The application service is a layer that sits on top of the Kubernetes service. Its role is to decouple application management from the actual cluster, and provide independent application management services from the applications defined for the Kubernetes service to operate.
The application service lays the foundations for an abstract range of offerings that offer platform-as-a-service (PaaS). For example, where users don't care about the underlying infrastructure and just want to consume a platform e.g. Jupyter Notebooks.
To use the Application service you first need to install:
- The identity service to provide API authentication and authorization.
- The Kubernetes service to provide Kubernetes cluster monitoring.
The Unikorn application server component has a couple prerequisites that are required for correct functionality. If not installing the server component, skip to the next section.
You'll need to install:
- cert-manager (used to generate keying material for ingress TLS)
- nginx-ingress (to perform routing, avoiding CORS, and TLS termination)
Helm
Create a values.yaml for the server component:
A typical values.yaml that uses cert-manager and ACME, and external DNS might look like:
global:
identity:
host: https://identity.unikorn-cloud.org
kubernetes:
host: https://kubernetes.unikorn-cloud.org
application:
host: https://application.unikorn-cloud.orghelm install unikorn-application charts/application --namespace unikorn-application --create-namespace --values values.yamlArgoCD
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: unikorn
namespace: argocd
spec:
project: default
source:
repoURL: https://unikorn-cloud.github.io/application
chart: application
targetRevision: v0.1.0
destination:
namespace: unikorn
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=trueThe Unikorn Identity Service describes how to configure a service organization, groups and role mappings for services that require them.
This service requires asynchronous access to the Unikorn Kubernetes API in order to poll Kubernetes clusters status during application set creation, and delete those resources on cluster deletion.
This service defines the unikorn-application user that will need to be added to a group in the service organization.
It will need the built in role application-manager-service that allows:
- Read access to the
kubernetesclusterendpoints to access kubernetes cluster provisioning status
You can create the necessary group on the CLI in the 'system' organization with the following command available in the Unikorn Identity service repository:
kubectl unikorn create group \
--namespace unikorn-identity \
--organization system \
--name kubernetes-services \
--description "Services that require access to Kubernetes clusters to manage applications." \
--role application-manager-service \
--user unikorn-application