├── .dockerignore ├── .editorconfig ├── .gitignore ├── CONTRIBUTING.md ├── DCO ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── _scripts ├── README.md └── gutenbuild ├── charts └── workflow │ ├── Chart.yaml │ ├── requirements.yaml │ ├── templates │ └── objectstorage-secret.yaml │ └── values.yaml ├── mkdocs.yml ├── requirements.txt ├── src ├── _includes │ └── install-workflow.md ├── applications │ ├── deploying-apps.md │ ├── domains-and-routing.md │ ├── inter-app-communication.md │ ├── managing-app-configuration.md │ ├── managing-app-lifecycle.md │ ├── managing-app-processes.md │ ├── managing-resource-limits.md │ ├── ssl-certificates.md │ ├── using-buildpacks.md │ ├── using-docker-images.md │ └── using-dockerfiles.md ├── changelogs │ ├── v2.0.0.md │ ├── v2.1.0.md │ ├── v2.10.0.md │ ├── v2.11.0.md │ ├── v2.12.0.md │ ├── v2.13.0.md │ ├── v2.14.0.md │ ├── v2.15.0.md │ ├── v2.16.0.md │ ├── v2.17.0.md │ ├── v2.18.0.md │ ├── v2.2.0.md │ ├── v2.3.0.md │ ├── v2.4.0.md │ ├── v2.4.1.md │ ├── v2.4.2.md │ ├── v2.5.0.md │ ├── v2.6.0.md │ ├── v2.7.0.md │ ├── v2.8.0.md │ ├── v2.9.0.md │ └── v2.9.1.md ├── contributing │ ├── community.md │ ├── conduct.md │ ├── design-documents.md │ ├── development-environment.md │ ├── maintainers.md │ ├── overview.md │ ├── submitting-a-pull-request.md │ ├── testing.md │ └── triaging-issues.md ├── diagrams │ ├── Application_Layout.png │ ├── Diagrams.graffle │ ├── Document_Overview.png │ ├── Ecosystem_Basic.png │ ├── Ecosystem_Complex.png │ ├── Git_Push_Flow.png │ ├── README.md │ ├── Workflow_Detail.png │ └── Workflow_Overview.png ├── index.md ├── installing-workflow │ ├── chart-provenance.md │ ├── configuring-object-storage.md │ ├── configuring-postgres.md │ ├── configuring-registry.md │ ├── download-linux-brightgreen.svg │ ├── download-osx-brightgreen.svg │ ├── experimental-native-ingress.md │ ├── index.md │ └── system-requirements.md ├── managing-workflow │ ├── configuring-dns.md │ ├── configuring-load-balancers.md │ ├── deploy-hooks.md │ ├── extending-workflow.md │ ├── platform-logging.md │ ├── platform-monitoring.md │ ├── platform-ssl.md │ ├── production-deployments.md │ ├── security-considerations.md │ ├── tuning-component-settings.md │ └── upgrading-workflow.md ├── quickstart │ ├── deploy-an-app.md │ ├── index.md │ ├── install-cli-tools.md │ └── provider │ │ ├── aws │ │ ├── boot.md │ │ ├── dns.md │ │ └── install-aws.md │ │ ├── azure-acs │ │ ├── boot.md │ │ ├── dns.md │ │ ├── images │ │ │ ├── cloudshell.png │ │ │ ├── step1.png │ │ │ ├── step2.png │ │ │ ├── step3.png │ │ │ ├── step4.png │ │ │ ├── step5.png │ │ │ └── step6.png │ │ └── install-azure-acs.md │ │ ├── gke │ │ ├── boot.md │ │ ├── dns.md │ │ ├── images │ │ │ ├── first-kubernetes-cluster-gke-2.png │ │ │ ├── first-kubernetes-cluster-gke-3.png │ │ │ ├── first-kubernetes-cluster-gke-select.png │ │ │ ├── gke-cluster-sizing.png │ │ │ ├── gke-create-container-cluster.png │ │ │ └── gke-node-version.jpg │ │ └── install-gke.md │ │ └── minikube │ │ ├── boot.md │ │ ├── dns.md │ │ └── install-minikube.md ├── reference-guide │ ├── controller-api │ │ ├── v2.0.md │ │ ├── v2.1.md │ │ ├── v2.2.md │ │ └── v2.3.md │ ├── creating-a-self-signed-ssl-certificate.md │ ├── migration.md │ └── terms.md ├── roadmap │ ├── planning-process.md │ ├── releases.md │ └── roadmap.md ├── security │ └── 1d6a97d0.txt ├── troubleshooting │ ├── applications.md │ ├── index.md │ └── kubectl.md ├── understanding-workflow │ ├── architecture.md │ ├── components.md │ └── concepts.md └── users │ ├── cli.md │ ├── registration.md │ └── ssh-keys.md └── themes └── deis ├── base.html ├── bower.json ├── favicon.ico ├── footer.html ├── nav.html ├── offcanvas.html ├── search.html ├── sidebar.html ├── sitemap.xml ├── static ├── css │ ├── styles.css │ └── styles.css.map ├── favicon.ico ├── fonts │ ├── FontAwesome.otf │ ├── bootstrap │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.svg │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ ├── fontawesome-webfont.eot │ ├── fontawesome-webfont.svg │ ├── fontawesome-webfont.ttf │ ├── fontawesome-webfont.woff │ ├── fontawesome-webfont.woff2 │ ├── klinicslabbook-webfont.eot │ ├── klinicslabbook-webfont.svg │ ├── klinicslabbook-webfont.ttf │ ├── klinicslabbook-webfont.woff │ ├── klinicslabbook-webfont.woff2 │ ├── klinicslabmedium-webfont.eot │ ├── klinicslabmedium-webfont.svg │ ├── klinicslabmedium-webfont.ttf │ ├── klinicslabmedium-webfont.woff │ └── klinicslabmedium-webfont.woff2 ├── img │ ├── 404.png │ ├── aws-ec2.png │ ├── blog-social.png │ ├── cover-image.png │ ├── deis-graphic.png │ ├── deis-logo.png │ ├── deis_builder.png │ ├── deis_logo.png │ ├── favicon.ico │ ├── favicon.png │ ├── footer-engine-yard.png │ ├── footer-logo.png │ ├── fork.png │ ├── glyphs.png │ ├── large-social.png │ ├── logo.png │ ├── mag_glass.png │ ├── menu-logo.png │ ├── social.png │ └── svg │ │ ├── circle.svg │ │ ├── footer-engine-yard.svg │ │ ├── footer-logo.svg │ │ ├── helm-logo.svg │ │ ├── logo.svg │ │ ├── square.svg │ │ ├── steward-logo.svg │ │ ├── triangle.svg │ │ └── workflow-logo.svg ├── js │ ├── adjustments.js │ ├── foundation.dropdown.js │ ├── foundation.js │ ├── foundation.offcanvas.js │ ├── headroom.min.js │ ├── jquery-1.12.4.min.js │ └── mc-validate.js └── scss │ ├── _buttons.scss │ ├── _custom-foundation-settings.scss │ ├── _doc-content.scss │ ├── _doc-layout.scss │ ├── _doc-responsive.scss │ ├── _doc-sidebar.scss │ ├── _footer.scss │ ├── _header.scss │ ├── _media.scss │ ├── _mixins.scss │ ├── _offcanvas.scss │ ├── _shapes.scss │ ├── _typography.scss │ ├── app.css │ ├── app.css.map │ ├── app.scss │ └── fontawesome │ ├── _animated.scss │ ├── _bordered-pulled.scss │ ├── _core.scss │ ├── _fixed-width.scss │ ├── _icons.scss │ ├── _larger.scss │ ├── _list.scss │ ├── _mixins.scss │ ├── _path.scss │ ├── _rotated-flipped.scss │ ├── _stacked.scss │ ├── _variables.scss │ └── font-awesome.scss ├── theme.conf └── topbar.html /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | Dockerfile 3 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | 3 | root = true 4 | 5 | [*] 6 | end_of_line = lf 7 | charset = utf-8 8 | trim_trailing_whitespace = true 9 | insert_final_newline = true 10 | indent_style = space 11 | indent_size = 4 12 | 13 | [Makefile] 14 | indent_style = tab 15 | 16 | [*.go] 17 | indent_style = tab 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.py[cod] 2 | 3 | # Packages 4 | *.egg 5 | *.egg-info 6 | dist 7 | build 8 | eggs 9 | parts 10 | var 11 | sdist 12 | develop-eggs 13 | .installed.cfg 14 | lib 15 | lib64 16 | bower_components 17 | .sass-cache 18 | 19 | # python virtual environments for testing 20 | venv/ 21 | 22 | _build/ 23 | 24 | .DS_Store 25 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Deis 2 | 3 | This project is part of Deis. You can find the latest contribution 4 | guidelines [in our documentation](https://deis.com/docs/workflow/contributing/overview/). 5 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 660 York Street, Suite 102, 6 | San Francisco, CA 94110 USA 7 | 8 | Everyone is permitted to copy and distribute verbatim copies of this 9 | license document, but changing it is not allowed. 10 | 11 | 12 | Developer's Certificate of Origin 1.1 13 | 14 | By making a contribution to this project, I certify that: 15 | 16 | (a) The contribution was created in whole or in part by me and I 17 | have the right to submit it under the open source license 18 | indicated in the file; or 19 | 20 | (b) The contribution is based upon previous work that, to the best 21 | of my knowledge, is covered under an appropriate open source 22 | license and I have the right under that license to submit that 23 | work with modifications, whether created in whole or in part 24 | by me, under the same open source license (unless I am 25 | permitted to submit under a different license), as indicated 26 | in the file; or 27 | 28 | (c) The contribution was provided directly to me by some other 29 | person who certified (a), (b) or (c) and I have not modified 30 | it. 31 | 32 | (d) I understand and agree that this project and the contribution 33 | are public and that a record of the contribution (including all 34 | personal information I submit with it, including my sign-off) is 35 | maintained indefinitely and may be redistributed consistent with 36 | this project or the open source license(s) involved. 37 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.5.1-alpine 2 | 3 | COPY . /app 4 | WORKDIR /app 5 | 6 | RUN pip install -r requirements.txt 7 | 8 | EXPOSE 8000 9 | CMD ["mkdocs", "serve", "-a", "0.0.0.0:8000"] 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for MkDocs documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | BUILDDIR ?