Hashi Waypoint

Published: Oct 16, 2020 by Isaac Johnson

Hashicorp had HashiConf 2020 virtually this year.  The two day conference debuted two new products, Hashi Boundaryand Hashi Waypoint.  The former is an Identity at the perimeter solution and the later is their first offering in the CI/CD space.

What is Waypoint and how can we use it?  Let’s dive in.

Setup

By now you’re familiar with my pattern in Azure.  In summary, we will create an SP for AKS, a resource group, ACR (registry), AKS (cluster) and lastly show they are up.

$ az ad sp create-for-rbac -n ijk8suser --skip-assignment --output json > my_sp.json && export SP_PASS=`cat my_sp.json | jq -r .password` && export SP_ID=`cat my_sp.json | jq -r .appId`

$ az group create -n ijk8senv --location centralus

$ az acr create --name ijk8senv1cr --resource-group ijk8senv --sku Basic --admin-enabled true

$ az aks create -n ijk8s --resource-group ijk8senv --location centralus -
-node-count 3 --enable-cluster-autoscaler --min-count 2 --max-count 4 --generate-ssh-keys --network-plugin azure --network-policy azure --service-principal $SP_ID --client-secret $SP_PASS

Verification

$ az aks list -o table
Name Location ResourceGroup KubernetesVersion ProvisioningState Fqdn
------ ---------- --------------- ------------------- ------------------- ------------------------------------------------------
ijk8s centralus ijk8senv 1.17.11 Succeeded ijk8s-ijk8senv-70b42e-ef4f4f76.hcp.centralus.azmk8s.io

$ az aks get-credentials -n ijk8s -g ijk8senv --admin
Merged "ijk8s-admin" as current context in /home/builder/.kube/config

$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-nodepool1-45047845-vmss000000 Ready agent 11h v1.17.11
aks-nodepool1-45047845-vmss000002 Ready agent 11h v1.17.11

Installing Waypoint

Install waypoint with Apt. There is a brew package for Mac and a download for Windows as well (see Downloads).

$ curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
[sudo] password for builder:
OK
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint$ sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
Get:1 http://packages.cloud.google.com/apt cloud-sdk InRelease [6349 B]
Get:2 http://packages.cloud.google.com/apt cloud-sdk/main amd64 Packages [140 kB]
Hit:3 http://ppa.launchpad.net/git-core/ppa/ubuntu bionic InRelease
Get:4 https://packages.microsoft.com/repos/azure-cli bionic InRelease [3965 B]
Get:5 https://packages.microsoft.com/ubuntu/18.04/prod bionic InRelease [4003 B]
Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:7 https://apt.releases.hashicorp.com bionic InRelease [4421 B]
Hit:8 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:9 https://packages.microsoft.com/repos/azure-cli bionic/main amd64 Packages [10.9 kB]
Get:10 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:11 https://packages.microsoft.com/ubuntu/18.04/prod bionic/main amd64 Packages [141 kB]
Get:12 https://apt.releases.hashicorp.com bionic/main amd64 Packages [12.1 kB]
Get:13 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [1387 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [1713 kB]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [274 kB]
Get:17 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [160 kB]
Get:18 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [21.5 kB]
Get:19 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1075 kB]
Get:20 http://archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [364 kB]
Get:21 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [178 kB]
Get:22 http://archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [24.0 kB]
Get:23 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1678 kB]
Get:24 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [240 kB]
Get:25 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [12.6 kB]
Get:26 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [2936 B]
Get:27 http://archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [353 kB]
Get:28 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [31.6 kB]
Get:29 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [6952 B]
Get:30 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [10.0 kB]
Get:31 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [10.3 kB]
Fetched 8115 kB in 5s (1615 kB/s)
Reading package lists... Done

