Deployment Template
Deployment configuration is the Manifest for the application, it defines the runtime behavior of the application. You can define application behavior by providing information in three sections:
  1. 1.
    Chart Version
  2. 2.
    Yaml file
  3. 3.
    Show application metrics

1. Chart version

Key
Descriptions
Chart Version
Select the Chart Version using which you want to deploy the application.
Devtron uses helm charts for the deployments. And we are having multiple chart versions based on features it is supporting with every chart version.
One can see multiple chart version options available in the drop-down. you can select any chart version as per your requirements. By default, the latest version of the helm chart is selected in the chart version option.
Every chart version has its own YAML file. Helm charts are used to provide specifications for your application. To make it easy to use, we have created templates for the YAML file and have added some variables inside the YAML. You can provide or change the values of these variables as per your requirement.
If you want to see Application Metrics (For example Status codes 2xx, 3xx, 5xx; throughput, and latency) for your application, then you need to select the latest chart version.
Application Metrics is not supported for Chart version older than 3.7 version.

2. Yaml file

Container Ports

This defines ports on which application services will be exposed to other services
1
ContainerPort:
2
- envoyPort: 8799
3
idleTimeout:
4
name: app
5
port: 8080
6
servicePort: 80
7
supportStreaming: true
8
useHTTP2: true
Copied!
Key
Description
envoyPort
envoy port for the container.
idleTimeout
the duration of time that a connection is idle before the connection is terminated.
name
name of the port.
port
port for the container.
servicePort
port of the corresponding kubernetes service.
supportStreaming
Used for high performance protocols like grpc where timeout needs to be disabled.
useHTTP2
Envoy container can accept HTTP2 requests.

EnvVariables

1
EnvVariables: []
Copied!
To set environment variables for the containers that run in the Pod.

Liveness Probe

If this check fails, kubernetes restarts the pod. This should return error code in case of non-recoverable error.
1
LivenessProbe:
2
Path: ""
3
port: 8080
4
initialDelaySeconds: 20
5
periodSeconds: 10
6
successThreshold: 1
7
timeoutSeconds: 5
8
failureThreshold: 3
9
httpHeaders:
10
- name: Custom-Header
11
value: abc
12
scheme: ""
13
tcp: true
14
15
| Key | Description |
16
| :--- | :--- |
17
| `Path` | It define the path where the liveness needs to be checked. |
18
| `failureThreshold` | It defines the maximum number of failures that are acceptable before a given container is not considered as live. |
19
| `initialDelaySeconds` | It defines the time to wait before a given container is checked for liveliness. |
20
| `periodSeconds` | It defines the time to check a given container for liveness. |
21
| `successThreshold` | It defines the number of successes required before a given container is said to fulfil the liveness probe. |
22
| `timeoutSeconds` | It defines the time for checking timeout. |
23
| `httpHeaders` | Custom headers to set in the request. HTTP allows repeated headers,You can override the default headers by defining .httpHeaders for the probe. |
24
| `scheme` | Scheme to use for connecting to the host (HTTP or HTTPS). Defaults to HTTP.
25
| `tcp` | The kubelet will attempt to open a socket to your container on the specified port. If it can establish a connection, the container is considered healthy. |
26
27
28
### MaxUnavailable
29
30
```yaml
31
MaxUnavailable: 0
Copied!
The maximum number of pods that can be unavailable during the update process. The value of "MaxUnavailable: " can be an absolute number or percentage of the replicas count. The default value of "MaxUnavailable: " is 25%.

MaxSurge

1
MaxSurge: 1
Copied!
The maximum number of pods that can be created over the desired number of pods. For "MaxSurge: " also, the value can be an absolute number or percentage of the replicas count. The default value of "MaxSurge: " is 25%.

Min Ready Seconds

1
MinReadySeconds: 60
Copied!
This specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. This defaults to 0 (the Pod will be considered available as soon as it is ready).

Readiness Probe

If this check fails, kubernetes stops sending traffic to the application. This should return error code in case of errors which can be recovered from if traffic is stopped.
1
ReadinessProbe:
2
Path: ""
3
port: 8080
4
initialDelaySeconds: 20
5
periodSeconds: 10
6
successThreshold: 1
7
timeoutSeconds: 5
8
failureThreshold: 3
9
httpHeaders:
10
- name: Custom-Header
11
value: abc
12
scheme: ""
13
tcp: true
14
15
16
| Key | Description |
17
| :--- | :--- |
18
| `Path` | It define the path where the readiness needs to be checked. |
19
| `failureThreshold` | It defines the maximum number of failures that are acceptable before a given container is not considered as ready. |
20
| `initialDelaySeconds` | It defines the time to wait before a given container is checked for readiness. |
21
| `periodSeconds` | It defines the time to check a given container for readiness. |
22
| `successThreshold` | It defines the number of successes required before a given container is said to fulfill the readiness probe. |
23
| `timeoutSeconds` | It defines the time for checking timeout. |
24
| `httpHeaders` | Custom headers to set in the request. HTTP allows repeated headers,You can override the default headers by defining .httpHeaders for the probe. |
25
| `scheme` | Scheme to use for connecting to the host (HTTP or HTTPS). Defaults to HTTP.
26
| `tcp` | The kubelet will attempt to open a socket to your container on the specified port. If it can establish a connection, the container is considered healthy. |
27
28
### Autoscaling
29
30
This is connected to HPA and controls scaling up and down in response to request load.
31
32
```yaml
33
autoscaling:
34
enabled: false
35
MinReplicas: 1
36
MaxReplicas: 2
37
TargetCPUUtilizationPercentage: 90
38
TargetMemoryUtilizationPercentage: 80
39
extraMetrics: []
Copied!
Key
Description
MaxReplicas
Maximum number of replicas allowed for scaling.
MinReplicas
Minimum number of replicas allowed for scaling.
TargetCPUUtilizationPercentage
The target CPU utilization that is expected for a container.
TargetMemoryUtilizationPercentage
The target memory utilization that is expected for a container.
enabled
Set true to enable autoscaling else set false.
extraMetrics
Used to give external metrics for autoscaling.