= _build/html 6 | MKDOCS = mkdocs 7 | MKDOCSBUILDOPTS = --clean --strict --verbose 8 | MKDOCSBUILD = $(MKDOCS) build $(MKDOCSBUILDOPTS) 9 | MKDOCSSERVE = $(MKDOCS) serve -a 0.0.0.0:8000 10 | 11 | SHORT_NAME ?= workflow 12 | VERSION ?= git-$(shell git rev-parse --short HEAD) 13 | IMAGE := ${SHORT_NAME}:${VERSION} 14 | 15 | REPO_PATH := github.com/deis/${SHORT_NAME} 16 | DEV_ENV_WORK_DIR := /src/${REPO_PATH} 17 | DEV_ENV_PREFIX := docker run --rm -v ${CURDIR}:${DEV_ENV_WORK_DIR} -w ${DEV_ENV_WORK_DIR} -p 8000:8000 18 | DEV_ENV_CMD := ${DEV_ENV_PREFIX} ${DEV_ENV_IMAGE} 19 | 20 | BUILD_CMD := $(MKDOCSBUILD) --site-dir $(BUILDDIR) && \ 21 | echo && \ 22 | echo "Build finished. The HTML pages are in $(BUILDDIR)." 23 | 24 | TEST_CMD := grep -q "Deis Workflow Documentation" _build/html/index.html && \ 25 | echo && \ 26 | echo "Test finished. The HTML pages are in $(BUILDDIR)." 27 | 28 | build: 29 | $(BUILD_CMD) 30 | 31 | serve: 32 | $(MKDOCSSERVE) 33 | 34 | clean: 35 | rm -rf $(BUILDDIR)/* 36 | 37 | deps: 38 | pip install -r requirements.txt 39 | 40 | test: build 41 | $(TEST_CMD) 42 | 43 | docker-build-docs: 44 | $(DEV_ENV_CMD) ${IMAGE} $(BUILD_CMD) 45 | 46 | docker-test: docker-build-docs 47 | ${DEV_ENV_CMD} ${IMAGE} $(TEST_CMD) 48 | 49 | docker-build: 50 | docker build ${DOCKER_BUILD_FLAGS} -t ${IMAGE} . 51 | 52 | docker-serve: 53 | ${DEV_ENV_CMD} ${IMAGE} $(MKDOCSSERVE) 54 | 55 | run: docker-build docker-serve -------------------------------------------------------------------------------- /_scripts/README.md: -------------------------------------------------------------------------------- 1 | # Workflow Contrib 2 | 3 | Scripts and tools that are not a core part of Deis Workflow v2. 4 | -------------------------------------------------------------------------------- /_scripts/gutenbuild: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | set -x 5 | 6 | build_dest=$1 7 | 8 | # ensure we are on the master branch before building 9 | git checkout master 10 | 11 | PATH=$HOME/.local/bin:$PATH BUILDDIR=${build_dest} make deps build 12 | 13 | # build again, this time to /en/dev 14 | dev_build_dest=$1/en/dev 15 | PATH=$HOME/.local/bin:$PATH BUILDDIR=${dev_build_dest} make deps build 16 | 17 | # also build each version of the docs out to /en/ 18 | # NOTE(bacongobbler): do not build any pre-release tags 19 | for tag in $(git tag | grep -v -- "-alpha\|-beta\|-rc"); do 20 | tag_build_dest="$build_dest/en/$tag" 21 | git checkout $tag 22 | PATH=$HOME/.local/bin:$PATH BUILDDIR=${tag_build_dest} make deps build 23 | done 24 | -------------------------------------------------------------------------------- /charts/workflow/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: workflow 2 | home: https://github.com/deis/workflow 3 | version: 4 | description: Deis Workflow 5 | maintainers: 6 | - name: Deis Team 7 | email: engineering@deis.com 8 | -------------------------------------------------------------------------------- /charts/workflow/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: builder 3 | version: 4 | repository: https://charts.deis.com/builder 5 | - name: slugbuilder 6 | version: 7 | repository: https://charts.deis.com/slugbuilder 8 | - name: dockerbuilder 9 | version: 10 | repository: https://charts.deis.com/dockerbuilder 11 | - name: controller 12 | version: 13 | repository: https://charts.deis.com/controller 14 | - name: slugrunner 15 | version: 16 | repository: https://charts.deis.com/slugrunner 17 | - name: database 18 | version: 19 | repository: https://charts.deis.com/database 20 | - name: fluentd 21 | version: 22 | repository: https://charts.deis.com/fluentd 23 | - name: redis 24 | version: 25 | repository: https://charts.deis.com/redis 26 | - name: logger 27 | version: 28 | repository: https://charts.deis.com/logger 29 | - name: minio 30 | version: 31 | repository: https://charts.deis.com/minio 32 | - name: monitor 33 | version: 34 | repository: https://charts.deis.com/monitor 35 | - name: nsqd 36 | version: 37 | repository: https://charts.deis.com/nsqd 38 | - name: registry 39 | version: 40 | repository: https://charts.deis.com/registry 41 | - name: registry-proxy 42 | version: 43 | repository: https://charts.deis.com/registry-proxy 44 | - name: registry-token-refresher 45 | version: 46 | repository: https://charts.deis.com/registry-token-refresher 47 | - name: router 48 | version: 49 | repository: https://charts.deis.com/router 50 | - name: workflow-manager 51 | version: 52 | repository: https://charts.deis.com/workflow-manager 53 | -------------------------------------------------------------------------------- /charts/workflow/templates/objectstorage-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: objectstorage-keyfile 5 | labels: 6 | heritage: deis 7 | annotations: 8 | deis.io/objectstorage: "{{ .Values.global.storage }}" 9 | type: Opaque 10 | data: {{ if eq .Values.global.storage "gcs"}} 11 | key.json: {{.Values.gcs.key_json}} 12 | builder-bucket: {{.Values.gcs.builder_bucket | b64enc }} 13 | registry-bucket: {{.Values.gcs.registry_bucket | b64enc }} 14 | database-bucket: {{.Values.gcs.database_bucket | b64enc }}{{ else if eq .Values.global.storage "azure"}} 15 | accountname: {{.Values.azure.accountname | b64enc }} 16 | accountkey: {{ .Values.azure.accountkey | b64enc }} 17 | builder-container: {{ .Values.azure.builder_container | b64enc }} 18 | database-container: {{ .Values.azure.database_container | b64enc }} 19 | registry-container: {{ .Values.azure.registry_container | b64enc }}{{ else if eq .Values.global.storage "s3"}} 20 | accesskey: {{ .Values.s3.accesskey | b64enc }} 21 | secretkey: {{ .Values.s3.secretkey | b64enc }} 22 | region: {{ .Values.s3.region | b64enc }} 23 | builder-bucket: {{ .Values.s3.builder_bucket | b64enc }} 24 | registry-bucket: {{.Values.s3.registry_bucket | b64enc }} 25 | database-bucket: {{.Values.s3.database_bucket | b64enc }}{{ else if eq .Values.global.storage "swift"}} 26 | username: {{ .Values.swift.username | b64enc }} 27 | password: {{ .Values.swift.password | b64enc }} 28 | authurl: {{ .Values.swift.authurl | b64enc }} 29 | tenant: {{ .Values.swift.tenant | b64enc }} 30 | authversion: {{ .Values.swift.authversion | b64enc }} 31 | builder-container: {{ .Values.swift.builder_container | b64enc }} 32 | database-container: {{ .Values.swift.database_container | b64enc }} 33 | registry-container: {{ .Values.swift.registry_container | b64enc }}{{else if eq .Values.global.storage "minio"}} 34 | accesskey: OFRaUlkySlJXTVBUNlVNWFI2STU= 35 | secretkey: Z2JzdHJPdm90TU1jZzJzTWZHVWhBNWE2RXQvRUk1QUx0SUhzb2JZaw=={{ end }} 36 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs==0.15.3 2 | markdown-checklist==0.4.1 3 | markdown-include==0.5.1 4 | -------------------------------------------------------------------------------- /src/_includes/install-workflow.md: -------------------------------------------------------------------------------- 1 | ## Check Your Setup 2 | 3 | First check that the `helm` command is available and the version is v2.5.0 or newer. 4 | 5 | ``` 6 | $ helm version 7 | Client: &version.Version{SemVer:"v2.5.0", GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"} 8 | Server: &version.Version{SemVer:"v2.5.0", GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"} 9 | ``` 10 | 11 | Ensure the `kubectl` client is installed and can connect to your Kubernetes cluster. 12 | 13 | ## Add the Deis Chart Repository 14 | 15 | The Deis Chart Repository contains everything needed to install Deis Workflow onto a Kubernetes cluster, with a single `helm install deis/workflow --namespace deis` command. 16 | 17 | Add this repository to Helm: 18 | 19 | ``` 20 | $ helm repo add deis https://charts.deis.com/workflow 21 | ``` 22 | 23 | ## Install Deis Workflow 24 | 25 | Now that Helm is installed and the repository has been added, install Workflow by running: 26 | 27 | ``` 28 | $ helm install deis/workflow --namespace deis 29 | ``` 30 | 31 | If you are using [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/): 32 | 33 | ``` 34 | $ helm install deis/workflow --namespace deis --set global.use_rbac=true 35 | ``` 36 | 37 | Helm will install a variety of Kubernetes resources in the `deis` namespace. 