Introduction

Ketch is a very new open source project by Shipa that shares a similar concept with the Shipa DNA.

Ketch is heavily focused on easing out application deployments for developers, aiming for a situation where a developer does not have to write any YAML configuration files, and can directly deploy their application on any Kubernetes cluster.

In this post we will go through Ketch Concepts and then deploy an application to a managed k3s cluster on Civo.

if you prefer a video walkthrough, we've also uploaded a hands-on guide over at our YouTube channel.

What is Ketch?

The official definition of Ketch from Shipa is "an application delivery framework that facilitates the deployment and management of applications on Kubernetes using a simple command line interface. No YAML required!"

This simply means that you can deploy applications onto any Kubernetes cluster by just using the Ketch CLI. But there is much more!

Kubernetes has become the de facto standard for deploying microservices and containerized applications, but there is a learning curve for a developer to get familiar with Kubernetes concepts, Kubernetes objects, how to write the required YAML files, and then how to create and manage them. These issues are there for any organization, big or small, as Kubernetes itself is complex and requires a lot of knowledge to get up and running. Ketch works toward solving these issues by eliminating the need for writing YAML files and directly deploying applications onto a cluster.

Architecture

Ketch architecture

The above image is from the Ketch documentation, and displays the architecture overview. Inside our cluster, we have a Ketch Controller, custom resource definitions (CRD) for the Pool and App, and an Ingress controller.

Pool CRD - It's basically used to isolate different applications deployed. Each pool created will configure a namespace and other components onto the cluster.

App CRD - Provides App context to applications and is responsible for running the application and managing its lifecycle.

Ketch Controller - Monitors the changes that happen in the Pool and App CRDs. Ketch can also create a complete Helm chart for the application which can be used in different ways.

Ingress Controllers - As of the writing of this guide, Ketch supports Traefik and Istio.

Prerequisites

  • A Kubernetes cluster you control. We'll take advantage of Civo's super-fast managed k3s service to experiment with this quickly. If you don't yet have an account, sign up to the beta now to take advantage of quick deploy times and $70 free credit per month! Alternatively, you could also use any other Kubernetes cluster.
  • kubectl installed, and the kubeconfig file for your cluster downloaded.

Civo Kubernetes configuration

Make sure you can connect to your Kubernetes cluster by running

kubectl get nodes

You should see the names of the nodes in your cluster displayed.

Getting up and running with Ketch

Installing Ketch

First the Ketch Binary has to be downloaded in order to deploy the application to our Kubernetes cluster. In this case I am installing Ketch CLI on my Mac:

$ curl -s https://raw.githubusercontent.com/shipa-corp/ketch/main/install.sh | bash

Downloading Ketch binary from https://github.com/shipa-corp/ketch/releases/download/v0.1.0/ketch-darwin-amd64 to /usr/local/bin/ketch
Ketch client installation was successful

$ ketch -v
ketch version 0.1.0

Ingress controller

As of the writing of this guide, Ketch supports two ingress controllers, Traefik and Istio, with a plan to add more in the future. By default k3s comes with Traefik Ingress controller, which you can check using the following commands that show the pods that should include your Traefik pods, as well as the running service to manage traffic:

$ kubectl get pods -A
NAMESPACE     NAME                                     READY   STATUS      RESTARTS   AGE
kube-system   metrics-server-7566d596c8-ks9ss          1/1     Running     0          5m45s
kube-system   local-path-provisioner-6d59f47c7-d74ng   1/1     Running     0          5m45s
kube-system   helm-install-traefik-fwr9s               0/1     Completed   0          5m45s
kube-system   svclb-traefik-886fk                      2/2     Running     0          5m27s
kube-system   coredns-8655855d6-zzr8z                  1/1     Running     0          5m45s
kube-system   traefik-758cd5fc85-2jf57                 1/1     Running     0          5m27s
kube-system   svclb-traefik-lz8bl                      2/2     Running     0          4m59s
kube-system   svclb-traefik-xz2r7                      2/2     Running     0          4m51s

$ kubectl get svc -A | grep traefik
kube-system   traefik-prometheus   ClusterIP      192.168.219.19    <none>            9100/TCP                     6m18s
kube-system   traefik              LoadBalancer   192.168.145.176   185.136.234.146  80:32596/TCP,443:30706/TCP   6m18s

You can see that Traefik comes pre-installed when you spin up a k3s cluster on Civo, and serves up an external IP address.

Note - If you are using a different Kubernetes cluster make sure you install Traefik or Istio from here.

Cert-Manager Install

Ketch Requires a certificate manager to be installed onto the cluster. This can be installed via the Civo Marketplace, either on the web on your cluster management page, or with Civo CLI.

App marketplace

# Installing cert-manager via civo cli, to our cluster called "ketch"
civo kubernetes applications add cert-manager --cluster=ketch

If you are using a different or self-hosted Kubernetes cluster, you can install cert-manager by using the below command:

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.yaml

Whichever option you choose, check that cert-manager is running:

kubectl get pods -n cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-6d5dfbc779-jsrpj   1/1     Running   0          103s
cert-manager-68d4985c5d-v6fw9              1/1     Running   0          103s
cert-manager-webhook-59fccfc69b-xjwjt      1/1     Running   0          103s

Install Ketch Controller

As we have seen in the Architecture section, our cluster will need a Ketch Controller that will be creating and watching the Pool CRD and App CRD.

