Deploy on Kubernetes with the Helm Chart for WildFly

The wildfly Helm Chart is designed to build an application image composed of WildFly and your application code using OpenShift Source-to-Image (S2I) by default.

When you deploy your application on Kubernetes, S2I is not available and you are responsible for providing the application image. The wildfly chart can then be use to simplify the deployment and its configuration.

In this guide, you will learn how to build an application image that contains your application with the wildfly-maven-plugin, push that image to a container registry and deploy it on Kubernetes.

Prerequisites

To complete this guide, you need:

  • Roughly 20 minutes

  • JDK 11+ is installed with JAVA_HOME configured appropriately

    Verify that Java is installed

    You can verify that java is installed on your machine by executing:

    java -version
  • Apache Maven 3.9+ is installed

    Verify that Maven is installed

    You can verify that Maven is installed on your machine by executing:

    mvn -version
  • docker is installed

    Verify that Docker is installed

    You can verify that Maven is installed on your machine by executing:

    docker -v
  • kubectl is installed

    Verify that kubectl is installed

    You can verify that kubectl is installed on your machine by executing:

    kubectl version --client

    To install it, please refer to Kubernetes Install Tools.

  • You have access to a Kubernetes cluster

    Create a Kubernetes cluster on your local machine

    You can use Kind or Minikube for local development.

    Once you have started your Kubernetes cluster, you can verify you have access to it by executing:

    kubectl cluster-info
  • helm is installed

    Verify that Helm is installed

    You can verify that helm is installed on your machine by executing:

    helm version

    To install it, please refer to its Install Guide.

Build the Application Image

If you have access to your application code, you can build an application image by configuring the wildfly-maven-plugin and using its wildfly:image goal. This goal will create a container image (using either docker) that contains a provisioned WildFly server as well as your application deployment.

For an example of using the wildfly-maven-plugin, we can use the helloworld quickstart for WildFly:

git clone https://github.com/wildfly/quickstart.git
cd quickstart/helloworld
mvn -Popenshift package wildfly:image

Once the Maven build is successful, you will have a container image named helloworld:latest that contains your application.

Run the Application Image with Docker

You can run it locally with Docker with the command:

docker run -p 8080:8080 helloworld:latest

and access your application at http://localhost:8080/.

Push the application image to a container registry

You now have a container image on your machine and need to push it to a container registry so that the image will be pulled by Kubernetes when it is deployed.

As an example, you can use Quay.io to register your container images.

You can tag your application image and push it to Quay with the commands:

docker login quay.io
docker tag helloworld:latest quay.io/<YOUR_USERNAME>/helloworld:latest
docker push quay.io/<YOUR_USERNAME>/helloworld:latest

Your application image is now available at quay.io/<YOUR USERNAME>/helloworld:latest

Create an Image Pull Secret

Your container image is private by default in Quay.io so you will have to create a pull secret to be able to pull it from Kubernetes.

To create this secret, follow the instructions from your profile on Quay.io (in the top right-hand corner) > Account Settings > Generate Encrypted Password. After you verify your credentials, select Kubernetes Secret.

The instructions explain how to create a secret named <YOUR_USERNAME>-pull-secret.

After you create the secret in Kubernetes, you can verify its existence with:

kubectl get secret <YOUR_USERNAME>-pull-secret

Deploy the Application Image on Kubernetes

Now that your application image is available from a container registry and you have create a pull secret to be able to pull it from Kubernetes, you can use the wildfly chart to deploy it.

The chart values needs to be configured to disable building the application image and creating OpenShift route.

The name of the application image must also be specified with the image.name field.

A typical Helm file would look like:

helm.yaml
image:
  name: quay.io/<YOUR_USERNAME>/helloworld
build:
  enabled: false # Disable S2I build
deploy:
  imagePullSecrets:
    - name: <YOUR_USERNAME>-pull-secret
  route:
    enabled: false # Disable OpenShift Route

You can now deploy your application with these values:

helm install helloworld \
  -f ./helm.yaml \
  --repo https://docs.wildfly.org/wildfly-charts \
  wildfly

Your application is now available in Kubernetes and you can see its deployment with:

kubectl describe deployment helloworld

Access the Application from the Cluster

To verify your application, you can use Kubernetes Port Forwarding by running the command:

kubectl port-forward service/helloworld 8080:8080

and access your application at http://localhost:8080/.

Deploy and expose the application to the outside world

Now that you are satified with your application you might want to expose it to the outside world. The wildfly helm chart can also create an Ingress resource for you so that your application is available outside of the cluster. This requires that your Kubernetes cluster has the ingress-operator.

If you want to test using minikube:

 minikube start --addons=metrics-server,ingress,dashboard --vm=true --disk-size=50GB

If you want to test using kind:

 kind create cluster
 ...
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml

Create a secret for TLS (Optionnal)

This is optional as you might not want to use TLS. First you need to create a secret to hold the certificates used for TLS connection.

kubectl create secret tls helloworld-secret-tls --key="tls.key" --cert="tls.crt"

If you need a certificate for testing purpose you can execute the following command which create a self-signed certificate for the tests.info DNS name:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=tests.info"

Deploy your application

Now we need to edit the previous helm.yaml file to provide the required parameters:

helm.yaml
image:
  name: quay.io/<YOUR_USERNAME>/helloworld
build:
  enabled: false # Disable S2I build
deploy:
  imagePullSecrets:
    - name: <YOUR_USERNAME>-pull-secret
  route:
    enabled: false # Disable OpenShift Route
  ingress:
    enabled: true #Enable Ingress resource creation
    host: <YOUR-EXPOSED-DNS-NAME> #tests.info
    tls:
      secret: helloworld-secret-tls
Note
If you want to use the self-signed certificates you have generated you can use tests.info as the host value.
Note
If you want to have several applications on the same host you can specify a path and pathType for your application.

You can now deploy your application with these values:

helm upgrade helloworld \
  -f ./helm.yaml \
  --repo https://docs.wildfly.org/wildfly-charts \
  wildfly

You should be able to access your application through a TLS connection on the specified DNS name.

If you have used tests.info as the DNS value you can now test using the following command:

curl --resolve tests.info:443:<YOUR_CLUSTER_IP_ADDRESS>  --insecure https://tests.info
Tip

You can get the cluster IP address using:

kubectl cluster-info

Conclusion

In this guide, you learnt how you can use the wildfly Helm chart to deploy your application on Kubernetes.

First, you learnt how to use the wildfly-maven-plugin to build a container image from your source code. You also learnt how to push this image to a container registry and pull it from Kubernetes with a pull secret.

As this Helm Chart is designed to use OpenShift Source-to-Image (S2I) by default, you learnt to configure it to disable the build process.

Finally, you used Kubernetes Port Forwarding to access your application on the Kubernetes cluster.