$ sudo apt-get update && sudo apt-get install waypoint
Hit:1 https://packages.microsoft.com/repos/azure-cli bionic InRelease
Hit:2 https://packages.microsoft.com/ubuntu/18.04/prod bionic InRelease
Hit:3 https://apt.releases.hashicorp.com bionic InRelease
Hit:4 http://packages.cloud.google.com/apt cloud-sdk InRelease
Hit:5 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:6 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:7 http://ppa.launchpad.net/git-core/ppa/ubuntu bionic InRelease
Hit:8 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:9 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libdumbnet1 libstartup-notification0 libxcb-util1 python-chardet python-cliapp python-markdown python-pygments
  python-ttystatus python-yaml
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  waypoint
0 upgraded, 1 newly installed, 0 to remove and 209 not upgraded.
Need to get 74.7 MB of archives.
After this operation, 148 MB of additional disk space will be used.
Get:1 https://apt.releases.hashicorp.com bionic/main amd64 waypoint amd64 0.1.1 [74.7 MB]
Fetched 74.7 MB in 12s (6248 kB/s)
Selecting previously unselected package waypoint.
(Reading database ... 114263 files and directories currently installed.)
Preparing to unpack .../waypoint_0.1.1_amd64.deb ...
Unpacking waypoint (0.1.1) ...
Setting up waypoint (0.1.1) ...

Verification

$ waypoint --version
Welcome to Waypoint
Docs: https://waypointproject.io
Version: v0.1.1

Usage: waypoint [-version] [-help] [-autocomplete-(un)install] <command> [args]

Common commands
  build Build a new versioned artifact from source
  deploy Deploy a pushed artifact
  release Release a deployment
  up Perform the build, deploy, and release steps for the app

Other commands
  artifact Artifact and build management
  config Application configuration management
  context Server access configurations
  deployment Deployment creation and management
  destroy Delete all the resources created for an app
  docs Show documentation for components
  exec Execute a command in the context of a running application instance
  hostname Application URLs
  init Initialize and validate a project
  install Install the Waypoint server to Kubernetes, Nomad, or Docker
  logs Show log output from the current application deployment
  runner Runner management
  server Server management
  token Authenticate and invite collaborators
  ui Open the web UI
  version Prints the version of this Waypoint CLI

Installing Waypoint to AKS

This is ridiculously simple. I was pleasantly surprised there were no issues at all.

$ waypoint install --platform=kubernetes -accept-tos
service/waypoint created
statefulset.apps/waypoint-server created
Waypoint server successfully installed and configured!

The CLI has been configured to connect to the server automatically. This
connection information is saved in the CLI context named "install-1602808475".
Use the "waypoint context" CLI to manage CLI contexts.

The server has been configured to advertise the following address for
entrypoint communications. This must be a reachable address for all your
deployments. If this is incorrect, manually set it using the CLI command
"waypoint server config-set".

Advertise Address: 13.89.115.105:9701
HTTP UI Address: 13.89.115.105:9702
Waypoint UI running in AKS

Next, you’ll need a token. This we can get from the command line.

$ waypoint token new
bM152PWkXxfoy4vA51JFhR7LsQPkR9F4NbKw9FMEz5EpJHCokuFtrybwUGQqb48j7MB24KZTejqbeqCgdkL56mkPsLuXyywGxEYGQ

Use that to login and you’ll see instructions for adding a project

Let’s do that now.

$ waypoint init
Initial Waypoint configuration created!
No Waypoint configuration was found in this directory.

A sample configuration has been created in the file "waypoint.hcl". This
file is heavily commented to help you get started.

Once you've setup your initial configuration, run "waypoint init" again to
validate the configuration and initialize your project.

$ cat waypoint.hcl
# The name of your project. A project typically maps 1:1 to a VCS repository.
# This name must be unique for your Waypoint server. If you're running in
# local mode, this must be unique to your machine.
project = "my-project"

# Labels can be specified for organizational purposes.
# labels = { "foo" = "bar" }

# An application to deploy.
app "web" {
    # Build specifies how an application should be deployed. In this case,
    # we'll build using a Dockerfile and keeping it in a local registry.
    build {
        use "docker" {}

        # Uncomment below to use a remote docker registry to push your built images.
        #
        # registry {
        # use "docker" {
        # image = "registry.example.com/image"
        # tag = "latest"
        # }
        # }

