All Products
Search
Document Center

Deploy applications using images in Container Service Kubernetes clusters

Last Updated: Aug 06, 2019

?Container Service for Kubernetes provides enterprise-level high-performance and flexible management of Kubernetes containerized applications throughout the application lifecycle.This service simplifies cluster creation and expansion and integrates Alibaba Cloud capabilities in virtualization, storage, network, and security, providing an improved running environment for Kubernetes containerized applications.

EDAS allows you to deploy Container Service Kubernetes applications with images. The deployment steps are as follows:

  1. Create Container Service Kubernetes clusters
  2. Create images for Container Service Kubernetes applications
  3. Create and deploy Container Service Kubernetes applications

Prerequisites

Note: We recommend that you use the same account for Container Service and EDAS. If you use different accounts, make sure they belong to the same primary account and have been authorized.

Create Container Service Kubernetes clusters

You need to create a Container Service Kubernetes cluster in the Container Service console, and import the cluster into the EDAS console.

Create Container Service Kubernetes clusters

  1. Log on to the Container Service for Kubernetes console.

  2. In the left-side navigation pane, click Cluster. On the Clusters page, click Create Kubernetes Cluster in the upper-righter corner.

    In Container Service, you can create Kubernetes, Kubernetes hosting, and Multi-Zone Kubernetes clusters.Select any type as needed.

    • Create Kubernetes clusters: Three of the instances that you purchase and add must serve as master nodes. Applications cannot be deployed on these three instances.You can only deploy applications on the other instances (workers).
    • Create Kubernetes hosting clusters: All the instances that you purchase and add must serve as worker nodes. Applications can be deployed on these instances.
    • Create multi-zone Kubernetes clusters: In contrast to Kubernetes clusters, this type of cluster has nodes distributed in different zones. If one zone is unavailable, the nodes can work in other zones.Three of the instances that you purchase and add must serve as master nodes. Applications cannot be deployed on these three instances, but can only be deployed on the worker instances that you purchase separately.

Import a Container Service Kubernetes cluster

  1. Log on to the EDAS console.

  2. In the left-side navigation pane, choose Resource Management > Clusters.

  3. On the Clusters page, click Container Service K8S Cluster.On the Clusters page, select the Container Service Kubernetes cluster you created. In the Actions column, click Import. On the Import Kubernetes Cluster page that is displayed, click Import.

  4. When the option in the Actions column changes to Delete and the cluster status is Running, the Container Service Kubernetes cluster is successfully imported.

Create images for Container Service Kubernetes applications

This topic describes how to create custom images in HSF:

Note: Before creating an image for a Container Service Kubernetes application, read Restrictions on creating images.

Create a standard Dockerfile

Dockerfile is a configuration file in text format. You can use a Dockerfile to quickly create a custom image.A custom Dockerfile defines all instructions in the runtime environment for EDAS applications, including the instructions on downloading, installing, and starting JDK, Tomcat, WAR, and JAR packages.

By modifying the Dockerfile, you can replace the JDK version, modify the Tomcat configuration, change the runtime environment, and make other changes.

The following example (which is updated from time to time to introduce the latest EDAS features) shows how to create and deploy an application in EDAS.