38 | Wait for the pods that Helm launched to be ready. Monitor their status by running: 39 | 40 | ``` 41 | $ kubectl --namespace=deis get pods 42 | ``` 43 | 44 | If it's preferred to have `kubectl` automatically update as the pod states change, run (type Ctrl-C to stop the watch): 45 | 46 | ``` 47 | $ kubectl --namespace=deis get pods -w 48 | ``` 49 | 50 | Depending on the order in which the Workflow components initialize, some pods may restart. This is common during the 51 | installation: if a component's dependencies are not yet available, that component will exit and Kubernetes will 52 | automatically restart it. 53 | 54 | Here, it can be seen that the controller, builder and registry all took a few loops before they were able to start: 55 | 56 | ``` 57 | $ kubectl --namespace=deis get pods 58 | NAME READY STATUS RESTARTS AGE 59 | deis-builder-hy3xv 1/1 Running 5 5m 60 | deis-controller-g3cu8 1/1 Running 5 5m 61 | deis-database-rad1o 1/1 Running 0 5m 62 | deis-logger-fluentd-1v8uk 1/1 Running 0 5m 63 | deis-logger-fluentd-esm60 1/1 Running 0 5m 64 | deis-logger-sm8b3 1/1 Running 0 5m 65 | deis-minio-4ww3t 1/1 Running 0 5m 66 | deis-registry-asozo 1/1 Running 1 5m 67 | deis-router-k1ond 1/1 Running 0 5m 68 | deis-workflow-manager-68nu6 1/1 Running 0 5m 69 | ``` 70 | 71 | Once all of the pods are in the `READY` state, Deis Workflow is up and running! 72 | 73 | Next, [configure dns](dns.md) so you can register your first user and deploy an application. 74 | -------------------------------------------------------------------------------- /src/applications/domains-and-routing.md: -------------------------------------------------------------------------------- 1 | ## Domains and Routing 2 | 3 | You can use `deis domains` to add or remove custom domains to the application: 4 | 5 | $ deis domains:add hello.bacongobbler.com 6 | Adding hello.bacongobbler.com to finest-woodshed... done 7 | 8 | Once that's done, you can go into a DNS registrar and set up a CNAME from the new 9 | appname to the old one: 10 | 11 | $ dig hello.deisapp.com 12 | [...] 13 | ;; ANSWER SECTION: 14 | hello.bacongobbler.com. 1759 IN CNAME finest-woodshed.deisapp.com. 15 | finest-woodshed.deisapp.com. 270 IN A 172.17.8.100 16 | 17 | !!! note 18 | Setting a CNAME for a root domain can cause issues. Setting an @ record 19 | to be a CNAME causes all traffic to go to the other domain, including mail and the SOA 20 | ("start-of-authority") records. It is highly recommended that you bind a subdomain to 21 | an application, however you can work around this by pointing the @ record to the 22 | address of the load balancer (if any). 23 | 24 | To add or remove the application from the routing mesh, use `deis routing`: 25 | 26 | $ deis routing:disable 27 | Disabling routing for finest-woodshed... done 28 | 29 | This will make the application unreachable through the [Router][], but the application is still 30 | reachable internally through its [Kubernetes Service][service]. To re-enable routing: 31 | 32 | $ deis routing:enable 33 | Enabling routing for finest-woodshed... done 34 | 35 | 36 | [router]: ../understanding-workflow/components.md#router 37 | [service]: ../reference-guide/terms.md#service 38 | -------------------------------------------------------------------------------- /src/applications/inter-app-communication.md: -------------------------------------------------------------------------------- 1 | ## Inter-app Communication 2 | 3 | A common architecture pattern of multi-process applications is to have one process serve public requests while having multiple other processes supporting the public one to, for example, perform actions on a schedule or process work items from a queue. To implement this system of apps in Deis Workflow, set up the apps to communicate using DNS resolution, as shown above, and hide the supporting processes from public view by removing them from the Deis Workflow router. See [Deis Blog: Private Applications on Workflow](https://deis.com/blog/2016/private-applications-on-deis-workflow/) for more details, which walks through an example of removing an app from the router. 4 | 5 | ### DNS Service Discovery 6 | 7 | Deis Workflow supports deploying a single app composed of a system of processes. Each Deis Workflow app communicates on a single port, so communicating with another Workflow app means finding that app's address and port. All Workflow apps are mapped to port 80 externally, so finding its IP address is the only challenge. Workflow creates a [Kubernetes Service](https://kubernetes.io/docs/user-guide/services/) for each app, which effectively assigns a name and one cluster-internal IP address to an app. The DNS service running in the cluster adds and removes DNS records which point from the app name to its IP address as services are added and removed. Deis Workflow apps, then, can simply send requests to the domain name given to the service, which is "app-name.app-namespace". 8 | -------------------------------------------------------------------------------- /src/applications/managing-resource-limits.md: -------------------------------------------------------------------------------- 1 | ## Managing Application Resource Limits 2 | 3 | Deis Workflow supports restricting memory and CPU shares of each process. Requests/Limits set on a per-process type are given to 4 | Kubernetes as a requests and limits. Which means you guarantee amount of resource for a process as well as limit 5 | the process from using more than . 6 | By default, Kubernetes will set equal to if we don't explicitly set value. Please keep in mind that `0 <= requests <= limits`. 7 | 8 | ## Limiting Memory 9 | 10 | If you set a requests/limits that is out of range for your cluster, Kubernetes will be unable to schedule your application 11 | processes into the cluster! 12 | 13 | Available units for memory are: 14 | 15 | | Unit | Amount | 16 | | --- | --- | 17 | | B | Bytes | 18 | | K | KiB (Power of 2) | 19 | | M | MiB (Power of 2) | 20 | | G | GiB (Power of 2) | 21 | 22 | !!! important 23 | The minimum memory limit allowed is 4MiB. 24 | 25 | Use `deis limits:set =` to restrict memory by process type, where value can be or / format : 26 | 27 | ``` 28 | $ deis limits:set web=64M 29 | Applying limits... done 30 | 31 | === indoor-whitecap Limits 32 | 33 | --- Memory 34 | web 64M 35 | 36 | --- CPU 37 | Unlimited 38 | 39 | $ deis limits:set cmd=32M/64M 40 | Applying limits... done 41 | 42 | === outdoor-whitecap Limits 43 | 44 | --- Memory 45 | cmd 32M/64M 46 | 47 | --- CPU 48 | Unlimited 49 | ``` 50 | 51 | If you would like to remove any configured memory limits use `deis limits:unset web`: 52 | 53 | ``` 54 | $ deis limits:unset web 55 | Applying limits... done 56 | 57 | === indoor-whitecap Limits 58 | 59 | --- Memory 60 | Unlimited 61 | 62 | --- CPU 63 | Unlimited 64 | ``` 65 | 66 | ## Limiting CPU 67 | 68 | You can also use `deis limits:set = --cpu` to restrict CPU shares, where value can be or 69 | / format. CPU shares are tracked in milli-cores. One CPU core is equivalent to 1000 milli-cores. 70 | To dedicate half a core to your process, you would need 500 milli-cores or 500m. 71 | 72 | | Unit | Amount | 73 | | --- | --- | 74 | | 1000m | 1000 milli-cores == 100% CPU core | 75 | | 500m | 500 milli-cores == 50% CPU core | 76 | | 250m | 250 milli-cores == 25% CPU core | 77 | | 100m | 100 milli-cores == 10% CPU core | 78 | 79 | ``` 80 | $ deis limits:set web=250m --cpu 81 | Applying limits... done 82 | 83 | === indoor-whitecap Limits 84 | 85 | --- Memory 86 | web 64M 87 | 88 | --- CPU 89 | web 250m 90 | 91 | $ deis limits:set web=1500m/2000m --cpu 92 | Applying limits... done 93 | 94 | === indoor-whitecap Limits 95 | 96 | --- Memory 97 | web 64M 98 | 99 | --- CPU 100 | web 1500m/2000m 101 | ``` 102 | 103 | You can verify the CPU and memory limits by inspecting the application process Pod with `kubectl`: 104 | 105 | ``` 106 | $ deis ps 107 | === indoor-whitecap Processes 108 | --- web: 109 | indoor-whitecap-v14-web-8slcj up (v14) 110 | $ kubectl --namespace=indoor-whitecap describe po indoor-whitecap-v14-web-8slcj 111 | Name: indoor-whitecap-v14-web-8slcj 112 | Containers: 113 | QoS Tier: 114 | cpu: Guaranteed 115 | memory: Guaranteed 116 | Limits: 117 | cpu: 2000m 118 | memory: 64Mi 119 | Requests: 120 | memory: 64Mi 121 | cpu: 1500m 122 | ``` 123 | 124 | !!! important 125 | If you restrict resources to the point where containers do not start, 126 | the `limits:set` command will hang. If this happens, use CTRL-C 127 | to break out of `limits:set` and use `limits:unset` to revert. 