    }

    # Deploy to Docker
    deploy {
        use "docker" {}
    }
}

First, let’s setup a nodejs project:

$ npm init

$ npm install -g express-generator
npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
/home/builder/.nvm/versions/node/v8.10.0/bin/express -> /home/builder/.nvm/versions/node/v8.10.0/lib/node_modules/express-generator/bin/express-cli.js
+ express-generator@4.16.1
added 10 packages in 1.671s

$ express --view=pug myapp

   create : myapp/
   create : myapp/public/
   create : myapp/public/javascripts/
   create : myapp/public/images/
   create : myapp/public/stylesheets/
   create : myapp/public/stylesheets/style.css
   create : myapp/routes/
   create : myapp/routes/index.js
   create : myapp/routes/users.js
   create : myapp/views/
   create : myapp/views/error.pug
   create : myapp/views/index.pug
   create : myapp/views/layout.pug
   create : myapp/app.js
   create : myapp/package.json
   create : myapp/bin/
   create : myapp/bin/www

   change directory:
     $ cd myapp

   install dependencies:
     $ npm install

   run the app:
     $ DEBUG=myapp:* npm start

$ cd myapp

We need to enable AKS to talk to ACR. We can install a docker secret, but since we are both in Azure, we can just enable AKS to talk to our ACR.

$ az aks update -n ijk8s -g ijk8senv --attach-acr ijk8senv1cr
{
  "aadProfile": null,
  "addonProfiles": {
    "KubeDashboard": {
      "config": null,
      "enabled": true,
      "identity": null
    }
  },
  "agentPoolProfiles": [
    {
      "availabilityZones": null,
      "count": 2,
      "enableAutoScaling": true,
      "enableNodePublicIp": null,
      "maxCount": 4,
      "maxPods": 30,
      "minCount": 2,
      "name": "nodepool1",
      "nodeLabels": null,
      "nodeTaints": null,
      "orchestratorVersion": "1.17.11",
      "osDiskSizeGb": 128,
      "osType": "Linux",
      "provisioningState": "Succeeded",
      "scaleSetEvictionPolicy": null,
      "scaleSetPriority": null,
      "tags": null,
      "type": "VirtualMachineScaleSets",
      "vmSize": "Standard_DS2_v2",
      "vnetSubnetId": null
    }
  ],
  "apiServerAccessProfile": null,
  "dnsPrefix": "ijk8s-ijk8senv-70b42e",
  "enablePodSecurityPolicy": null,
  "enableRbac": true,
  "fqdn": "ijk8s-ijk8senv-70b42e-ef4f4f76.hcp.centralus.azmk8s.io",
  "id": "/subscriptions/asdfasdf-6faf-4fed-bcec-asdfasdf1234/resourcegroups/ijk8senv/providers/Microsoft.ContainerService/managedClusters/ijk8s",
  "identity": null,
  "identityProfile": null,
  "kubernetesVersion": "1.17.11",
  "linuxProfile": {
    "adminUsername": "azureuser",
    "ssh": {
      "publicKeys": [
        {
          "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHZ3iOnMMLkiltuikXSjqudfCHmQvIjBGMOuGk6wedwG8Xai3uv0M/X3Z2LS6Ac8tComKEKg7Zje2KFBnvBJvU5JqkTwNHnmp682tXf15EYgn4tB7MDz5DUARpcUXJbYfUg8yPUDveYHw8PEm1n+1MvLJN0ftvdORG5CQQEl/m7jErbJJQI70xg7C8/HG5GmJpIQjDl7UVsJANKab/2/bbUlG1Sqp4cQ/LwxKxQ6/QK/HVauxDkudoTkFLqukLWVjHvNZD37MC/wygSsEVYF+yrkNJySlNbMk4ZNmMwva1yLX8Shhr8G4wWe8QI9Ska8B0keSIu8fzRWxXAv2gB3xB"
        }
      ]
    }
  },
  "location": "centralus",
  "maxAgentPools": 10,
  "name": "ijk8s",
  "networkProfile": {
    "dnsServiceIp": "10.0.0.10",
    "dockerBridgeCidr": "172.17.0.1/16",
    "loadBalancerProfile": {
      "allocatedOutboundPorts": null,
      "effectiveOutboundIps": [
        {
          "id": "/subscriptions/asdfasdf-6faf-4fed-bcec-asdfasdf1234/resourceGroups/MC_ijk8senv_ijk8s_centralus/providers/Microsoft.Network/publicIPAddresses/7f6cac00-6fbe-4c37-b254-659b1cb6c77c",
          "resourceGroup": "MC_ijk8senv_ijk8s_centralus"
        }
      ],
      "idleTimeoutInMinutes": null,
      "managedOutboundIps": {
        "count": 1
      },
      "outboundIpPrefixes": null,
      "outboundIps": null
    },
    "loadBalancerSku": "Standard",
    "networkPlugin": "azure",
    "networkPolicy": "azure",
    "outboundType": "loadBalancer",
    "podCidr": null,
    "serviceCidr": "10.0.0.0/16"
  },
  "nodeResourceGroup": "MC_ijk8senv_ijk8s_centralus",
  "privateFqdn": null,
  "provisioningState": "Succeeded",
  "resourceGroup": "ijk8senv",
  "servicePrincipalProfile": {
    "clientId": "asdfasdf-8390-460d-9fe4-asdfasdf1234",
    "secret": null
  },
  "tags": null,
  "type": "Microsoft.ContainerService/ManagedClusters",
  "windowsProfile": {
    "adminPassword": null,
    "adminUsername": "azureuser"
  }
}

