How to deploy your custom application using Kubeapps

Bitnami is continually investing in tools to address the next generation of application packaging including innovations like containers and serverless computing. Kubernetes is a prominent tool for container orchestration while Bitnami is leading the way that containers and functions are packaged and delivered for that platform.

In this regard, Bitnami also provides supporting Open Source tools for Kubernetes users such as Sealed Secrets and the Bitnami key project for Kubernetes: Kubeapps.

Kubeapps is a web-based UI for deploying and managing applications in Kubernetes clusters. It includes a built-in catalog of Helm charts that you can deploy on your Kubernetes cluster, and allows you to manage, upgrade, and delete them directly from its dashboard. You can also use it to connect your deployments to external services from the Kubernetes Service Catalog, as well as to secure them with Kubernetes RBAC rules.

With Kubeapps, you can add your own chart repo so you can deliver only trusted applications to your cluster users. This blog post will walk you through the process of adding your own repo to Kubeapps. After that, it will show you how to deploy a chart from the Kubeapps UI. To do so, a Java Tomcat application with MySQL, that has previously been packaged with Bitnami Stacksmith, will be used as an example, but you can use any of the charts included in the Kubeapps catalog or one from your own Helm chart repository.

How to create your own chart repository on Kubeapps

As mentioned above, Kubeapps comes with different chart repositories that are enabled. See the list of enabled chart repositories in the "Catalog" section:

Repositories List

Furthermore, it is possible to use a private Helm repository to store your own Helm charts (providing your cluster uses only trusted applications that accomplish your internal policies and best practices) and to deploy them using Kubeapps. The following instructions show how to install Kubeapps for creating your own chart repository using ChartMuseum. These are the steps to follow:

  • Install Kubeapps
    • Create a Kubernetes API token
    • Start the Kubeapps Dashboard
  • Download the ChartMuseum chart from the Kubeapps catalog
  • Upload a chart to ChartMuseum
  • Configure your chart repository in Kubeapps
  • Configure Authentication/Authorization

Install Kubeapps

Use the Helm chart to install the latest version of Kubeapps:

$ helm repo add bitnami
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps

The commands above will deploy Kubeapps into the kubeapps namespace on your cluster. It may take a few minutes to execute. Once it has been deployed and the Kubeapps pods are running, continue to step two.

Create a Kubernetes API token

Access to the dashboard requires a Kubernetes API token to authenticate with the Kubernetes API server.

$ kubectl create serviceaccount kubeapps-operator
$ kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator

To retrieve the token, execute the following:

$ kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' | base64 --decode

Start the Kubeapps Dashboard

Once Kubeapps is installed, to securely access the Kubeapps Dashboard from your system, run the following:

$ export POD_NAME=$(kubectl get pods -n kubeapps -l "app=kubeapps,release=kubeapps" -o jsonpath="{.items[0]}")
$ echo "Visit in your browser to access the Kubeapps Dashboard"
$ kubectl port-forward -n kubeapps $POD_NAME 8080:8080

This will start an HTTP proxy for secure access to the Kubeapps Dashboard. Visit in your preferred web browser to open the dashboard. Here's what you should see:

Dashboard login page
  • Paste the token generated in the previous step to authenticate and access the Kubeapps Dashboard for Kubernetes.
Dashboard main page

Download the ChartMuseum chart from the Kubeapps catalog

Now that you have Kubeapps installed and ready to use, it is time to start using ChartMuseum so you will be able to create your own private repository.

