Application Management
By leveraging Shipa, you can provide developers with an easier and seamless way to deploy their applications across multiple Kubernetes clusters and Linux nodes.
Shipa Application and Deployment Object Merge - Shipa 1.7.1
Shipa has merged the Application and Deployment Terraform Objects in Shipa 1.7.1+. If using a prior version, check out the previous version's documentation.
Creating and Deploying Applications
The code snippet below creates an application on Shipa.
apiVersion: shipa.crossplane.io/v1alpha1
kind: AppDeploy
metadata:
name: crossplane-app
spec:
forProvider:
app: crossplane-app
image: docker.io/shipasoftware/bulletinboard:1.0
appConfig:
team: shipa-team
framework: sample-framework
env:
- VARIABLE_ONE=v1
- VARIABLE_TWO=v2
plan: shipa-plan
tags:
- soaktest
- chaos_acceptance
port:
number: 2121
protocol: TCP
registry:
user: docker.user
secret: docker.secret
volumes:
- name: mysql
mountPath: var/lib/mysql
- name: scratch
mountPath: tmp/scratch
Top-Level Attributes
Here are the attributes that provide top-level information about each component definition.
| Component | Type | Description |
|---|---|---|
| apiVersion | string | the version of the API. |
| kind | string | the kind of custom resource that will be created by Shipa. AppDeploy is the kind used by Shipa for creating and deploying applications. |
| metadata | the name of the custom resource that will be created by Shipa. A good practice is to keep this as the application name. | |
| spec | the specification that will be used by Shipa when creating the application. |
Specification - For Provider
Main deployment object e.g. the image.
| Component | Type | Description |
|---|---|---|
| app | string | the name of the application. Required: Yes |
| image | string | the address of the image that should be used by Shipa for deployment. Required: Yes |
Specification - For Provider - App Config
Application specific configs.
| Component | Type | Description |
|---|---|---|
| team | string | the name of the team who will own the application. Required: Yes |
| framework | string | the name of the framework that should be used for creating the application. Required: Yes |
| env | array | array of environmental variable objects. In the format variable_name=variable_value. Required: No |
| plan | string | the name of the resource limit plan that should be used by this application. If not defined, the one defined at the framework level will be used. Required: No |
| tags | array | a list of tags that should be assigned to the application. Required: No |
Specification - For Provider - Port (Not Required)
Custom Port exposure. Add this section if wanting to expose a certain port.
| Component | Type | Description |
|---|---|---|
| number | integer | a specific port that should be assigned to the application for it to be exposed. If not specified, Shipa will automatically expose port 8888 to the application. Required: No Condition: Only when port is specified. |
| protocol | string | the protocol your application can accept ingress or egress. Required: No Condition: Only when port is specified. |
Specification - For Provider - Registry (Not Required)
Private Registry wiring. Add this section if wanting to use a Private Registry.
| Component | Type | Descriptiomn |
|---|---|---|
| user | string | the username of the private registry for authentication, so Shipa can pull the image. Required: No Condition: Only when registry is specified. |
| secret | string | the password of the private registry for authentication, so Shipa can pull the image. Required: No Condition: Only when registry is specified. |
Specification - For Provider - Volumes (Not Required)
Shipa Volumes to be bound. A Volume Plan and Volume will need to be created before.
| Component | Type | Description |
|---|---|---|
| name | string | name of shipa volume. Required: No Condition: Only when volumes is specified. |
| mountPath | string | mount path of volume to be exposed. Required: No Condition: Only when volumes is specified. |
CNAME Management
The code snippet below adds a CNAME entry to an existing application:
apiVersion: shipa.crossplane.io/v1alpha1
kind: AppCname
metadata:
name: crossplane-app
spec:
forProvider:
app: crossplane-app
cname: www.test.com
encrypt: true
Top-Level Attributes
Here are the attributes that provide top-level information about each component definition.
Metadata
| Component | Type | Description |
|---|---|---|
| name | string | the name of the custom resource that will be created by Shipa. |
Specification
| Component | Type | Description |
|---|---|---|
| app | string | the name of the application where deployment should happen. Required: Yes |
| cname | string | the CNAME you want to assign to your existing application. Required: Yes |
| encrypt | boolean | if Shipa should automatically create a certificate and assign to your CNAME so your application is served over HTTPS. Required: No |
Networking Management
The code snippet below adds a network policy entry to an existing application:
apiVersion: shipa.crossplane.io/v1alpha1
kind: NetworkPolicy
metadata:
name: netpolicy-k8-app1
spec:
forProvider:
app: k8-app1
networkPolicy:
ingress:
policy_mode: allow-custom-rules-only
custom_rules:
- id: framework
enabled: true
description: framework block
allowed_apps:
- app1
- app2
allowed_frameworks:
- cp-prod
ports:
- port: 8080
protocol: TCP
egress:
policy_mode: allow-all
restart_app: true
Top-Level Attributes
Here are the attributes that provide top-level information about each component definition.
Metadata
| Component | Type | Description |
|---|---|---|
| name | string | the name of the custom resource that will be created by Shipa. |
Specification
| Component | Type | Description |
|---|---|---|
| ingress | ingress definition that will be applied to the application. if not defined, Shipa will leverage the network policies defined at the framework level. Required: No | |
| policy_mode | string | the policy mode that should be applied to your application. Current options from this provider are: - allow-all - deny-all - allow-custom-rules-only Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| custom_rules | if policy_mode is set to allow-custom-rules-only, you can define custom rules for detailed ingress or egress configuration for the application. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only | |
| id | string | the name of the custom rule. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| enabled | bool | if the custom rule is enabled by default or not for this application. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| description | string | The description of the custom rule being enforced. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| allowed_apps | string | the specific applications that communicate with your application. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| allowed_frameworks | string | allow traffic from applications deployed through this, or list of, frameworks. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| ports | port configuration where your application can accept ingress or egress. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only | |
| port | int | the specific port (or list of ports) where your application can accept ingress or egress. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| protocol | string | the protocol your application can accept ingress or egress. Required: No Condition: Only when policy_mode is set to allow-custom-rules-only |
| egress | egress definition that will be accepted by your application. if not defined, Shipa will leverage the network policies defined at the framework level. Required: No | |
| restart_app | bool | if the application should be restarted automatically once the network policy is defined. network policy is only in effect once the application is restarted. If not set to yes, the application won't be restarted and the new policy will only take effect when you restart the application manually. Required: No |
Detailed network policies
Shipa enables you to define more granular network policies through its dashboard. If rules are overly complex, we recommend using the dashboard to define a sample framework and network policy.
Updated 10 months ago