Image

1
image:
2
pullPolicy: IfNotPresent
Copied!
Image is used to access images in kubernetes, pullpolicy is used to define the instances calling the image, here the image is pulled when the image is not present,it can also be set as "Always".

Ingress

This allows public access to the url, please ensure you are using right nginx annotation for nginx class, its default value is nginx
1
ingress:
2
enabled: false
3
# For K8s 1.19 and above use ingressClassName instead of annotation kubernetes.io/ingress.class:
4
ingressClassName: nginx
5
annotations: {}
6
hosts:
7
- host: example1.com
8
paths:
9
- /example
10
- host: example2.com
11
paths:
12
- /example2
13
- /example2/healthz
14
tls: []
Copied!
Legacy deployment-template ingress format
1
ingress:
2
enabled: false
3
# For K8s 1.19 and above use ingressClassName instead of annotation kubernetes.io/ingress.class:
4
ingressClassName: nginx-internal
5
annotations: {}
6
path: ""
7
host: ""
8
tls: []
Copied!
Key
Description
enabled
Enable or disable ingress
annotations
To configure some options depending on the Ingress controller
path
Path name
host
Host name
tls
It contains security details

Ingress Internal

This allows private access to the url, please ensure you are using right nginx annotation for nginx class, its default value is nginx
1
ingressInternal:
2
enabled: false
3
# For K8s 1.19 and above use ingressClassName instead of annotation kubernetes.io/ingress.class:
4
ingressClassName: nginx-internal
5
annotations: {}
6
hosts:
7
- host: example1.com
8
paths:
9
- /example
10
- host: example2.com
11
paths:
12
- /example2
13
- /example2/healthz
14
tls: []
Copied!
Key
Description
enabled
Enable or disable ingress
annotations
To configure some options depending on the Ingress controller
path
Path name
host
Host name
tls
It contains security details

Init Containers

1
initContainers:
2
- name: nginx
3
image: nginx:1.14.2
4
ports:
5
- containerPort: 80
6
command: ["/usr/local/bin/nginx"]
7
args: ["-g", "daemon off;"]
Copied!
Specialized containers that run before app containers in a Pod. Init containers can contain utilities or setup scripts not present in an app image.

Pause For Seconds Before Switch Active

1
pauseForSecondsBeforeSwitchActive: 30
Copied!
To wait for given period of time before switch active the container.

Resources

These define minimum and maximum RAM and CPU available to the application.
1
resources:
2
limits:
3
cpu: "1"
4
memory: "200Mi"
5
requests:
6
cpu: "0.10"
7
memory: "100Mi"
Copied!
Resources are required to set CPU and memory usage.

Limits

Limits make sure a container never goes above a certain value. The container is only allowed to go up to the limit, and then it is restricted.

Requests

Requests are what the container is guaranteed to get.

Service

This defines annotations and the type of service, optionally can define name also.
1
service:
2
type: ClusterIP
3
annotations: {}
Copied!

Volumes

1
volumes: []
Copied!
It is required when some values need to be read from or written to an external disk.

Volume Mounts

1
volumeMounts: []
Copied!
It is used to provide mounts to the volume.

Affinity and anti-affinity

1
Spec:
2
Affinity:
3
Key:
4
Values:
Copied!
Spec is used to define the desire state of the given container.
Node Affinity allows you to constrain which nodes your pod is eligible to schedule on, based on labels of the node.
Inter-pod affinity allow you to constrain which nodes your pod is eligible to be scheduled based on labels on pods.

Key

Key part of the label for node selection, this should be same as that on node. Please confirm with devops team.

Values

Value part of the label for node selection, this should be same as that on node. Please confirm with devops team.

Tolerations

1
tolerations:
2
- key: "key"
3
operator: "Equal"
4
value: "value"
5
effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
Copied!
Taints are the opposite, they allow a node to repel a set of pods.
A given pod can access the given node and avoid the given taint only if the given pod satisfies a given taint.
Taints and tolerations are a mechanism which work together that allows you to ensure that pods are not placed on inappropriate nodes. Taints are added to nodes, while tolerations are defined in the pod specification. When you taint a node, it will repel all the pods except those that have a toleration for that taint. A node can have one or many taints associated with it.

Arguments

1
args:
2
enabled: false
3
value: []
Copied!
This is used to give arguments to command.

Command

1
command:
2
enabled: false
3
value: []
Copied!
It contains the commands for the server.
Key
Description
enabled
To enable or disable the command.
value
It contains the commands.

Containers

Containers section can be used to run side-car containers along with your main container within same pod. Containers running within same pod can share volumes and IP Address and can address each other @localhost.
1
containers:
2
- name: nginx
3
image: nginx:1.14.2
4
ports:
5
- containerPort: 80
6
command: ["/usr/local/bin/nginx"]
7
args: ["-g", "daemon off;"]
Copied!

Prometheus

1
prometheus:
2
release: monitoring
Copied!
It is a kubernetes monitoring tool and the name of the file to be monitored as monitoring in the given case.It describes the state of the prometheus.

rawYaml

1
rawYaml:
2
- apiVersion: v1
3
kind: Service
4
metadata:
5
name: my-service
6
spec:
7
selector:
8
app: MyApp
9
ports:
10
- protocol: TCP
11
port: 80
12
targetPort: 9376
13
type: ClusterIP
Copied!
Accepts an array of Kubernetes objects. You can specify any kubernetes yaml here and it will be applied when your app gets deployed.

Grace Period

1
GracePeriod: 30
Copied!
Kubernetes waits for the specified time called the termination grace period before terminating the pods. By default, this is 30 seconds. If your pod usually takes longer than 30 seconds to shut down gracefully, make sure you increase the GracePeriod.
A Graceful termination in practice means that your application needs to handle the SIGTERM message and begin shutting down when it receives it. This means saving all data that needs to be saved, closing down network connections, finishing any work that is left, and other similar tasks.
There are many reasons why Kubernetes might terminate a perfectly healthy container. If you update your deployment with a rolling update, Kubernetes slowly terminates old pods while spinning up new ones. If you drain a node, Kubernetes terminates all pods on that node. If a node runs out of resources, Kubernetes terminates pods to free those resources. It’s important that your application handle termination gracefully so that there is minimal impact on the end user and the time-to-recovery is as fast as possible.

Server

1
server:
2
deployment:
3
image_tag: 1-95a53
4
image: ""
Copied!
It is used for providing server configurations.

Deployment

It gives the details for deployment.
Key
Description
image_tag
It is the image tag
image
It is the URL of the image

Service Monitor

1
servicemonitor:
2
enabled: true
3
path: /abc
4
scheme: 'http'
5
interval: 30s
6
scrapeTimeout: 20s
7
metricRelabelings:
8
- sourceLabels: [namespace]
9
regex: '(.*)'
10
replacement: myapp
11
targetLabel: target_namespace
Copied!
It gives the set of targets to be monitored.

Db Migration Config

1
dbMigrationConfig:
2
enabled: false
Copied!
It is used to configure database migration.

Application Metrics

Application metrics can be enabled to see your application's metrics-CPUService Monito usage,Memory Usage,Status,Throughput and Latency.

Deployment Metrics

It gives the realtime metrics of the deployed applications
Key
Description
Deployment Frequency
It shows how often this app is deployed to production
Change Failure Rate
It shows how often the respective pipeline fails.
Mean Lead Time
It shows the average time taken to deliver a change to production.
Mean Time to Recovery
It shows the average time taken to fix a failed pipeline.