Sample Dockerfile used to deploy applications on Ali-Tomcat with a WAR package

  1. FROM centos:7
  2. Maintainer: EDAS R&D team<edas-dev@list.alibaba-inc.com>
  3. # Install and package the required software
  4. RUN yum -y install wget unzip
  5. # Prepare JDK and Tomcat system variables
  6. ENV JAVA_HOME /usr/java/latest
  7. ENV CATALINA_HOME /home/admin/taobao-tomcat
  8. ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin
  9. # Set the EDAS-Container version
  10. ENV EDAS_CONTAINER_VERSION V3.5.0
  11. LABEL pandora V3.5.0
  12. # Download and install JDK 8
  13. RUN wget http://edas-hz.oss-cn-hangzhou.aliyuncs.com/agent/prod/files/jdk-8u191-linux-x64.rpm -O /tmp/jdk-8u191-linux-x64.rpm && \
  14. yum -y install /tmp/jdk-8u191-linux-x64.rpm && \
  15. rm -rf /tmp/jdk-8u191-linux-x64.rpm
  16. # Download and install Ali-Tomcat 7.0.85 to the /home/admin/taobao-tomcat directory
  17. RUN wget http://edas-hz.oss-cn-hangzhou.aliyuncs.com/edas-container/7.0.85/taobao-tomcat-production-7.0.85.tar.gz -O /tmp/taobao-tomcat.tar.gz && \
  18. mkdir -p ${CATALINA_HOME} && \
  19. tar -xvf /tmp/taobao-tomcat.tar.gz -C ${CATALINA_HOME} && \
  20. mv ${CATALINA_HOME}/taobao-tomcat-production-7.0.59.3/* ${CATALINA_HOME}/ && \
  21. rm -rf /tmp/taobao-tomcat.tar.gz ${CATALINA_HOME}/taobao-tomcat-production-7.0.59.3 && \
  22. chmod +x ${CATALINA_HOME}/bin/*sh
  23. # Download and install EDAS Container based on environment variables
  24. RUN wget http://edas-hz.oss-cn-hangzhou.aliyuncs.com/edas-plugins/edas.sar.${EDAS_CONTAINER_VERSION}/taobao-hsf.tgz -O /tmp/taobao-hsf.tgz && \
  25. tar -xvf /tmp/taobao-hsf.tgz -C ${CATALINA_HOME}/deploy/ && \
  26. rm -rf /tmp/taobao-hsf.tgz
  27. # Download and deploy the EDAS demo WAR package
  28. RUN wget http://edas.oss-cn-hangzhou.aliyuncs.com/demo/hello-edas.war -O /tmp/ROOT.war && \
  29. unzip /tmp/ROOT.war -d ${CATALINA_HOME}/deploy/ROOT/ && \
  30. rm -rf /tmp/ROOT.war
  31. # Set the Tomcat installation directory as the container startup directory, start Tomcat in run mode, and output the catalina log on the standard CLI.
  32. WORKDIR $CATALINA_HOME
  33. CMD ["catalina.sh", "run"]

Sample Dockerfile used to deploy applications on Ali-Tomcat with a JAR package

  1. FROM centos:7
  2. Maintainer: EDAS R&D team<edas-dev@list.alibaba-inc.com>
  3. # Install and package the required software
  4. RUN yum -y install wget unzip
  5. # Prepare JDK and Tomcat system variables
  6. ENV JAVA_HOME /usr/java/latest
  7. ENV CATALINA_HOME /home/admin/taobao-tomcat
  8. ENV PATH $PATH:$JAVA_HOME/bin
  9. # Set the EDAS-Container version
  10. ENV EDAS_CONTAINER_VERSION V3.5.0
  11. LABEL pandora V3.5.0
  12. # Download and install JDK 8
  13. RUN wget http://edas-hz.oss-cn-hangzhou.aliyuncs.com/agent/prod/files/jdk-8u191-linux-x64.rpm -O /tmp/jdk-8u191-linux-x64.rpm && \
  14. yum -y install /tmp/jdk-8u191-linux-x64.rpm && \
  15. rm -rf /tmp/jdk-8u191-linux-x64.rpm
  16. # Download and install EDAS Container to the /home/admin/taobao-tomcat directory based on environment variables
  17. RUN mkdir -p ${CATALINA_HOME}/deploy/
  18. RUN wget http://edas-hz.oss-cn-hangzhou.aliyuncs.com/edas-plugins/edas.sar.${EDAS_CONTAINER_VERSION}/taobao-hsf.tgz -O /tmp/taobao-hsf.tgz && \
  19. tar -xvf /tmp/taobao-hsf.tgz -C ${CATALINA_HOME}/deploy/ && \
  20. rm -rf /tmp/taobao-hsf.tgz
  21. # Download and deploy the EDAS demo JAR package
  22. RUN mkdir -p /home/admin/app/ && wget http://edas.oss-cn-hangzhou.aliyuncs.com/demoapp/fatjar-test-case-provider-0.0.1-SNAPSHOT.jar -O /home/admin/app/provider.jar
  23. # Include the startup command in the startup script start.sh
  24. RUN echo '$JAVA_HOME/bin/java -jar $CATALINA_OPTS -Djava.security.egd=file:/dev/./urandom -Dcatalina.logs=$CATALINA_HOME/logs -Dpandora.location=$CATALINA_HOME/deploy/taobao-hsf.sar "/home/admin/app/provider.jar" --server.context-path=/ --server.port=8080 --server.tomcat.uri-encoding=ISO-8859-1 --server.tomcat.max-threads=400' > /home/admin/start.sh && chmod +x /home/admin/start.sh
  25. WORKDIR $CATALINA_HOME
  26. CMD ["/bin/bash", "/home/admin/start.sh"]

Customize Dockerfile

You can configure the following custom settings in the preceding standard Dockerfile.