To use ChartMuseum with Kubeapps, it is necessary to deploy a Helm chart from the Kubeapps catalog. Browse through it and select its stable repository:

ChartMuseum Chart

Make the following changes in the values.yml file:

  • Set this value to false to be able to use the ChartMuseum API to push new charts.
  • persistence.enabled: Set this value to true to enable persistence for the charts you store. Note that this will create a Kubernetes Persistent Volume Claim so depending on your Kubernetes provider, you may need to manually allocate the required Persistent Volume (PV) to satisfy the claim. Some Kubernetes providers automatically create PVs for you, so setting this value to true is enough.
ChartMuseum Deploy Form

Upload a chart to ChartMuseum

Once ChartMuseum is deployed on your cluster, you will be able to upload a chart. To open a terminal and create a port-forward tunnel to the application, execute the following:

$ export POD_NAME=$(kubectl get pods --namespace default -l "app=chartmuseum" -l "release=my-chartrepo" -o jsonpath="{.items[0]}")
$ kubectl port-forward $POD_NAME 8080:8080 --namespace default
Forwarding from -> 8080
Forwarding from [::1]:8080 -> 8080

And in a different terminal, you can push your chart:

$ helm package /path/to/my/chart
Successfully packaged chart and saved it to: /path/to/my/chart/my-chart-1.0.0.tgz
$ curl --data-binary "@my-chart-1.0.0.tgz" http://localhost:8080/api/charts

Configure your chart repository in Kubeapps

To add your private repository, go back to the Kubeapps UI and navigate to Configuration -> App Repositories and click on "Add App Repository." Use the Kubernetes DNS name for the ChartMuseum service. This will be <release_name>-chartmuseum.<namespace>:8080:

ChartMuseum App Repository

Once you create the repository, click on the link of the repository you want to use and start to deploy your own applications using Kubeapps.

Configure authentication/authorization

Authentication/authorization mechanisms which are used to identify the user have many advantages. The main purpose of these mechanisms is to validate the user's right to access the information and protect against identity theft and fraud. It is possible to configure ChartMuseum to use authentication with two different mechanisms:

1) Using HTTP basic authentication (user/password). To use this feature, you must:

  • Specify the parameters secret.AUTH_USER and secret.AUTH_PASS when deploying the ChartMuseum.
  • Set as Authorization Header a Basic authorization header using the base64 codification of the user:password string as the value. For example, for the user "JaneDoe" and password "secretPassword" (echo "JaneDoe:secretPassword" | base64), it would use the following header field: Basic SmFuZURvZTpzZWNyZXRQYXNzd29yZAo=

2) Using a JWT token. Once you obtain a valid token, set it in the Authorization Header field of the App Repository form. Note that in this case, it will be prefixed with Bearer. For example: Bearer UVd4aFpHUnBianB2Y0dWdUlIT=.

How to deploy an application on a cluster using Kubeapps

The instructions below will walk you through the process of deploying a sample application on your Kubernetes cluster using the Kubeapps UI. For the sake of simplicity, a Java Tomcat application with MySQL, that has previously been packaged with Bitnami Stacksmith, will be used, but the process is the same if you want to deploy an application from your own catalog.

Deploy a Java Tomcat application with MySQL

Once the Kubeapps Dashboard is up and running, you can start deploying applications into your cluster.

  • Use the "Catalog" page in the dashboard to search for the application from the list of charts in any of the configured Helm chart repositories.
Demo app search
  • Click on "Deploy using Helm."
Demo app kubeapps
  • You will be prompted for the release name and values for the application.

  • Click on "Submit." The application will be deployed. You will be able to track the new Kubernetes deployment directly from the browser.

Demo app k8s

Use the URLs shown to directly access the application. Note that, depending on your cloud provider of choice, it may take some time for an access URL to be available for the application and the service will stay in a "Pending" state until a URL is assigned. If using Minikube, run minikube tunnel in your terminal in order for an IP address to be assigned to your application.

Demo app deploy

Congrats! Now you are able to access your application from your browser:

Demo app

Kubeapps, the Bitnami open-source project that helps you provide and manage Kubernetes deployments from a single UI

As you have seen in this blog post, Kubeapps not only allows you to deploy and manage applications in Kubernetes clusters from a visual dashboard, but it also provides a single place for your organization where your users can discover new applications and IT services that are compliant with your internal requirements and best practices. Thus, it allows users to deploy only the approved IT services they need.

Start using Kubeapps now to provide your team with charts that are compliant with your company standards!