Fly Kubernetes

- 2 minutes read - 369 words

Interested to explore Fly Kubernetes after being accepted into the closed beta.

The folks at Fly are innovative in their technology uses and, having been a long-time Kubernetes user, I was intrigued to learn that Fly.io has implemented Kubernetes atop Fly.

My first Deployment failed:

Authentication required to access image "ghcr.io/{image}"

It was confirmed to me that FKS does not support pulling from private registries. The solution is pull-tag-push images to registry.fly.io but, Fly’s repository is app-specific and so, you need to do some querying to grab the Fly app created by FKS (for your namespace):

What follows assumes you’re using GitHub Container Registry but the principle is transferable to any registry:

Login to and pull image (package) from GHCR

NOTE If you’re accessing personal (non-org) images, the URL will take the form ghcr.io/{username}/{img}:{tag} where {username} is the lowercase form of the GitHub username. For an org, the URL will take the form ghcr.io/{org}/{img}:{tag}.

USERNAME="..." # GitHub username
TOKEN="..." # GHCR token

echo ${TOKEN} \
| podman login ghcr.io \
  --username=${USERNAME} \
  --password-stdin

IMG="..." # GHCR package
TAG="..." # GHCR package tag

podman pull ghcr.io/${IMG}:${TAG}

Create FKS cluster and (optionally: namespace)

NOTE Creating a Namespace in FKS creates a Fly app

NAMESPACE="default" # Kubernetes namespace

kubectl create namespace ${NAMESPACE}

# Either
# Retrieve Namespace's 'fly.io/app' label value
APP=$(\
  kubectl get namespace/${NAMESPACE} \
  --output=jsonpath="{.metadata.labels.fly\.io/app}") \
&& echo ${APP}

# Or
# Retrieve backing fly.io App name
FILTER=".[]|select(.Name|startswith(\"fks-${NAMESPACE}\")).ID"
APP=$(\
  flyctl apps list --json \
  | jq -r "${FILTER}") \
&& echo ${APP}

Tag the image

NOTE For Fly registry, the repository must match the app

podman tag \
  ghcr.io/${IMG}:${TAG} \
  registry.fly.io/${APP}:${TAG}

Login to Fly register and push image

flyctl auth token \
| podman login registry.fly.io \
  --username=x \
  --password-stdin

podman push registry.fly.io/${APP}:${TAG}

Create Deployment using the image

Trivially:

NAME="..." # Deployment name

kubectl create deployment {NAME} \
--image="registry.fly.io/${APP}:${TAG} \
--namespace=${NAMESPACE}
...

But, more generally, you’ll need to revise the container image value in your Deployment config:

deployment.json:

local image = std.extVar("image");
{
    "apiVersion": "apps/v1",
    "kind": "Deployment",
    "metadata": {},
    "spec": {
        "template": {
            "spec": {
                "containers": [
                    {
                        "image": image,
                    }
                ]
            }
        }
    }
}

jsonnet \
  --ext-str image="registry.fly.io/${APP}:${TAG}" \
  deployment.yaml
| kubectl apply \
  --filename=- \
  --namespace=${NAMESPACE}

That’s all!