Then we need to enable HCL to use our registry:

$ cat waypoint.hcl
project = "myapp"

app "myapp" {
  labels = {
    "service" = "myapp",
    "env" = "dev"
  }

  build {
    use "pack" {}
    registry {
      use "docker" {
        image = "ijk8senv1cr.azurecr.io/myapp"
        tag = "latest"
      }
    }
  }

  deploy {
    use "kubernetes" {
      probe_path = "/"
    }
  }

  release {
    use "kubernetes" {
    }
  }
}

Let’s do an init

builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint init
✓ Configuration file appears valid
✓ Connection to Waypoint server was successful
✓ Project "myapp" and all apps are registered with the server.
✓ Plugins loaded and configured successfully
✓ Authentication requirements appear satisfied.

Project initialized!

You may now call 'waypoint up' to deploy your project or
commands such as 'waypoint build' to perform steps individually.

Then we can build (however waypoint up will do this for us)

$ waypoint build
Creating new buildpack-based image using builder: heroku/buildpacks:18
✓ Creating pack client
✓ Building image
 │ [exporter] Adding 1/1 app layer(s)
 │ [exporter] Adding layer 'launcher'
 │ [exporter] Adding layer 'config'
 │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata'
 │ [exporter] Adding label 'io.buildpacks.build.metadata'
 │ [exporter] Adding label 'io.buildpacks.project.metadata'
 │ [exporter] *** Images (3e44fc2b490a):
 │ [exporter] index.docker.io/library/myapp:latest
 │ [exporter] Adding cache layer 'heroku/nodejs-engine:nodejs'
 │ [exporter] Adding cache layer 'heroku/nodejs-engine:toolbox'
✓ Injecting entrypoint binary to image
✓ Tagging Docker image: myapp:latest => myapp:latest

...

⠙ Building image
 │ [builder] ---> Installing toolbox
 │ [builder] ---> Getting Node version
 │ [builder] ---> Resolving Node version
 │ [builder] ---> Reusing Node v12.19.0
 │ [builder] ---> Parsing package.json
 │ [builder] ---> No file to start server
 │ [builder] ---> either use 'docker run' to start container or add index.js or ser
 │ ver.js
 │ [builder] ---> Using npm v6.14.8 from Node
 │ [builder] ---> Installing node modules

...

