipboard.
    export KUBECONFIG=~/kubeconfig
    kubectl get services
    Terminal window - kubectl get services
    Description of the illustration [t7e.txt]
  3. Paste the value for EXTERNAL-IP into your browser to run the application.
    Browser window - run get-ip
    Description of the illustration [t7f.txt]