Upgrade JDK

Change the download and installation methods in the standard Dockerfile.The following uses JDK 8 as an example.

  1. # Download and install JDK 8
  2. RUN wget http://edas-hz.oss-cn-hangzhou.aliyuncs.com/agent/prod/files/jdk-8u191-linux-x64.rpm -O /tmp/jdk-7u80-linux-x64.rpm && \
  3. yum -y install /tmp/jdk-7u80-linux-x64.rpm && \
  4. rm -rf /tmp/jdk-7u80-linux-x64.rpm

Upgrade EDAS Container

When using a WAR package and Tomcat, upgrade EDAS Container to use new middleware features or fix known bugs.The upgrade procedure is as follows:

  1. Log on to the EDAS console.In the left-side navigation pane, choose Application Management > Applications. On the Applications page, click Create Application in the upper-right corner. On the Application Information page, view Application Runtime Environment, and check the latest EDAS Container version (3. X.X).
  2. Replace the version number in the Dockerfile, such as 3.5.1.
  3. Re-create and publish an application image.
  1. # Prepare ENV
  2. ENV EDAS_CONTAINER_VERSION V3.5.0

Add the EDAS runtime environment to Tomcat startup parameters

For the environment variables, see Environment variables during application runtime. EDAS provides the JVM environment variable EDAS_CATALINA_OPTS, which contains the minimum parameters required during runtime.Ali-Tomcat provides the custom JVM parameter configuration option JAVA_OPTS for setting Xmx, Xms, and other parameters.

  1. # Set the JVM parameters of the EDAS application
  2. ENV CATALINA_OPTS ${EDAS_CATALINA_OPTS}
  3. # Set the JVM parameters
  4. ENV JAVA_OPTS="\
  5. -Xmx3550m \
  6. -Xms3550m \
  7. -Xmn2g \
  8. -Xss128k"

Save the image and upload it to the image repository

After the image is created, you can upload the local image to Alibaba Cloud Docker registry.

For example, run the following command to push the packaged local image to the remote server for deployment:

  1. docker push registry.cn-hangzhou.aliyuncs.com/edas/demo-frontend-service: 20181111

Create Container Service Kubernetes applications

  1. Log on to the EDAS consoleEDAS console.In the left-side navigation pane, click Application Management.

  2. On the Applications page, select Region and Namespace, and then click Create Application in the upper-right corner.

  3. On the Application Information page, set the basic information about the application. Then click Next Step: Application Configurations.

    Create app in acsk8s cluster

    • Namespace: Select a region from the left-side drop-down list. Select a namespace from the right-side drop-down list. If you do not make a selection, the Default namespace is automatically selected.
    • Cluster Type: Select Container Service K8S Cluster from the left-side drop-down list. Select a specific cluster from the right-side drop-down list.
    • K8S Namespace: K8S Namespace distributes the objects in the system to different namespaces, creating different projects, groups, or user groups logically. These groups can share all resources in a cluster and be managed separately.
      • Default: indicates the default namespace for objects that have no other namespaces.
      • kube-system: indicates the namespace created by the system.
      • kube-public: indicates the automatically created namespace, which opens read/write permissions to all users, including unauthenticated users.
    • Application Name: Enter the application name.
    • Application Description: Enter the basic information about the application.
  4. Go to the Application Configuration page and configure an image.Image is selected for Deployment Method by default.Select an image in My Image.

    Select an image

  5. Set pods.

    Pods are the smallest units for deploying an application.An application can contain multiple pods. In the event that load balancing can be achieved, a request is randomly allocated to a pod for processing.

    1. Set Total Pods.

      When the pods of an application fail to run or are faulty, they can be automatically restarted or quickly migrated to ensure the high availability of the application.For stateful applications using persistent storage, instance data can be saved. For redeployed stateless applications, instance data is not saved.You can set the value of this parameter to a maximum of 50.

    2. Set Single Pod Resource Quota.

      No quota is set by default. Therefore, both the values of CPU Cores and Memory of a single pod are 0.To set the quota, enter a number.