128 | 129 | To unset a CPU limit use `deis limits:unset web --cpu`: 130 | 131 | ``` 132 | $ deis limits:unset web --cpu 133 | Applying limits... done 134 | 135 | === indoor-whitecap Limits 136 | 137 | --- Memory 138 | Unlimited 139 | 140 | --- CPU 141 | Unlimited 142 | ``` 143 | -------------------------------------------------------------------------------- /src/applications/using-docker-images.md: -------------------------------------------------------------------------------- 1 | # Using Docker Images 2 | 3 | Deis supports deploying applications via an existing [Docker Image][]. 4 | This is useful for integrating Deis into Docker-based CI/CD pipelines. 5 | 6 | 7 | ## Prepare an Application 8 | 9 | Start by cloning an example application: 10 | 11 | $ git clone https://github.com/deis/example-dockerfile-http.git 12 | $ cd example-dockerfile-http 13 | 14 | Next use your local `docker` client to build the image and push 15 | it to [DockerHub][]. 16 | 17 | $ docker build -t /example-dockerfile-http . 18 | $ docker push /example-dockerfile-http 19 | 20 | 21 | ### Docker Image Requirements 22 | 23 | In order to deploy Docker images, they must conform to the following requirements: 24 | 25 | * The Dockerfile must use the `EXPOSE` directive to expose exactly one port. 26 | * That port must be listening for an HTTP connection. 27 | * The Dockerfile must use the `CMD` directive to define the default process that will run within the container. 28 | * The Docker image must contain [bash](https://www.gnu.org/software/bash/) to run processes. 29 | 30 | !!! note 31 | Note that if you are using a private registry of any kind (`gcr` or other) the application environment must include a `$PORT` config variable that matches the `EXPOSE`'d port, example: `deis config:set PORT=5000`. See [Configuring Registry](../installing-workflow/configuring-registry/#configuring-off-cluster-private-registry) for more info. 32 | 33 | ## Create an Application 34 | 35 | Use `deis create` to create an application on the [controller][]. 36 | 37 | $ mkdir -p /tmp/example-dockerfile-http && cd /tmp/example-dockerfile-http 38 | $ deis create example-dockerfile-http --no-remote 39 | Creating application... done, created example-dockerfile-http 40 | 41 | !!! note 42 | For all commands except for `deis create`, the `deis` client uses the name of the current directory 43 | as the app name if you don't specify it explicitly with `--app`. 44 | 45 | 46 | ## Deploy the Application 47 | 48 | Use `deis pull` to deploy your application from [DockerHub][] or 49 | a public registry. 50 | 51 | $ deis pull /example-dockerfile-http:latest 52 | Creating build... done, v2 53 | 54 | $ curl -s http://example-dockerfile-http.local3.deisapp.com 55 | Powered by Deis 56 | 57 | Because you are deploying a Docker image, the `cmd` process type is automatically scaled to 1 on first deploy. 58 | 59 | Use `deis scale cmd=3` to increase `cmd` processes to 3, for example. Scaling a 60 | process type directly changes the number of [Containers][container] 61 | running that process. 62 | 63 | ## Private Registry 64 | 65 | To deploy Docker images from a private registry or from a private repository, use `deis registry` 66 | to attach credentials to your application. These credentials are the same as you'd use when running 67 | `docker login` at your private registry. 68 | 69 | To deploy private Docker images, take the following steps: 70 | 71 | * Gather the username and password for the registry, such as a [Quay.io Robot Account][] or a [GCR.io Long Lived Token][] 72 | * Run `deis registry:set username= password= -a ` 73 | * Now perform `deis pull` as normal, against an image in the private registry 74 | 75 | When using a [GCR.io Long Lived Token][], the JSON blob will have to be compacted first using a 76 | tool like [jq][] and then used in the password field in `deis registry:set`. For the username, use 77 | `_json_key`. For example: 78 | 79 | ``` 80 | deis registry:set username=_json_key password="$(cat google_cloud_cred.json | jq -c .)" 81 | ``` 82 | 83 | When using a private registry the docker images are no longer pulled into the Deis Internal Registry via 84 | the Deis Workflow Controller but rather is managed by Kubernetes. This will increase security and overall speed, 85 | however the application `port` information can no longer be discovered. Instead the application `port` information can be set via 86 | `deis config:set PORT=80` prior to setting the registry information. 87 | 88 | !!! note 89 | Currently [GCR.io][] and [ECR][] in short lived auth token mode are not supported. 90 | 91 | [container]: ../reference-guide/terms.md#container 92 | [controller]: ../understanding-workflow/components.md#controller 93 | [Docker Image]: https://docs.docker.com/introduction/understanding-docker/ 94 | [DockerHub]: https://registry.hub.docker.com/ 95 | [CMD instruction]: https://docs.docker.com/reference/builder/#cmd 96 | [Quay.io Robot Account]: https://docs.quay.io/glossary/robot-accounts.html 97 | [GCR.io Long Lived Token]: https://cloud.google.com/container-registry/docs/auth#using_a_json_key_file 98 | [jq]: https://stedolan.github.io/jq/ 99 | [GCR.io]: https://gcr.io 100 | [ECR]: https://aws.amazon.com/ecr/ 101 | -------------------------------------------------------------------------------- /src/changelogs/v2.16.0.md: -------------------------------------------------------------------------------- 1 | ## Workflow v2.15.0 -> v2.16.0 2 | 3 | #### Releases 4 | 5 | - builder v2.11.0 -> v2.12.0 6 | - controller v2.15.0 -> v2.16.0 7 | - monitor v2.10.0 -> v2.10.1 8 | - slugrunner v2.3.0 -> v2.3.1 9 | - workflow v2.15.0 -> v2.16.0 10 | - workflow-cli v2.15.0 -> v2.16.0 11 | - workflow-e2e v2.11.1 -> v2.12.0 12 | 13 | #### Features 14 | 15 | - [`46002f4`](https://github.com/deis/workflow-cli/commit/46002f4440bfbb2614f779375ba12d6a3e0cf80b) (workflow-cli) - cmd: Support Base64 encoded SSH_KEY 16 | - [`88397a1`](https://github.com/deis/workflow-cli/commit/88397a12bf716d788c7b5468d9833a448452d39f) (workflow-cli) - cmd: test SSH_KEY mangling in ConfigSet 17 | - [`f9c6a4a`](https://github.com/deis/workflow-e2e/commit/f9c6a4aa43d990f59e68a0cd40de4f46864584d2) (workflow-e2e) - chart: use upstream stable/spotify-docker-gc chart 18 | 19 | #### Refactors 20 | 21 | - [`ce0e082`](https://github.com/deis/slugrunner/commit/ce0e082a17831285d1fbaf6cd08875a948a64697) (slugrunner) - ci: remove travis; update badge 22 | - [`7e85553`](https://github.com/deis/slugrunner/commit/7e85553cf3a197fc62b706df4262404cf92b37b3) (slugrunner) - LICENSE: switch to MIT license 23 | - [`345d5ae`](https://github.com/deis/workflow/commit/345d5aec07f64c04ccdf0f4fd1ad4622cf89b4b4) (workflow) - mkdocs.yml: alphabetize cloud providers in quickstart 24 | 25 | #### Fixes 26 | 27 | - [`73f844b`](https://github.com/deis/builder/commit/73f844b5a8ac61f5f54422d34b779728db679bf3) *: Remove RC4 based ciphers. 28 | - [`344b43e`](https://github.com/deis/builder/commit/344b43e4c6e4f350706121300910e24160d78b8d) *: Fix linter issues 29 | - [`c81dbf9`](https://github.com/deis/controller/commit/c81dbf97827adf7fd54c9d8a9f055b92211f295e) (controller) - controller: Persist ssl.enforce header on service creation 30 | - [`1f5e242`](https://github.com/deis/workflow-cli/commit/1f5e2424947e75aba94158941d058e589d779916) (workflow-cli) - cmd: fix(cmd) Fix proctype regex for setting limits 31 | - [`f82cf83`](https://github.com/deis/workflow-cli/commit/f82cf8373b2742ac4a354220dd25a458c9bf160d) (workflow-cli) - cmd: fix(cmd) Fix proctype regex for scaling 32 | 33 | #### Documentation 34 | 35 | - [`25329be`](https://github.com/deis/workflow/commit/25329be86bec3bd8b2b9d0dc0ba92c56775284fa) (workflow) - quickstart: update Azure ACS installation steps 36 | - [`4cfa9d5`](https://github.com/deis/workflow/commit/4cfa9d589312e336544ae7dc44bfed09e1a61aab) (workflow) - *: rm no longer needed pipe to sed (#817) 37 | - [`5145f12`](https://github.com/deis/workflow/commit/5145f123417126f7a84873a55ca7db46d59ee1f1) (workflow) - configuring-registry.md: add setup instructions for acr (#818) 38 | - [`b456870`](https://github.com/deis/workflow/commit/b4568706a37b33de33a1fe61ee6040d978fb095a) (workflow) - installing-workflow: helm init upgrade note (#819) 39 | - [`61a5cca`](https://github.com/deis/workflow/commit/61a5cca8b08f50eb08c2f3f1b1324babe8f8d26d) (workflow) - chart-provenance.md: fix chart repo name (#830) 40 | - [`2a7f756`](https://github.com/deis/workflow/commit/2a7f756f883107a0dcc7e0e8aee9d74bb9914f36) (workflow) - *: specify Helm v2.5.0 or later 41 | - [`ef4bc3e`](https://github.com/deis/workflow/commit/ef4bc3eae925558107cb269e5f8b09338a469ee2) (workflow) - *: updates/changelog for v2.16.0 release 42 | 43 | #### Maintenance 44 | 45 | - [`c2fd577`](https://github.com/deis/controller/commit/c2fd5775ee28f0bed00014f0c6b8d2693f14927b) (controller) - requirements: update Django to v1.11.2 46 | - [`fe6e6e5`](https://github.com/deis/controller/commit/fe6e6e5280a83209b626d10492d07073b027ac52) (controller) - requirements: update pyldap to v2.4.35.1 47 | - [`cac5e60`](https://github.com/deis/controller/commit/cac5e602b617c4fd26737f11e87ff10601192146) (controller) - requirements: update jmespath to 0.9.3 48 | - [`1fcf61b`](https://github.com/deis/controller/commit/1fcf61bb7e33dc6da54f6a0d1b1918abab5255ba) (controller) - requirements: update backoff to 1.4.3 49 | - [`410e1d3`](https://github.com/deis/controller/commit/410e1d38f94dede6bab8fc4412380073b638be26) (controller) - requirements: update Django to v1.11.3 50 | - [`516a529`](https://github.com/deis/monitor/commit/516a5291aac544c7bd79a30c276be48d44174343) (monitor) - Dockerfile: update Grafana to 4.3.2 51 | - [`5cd8648`](https://github.com/deis/workflow-e2e/commit/5cd8648b3dc056784e0adc1d52e1b185a6af8adc) (workflow-e2e) - Dockerfile: bump k8s version 52 | -------------------------------------------------------------------------------- /src/changelogs/v2.18.0.md: -------------------------------------------------------------------------------- 1 | ## Workflow v2.17.0 -> v2.18.0 2 | 3 | #### Releases 4 | 5 | - controller v2.17.1 -> v2.18.0 6 | - fluentd v2.10.0 -> v2.12.0 7 | - logger v2.4.4 -> v2.4.5 8 | - postgres v2.5.4 -> v2.5.6 9 | - router v2.13.1 -> v2.13.3 10 | - workflow v2.17.0 -> v2.18.0 11 | - workflow-cli v2.17.0 -> v2.18.0 12 | - workflow-e2e v2.12.0 -> v2.12.1 13 | 14 | #### Features 15 | 16 | - [`36a11ec`](https://github.com/deis/fluentd/commit/36a11ece3294d9631ab7ab13f42723a12a90a4a8) (fluentd): Added buffer_queue_limit, buffer_chunk_limit and flush_interval to graylog and syslog store configurations 17 | - [`c1b360e`](https://github.com/deis/fluentd/commit/c1b360e1ca3255779e09932c4c0a459dc7abcf03) (fluentd) - fluentd: add TLS support to gelf plugin 18 | 19 | #### Fixes 20 | 21 | - [`d44237f`](https://github.com/deis/postgres/commit/d44237ffb7347d164d258ee91eccf005d7f0c3cb) (postgres) - Dockerfile: bump postgresql version to current Ubuntu patch 22 | - [`08c9ab6`](https://github.com/deis/postgres/commit/08c9ab647397bde33eb54f1e18cff7f482d709a4) (postgres) - Dockerfile: bump postgresql version to current Ubuntu patch 23 | - [`d5c70f4`](https://github.com/deis/workflow-e2e/commit/d5c70f4fedd88855d42ef1a1cfedbd79938b5e7f) (workflow-e2e) - apps_test.go: temporarily disable spec that fails on GKE 24 | 25 | #### Documentation 26 | 27 | - [`cf9552d`](https://github.com/deis/controller/commit/cf9552d4d6bd58d516466486f7314a404a449118) (controller) - README.md: remove outdated license blurb 28 | - [`8837f89`](https://github.com/deis/controller/commit/8837f894017743b6fd912bb34b0e7e571071041b) (controller) - README.md: add notice of final release and maintenance mode 29 | - [`40630b5`](https://github.com/deis/fluentd/commit/40630b5f7117ce90bf30c29782b8227a260bc8f8) (fluentd) - README.md: add notice of final release and maintenance mode 30 | - [`bd82a4e`](https://github.com/deis/logger/commit/bd82a4ecfb63fb4afded80c535a37a7ba08782a4) (logger) - README.md: remove outdated license blurb 31 | - [`1887864`](https://github.com/deis/logger/commit/1887864396ea3f13a0701e61d921f6979e7f7cec) (logger) - README.md: add notice of final release and maintenance mode 32 | - [`0f38b04`](https://github.com/deis/postgres/commit/0f38b0484c702da7fa654bfa8afbcc97d1d18f91) (postgres) - README.md: remove outdated license blurb 33 | - [`f819b2f`](https://github.com/deis/postgres/commit/f819b2f92a0b76cee1a3dbc83dd3e85179152beb) (postgres) - README.md: add notice of final release and maintenance mode 34 | - [`f4665e9`](https://github.com/deis/router/commit/f4665e911bceecf93bc2aa7d56b0cba62a3ddace) (router) - README.md: remove outdated license blurb 35 | - [`c2c6374`](https://github.com/deis/router/commit/c2c637444bed27d1b6c1f85e64ffbc4b26f0646d) (router) - README.md: add notice of final release and maintenance mode 36 | - [`32952bf`](https://github.com/deis/workflow/commit/32952bf8bf5e23d9d8213e9e49010de960a4d125) (workflow) - README.md: remove outdated license blurb 37 | - [`0798c33`](https://github.com/deis/workflow/commit/0798c336c0bce693c46b0ff2da8674bbafe42b80) (workflow) - README.md: add notice of final release and maintenance mode 38 | - [`2d62f21`](https://github.com/deis/workflow/commit/2d62f21e1c7d5d3ae251cf0572a9e32bb1864000) (workflow) - README.md: add timeline to maintenance notice 39 | - [`058058d`](https://github.com/deis/workflow-cli/commit/058058d86259052ee5122bd9af73bbf34c927bf3) (workflow-cli) - README.md: add notice of final release and maintenance mode 40 | 41 | #### Maintenance 42 | 43 | - [`b1f7175`](https://github.com/deis/controller/commit/b1f71752a29aeff381082fc20a40ff1aa52c351e) (controller) - requirements: update Django to v1.11.4 44 | - [`31f709e`](https://github.com/deis/controller/commit/31f709eb7cd3a81a87339aa58336da4110c0cc49) (controller) - requirements: update idna to v2.6 45 | - [`bbf6111`](https://github.com/deis/controller/commit/bbf6111e73bbd1eef912250ec199f922504bd857) (controller) - requirements: update pyasn1 to v0.3.2 46 | - [`7aaa642`](https://github.com/deis/controller/commit/7aaa64298351c8c360c9cd0902a2d41430bed08a) (controller) - requirements: update psycopg2 to v2.7.3 47 | - [`e3dc217`](https://github.com/deis/controller/commit/e3dc217feef099194a1424fabc29385e0ef33ea4) (controller) - requirements: update requests to v2.18.4 48 | - [`cb9a8af`](https://github.com/deis/controller/commit/cb9a8af67eedc78cbb76ece8332fc0ca92a0bd1f) (controller) - dev_requirements: update flake8 to v3.4.1 49 | - [`a16e1d8`](https://github.com/deis/controller/commit/a16e1d833bc5394cb4961cb75beeb176e1011c2c) (controller) - requirements: update Django REST Framework to v3.6.4 50 | - [`116f057`](https://github.com/deis/controller/commit/116f0572cc8f4eb12e540027bc84ef1ec778ff53) (controller) - requirements: update django-auth-ldap to 1.2.15 51 | - [`91e552c`](https://github.com/deis/router/commit/91e552cfb7f37f31bdaef8b2aa5e88781c796868) (router) - Dockerfile: update nginx to 1.13.4 52 | -------------------------------------------------------------------------------- /src/changelogs/v2.4.1.md: -------------------------------------------------------------------------------- 1 | ## Workflow v2.4.0 -> v2.4.1 2 | 3 | ### Maintenance 4 | 5 | [`af1c969`](https://github.com/deis/charts/commit/af1c96989ad97bbb4eac61ea3c1bf1c6a903f620) workflow-v2.4.1: releasing workflow-v2.4.1(-e2e) 6 | 7 | ### Fixes 8 | 9 | [`3f3be4d`](https://github.com/deis/controller/commit/3f3be4d410c7f6b9e70825179827a7b305998464) controller: scheduler: check if RC exists during a deploy before trying to use Deployments [#996](https://github.com/deis/controller/pull/996) 10 | -------------------------------------------------------------------------------- /src/changelogs/v2.4.2.md: -------------------------------------------------------------------------------- 1 | ## Workflow v2.4.0 -> v2.4.2 2 | 3 | ### Controller v2.4.1 -> v2.4.2 4 | 5 | #### Fixes 6 | - [`eb2f32b`](https://github.com/deis/controller/commit/eb2f32baeb7442f085f596a10d29bd4bb1e85463) registry: tell a user they need PORT when using off-cluster native iaas registry (#988) 7 | - [`e9352a3`](https://github.com/deis/controller/commit/e9352a38f6c4e9472c89648f9ea61e0fd88daa85) proctypes: update service after all the proctypes are deployed 8 | - [`f7fb2f6`](https://github.com/deis/controller/commit/f7fb2f6026a5727c28010b655ca74c296fe3f0d5) release: during cleanup let pod deletion 404 in case Kubernetes cleaned up as well (#1005) 9 | -------------------------------------------------------------------------------- /src/changelogs/v2.9.1.md: -------------------------------------------------------------------------------- 1 | ## Workflow v2.9.0 -> v2.9.1 2 | 3 | #### Releases 4 | 5 | - controller v2.9.0 -> v2.9.1 6 | - slugbuilder v2.4.7 -> v2.4.8 7 | 8 | #### Fixes 9 | 10 | - [`d723de6`](https://github.com/deis/controller/commit/d723de618d0a420cfba3c5be7e3d53c17aa9a404) (controller) - api: account for NoneType when resource is gone (#1178) 11 | - [`ebeb922`](https://github.com/deis/slugbuilder/commit/ebeb9223919a9725f570cc26534e525c6e2d0e13) (slugbuilder) - env_dir: Remove directories from the env dir passed to the compile 12 | - [`e058fa2`](https://github.com/deis/slugbuilder/commit/e058fa27b3f8c2e3bf9e20c06374ef4450f0a186) (slugbuilder) - ssh: read the ssh key from dir instead of environment 13 | 14 | #### Maintenance 15 | 16 | - [`673ce82`](https://github.com/deis/slugbuilder/commit/673ce822af983855a3a1565095838bfe0d5b4a08) (slugbuilder) - buildpacks: update heroku-buildpack-php to v115 17 | - [`998b7ce`](https://github.com/deis/slugbuilder/commit/998b7ce2b043c8dfd8787027a33b2e336d37d050) (slugbuilder) - buildpacks: update heroku-buildpack-ruby to v149 18 | - [`195c4f2`](https://github.com/deis/slugbuilder/commit/195c4f28c821048779e471a202f8d9d80d753ce7) (slugbuilder) - buildpacks: update heroku-buildpack-gradle to v19 19 | - [`03ab39a`](https://github.com/deis/slugbuilder/commit/03ab39af4f7e7da944cd46ae2c8da35c28954ae5) (slugbuilder) - buildpacks: update heroku-buildpack-php to v116 20 | - [`51514b1`](https://github.com/deis/slugbuilder/commit/51514b14259bfab0329b372213835bb8d6873451) (slugbuilder) - buildpacks: update heroku-buildpack-go to v54 21 | -------------------------------------------------------------------------------- /src/contributing/community.md: -------------------------------------------------------------------------------- 1 | # Community 2 | 3 | Deis software is fully open source. As such, the "Deis community" consists of anyone who uses the Deis software and participates in its evolution, whether by answering questions, finding bugs, suggesting enhancements, or writing documentation or code. 4 | 5 | Deis development is coordinated through numerous project repositories [on GitHub][github]. Anyone can check out the source code for any Deis component, fork it, make improvements, and create a pull request to offer those changes back to the Deis community. 6 | 7 | [Engine Yard][ey] maintains the numerous Deis projects, and as such, decides what ends up in the official GitHub repositories. Deis depends on the contributions of the community; the maintainers will not ignore pull requests or issues. 8 | 9 | Deis uses the timeless, highly efficient, and totally unfair system known as "Benevolent Dictator for Life" ([BDFL][]). [Gabriel Monroy][gabriel], the creator of Deis, is our BDFL and has final say over all decisions related to Deis. 10 | 11 | ## Open Source Bounties 12 | 13 | Deis projects are bounty-friendly. We believe open source bounty sites can be constructive tools in the development of open source software. Community members are encouraged to a) offer bounties and b) receive bounties for open source contributions that benefit everyone. The Deis maintainers, however, will not accept bounties on this project but are more than happy to help community members attempting bounties. 14 | 15 | 16 | [github]: https://github.com/deis 17 | [ey]: https://deis.com/community 18 | [bdfl]: http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life 19 | [gabriel]: https://github.com/gabrtv 20 | -------------------------------------------------------------------------------- /src/contributing/conduct.md: -------------------------------------------------------------------------------- 1 | # Conduct 2 | 3 | The Deis community welcomes and encourages participation by **everyone**. 4 | 5 | No matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community. 6 | 7 | The Deis developer community continues to grow, and it is inevitable that disagreements and conflict will arise. We ask that participants conduct themselves according to these principles: 8 | 9 | 1. **Be welcoming, friendly, and patient.** 10 | 11 | 2. **Be considerate.** 12 | 13 | Your work will be used by other people, and you in turn will depend on the work of others. Any decision you take will affect users and colleagues, and you should take those consequences into account when making decisions. Remember that we're a world-wide community, so you might not be communicating in someone else's primary language. 14 | 15 | 3. **Be respectful.** 16 | 17 | Not all of us will agree all the time, but disagreement is no excuse for poor behavior and bad manners. We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one. 18 | 19 | 4. **Be careful in the words that you choose.** 20 | 21 | Be kind to others. Do not insult or put down other participants. Behave professionally. Remember that harassment and sexist, racist, or exclusionary jokes are never appropriate for the community. 22 | 23 | (Thanks to the [Debian][] and [Django][] communities for their text and 24 | their inspiration.) 25 | 26 | [debian]: http://www.debian.org/intro/diversity 27 | [django]: https://www.djangoproject.com/conduct/ 28 | -------------------------------------------------------------------------------- /src/contributing/design-documents.md: -------------------------------------------------------------------------------- 1 | # Design Documents 2 | 3 | Before submitting a pull request which will significantly alter the behavior of any Deis component, such as a new feature or major refactoring, contributors should first open an issue representing a design document. 4 | 5 | ## Goals 6 | 7 | Design documents help ensure project contributors: 8 | 9 | * Involve stakeholders as early as possible in a feature's development 10 | * Ensure code changes accomplish the original motivations and design goals 11 | * Establish clear acceptance criteria for a feature or change 12 | * Enforce test-driven design methodology and automated test coverage 13 | 14 | ## Contents 15 | 16 | Design document issues should be named `Design Doc: ` and contain the following sections: 17 | 18 | ### Goal 19 | 20 | This section should briefly describe the proposed change and the motivations behind it. Tests will be written to ensure this design goal is met by the change. 21 | 22 | This section should also reference a separate GitHub issue tracking the feature or change, which will typically be assigned to a release milestone. 23 | 24 | ### Code Changes 25 | 26 | This section should detail the code changes necessary to accomplish the change, as well as the proposed implementation. This should be as detailed as necessary to help reviewers understand the change. 27 | 28 | ### Tests 29 | 30 | All changes should be covered by automated tests, either unit or integration tests (ideally both). This section should detail how tests will be written to validate that the change accomplishes the design goals and doesn't introduce any regressions. 31 | 32 | If a change cannot be sufficiently covered by automated testing, the design should be reconsidered. If there is no test coverage whatsoever for an affected section of code, a separate issue should be filed to integrate automated testing with that section of the codebase. 33 | 34 | The tests described here also form the acceptance criteria for the change, so that when it's completed maintainers can merge the pull request after confirming the tests pass CI. 35 | 36 | ### Approval 37 | 38 | A design document follows the same [merge approval][approval] review process as final pull requests do, and maintainers will take extra care to ensure that any stakeholders for the change are included in the discussion and review of the design document. 39 | 40 | Once the design is accepted, the author can complete the change and submit a pull request for review. The pull request should close both the design document for the change as well as any issues that either track the issue or are closed as a result of the change. 41 | 42 | See [Submitting a Pull Request][standards] for more information on pull request and commit message formatting. 43 | 44 | 45 | [approval]: submitting-a-pull-request.md#merge-approval 46 | [standards]: submitting-a-pull-request.md 47 | -------------------------------------------------------------------------------- /src/contributing/maintainers.md: -------------------------------------------------------------------------------- 1 | # Deis Maintainers 2 | 3 | This document serves to describe the leadership structure of the Deis project, and list the current 4 | project maintainers. 5 | 6 | # What is a maintainer? 7 | 8 | (Unabashedly stolen from the [Docker](https://github.com/docker/docker/blob/master/MAINTAINERS) project) 9 | 10 | There are different types of maintainers, with different responsibilities, but 11 | all maintainers have 3 things in common: 12 | 13 | 1. They share responsibility in the project's success. 14 | 2. They have made a long-term, recurring time investment to improve the project. 