Deploy on Kubernetes with the Helm Chart for WildFly
The wildfly Helm Chart is designed to build an application image composed of WildFly and your application code using OpenShift Source-to-Image (S2I) by default.
When you deploy your application on Kubernetes, S2I is not available and you are responsible for providing the application image. The wildfly chart can then be use to simplify the deployment and its configuration.
In this guide, you will learn how to build an application image that contains your application with the wildfly-maven-plugin, push that image to a container registry and deploy it on Kubernetes.
Prerequisites
To complete this guide, you need:
-
Roughly 20 minutes
-
JDK 11+ is installed with
JAVA_HOMEconfigured appropriatelyVerify that Java is installed
You can verify that
javais installed on your machine by executing:java -version -
Apache Maven 3.9+ is installed
Verify that Maven is installed
You can verify that Maven is installed on your machine by executing:
mvn -version -
dockeris installedVerify that Docker is installed
You can verify that Maven is installed on your machine by executing:
docker -v -
kubectlis installedVerify that kubectl is installed
You can verify that
kubectlis installed on your machine by executing:kubectl version --clientTo install it, please refer to Kubernetes Install Tools.
-
You have access to a Kubernetes cluster
-
helmis installedVerify that Helm is installed
You can verify that
helmis installed on your machine by executing:helm versionTo install it, please refer to its Install Guide.
Build the Application Image
If you have access to your application code, you can build an application image by configuring the wildfly-maven-plugin and using its wildfly:image goal.
This goal will create a container image (using either docker) that contains a provisioned WildFly server as well as your application deployment.
For an example of using the wildfly-maven-plugin, we can use the helloworld quickstart for WildFly:
git clone https://github.com/wildfly/quickstart.git
cd quickstart/helloworld
mvn -Popenshift package wildfly:imageOnce the Maven build is successful, you will have a container image named helloworld:latest that contains your application.
Run the Application Image with Docker
You can run it locally with Docker with the command:
docker run -p 8080:8080 helloworld:latestand access your application at http://localhost:8080/.
Push the application image to a container registry
You now have a container image on your machine and need to push it to a container registry so that the image will be pulled by Kubernetes when it is deployed.
As an example, you can use Quay.io to register your container images.
You can tag your application image and push it to Quay with the commands:
docker login quay.io
docker tag helloworld:latest quay.io/<YOUR_USERNAME>/helloworld:latest
docker push quay.io/<YOUR_USERNAME>/helloworld:latestYour application image is now available at quay.io/<YOUR USERNAME>/helloworld:latest
Create an Image Pull Secret
Your container image is private by default in Quay.io so you will have to create a pull secret to be able to pull it from Kubernetes.
To create this secret, follow the instructions from your profile on Quay.io (in the top right-hand corner) > Account Settings > Generate Encrypted Password. After you verify your credentials, select Kubernetes Secret.
The instructions explain how to create a secret named <YOUR_USERNAME>-pull-secret.
After you create the secret in Kubernetes, you can verify its existence with:
kubectl get secret <YOUR_USERNAME>-pull-secretDeploy the Application Image on Kubernetes
Now that your application image is available from a container registry and you have create a pull secret to be able to pull it from Kubernetes, you can use the wildfly chart to deploy it.
The chart values needs to be configured to disable building the application image and creating OpenShift route.
The name of the application image must also be specified with the image.name field.
A typical Helm file would look like:
image:
name: quay.io/<YOUR_USERNAME>/helloworld
build:
enabled: false # Disable S2I build
deploy:
imagePullSecrets:
- name: <YOUR_USERNAME>-pull-secret
route:
enabled: false # Disable OpenShift RouteYou can now deploy your application with these values:
helm install helloworld \
-f ./helm.yaml \
--repo https://docs.wildfly.org/wildfly-charts \
wildflyYour application is now available in Kubernetes and you can see its deployment with:
kubectl describe deployment helloworldAccess the Application from the Cluster
To verify your application, you can use Kubernetes Port Forwarding by running the command:
kubectl port-forward service/helloworld 8080:8080and access your application at http://localhost:8080/.
Deploy and expose the application to the outside world
Now that you are satified with your application you might want to expose it to the outside world.
The wildfly helm chart can also create an Ingress resource for you so that your application is available outside of the cluster.
This requires that your Kubernetes cluster has the ingress-operator.
If you want to test using minikube:
minikube start --addons=metrics-server,ingress,dashboard --vm=true --disk-size=50GBIf you want to test using kind:
kind create cluster
...
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yamlCreate a secret for TLS (Optionnal)
This is optional as you might not want to use TLS.
First you need to create a secret to hold the certificates used for TLS connection.
kubectl create secret tls helloworld-secret-tls --key="tls.key" --cert="tls.crt"If you need a certificate for testing purpose you can execute the following command which create a self-signed certificate for the tests.info DNS name:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=tests.info"Deploy your application
Now we need to edit the previous helm.yaml file to provide the required parameters:
image:
name: quay.io/<YOUR_USERNAME>/helloworld
build:
enabled: false # Disable S2I build
deploy:
imagePullSecrets:
- name: <YOUR_USERNAME>-pull-secret
route:
enabled: false # Disable OpenShift Route
ingress:
enabled: true #Enable Ingress resource creation
host: <YOUR-EXPOSED-DNS-NAME> #tests.info
tls:
secret: helloworld-secret-tls|
Note
|
If you want to use the self-signed certificates you have generated you can use tests.info as the host value.
|
|
Note
|
If you want to have several applications on the same host you can specify a path and pathType for your application.
|
You can now deploy your application with these values:
helm upgrade helloworld \
-f ./helm.yaml \
--repo https://docs.wildfly.org/wildfly-charts \
wildflyYou should be able to access your application through a TLS connection on the specified DNS name.
If you have used tests.info as the DNS value you can now test using the following command:
curl --resolve tests.info:443:<YOUR_CLUSTER_IP_ADDRESS> --insecure https://tests.info|
Tip
|
You can get the cluster IP address using: |
Conclusion
In this guide, you learnt how you can use the wildfly Helm chart to deploy your application on Kubernetes.
First, you learnt how to use the wildfly-maven-plugin to build a container image from your source code.
You also learnt how to push this image to a container registry and pull it from Kubernetes with a pull secret.
As this Helm Chart is designed to use OpenShift Source-to-Image (S2I) by default, you learnt to configure it to disable the build process.
Finally, you used Kubernetes Port Forwarding to access your application on the Kubernetes cluster.