hscloud-docs/04-deploy-web-app.md

# Deploying docker image on hscloud

In this chapter, we will deploy our registered docker image on `hscloud` as a simple HTTP kube service with HTTPS from Let's Encrypt.

## Requirements

Working `nix`. You can install `nix` with command:

```bash
sh <(curl -L https://nixos.org/nix/install) --daemon
```

and start it with:

```bash
nix-shell
bazel build //tools:install
bazel run //tools:install
```

inside `hscloud` repo.

We need a registered docker image in the registry. If you don't have one, you can create it by following the [Building your own Flask web service](03-build-web-app.md) chapter. We also need a running `prodaccess` authorization (details: [Building environment](01-1-build-on-ubuntu.md)).

## Steps

We create a `prod.jsonnet` file in location `//personal/$hs_username/myflask/prod.jsonnet`:


```jsonnet
# Remember to replace $hs_username with your SSO username!

local kube = import "../../../kube/kube.libsonnet";

{
    local top = self,
    local cfg = self.cfg,

    cfg:: {
        name: 'web-app',
        namespace: 'personal-$hs_username',
        domain: 'web-app.$hs_username.hscloud.ovh',
        image: 'registry.k0.hswaw.net/$hs_username/myflask:latest',
    },

    ns: kube.Namespace(cfg.namespace),
    
    deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
        spec+: {
            replicas: 1,
            template+: {
                spec+: {
                    containers_: {
                        default: kube.Container("default") {
                            image: cfg.image,
                            ports_: {
                                http: { containerPort: 5000 },
                            }
                        },
                    },
                },
            },
        },
    },

    service: top.ns.Contain(kube.Service(cfg.name)) {
        target_pod:: top.deployment.spec.template,
    },

    ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
        metadata+: {
            annotations+: {
                "kubernetes.io/tls-acme": "true",
                "cert-manager.io/cluster-issuer": "letsencrypt-prod",
                "nginx.ingress.kubernetes.io/proxy-body-size": "0",
            },
        },
        spec+: {
            tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
            rules: [
                {
                    host: cfg.domain,
                    http: {
                        paths:  [
                            { path: "/", backend: top.service.name_port },
                        ],
                    },
                },
            ],
        },
    },
}
```

We can now deploy our application:

```bash
kubecfg update prod.jsonnet
```

The application should be available at `http://web-app.$hs_username.hscloud.ovh`. You will have to wait several seconds for the working HTTPS service.

To remove the application, execute:

```bash
kubecfg delete prod.jsonnet
```
:llama: Update in build and deploy 2023-10-20 22:11:34 +00:00			`# Deploying docker image on hscloud`

:bird: Major update 2023-11-02 23:23:32 +00:00			In this chapter, we will deploy our registered docker image on `hscloud` as a simple HTTP kube service with HTTPS from Let's Encrypt.
:llama: Update in build and deploy 2023-10-20 22:11:34 +00:00
			`## Requirements`

:bird: Major update 2023-11-02 23:23:32 +00:00			Working `nix`. You can install `nix` with command:
:hamster: Update tutorials 2023-10-26 19:17:45 +00:00
			```bash
			`sh <(curl -L https://nixos.org/nix/install) --daemon`
			```

			`and start it with:`

			```bash
			`nix-shell`
			`bazel build //tools:install`
			`bazel run //tools:install`
			```

			inside `hscloud` repo.

:bird: Major update 2023-11-02 23:23:32 +00:00			We need a registered docker image in the registry. If you don't have one, you can create it by following the [Building your own Flask web service](03-build-web-app.md) chapter. We also need a running `prodaccess` authorization (details: [Building environment](01-1-build-on-ubuntu.md)).
:llama: Update in build and deploy 2023-10-20 22:11:34 +00:00
			`## Steps`

			We create a `prod.jsonnet` file in location `//personal/$hs_username/myflask/prod.jsonnet`:


			```jsonnet
			`# Remember to replace $hs_username with your SSO username!`

			`local kube = import "../../../kube/kube.libsonnet";`

			`{`
			`local top = self,`
			`local cfg = self.cfg,`

			`cfg:: {`
			`name: 'web-app',`
			`namespace: 'personal-$hs_username',`
			`domain: 'web-app.$hs_username.hscloud.ovh',`
			`image: 'registry.k0.hswaw.net/$hs_username/myflask:latest',`
			`},`

			`ns: kube.Namespace(cfg.namespace),`

			`deployment: top.ns.Contain(kube.Deployment(cfg.name)) {`
			`spec+: {`
			`replicas: 1,`
			`template+: {`
			`spec+: {`
			`containers_: {`
			`default: kube.Container("default") {`
			`image: cfg.image,`
			`ports_: {`
			`http: { containerPort: 5000 },`
			`}`
			`},`
			`},`
			`},`
			`},`
			`},`
			`},`

			`service: top.ns.Contain(kube.Service(cfg.name)) {`
			`target_pod:: top.deployment.spec.template,`
			`},`

			`ingress: top.ns.Contain(kube.Ingress(cfg.name)) {`
			`metadata+: {`
			`annotations+: {`
			`"kubernetes.io/tls-acme": "true",`
			`"cert-manager.io/cluster-issuer": "letsencrypt-prod",`
			`"nginx.ingress.kubernetes.io/proxy-body-size": "0",`
			`},`
			`},`
			`spec+: {`
			`tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],`
			`rules: [`
			`{`
			`host: cfg.domain,`
			`http: {`
			`paths: [`
			`{ path: "/", backend: top.service.name_port },`
			`],`
			`},`
			`},`
			`],`
			`},`
			`},`
			`}`
			```

			`We can now deploy our application:`

			```bash
			`kubecfg update prod.jsonnet`
			```

			The application should be available at `http://web-app.$hs_username.hscloud.ovh`. You will have to wait several seconds for the working HTTPS service.

			`To remove the application, execute:`

			```bash
			`kubecfg delete prod.jsonnet`
			```