Kubernetes Deployment via Glasskube
Prerequisites
- A Kubernetes cluster currently set as the current context in
kubectl
docker
,openssl
,kubectl
andglasskube
(opens in a new tab) installed
What is Glasskube?
Glasskube (opens in a new tab) is an alternative package manager for Kubernetes and part of the CNCF landscape. Glasskube is designed as a Cloud Native application and every installed package is represented by a Custom Resource.
glasskube/glasskube
(opens in a new tab) is in active development, with good first issues
available for new contributors.
Quickstart
Generate encryption keys
There are 4 encryption secrets required for Hatchet to run which can be generated via the following bash script (requires docker
and openssl
):
#!/bin/bash
# Define an alias for generating random strings. This needs to be a function in a script.
randstring() {
openssl rand -base64 69 | tr -d "\n=+/" | cut -c1-$1
}
# Create keys directory
mkdir -p ./keys
# Function to clean up the keys directory
cleanup() {
rm -rf ./keys
}
# Register the cleanup function to be called on the EXIT signal
trap cleanup EXIT
# Check if Docker is installed
if ! command -v docker &> /dev/null
then
echo "Docker could not be found. Please install Docker."
exit 1
fi
# Generate keysets using Docker
docker run --user $(id -u):$(id -g) -v $(pwd)/keys:/hatchet/keys ghcr.io/hatchet-dev/hatchet/hatchet-admin:latest /hatchet/hatchet-admin keyset create-local-keys --key-dir /hatchet/keys
# Read keysets from files
SERVER_ENCRYPTION_MASTER_KEYSET=$(<./keys/master.key)
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET=$(<./keys/private_ec256.key)
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET=$(<./keys/public_ec256.key)
# Generate the random strings for SERVER_AUTH_COOKIE_SECRETS
SERVER_AUTH_COOKIE_SECRET1=$(randstring 16)
SERVER_AUTH_COOKIE_SECRET2=$(randstring 16)
# Create the YAML file
cat > hatchet-secret.yaml <<EOF
apiVersion: v1
kind: Secret
metadata:
name: hatchet-secret
namespace: hatchet
stringData:
SERVER_AUTH_COOKIE_SECRETS: "$SERVER_AUTH_COOKIE_SECRET1 $SERVER_AUTH_COOKIE_SECRET2"
SERVER_ENCRYPTION_MASTER_KEYSET: "$SERVER_ENCRYPTION_MASTER_KEYSET"
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET: "$SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET"
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET: "$SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET"
EOF
Apply the secret
To apply the secret run:
kubectl create namespace hatchet
kubectl apply -f hatchet-secret.yaml
Install Hatchet
glasskube install hatchet
Make sure to set the api server and engine replica count to 0 and use the secret name you applied before (hatchet-secret
).
Open Hatchet
glasskube open hatchet
Set up your Hatchet account
You can create a new user account by clicking the Register
button on the Hatchet login screen, and then creating a new account and tenant.
Next, navigate to your settings tab in the Hatchet dashboard. You should see a section called "API Keys". Click "Create API Key", input a name for the key and copy the key. Then copy the following environment variable:
HATCHET_CLIENT_TOKEN="<token>"
HATCHET_CLIENT_TLS_STRATEGY=none
You will need this in the following example.
Port forward to the Hatchet engine
export NAMESPACE=hatchet # TODO: change if you modified the namespace
export POD_NAME=$(kubectl get pods --namespace $NAMESPACE -l "app.kubernetes.io/name=hatchet-engine,app.kubernetes.io/instance=hatchet" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace $NAMESPACE $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
kubectl --namespace $NAMESPACE port-forward $POD_NAME 7070:$CONTAINER_PORT
This will spin up the Hatchet engine service on localhost:7070
which you can then connect to from the examples.
Run your first worker
Make sure you have the following dependencies installed:
pip install python-dotenv
pip install hatchet-sdk
We are using python-dotenv
(opens in a new tab) to load the environment variables from a .env
file. This isn't required, and you can use your own method to load environment variables.
Create a worker.py
file with the following contents:
from hatchet_sdk import Hatchet
from dotenv import load_dotenv
load_dotenv()
hatchet = Hatchet(debug=True)
@hatchet.workflow(name="first-python-workflow",on_events=["user:create"])
class MyWorkflow:
@hatchet.step()
def step1(self, context):
return {
"result": "success"
}
worker = hatchet.worker('first-worker')
worker.register_workflow(MyWorkflow())
worker.start()
Open a new terminal and start the worker with:
python3 worker.py
Run your first workflow
The worker is now running and listening for steps to execute. You should see your first worker registered in the Workers
tab of the Hatchet dashboard:
You can now trigger your first workflow by navigating to the Workflows
tab, selecting your workflow, and clicking the top right "Trigger workflow" button:
That's it! You've successfully deployed Hatchet and run your first workflow.