Webjet is an online travel agency responsible for managing thousands of travel bookings daily te Australia and Fresh Zealand. Overheen the last year, Microsoft and Webjet have collaborated to help Webjet solve inefficiencies te the processing and management of hotel bookings by leveraging blockchain technology. You can learn more about our partnership from the press release. For more technical details see this talk from Build 2018.
Spil Webjet continued to grow their blockchain deployment, they began to succesnummer several issues with their Infrastructure-as-a-Service (IaaS) architecture. Wij recently worked with Webjet to help migrate their deployment to Kubernetes. Ter this code story, we’ll share the lessons learned from migrating from IaaS to Kubernetes, explain how wij used Hoofdbescherming to deploy a private Ethereum network to Kubernetes, and vertoning how you can use Hoofdbescherming to deploy your own private Ethereum network.
Due to Virtual Machine Scale Sets’ (VMSS) feature of autoscaling based on a diversity of metrics, Webjet chose to host their private Ethereum networks on a series of VMSS with each one running Docker containers orchestrated by Docker Compose. A generalized version of Webjet’s Azure ARM deployment is available on GitHub. However, ter Webjet’s path to moving this to production, some deficiencies te their IaaS-based architecture became apparent.
Difficult to scale
Docker Compose supports running numerous replicas for a container, however, te order to geyser balance across replicas, management of container-host port mappings is required.
At the node-level, spil VMSS’ autoscale feature scales out the entire knot, VMSS work optimally against homogeneous workloads. With several different services running on the machine, scaling up/down a VMSS would affect all running services on that machine. Alternatively, the architecture could be separated into several Docker Compose files and thereby several VMSS, but this would require a significant amount of pre-planning to ensure a zindelijk balance of hardware needs and costs.
Upgrading services meant SSH-ing into the VMs, running docker – compose zekering , downloading the fresh Docker Compose mededeling, and then subsequently running docker – compose up . Configuration management devices such spil SaltStack could be used to automate this process, but the process itself is very custom-made and has a high potential for error.
For the above reasons, the Webjet team determined to leverage Kubernetes through AKS to help automate deployment, scaling, and orchestration of the application. With Kubernetes, Webjet is able to scale up/down certain applications and take advantage of Kubernetes’ native support for rolling upgrades.
After migrating their existing Docker Compose manifests to Kubernetes, wij landed on the following architecture:
The diagram above shows the architecture of the private Ethereum network when mapped to Kubernetes constructs. The blue represents Kubernetes Services, the crimson represents Kubernetes Deployments, whereas the green and yellow are Kubernetes Secrets and ConfigMaps respectively.
Every time Webjet needed to deploy a fresh Ethereum network, a series of configuration updates needed to be made to the YAML definitions. Thesis switches included the Ethereum genesis verkeersopstopping, application secrets, and Geth private keys. Webjet originally accomplished this task using shell scripts that would search and substitute configuration values and then execute the deployment using kubectl create . During a hackfest with Webjet, wij worked together to instead use Hoofdbescherming to manage the templatization of the YAML definitions.
Hoofdbescherming is a package manager for Kubernetes. The project wasgoed originally created by Deis and has since bot donated to the Cloud Native Computing Foundation (CNCF). Sidenote, the lovely folks of Deis are now part of Microsoft. Typically, an application is composed of a combination of services, deployments, secrets, etc. Instead of managing thesis Kubernetes resources individually, Hoofdbescherming offers a higher-level construct (known spil charts) to manage your entire application. With Hoofdbescherming, you can create, upgrade, and rollback entire applications, and lightly share applications/charts with peers and the greater community.
Creating a Chart
Working with Webjet, wij created a Hoofdbescherming chart to deploy a private Ethereum network. To create a Hoofdbescherming chart, install the Hoofdbescherming CLI, and run hoofdbescherming create to scaffold a fresh chart. To migrate your existing YAML manifests, copy the manifests to the Hoofdbescherming folder structure and add the following labels outlined here: Chart Standard Labels. Thesis labels are not required to deploy charts but are recommended for consistency. The next step is to templatize configurations and settings that can be overridden. For more details, see the Chart Best Practices Guide.
With Hoofdbescherming, each chart is an individually-manageable unit. Webjet separated their architecture into numerous Hoofdbescherming charts such that they could be individually upgradeable. For example, wij had separate charts for the Ethereum network (Miners, EthStats, Bootnode), another for the Blockchain Watcher, one for deploying their Storage (SQL), etc. Artifacts that were collective across numerous Hoofdbescherming charts (e.g., Secrets, ConfigMaps) were marked spil dependencies ter the Chart’s requirement.yaml .
Deploying a Chart
Hoofdbescherming is comprised of two components: a client CLI (hoofdbescherming) and a server (tiller). One of the niceties of deploying a Kubernetes cluster on Azure through either acs-engine or ACS/AKS, is that by default the cluster will be pre-provisioned with Tiller. For a cluster that has not yet bot initialized, you can do so with hoofdbescherming init .
To install a chart, you can run hoofdbescherming install , which will search for and install a chart from the official Charts repository. The Ethereum chart wij developed te muziekstuk with Webjet is available on GitHub, and once this pull request is merged, you’ll be able to install a private Ethereum network onto your Kubernetes cluster using: