A glimpse into the future of Kubernetes with Rio

Monday, June 22, 2020

According to Clayton Coleman, architect and Kubernetes contributor at Red Hat, the real innovation in Kubernetes should start coming from layers on top and layers underneath. It's true. Kubernetes' flexibility can feel as a disadvantage. You simply want to run some basic microservices with modern capabilities. Setting up advanced networking, observability and GitOps operators does not fit well in that picture. Let's take a look at how MicroPaaS solutions like Rio can provide an answer.

Install

curl -sfL https://get.rio.io | sh -
rio install

As mentioned in the introduction, it's tedious to set up the modern production platform. The CNCF landscape keeps on growing. It's not an easy task to put the pieces together. Rio curates and glues these solutions together in a platform that just works. For those familiar, Rio uses Linkerd, Prometheus, Tekton and cert-manager with Lets Encrypt. On top of that, there are custom components for application deployment, routing and unique domain capabilities.

Deploy

rio up

Combined with a Riofile, you have everything necessary to deploy your microservices. The file will feel very familiar to those who have used docker-compose in the past.

services:
  blog:
    build:
      repo: https://github.com/WitoDelnat/nano
      branch: master
      # Connect to private repositories with `rio secret create --git-basic-auth`.
      # cloneSecretName: private-github
    ports:
      - 8080/http,web
    env:
      - AUTH_DOMAIN=example.eu.auth0.com
      - AUTH_AUDIENCE=blog.example.com
      - DATABASE_HOST=blog-db
      - DATABASE_USER=blogy
      - DATABASE_NAME=blogy
      - DATABASE_PASSWORD=blogy

Your eyes are not betraying you. Rio uses the URL of your git repository. Periodic scans bootstrap a process of building images and rolling over to the latest version. Combined with trunk-based development this will supercharge your workflow.

Production. You successfully deployed your first service. With just a few tweaks it can be ready for production. First, you should securely extract the password. One approach is to store them together with your Riofile in a separate repository. Secondly, the Riofile below shows how you can add resource and security constraints. One neat little feature is the ability to set minReplicates to zero, though be wary of cold-starts.

services:
  blog:
    build:
      repo: https://github.com/WitoDelnat/nano
      branch: master
      # Connect to private repositories with `rio secret create --git-basic-auth`.
      # cloneSecretName: private-github
    ports:
      - 8080/http,web
    env:
      - AUTH_DOMAIN=example.eu.auth0.com
      - AUTH_AUDIENCE=blog.example.com
      - DATABASE_HOST=blog-db
      - DATABASE_USER=blogy
      - DATABASE_NAME=blogy	
	  - DATABASE_PASSWORD=secret://db-credentials/password
    readinessProbe:
      httpGet:
        path: /ready
        port: "8080"
    cpus: 150m
    memory: 250Mi
    autoscale:
      concurrency: 10
      maxReplicas: 3
      minReplicas: 1
    privileged: false
    runAsUser: 1000
    runAsGroup: 1000
    readOnlyRootFilesystem: true

Expose

rio domain register blog.example.com blog

Combine Rio with a postgres Helm chart and you can launch basic applications within the hour. Rio will automatically expose your service if you do not label it with internal=true. You can execute rio info to find the domain Rio provided. It will look like xyz.on-rio.io. After pointing a CNAME record to that domain, you can execute the command above and enjoy TLS.

Wrapping up

While I'm certain there are rough edges, it's refreshing not having to deal with a myriad of YAML files. Day two operations will involve rio dashboard, rio linkerd and tweaking the Riofile. Finally, check out the official documentation for advanced features such as traffic mirroring, templates and automated pull requests. Happy hacking!

Sign up for the newsletter and I'll email you a fresh batch of insights once every while.

✉️