 Building image
 │ [exporter] Reusing 1/1 app layer(s)
 │ [exporter] Reusing layer 'launcher'
 │ [exporter] Reusing layer 'config'
 │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata'
 │ [exporter] Adding label 'io.buildpacks.build.metadata'
 │ [exporter] Adding label 'io.buildpacks.project.metadata'
 │ [exporter] *** Images (3e44fc2b490a):
 │ [exporter] index.docker.io/library/myapp:latest
 │ [exporter] Reusing cache layer 'heroku/nodejs-engine:nodejs'
 │ [exporter] Reusing cache layer 'heroku/nodejs-engine:toolbox'
⠇ Injecting entrypoint binary to image

Then we can do waypoint up

$ waypoint up

» Building...
Creating new buildpack-based image using builder: heroku/buildpacks:18
✓ Creating pack client
✓ Building image
 │ [exporter] Reusing 1/1 app layer(s)
 │ [exporter] Reusing layer 'launcher'
 │ [exporter] Reusing layer 'config'
 │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata'
 │ [exporter] Adding label 'io.buildpacks.build.metadata'
 │ [exporter] Adding label 'io.buildpacks.project.metadata'
 │ [exporter] *** Images (3e44fc2b490a):
 │ [exporter] index.docker.io/library/myapp:latest
 │ [exporter] Reusing cache layer 'heroku/nodejs-engine:nodejs'
 │ [exporter] Reusing cache layer 'heroku/nodejs-engine:toolbox'
✓ Injecting entrypoint binary to image

Generated new Docker image: myapp:latest
✓ Tagging Docker image: myapp:latest => myapp:latest

» Deploying...
✓ Kubernetes client connected to https://ijk8s-ijk8senv-70b42e-ef4f4f76.hcp.centralus.azmk8s.io:443 with namespace default
✓ Creating deployment...
⠹ Waiting on deployment to become available: 1/1/0


 Docker image pushed: ijk8senv1cr.azurecr.io/myapp:latest

» Deploying...
✓ Kubernetes client connected to https://ijk8s-ijk8senv-70b42e-ef4f4f76.hcp.centralus.azmk8s.io:443 with namespace default
✓ Creating deployment...
✓ Deployment successfully rolled out!

» Releasing...
✓ Kubernetes client connected to https://ijk8s-ijk8senv-70b42e-ef4f4f76.hcp.centralus.azmk8s.io:443 with namespace default
✓ Creating service...
✓ Service is ready!

The deployment was successful! A Waypoint deployment URL is shown below. This
can be used internally to check your deployment and is not meant for external
traffic. You can manage this hostname using "waypoint hostname."

   Release URL: http://10.0.71.158:80
Deployment URL: https://cleanly-ideal-dolphin--v2.waypoint.run

Let’s check our cluster:

$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
myapp-01emqn9a7t249smqjd517b5xn2 0/1 1 0 8h
myapp-01emqp2mjb9s8ryjyes560g2d7 1/1 1 1 8h

$ kubectl get pods
NAME READY STATUS RESTARTS AGE
myapp-01emqn9a7t249smqjd517b5xn2-cd56466b4-sg4lj 0/1 ErrImagePull 0 8h
myapp-01emqp2mjb9s8ryjyes560g2d7-6c55d746d8-bmh9g 1/1 Running 0 8h
waypoint-server-0 1/1 Running 0 10h

$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 3h35m
myapp ClusterIP 10.0.71.158 <none> 80/TCP 2m17s
waypoint LoadBalancer 10.0.125.253 13.89.115.105 9701:32336/TCP,9702:31333/TCP 162m

And the app:

So what did the deployment look like?