Add on features in Deployment Chart version 3.9.0

Service Account

1
serviceAccountName: orchestrator
Copied!
A service account provides an identity for the processes that run in a Pod.
When you access the cluster, you are authenticated by the API server as a particular User Account. Processes in containers inside pod can also contact the API server. When you are authenticated as a particular Service Account.
When you create a pod, if you do not create a service account, it is automatically assigned the default service account in the namespace.

Pod Disruption Budget

1
podDisruptionBudget: {}
2
minAvailable: 1
3
maxUnavailable: 1
Copied!
You can create PodDisruptionBudget for each application. A PDB limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions. For example, an application would like to ensure the number of replicas running is never brought below the certain number.
You can specify maxUnavailable and minAvailable in a PodDisruptionBudget.
With minAvailable of 1, evictions are allowed as long as they leave behind 1 or more healthy pods of the total number of desired replicas.
With maxAvailable of 1, evictions are allowed as long as at most 1 unhealthy replica among the total number of desired replicas.

Application metrics Envoy Configurations

1
envoyproxy:
2
image: envoyproxy/envoy:v1.14.1
3
configMapName: ""
4
resources:
5
limits:
6
cpu: "50m"
7
memory: "50Mi"
8
requests:
9
cpu: "50m"
10
memory: "50Mi"
Copied!
Envoy is attached as a sidecar to the application container to collect metrics like 4XX, 5XX, Throughput and latency. You can now configure the envoy settings such as idleTimeout, resources etc.

Prometheus Rule

1
prometheusRule:
2
enabled: true
3
additionalLabels: {}
4
namespace: ""
5
rules:
6
- alert: TooMany500s
7
expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
8
for: 1m
9
labels:
10
severity: critical
11
annotations:
12
description: Too many 5XXs
13
summary: More than 5% of the all requests did return 5XX, this require your attention
Copied!
Alerting rules allow you to define alert conditions based on Prometheus expressions and to send notifications about firing alerts to an external service.
In this case, Prometheus will check that the alert continues to be active during each evaluation for 1 minute before firing the alert. Elements that are active, but not firing yet, are in the pending state.

Pod Labels

Labels are key/value pairs that are attached to pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system. Labels can be used to organize and to select subsets of objects.
1
podLabels:
2
severity: critical
Copied!

Pod Annotations

Pod Annotations are widely used to attach metadata and configs in Kubernetes.
1
podAnnotations:
2
fluentbit.io/exclude: "true"
Copied!

Custom Metrics in HPA

1
autoscaling:
2
enabled: true
3
MinReplicas: 1
4
MaxReplicas: 2
5
TargetCPUUtilizationPercentage: 90
6
TargetMemoryUtilizationPercentage: 80
7
behavior:
8
scaleDown:
9
stabilizationWindowSeconds: 300
10
policies:
11
- type: Percent
12
value: 100
13
periodSeconds: 15
14
scaleUp:
15
stabilizationWindowSeconds: 0
16
policies:
17
- type: Percent
18
value: 100
19
periodSeconds: 15
20
- type: Pods
21
value: 4
22
periodSeconds: 15
23
selectPolicy: Max
Copied!
HPA, by default is configured to work with CPU and Memory metrics. These metrics are useful for internal cluster sizing, but you might want to configure wider set of metrics like service latency, I/O load etc. The custom metrics in HPA can help you to achieve this.

Wait For Seconds Before Scaling Down

1
waitForSecondsBeforeScalingDown: 30
Copied!
Wait for given period of time before scaling down the container.

3. Show application metrics

If you want to see application metrics like different HTTP status codes metrics, application throughput, latency, response time. Enable the Application metrics from below the deployment template Save button. After enabling it, you should be able to see all metrics on App detail page. By default it remains disabled.
Once all the Deployment template configurations are done, click on Save to save your deployment configuration. Now you are ready to create Workflow to do CI/CD.

Helm Chart Json Schema Table

Helm Chart json schema is used to validate the deployment template values.
Chart Version
Link
reference-chart_3-12-0
reference-chart_3-11-0
reference-chart_3-10-0
reference-chart_3-9-0

Other Validations in Json Schema

The values of CPU and Memory in limits must be greater than or equal to in requests respectively. Similarly, In case of envoyproxy, the values of limits are greater than or equal to requests as mentioned below.
1
resources.limits.cpu >= resources.requests.cpu
2
resources.limits.memory >= resources.requests.memory
3
envoyproxy.resources.limits.cpu >= envoyproxy.resources.requests.cpu
4
envoyproxy.resources.limits.memory >= envoyproxy.resources.requests.memory
Copied!
Last modified 8d ago