Skip to main content

Deployment

This guide gives an outline of how to deploy Styra Load in Kubernetes. There are a number of adjustments you may wish to consider for your own deployment:

  • Setting memory and CPU requests for the Load container. These values will depend on your data and throughput requirements.
  • Adjustments to the example configuration file included here as a secret to load bundles over the Bundle Service API.
  • Creating an Ingress resource to expose the Load API.
  • Deploying kube-mgmt to load Kubernetes data or policies in ConfigMap resources into Load.

1. Create a Namespace

This guide uses an example namespace named load. This is optional, but will require updates to the following YAML files.

apiVersion: v1
kind: Namespace
metadata:
name: load

2. Store the Load License in a Secret

This is a required step. This secret is used in the Load pods to enable them to start.

apiVersion: v1
kind: Secret
metadata:
name: styra-load-license
namespace: load
type: Opaque
stringData:
license: "..." # <-- set license key here

3. Create the Load config file

Create a ConfigMap for Load's configuration. This will be loaded into the Load pods via a volume mount.

apiVersion: v1
kind: ConfigMap
metadata:
name: styra-load-config
namespace: load
data:
config.yaml: |
services:
example:
url: https://bundles.example.com/

bundles:
example:
service: example
resource: bundles/example.tar.gz
note

If you're providing anything sensitive, like tokens or private keys, in your Load configuration — don't place them in the config map directly, but prefer using either environment variable substitution or on file via the --set-file override for load run.

4. Create the Load Deployment

Finally, we can run Load by creating a Deployment resource.

note

This Deployment makes reference the Styra Load image hosted on the GitHub Container Registry. If this is inaccessible from your cluster, you will need to push a copy of the image to a regristry that is accessible and update the image name in the Deployment's Pod spec.

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: load
namespace: load
name: load
spec:
replicas: 1
selector:
matchLabels:
app: load
template:
metadata:
labels:
app: load
name: load
spec:
containers:
- name: load
# Update this to the desired version
image: # docker pull ghcr.io/styrainc/load:$VERSION
args:
- "run"
- "--server"
- "--addr=0.0.0.0:8181"
- "--config-file=/etc/config/config.yaml"
env:
- name: STYRA_LOAD_LICENSE_KEY
valueFrom:
secretKeyRef:
name: styra-load-license
key: license
volumeMounts:
- name: config
mountPath: /etc/config
readinessProbe:
httpGet:
path: /health
scheme: HTTP
port: 8181
initialDelaySeconds: 3
periodSeconds: 5
livenessProbe:
httpGet:
path: /health
scheme: HTTP
port: 8181
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: config
configMap:
name: styra-load-config
items:
- key: "config.yaml"
path: "config.yaml"

5. Access the Load API

Connecting to the Load API using kubectl port-forward

This method is only really suitable for local testing. First, run the following command to forward port 8181 on your local machine to the Load API:

$ kubectl -n load port-forward deployment/load 8181
Forwarding from 127.0.0.1:8181 -> 8181
Forwarding from [::1]:8181 -> 8181

Next, in another terminal, run the following command to test the connection:

$ curl --silent localhost:8181/v1/data/system/version?pretty=true
{
"result": {
"build_commit": "779a6b0b33fcaf1fc47b42728a610dba7dc5dcac",
"build_hostname": "github.actions.local",
"build_timestamp": "2023-02-03T22:52:03Z",
"version": "0.48.0"
}
}

Connecting to the Load API using a Service & Ingress

This method is more suitable in the following scenarios:

  • You want to run Load in production and have other services in the cluster that depend on it.
  • When benchmarking Load from within the cluster.

First, create a Service resource. This will give Load a record in the Kubernetes DNS and make it accessible from other pods in the cluster at load.load.svc.cluster.local:8181.

kind: Service
apiVersion: v1
metadata:
name: load
namespace: load
spec:
selector:
app: load
ports:
- port: 8181

Optionally, create an Ingress resource to allow the Load instances to be accessed from another location.

note

You will need to update the host field to hostname you wish to use.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: load
namespace: load
spec:
rules:
- host: load.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: load
port:
number: 8181

Next, in another terminal, run the following command to test the connection:

$ curl load.example.com/v1/data/system/version?pretty=true
{
"result": {
"build_commit": "779a6b0b33fcaf1fc47b42728a610dba7dc5dcac",
"build_hostname": "github.actions.local",
"build_timestamp": "2023-02-03T22:52:03Z",
"version": "0.48.0"
}
}