$ kubectl get deployments myapp-01emqp2mjb9s8ryjyes560g2d7 -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2020-10-16T03:08:29Z"
  generation: 1
  name: myapp-01emqp2mjb9s8ryjyes560g2d7
  namespace: default
  resourceVersion: "31591"
  selfLink: /apis/apps/v1/namespaces/default/deployments/myapp-01emqp2mjb9s8ryjyes560g2d7
  uid: b1f0216b-4462-4031-a2ae-a161fa97b0a8
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      name: myapp-01emqp2mjb9s8ryjyes560g2d7
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        name: myapp-01emqp2mjb9s8ryjyes560g2d7
        waypoint.hashicorp.com/id: 01EMQASDFASDFASDFJYES560G2D7
    spec:
      containers:
      - env:
        - name: PORT
          value: "3000"
        - name: WAYPOINT_SERVER_TLS_SKIP_VERIFY
          value: "1"
        - name: WAYPOINT_CEB_INVITE_TOKEN
          value: 4RmBPBvZ1DkZTw93YzCpgYGyWVasdfasdfasdfasdfasdfasdfp8ShLZqj7yiU2wUa2U6VMzjuqdnDpdZd7BqSGvDCpMnmzuDHFRUNK9pwtPQG45emMW5A4BEbYs5pNGCud2vZfgL
        - name: WAYPOINT_DEPLOYMENT_ID
          value: 01EMQP2MDEEEXRQ8S7YNDAFKRQ
        - name: WAYPOINT_SERVER_ADDR
          value: 13.89.115.105:9701
        - name: WAYPOINT_SERVER_TLS
          value: "1"
        image: ijk8senv1cr.azurecr.io/myapp:latest
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /
            port: 3000
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        name: myapp-01emqp2mjb9s8ryjyes560g2d7
        ports:
        - containerPort: 3000
          name: http
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 3000
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2020-10-16T03:14:48Z"
    lastUpdateTime: "2020-10-16T03:14:48Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2020-10-16T03:08:29Z"
    lastUpdateTime: "2020-10-16T03:14:48Z"
    message: ReplicaSet "myapp-01emqp2mjb9s8ryjyes560g2d7-6c55d746d8" has successfully
      progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

Waypoint UI

What we see here is that we can see the build, deployments and releases right at the top

The exec was interesting.. for one, was not availabe in the web ui yesdft:

When i did exec on the command line, it was pretty clear it was in Heroku, not AKS

$ waypoint exec pwd
Connected to deployment v2
/
$ waypoint exec uname
Connected to deployment v2
$ waypoint exec whoami
Connected to deployment v2
heroku
$ waypoint exec ps
Connected to deployment v2
   PID TTY TIME CMD

Additionally, i tried a few ways, but couldnt get parameters to work

builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint exec 'ps -a'
Connected to deployment v2
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint exec "ps -a"
Connected to deployment v2
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint exec "sh -c ps -a"
Connected to deployment v2
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint exec "ls -ltra"
Connected to deployment v2
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint exec 'ls -ltra'
Connected to deployment v2
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ waypoint exec 'sh -c ls'
Connected to deployment v2

But this is the first day since the announcement so it’s worth checking back on later.

Bad Releases

So i did have one with an improper image.. while i can see this is in error on the UI, there is no way to remove it from there:

Destroy

We can remove an active release, but apparently not the former failed ones:

So i did need to remove that one manually:

builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
myapp-01emqn9a7t249smqjd517b5xn2 0/1 1 0 8h
builder@DESKTOP-2SQ9NQM:~/Documents/waypoint/myapp$ kubectl delete deployment myapp-01emqn9a7t249smqjd517b5xn2

Next steps

We can use hooks to add shell steps to our build: https://www.waypointproject.io/docs/waypoint-hcl/hook

We can also use golang to create our own plugins: https://www.waypointproject.io/docs/extending-waypoint/creating-plugins

We can also add hooks for GH Actions: https://www.waypointproject.io/docs/automating-execution/github-actions

Summary

Hashi Waypoint is a great initial offering.  It has a lot of promise and is worthy player in the CI/CD space for quick builds.  

However, it is an initial offering so we will watch to see how we can extend it to tie to ticketting systems and more complicated deployments, including blue/green, in the future.

waypoint aks cicd getting-started

Isaac Johnson

Isaac Johnson

Cloud Solutions Architect

Isaac is a CSA and DevOps engineer who focuses on cloud migrations and devops processes. He also is a dad to three wonderful daughters (hence the references to Princess King sprinkled throughout the blog).

Theme built by C.S. Rhymes