  6. Set the startup command and parameters.

    Note: We recommend that you do not modify the custom startup command and parameters if you are not familiar with the CMD and ENTRYPOINT of the original Dockerfile. An incorrect custom command could lead to an application creation failure.

    • Startup Command: To run a startup command, such as CMD [“/usr/sbin/sshd”,”-D”] , enter /usr/sbin/sshd –D in the text box.
    • Startup Parameters: Enter one parameter per line.For example, args:[“-c”; “while sleep 2”; “do echo date”; “done”] contains four parameters. Enter them separately in four lines.
  7. Set environment variables.

    When creating the application, inject the entered environment variables in the container to be generated. This saves you from having to repeatedly add common environment variables.

    If you are using a MySQL image, refer to the following environment variables:

    • MYSQL_ROOT_PASSWORD (required) allows you to set a root password for MySQL.
    • MYSQL_USER and MYSQL_PASSWORD (optional) allows you to add an account in addition to the root account and to set a password.
    • MYSQL_DATABASE (optional) allows you to set the database to be created when the container is generated.

    If you are using another type of image, configure the environment variables as needed.

  8. Set persistent storage.

    In the Container Service Kubernetes cluster, the native Volume object corresponds to non-persistent physical storage, whose lifecycle is the same as the Kubernetes pods, which are a transient storage object.Network Attached Storage (NAS) is a persistent storage service that can permanently store instance data and ensure data integrity after application upgrades or migration.

    Note: Before configuring persistent storage, ensure that the NAS service is active for your EDAS account.Because the NAS billing method is Pay-As-You-Go, ensure that your account has a sufficient balance or adopts post payment.

    • Storage Type: This parameter is NAS by default and cannot be configured manually.

    • Storage Service Type: Currently, this parameter only supports SSD and cannot be configured manually.

    • Select NAS:
      • Buy a new NAS: Select a NAS mount directory and a local mount directory.A single region supports up to 10 NAS instances. Once you have 10, you cannot create any more instances.If you need to create more instances, submit a ticket.
      • Use Existing NAS: Select an existing NAS instance.You can create up to two mount points.Only compliant NAS instances are displayed in the drop-down list.
    • Mount Directory: Set the mount directory command.
  9. Set the ECS storage.

    You can map part of the file system of the host machine to the container as needed.Before using this feature, read hostpath to determine if this is the correct solution.

    Description of file types:

    Service role value Description
    Default Null string Mount directly without checking the type.
    (New) File directory DirectoryOrCreate File directory; a new directory is created if this does not exist.
    File Directory Directory File directory; container startup fails if this does not exist.
    (New) File FileOrCreate File; a new file is created if this does not exist.
    File File File; container startup fails if this does not exist.
    Socket Socket Standard Unix Socket file; container startup fails if this does not exist.
    CharDevice CharDevice Character device file; container startup fails if this does not exist.
    BlockDevice BlockDevice Block device file; container startup fails if this does not exist.

    Note: You do not need to pay attention to the Value column in this step.However, the Value column may be used by APIs after the application is created.

  10. Configure the application lifecycle management.

    Container Service Kubernetes applications can be stateful or stateless:

    • Stateless: A stateless application supports multi-replica deployment.When a stateless application is redeployed, instance data is not saved.A stateless application can be:

      • A web application that does not retain instance data during upgrade or migration.
      • An application that can be scaled up horizontally to address changing service volumes.
    • Stateful: A stateful application stores data that requires persistent storage and retains instance data during upgrade or migration.A stateful application can be:

      • An application that frequently operates on containers through SSH.
      • An application that is used for persistent data storage (such as the database application MySQL) or that supports inter-cluster election and service discovery, such as ZooKeeper and etcd.

    You can set lifecycle management for a stateful application as needed.

    Description of the lifecycle management script:

    • Poststart script: a container hook,which is triggered immediately after a container is created to notify the container of its creation.The hook does not transfer any parameters to the corresponding hook handler.If the corresponding hook handler fails to run, the container is killed and the system determines whether to restart the container according to the container’s restart policy.For more information, see Container Lifecycle Hooks.

    • PreStop script: a container hook,which is triggered before a container is deleted. The corresponding hook handler must be completed before the container deletion request is sent to Docker daemon.Docker daemon sends an SGTERN semaphore to itself to delete the container, regardless of the result of hook handler execution.For more information, see Container Lifecycle Hooks.