15 | 3. They spend that time doing whatever needs to be done, not necessarily what 16 | is the most interesting or fun. 17 | 18 | Maintainers are often under-appreciated, because their work is harder to appreciate. 19 | It's easy to appreciate a really cool and technically advanced feature. It's harder 20 | to appreciate the absence of bugs, the slow but steady improvement in stability, 21 | or the reliability of a release process. But those things distinguish a good 22 | project from a great one. 23 | 24 | # Deis maintainers 25 | 26 | Deis has two groups of maintainers in addition to our beloved Benevolent Dictator for Life. 27 | 28 | ## BDFL 29 | 30 | Deis follows the timeless, highly efficient and totally unfair system known as [Benevolent dictator 31 | for life](http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life). 32 | 33 | Gabriel Monroy ([@gabrtv](https://github.com/gabrtv)), as creator of the Deis project, serves as our 34 | project's BDFL. While the day-to-day project management is carried out by the maintainers, Gabriel 35 | serves as the final arbiter of any disputes and has the final say on project direction. 36 | 37 | ## Core maintainers 38 | 39 | Core maintainers are exceptionally knowledgeable about all areas of Deis. Some maintainers work on Deis 40 | full-time, although this is not a requirement. 41 | 42 | The duties of a core maintainer include: 43 | 44 | * Classify and respond to GitHub issues and review pull requests 45 | * Help to shape the Deis roadmap and lead efforts to accomplish roadmap milestones 46 | * Participate actively in feature development and bug fixing 47 | * Answer questions and help users in the [Deis #community Slack channel](https://slack.deis.io) 48 | 49 | The current list of core maintainers can be seen [here](https://github.com/orgs/deis/teams/core-maintainers). 50 | 51 | No pull requests can be merged until at least one core maintainer signs off with an 52 | [LGTM](http://docs.deis.io/en/latest/contributing/standards/#merge-approval). The other LGTM can 53 | come from either a core maintainer or contributing maintainer. 54 | 55 | ## Contributing maintainers 56 | 57 | Contributing maintainers are exceptionally knowledgeable about some but not necessarily all areas 58 | of Deis, and are often selected due to specific domain knowledge that complements the project (but 59 | a willingness to continually contribute to the project is most important!). Often, 60 | core maintainers will ask a contributing maintainer to weigh in on issues, pull requests, or 61 | conversations where the contributing maintainer is knowledgeable. 62 | 63 | The duties of a contributing maintainer are very similar to those of a core maintainer, but they are limited to areas of the Deis project where the contributing maintainer is knowledgeable. 64 | 65 | Contributing maintainers are defined in practice as those who have write access to the Deis repository. All maintainers can review pull requests and add LGTM labels as appropriate. 66 | 67 | ## Becoming a maintainer 68 | 69 | The Deis project wouldn't be where it is today without its community. Many of the project's 70 | community members embody the spirit of maintainership, and have contributed substantially to 71 | the project. 72 | 73 | The contributing maintainers group was created in part so that exceptional members of the community 74 | who have an interest in the continued success of the project have the opportunity to join the 75 | core maintainers in guiding the future of Deis. 76 | 77 | Generally, potential contributing maintainers are selected by the Deis core maintainers based in 78 | part on the following criteria: 79 | 80 | * Sustained contributions to the project over a period of time (usually months) 81 | * A willingness to help Deis users on GitHub and in the [Deis #community Slack channel](https://slack.deis.io) 82 | * A friendly attitude :) 83 | 84 | The Deis core maintainers must unanimously agree before inviting a community member to join as a 85 | contributing maintainer, although in many cases the candidate has already been acting in the 86 | capacity of a contributing maintainer for some time, and has been consulted on issues, pull requests, 87 | etc. 88 | -------------------------------------------------------------------------------- /src/contributing/overview.md: -------------------------------------------------------------------------------- 1 | # Contributor Overview 2 | 3 | Interested in contributing to a Deis project? There are lots of ways to help. 4 | 5 | ## File Bugs & Enhancements 6 | 7 | Find a bug? Want to see a new feature? Have a request for the maintainers? Open a Github issue in the applicable repository and we’ll get the conversation started. 8 | 9 | Our official support channel is the [Deis #community Slack channel][slack]. 10 | 11 | Don't know what the applicable repository for an issue is? Open up in issue in [workflow][] or chat with a maintainer in the [Deis #community Slack channel][slack] and we'll make sure it gets to the right place. 12 | 13 | Additionally, take a look at the [troubleshooting][] documentation for common issues. 14 | 15 | Before opening a new issue, it's helpful to search and see if anyone else has already reported the problem. You can search through a list of issues for all Deis projects [here][issues]. 16 | 17 | ## Write Documentation 18 | 19 | We are always looking to improve and expand our documentation. Most docs reside in the [deis/workflow][workflow] repository. Simply fork the project, update docs and send us a pull request. 20 | 21 | ## Contribute Code 22 | 23 | We are always looking for help improving the core platform, other workloads, tooling, and test coverage. Interested in contributing code? Let’s chat in the [Deis #community Slack channel][slack]. Make sure to check out issues tagged [easy fix][] or [help wanted][]. 24 | 25 | When you're ready to begin writing code, review [Design Documents][dd] and get your [Development Environment][dev-environment] set up. 26 | 27 | By contributing to any Deis project you agree to its [Developer Certificate of Origin (DCO)][dco]. This document was created by the Linux Kernel community and is a simple statement that you, as a contributor, have the legal right to make the contribution. 28 | 29 | ## Triage Issues 30 | 31 | If you don't have time to code, consider helping with triage. The community will thank you for saving them time by spending some of yours. See [Triaging Issues](triaging-issues.md) for more info. 32 | 33 | ## Share your Experience 34 | 35 | Interact with the community on our user mailing list or live in our [Deis #community Slack channel](https://slack.deis.io), where you can chat with other Deis Workflow users any time of day. 36 | 37 | [workflow]: https://github.com/deis/workflow 38 | [dd]: design-documents.md 39 | [dev-environment]: development-environment.md 40 | [easy fix]: https://github.com/pulls?utf8=%E2%9C%93&q=user%3Adeis+label%3A%22easy+fix%22+is%3Aopen 41 | [dco]: https://github.com/deis/workflow/blob/master/DCO 42 | [help wanted]: https://github.com/pulls?utf8=%E2%9C%93&q=user%3Adeis+label%3A%22help+wanted%22+is%3Aopen 43 | [troubleshooting]: ../troubleshooting/index.md 44 | [issues]: https://github.com/pulls?utf8=%E2%9C%93&q=user%3Adeis+user%3Ahelm 45 | [slack]: https://slack.deis.io 46 | -------------------------------------------------------------------------------- /src/contributing/testing.md: -------------------------------------------------------------------------------- 1 | # Testing Deis 2 | 3 | Each Deis component is one among an ecosystem of such components - many of which integrate with one another - which makes testing each component thoroughly a matter of paramount importance. 4 | 5 | Each Deis component includes its own suite of style checks, [unit tests][], and black-box type [functional tests][]. 6 | 7 | [Integration tests][] verify the behavior of the Deis components together as a system and are provided separately by the [deis/workflow-e2e][workflow-e2e] project. 8 | 9 | GitHub pull requests for all Deis components are tested automatically by the [Travis CI][travis] [continuous integration][] system. Contributors should run the same tests locally before proposing any changes to the Deis codebase. 10 | 11 | ## Set Up the Environment 12 | 13 | Successfully executing the unit and functional tests for any Deis component requires that the [Development Environment][dev-environment] is set up first. 