According to Clayton Coleman, architect and Kubernetes contributor at Red Hat, the real innovation in Kubernetes should start coming from layers on top and layers underneath. It's true. Kubernetes' flexibility can feel as a disadvantage. You simply want to run some basic microservices with modern capabilities. Setting up advanced networking, observability and GitOps operators does not fit well in that picture. Let's take a look at how MicroPaaS solutions like Rio can provide an answer.
Install
curl -sfL https://get.rio.io | sh -
rio install
As mentioned in the introduction, it's tedious to set up the modern production platform. The CNCF landscape keeps on growing. It's not an easy task to put the pieces together. Rio curates and glues these solutions together in a platform that just works. For those familiar, Rio uses Linkerd, Prometheus, Tekton and cert-manager with Lets Encrypt. On top of that, there are custom components for application deployment, routing and unique domain capabilities.
Deploy
rio up
Combined with a Riofile, you have everything necessary to deploy your microservices. The file will feel very familiar to those who have used docker-compose in the past.
services:
blog:
build:
repo: https://github.com/WitoDelnat/nano
branch: master
# Connect to private repositories with `rio secret create --git-basic-auth`.
# cloneSecretName: private-github
ports:
- 8080/http,web
env:
- AUTH_DOMAIN=example.eu.auth0.com
- AUTH_AUDIENCE=blog.example.com
- DATABASE_HOST=blog-db
- DATABASE_USER=blogy
- DATABASE_NAME=blogy
- DATABASE_PASSWORD=blogy
Your eyes are not betraying you. Rio uses the URL of your git repository. Periodic scans bootstrap a process of building images and rolling over to the latest version. Combined with trunk-based development this will supercharge your workflow.
Production. You successfully deployed your first service. With just a few tweaks it can be ready for production. First, you should securely extract the password. One approach is to store them together with your Riofile in a separate repository. Secondly, the Riofile below shows how you can add resource and security constraints. One neat little feature is the ability to set minReplicates to zero, though be wary of cold-starts.
services:
blog:
build:
repo: https://github.com/WitoDelnat/nano
branch: master
# Connect to private repositories with `rio secret create --git-basic-auth`.
# cloneSecretName: private-github
ports:
- 8080/http,web
env:
- AUTH_DOMAIN=example.eu.auth0.com
- AUTH_AUDIENCE=blog.example.com
- DATABASE_HOST=blog-db
- DATABASE_USER=blogy
- DATABASE_NAME=blogy
- DATABASE_PASSWORD=secret://db-credentials/password
readinessProbe:
httpGet:
path: /ready
port: "8080"
cpus: 150m
memory: 250Mi
autoscale:
concurrency: 10
maxReplicas: 3
minReplicas: 1
privileged: false
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
Expose
rio domain register blog.example.com blog
Combine Rio with a postgres Helm chart and you can launch basic applications within the hour. Rio will automatically expose your service if you do not label it with internal=true. You can execute rio info to find the domain Rio provided. It will look like xyz.on-rio.io. After pointing a CNAME record to that domain, you can execute the command above and enjoy TLS.
Wrapping up
While I'm certain there are rough edges, it's refreshing not having to deal with a myriad of YAML files. Day two operations will involve rio dashboard, rio linkerd and tweaking the Riofile. Finally, check out the official documentation for advanced features such as traffic mirroring, templates and automated pull requests. Happy hacking!