    • Liveness script: a container status probe, which monitors the health status of applications.If an application is unhealthy, the container is deleted and created again.For more information, see Pod Lifecycle.

    • Readiness script: a container status probe, which monitors whether applications have started successfully and are running properly.If an application is abnormal, the container status is updated.For more information, see Pod Lifecycle.

  11. Then, click Create.

    Creating an application can take up to several minutes. During the creation process, you can use an View application changes to track the creation progress.The Kubernetes application does not need to be deployed because it has been deployed once created. After the application is created, go to the Application Details page to check whether the pod status in Instance Information is Running. If yes, the application is published successfully.

Bind SLB to the application

After the application is created, you can add an Internet SLB instance to allow public network access, or add an intranet SLB instance to allow all nodes in the same VPC to access your application.The following describes how to add an Internet SLB instance:

  1. In the Application Settings area on the Basic Information page, click Add to the right of SLB (Internet).
  2. In the Bind SLB to Application dialog box that is displayed, set the SLB parameters and click Confirm.

    • Purchase New SLB Automatically:
      • If enabled, the system automatically buys an Internet SLB instance for your application and charges it according to the traffic volume.You can view information about the purchased SLB instance on the SLB console.
      • If disabled, select an intranet or Internet SLB URL from the drop-down list.
    • SLB Port: Set the frontend port of the Internet SLB instance to allow external access to the application. The value range is 1-65535.In this document, the port that accesses Java Web applications is port 80 by default.
    • Container Port: Set the port that listens to processes.Typically, this parameter is defined by programs. For example, port 8080 is used by Web services by default.
    • Network Protocol: The default value is TCP and cannot be modified.

Update a Container Service Kubernetes application

A Container Service Kubernetes application is deployed once created, so you can update the application with the Deploy Application feature. Specifically, you can update advanced settings such as image version and reset environment variables.

  1. Click the name of the created Container Service Kubernetes application in the application list to go to the Application Details page.

  2. In the upper-right corner of the page, click Deployed Applications.

  3. On the Deploy Application page, change the settings of Configure Image as needed, and configure the advanced settings, including Startup Command, Environment Variables, Persistent Storage, ECS Storage, and Application Life Cycle Management.Then, click Create.

  4. After a Container Service Kubernetes application is upgraded, the image version on the Application Details page is changed to the upgraded version.On the Instance Information tab page, view the running status of the application. If the running status is Running, the application is updated successfully.

Manage Container Service Kubernetes applications

  1. Click the name of the created Container Service Kubernetes application in the application list to go to the Application Details page.

  2. On the page, perform basic management tasks, for example, viewing, setting, scaling out/in, monitoring, and deleting an application.

Image creation rules

Observe the following specifications and constraints when creating a custom image by using a Dockerfile:

Tenant and encryption information

The tenant and encryption information is used for the user authentication and credential encryption of EDAS applications.

Resources

Resource type Resource name Description
Secret edas-certs Encryption dictionary, which stores EDAS tenant information.

Environment variables

Environment variable key Type Description
tenantId String EDAS tenant ID
accessKey String Access Key ID for authentication
secretKey String Access Key Secret for authentication

Local files

Path Type Description
/home/admin/.spas_key/default File EDAS tenant authentication information, which includes the preceding environment variable information

Service information

The service information includes the EDAS domain and port to be connected to during runtime.

Resources

Resource type Resource name Description
ConfigMap edas-envs EDAS service information

Environment variables

Environment variable key Type Description
EDAS_ADDRESS_SERVER_DOMAIN String Service domain or IP address of the configuration center
EDAS_ADDRESS_SERVER_PORT String Service port of the configuration center
EDAS_CONFIGSERVER_CLIENT_PORT String CS service port

Environment variables during application runtime (required)

The following environment variables are provided during EDAS deployment to ensure the proper running of applications. For this reason, do not overwrite the current configuration.

Environment variable key Type Description
POD_IP String POD IP
EDAS_APP_ID String EDAS application ID
EDAS_ECC_ID String EDAS ECC ID
EDAS_PROJECT_NAME String Same as EDAS_APP_ID, which is used to parse the trace
EDAS_JM_CONTAINER_ID String Same as EDAS_ECC_ID, which is used to parse the trace
EDAS_CATALINA_OPTS String CATALINA_OPTS parameter, which is required during middleware operation
CATALINA_OPTS String Same as EDAS_CATALINA_OPTS, which is the default Tomcat startup parameter