Kubernetes Deployment via Glasskube
Prerequisites
- A Kubernetes cluster currently set as the current context in
kubectl docker,openssl,kubectlandglasskubeinstalled
What is Glasskube?
Glasskube is an alternative package manager for Kubernetes and part of the CNCF landscape. Glasskube is designed as a Cloud Native application and every installed package is represented by a Custom Resource.
glasskube/glasskube is in active development, with good first issues
available for new contributors.
Quickstart
Generate encryption keys
There are 4 encryption secrets required for Hatchet to run which can be generated via the following bash script (requires docker and openssl):
#!/bin/bash
# Define an alias for generating random strings. This needs to be a function in a script.
randstring() {
openssl rand -base64 69 | tr -d "\n=+/" | cut -c1-$1
}
# Create keys directory
mkdir -p ./keys
# Function to clean up the keys directory
cleanup() {
rm -rf ./keys
}
# Register the cleanup function to be called on the EXIT signal
trap cleanup EXIT
# Check if Docker is installed
if ! command -v docker &> /dev/null
then
echo "Docker could not be found. Please install Docker."
exit 1
fi
# Generate keysets using Docker
docker run --user $(id -u):$(id -g) -v $(pwd)/keys:/hatchet/keys ghcr.io/hatchet-dev/hatchet/hatchet-admin:latest /hatchet/hatchet-admin keyset create-local-keys --key-dir /hatchet/keys
# Read keysets from files
SERVER_ENCRYPTION_MASTER_KEYSET=$(<./keys/master.key)
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET=$(<./keys/private_ec256.key)
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET=$(<./keys/public_ec256.key)
# Generate the random strings for SERVER_AUTH_COOKIE_SECRETS
SERVER_AUTH_COOKIE_SECRET1=$(randstring 16)
SERVER_AUTH_COOKIE_SECRET2=$(randstring 16)
# Create the YAML file
cat > hatchet-secret.yaml <<EOF
apiVersion: v1
kind: Secret
metadata:
name: hatchet-secret
namespace: hatchet
stringData:
SERVER_AUTH_COOKIE_SECRETS: "$SERVER_AUTH_COOKIE_SECRET1 $SERVER_AUTH_COOKIE_SECRET2"
SERVER_ENCRYPTION_MASTER_KEYSET: "$SERVER_ENCRYPTION_MASTER_KEYSET"
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET: "$SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET"
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET: "$SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET"
EOFApply the secret
To apply the secret run:
kubectl create namespace hatchet
kubectl apply -f hatchet-secret.yamlInstall Hatchet
glasskube install hatchetMake sure to set the api server and engine replica count to 0 and use the secret name you applied before (hatchet-secret).
Open Hatchet
glasskube open hatchetSet up your Hatchet account
You can create a new user account by clicking the Register button on the Hatchet login screen, and then creating a new account and tenant.
Next, navigate to your settings tab in the Hatchet dashboard. You should see a section called “API Keys”. Click “Create API Key”, input a name for the key and copy the key. Then copy the following environment variable:
HATCHET_CLIENT_TOKEN="<token>"
HATCHET_CLIENT_TLS_STRATEGY=noneYou will need this in the following example.
Port forward to the Hatchet engine
export NAMESPACE=hatchet # TODO: change if you modified the namespace
export POD_NAME=$(kubectl get pods --namespace $NAMESPACE -l "app.kubernetes.io/name=hatchet-engine,app.kubernetes.io/instance=hatchet" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace $NAMESPACE $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
kubectl --namespace $NAMESPACE port-forward $POD_NAME 7070:$CONTAINER_PORTThis will spin up the Hatchet engine service on localhost:7070 which you can then connect to from the examples.
Generate an API token
To generate an API token, navigate to the Settings tab in the Hatchet frontend and click on the API Tokens tab. Click the Generate API Token button to create a new token. Store this token somewhere safe.
Run your first worker
Now that you have an API token, see the guide here for how to run your first task.