$ kubectl apply -f https://github.com/shipa-corp/ketch/releases/download/v0.1.0/ketch-controller.yaml

namespace/ketch-system created
customresourcedefinition.apiextensions.k8s.io/apps.theketch.io created
customresourcedefinition.apiextensions.k8s.io/pools.theketch.io created
role.rbac.authorization.k8s.io/ketch-leader-election-role created
clusterrole.rbac.authorization.k8s.io/ketch-manager-role created
clusterrole.rbac.authorization.k8s.io/ketch-proxy-role created
clusterrole.rbac.authorization.k8s.io/ketch-metrics-reader created
rolebinding.rbac.authorization.k8s.io/ketch-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/ketch-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/ketch-proxy-rolebinding created
service/ketch-controller-manager-metrics-service created
service/ketch-webhook-service created
deployment.apps/ketch-controller-manager created
certificate.cert-manager.io/ketch-serving-cert created
issuer.cert-manager.io/ketch-selfsigned-issuer created
mutatingwebhookconfiguration.admissionregistration.k8s.io/ketch-mutating-webhook-configuration created
validatingwebhookconfiguration.admissionregistration.k8s.io/ketch-validating-webhook-configuration created

Creating a Ketch Pool

Before deploying an app you need to create a Ketch pool. This is where we will need the external IP address of our ingress. We will get it by checking our Traefik service:

$ kubectl get svc -A | grep traefik
kube-system    traefik-prometheus                         ClusterIP      192.168.219.19    <none>            9100/TCP                     93m
kube-system    traefik                                    LoadBalancer   192.168.145.176   185.136.234.146   80:32596/TCP,443:30706/TCP   93m

Then, we run ketch pool to add our pool:

$ ketch pool add saiyam  --ingress-service-endpoint 185.136.234.146 --ingress-type traefik
Successfully added!

Running the above created a new namespace

$ ketch pool list
NAME      STATUS     NAMESPACE       INGRESS TYPE    INGRESS CLASS NAME    CLUSTER ISSUER    APPS
saiyam    Created    ketch-saiyam    traefik                                                 0

$ kubectl get ns | grep saiyam
NAME              STATUS   AGE
ketch-saiyam      Active   20s

As of now there are 0 apps in the pool, so let's create an application

$ ketch app create demo --pool saiyam

$ ketch app list
NAME     POOL      UNITS    ADDRESSES                                   DESCRIPTION
hello    saiyam    0        http://demo.185.136.234.146.shipa.cloud

$ ketch pool list
NAME      STATUS     NAMESPACE       INGRESS TYPE    INGRESS CLASS NAME    CLUSTER ISSUER    APPS
saiyam    Created    ketch-saiyam    traefik                                                 1

You can see that the App has 0 units as we have not deployed any app but just by creating the app, it created the endpoint automatically.

Now let's actually deploy an image onto the k3s cluster.

$ ketch app deploy demo -i docker.io/saiyam911/ketch-demo
Successfully deployed!

$ ketch app list
NAME    POOL      UNITS    ADDRESSES                                  DESCRIPTION
demo    saiyam    1        http://demo.185.136.234.146.shipa.cloud

The application has been deployed successfully from the image provided. If we visit the address provided by the ketch app list command above, we should see the following:

Ketch Demo working

Ketch says Howdy

Behind the scenes, Ketch has created a deployment and other Kubernetes objects to expose the application. Additionally, Ketch can export your application as a helm chart which can be used to distribute your application. This is a really cool feature in my opinion, which will be discussed in more detail below.

There is an option to customize the file using ketch.yaml and a Procfile. It looks like below:

kubernetes:
  processes:
    web:
      ports:
        - name: apache-http # an optional name for the port
          protocol: TCP
          port: 80 # The port that is going to be exposed on the router.
          target_port: 9999 # The port on which the application listens on.
    worker:
      ports:
        - name: http
          protocol: TCP
          port: 80
    worker-2:
      ports: []

The Ketch documentation has much more information on Application management - https://learn.theketch.io/docs/application-management.

Ketch CNAME edit

You can add the CNAME of your choice and it gets added to the application - another handy feature:

$ ketch cname add ketch.b84abe49-7e01-4c64-8dcb-3c7cde73947f.k8s.civo.com -a demo

$ ketch app list
NAME    POOL      UNITS    ADDRESSES                                                                                                 DESCRIPTION
demo    saiyam    1        http://demo.185.136.234.146.shipa.cloud http://ketch.b84abe49-7e01-4c64-8dcb-3c7cde73947f.k8s.civo.com

You will now be able to visit the defined CNAME url and have the application served to you:

CNAME URL serves the same application

Application Export

As mentioned above, you can export your application as a Helm chart which is really cool!

$ ketch app export demo -d /Users/saiyampathak/
Successfully exported!

$ ls
Chart.yaml  templates   values.yaml

templates $ ls -ltr
-rw-r--r--  1 saiyampathak  app  3361 Nov 26 14:24 deployment.yaml
-rw-r--r--  1 saiyampathak  app  2513 Nov 26 14:24 ingress.yaml
-rw-r--r--  1 saiyampathak  app  1020 Nov 26 14:24 service.yaml

With this you can push these files to a Git repository and make changes as required, and you can also export a commonly-used Application as Helm charts for others to use. A really cool feature in my opinion.

Conclusion

Overall Ketch is a good product trying to solve a common problem, and as it's open source, the wider community can get involved and create issues, suggestions for features they'd like to see, and raise pull requests to make it more valuable for the end user.

I personally would like to see some options that I can configure before deploying an application, maybe via the CLI, or possbly a minimal UI. If in the future we can have the application YAML generated even before the app gets deployed, it would be even cooler.

Let me know on Twitter at @SaiyamPathak and Civo on @civocloud what your thoughts on Ketch are and show us what you've deployed using it.