14 | 15 | ## Run the Tests 16 | 17 | The style checks, unit tests, and functional tests for each component can all be executed via make targets: 18 | 19 | To execute style checks: 20 | 21 | ``` 22 | $ make test-style 23 | ``` 24 | 25 | To execute unit tests: 26 | 27 | ``` 28 | $ make test-unit 29 | ``` 30 | 31 | To execute functional tests: 32 | 33 | ``` 34 | $ make test-functional 35 | ``` 36 | 37 | To execute style checks, unit tests, and functional tests all in one shot: 38 | 39 | ``` 40 | $ make test 41 | ``` 42 | 43 | To execute integration tests, refer to [deis/workflow-e2e][workflow-e2e] documentation. 44 | 45 | [unit tests]: http://en.wikipedia.org/wiki/Unit_testing 46 | [functional tests]: http://en.wikipedia.org/wiki/Functional_testing 47 | [integration tests]: http://en.wikipedia.org/wiki/Integration_testing 48 | [workflow-e2e]: https://github.com/deis/workflow-e2e 49 | [travis]: https://travis-ci.org/deis 50 | [continuous integration]: http://en.wikipedia.org/wiki/Continuous_integration 51 | [dev-environment]: development-environment.md 52 | -------------------------------------------------------------------------------- /src/contributing/triaging-issues.md: -------------------------------------------------------------------------------- 1 | # Triaging Issues 2 | 3 | Issue triage provides an important way to contribute to an open source project. Triage helps ensure issues resolve quickly by: 4 | 5 | - Describing the issue's intent and purpose is conveyed precisely. This is necessary because it can be difficult for an issue to explain how an end user experiences an problem and what actions they took. 6 | - Giving a contributor the information they need before they commit to resolving an issue. 7 | - Lowering the issue count by preventing duplicate issues. 8 | - Streamlining the development process by preventing duplicate discussions. 9 | 10 | If you don't have time to code, consider helping with triage. The community will thank you for saving them time by spending some of yours. 11 | 12 | ## Ensure the Issue Contains Basic Information 13 | 14 | Before triaging an issue very far, make sure that the issue's author provided the standard issue information. This will help you make an educated recommendation on how this to categorize the issue. Standard information that should be included in most issues are things such as: 15 | 16 | - the version(s) of Deis this issue affects 17 | - a reproducible case if this is a bug 18 | - page URL if this is a docs issue or the name of a man page 19 | 20 | Depending on the issue, you might not feel all this information is needed. Use your best judgment. If you cannot triage an issue using what its author provided, explain kindly to the author that they must provide the above information to clarify the problem. 21 | 22 | If the author provides the recommended information but you are still unable to triage the issue, request additional information. Do this kindly and politely because you are asking for more of the author's time. 23 | 24 | If the author does not respond requested information within the timespan of a week, close the issue with a kind note stating that the author can request for the issue to be reopened when the necessary information is provided. 25 | 26 | ## Classifying the Issue 27 | 28 | An issue can have multiple of the following labels: 29 | 30 | ### Issue Kind 31 | 32 | Kind | Description 33 | -------------|----------------------------------------------------------------------------------------------------------------------------- 34 | bug | Bugs are bugs. The cause may or may not be known at triage time so debugging should be taken account into the time estimate. 35 | docs | Writing documentation, man pages, articles, blogs, or other significant word-driven task. 36 | enhancement | Enhancements can drastically improve usability or performance of a component. 37 | question | Contains a user or contributor question requiring a response. 38 | security | Security-related issues such as TLS encryption, network segregation, authn/authz features, etc. 39 | 40 | ### Functional Area 41 | 42 | - builder 43 | - cache 44 | - contrib and provisioning 45 | - client 46 | - controller 47 | - database 48 | - docs 49 | - kubernetes 50 | - registry 51 | - router 52 | - store (Ceph) 53 | - tests 54 | 55 | ## Easy Fix 56 | 57 | "Easy Fix" issues are a way for a new contributor to find issues that are fit for their experience level. These issues are typically for users who are new to Deis, and possibly Go, and is looking to help while learning the basics. 58 | 59 | ## Prioritizing issues 60 | 61 | When attached to a specific milestone, an issue can be attributed one of the following labels to indicate their degree of priority. 62 | 63 | Priority | Description 64 | -----------|----------------------------------------------------------------------------------------------------------------------------------- 65 | priority 0 | Urgent: Security, critical bugs, blocking issues. Drop everything and fix this today, then consider creating a patch release. 66 | priority 1 | Serious: Impedes user actions or is a regression. Fix this before the next planned release. 67 | 68 | And that's it. That should be all the information required for a new or existing contributor to come in an resolve an issue. 69 | -------------------------------------------------------------------------------- /src/diagrams/Application_Layout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Application_Layout.png -------------------------------------------------------------------------------- /src/diagrams/Diagrams.graffle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Diagrams.graffle -------------------------------------------------------------------------------- /src/diagrams/Document_Overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Document_Overview.png -------------------------------------------------------------------------------- /src/diagrams/Ecosystem_Basic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Ecosystem_Basic.png -------------------------------------------------------------------------------- /src/diagrams/Ecosystem_Complex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Ecosystem_Complex.png -------------------------------------------------------------------------------- /src/diagrams/Git_Push_Flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Git_Push_Flow.png -------------------------------------------------------------------------------- /src/diagrams/README.md: -------------------------------------------------------------------------------- 1 | # Architecture Diagrams 2 | 3 | This is an [OmniGraffle][] file which holds the source materials for the following 4 | images. 5 | 6 | To update a chart: 7 | 8 | 1. Make your modification! 9 | 2. Select "File > Export" 10 | 3. Select "Entire Document 11 | 4. Choose: Scale: 100% 12 | 5. Set Bitmap Resolution to 72 dpi (for web) 13 | 6. Uncheck "Transparent Background" 14 | 7. Select "images" directory 15 | 8. Click "Export" 16 | 17 | This should update all of the graphics in one go! Commit and pull-request. 18 | 19 | [omnigraffle]: https://www.omnigroup.com/omnigraffle 20 | -------------------------------------------------------------------------------- /src/diagrams/Workflow_Detail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Workflow_Detail.png -------------------------------------------------------------------------------- /src/diagrams/Workflow_Overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/diagrams/Workflow_Overview.png -------------------------------------------------------------------------------- /src/index.md: -------------------------------------------------------------------------------- 1 | # Welcome to Deis Workflow 2 | 3 | Deis (pronounced DAY-iss) Workflow is an open source Platform as a Service (PaaS) that adds a 4 | developer-friendly layer to any Kubernetes cluster, making it easy to deploy and manage 5 | applications. 6 | 7 | Deis Workflow includes capabilities for building and deploying from source via `git push`, simple 8 | application configuration, creating and rolling back releases, managing domain names and SSL 9 | certificates, providing seamless edge routing, aggregating logs, and sharing applications with 10 | teams. All of this is exposed through a simple REST API and command line interface. 11 | 12 | Please note that this documentation is for Deis Workflow (v2). For v1 documentation visit 13 | . 14 | 15 | ## Getting Started 16 | 17 | To get started with Workflow, follow our [Quick Start][quickstart] guide. 18 | 19 | Take a deep dive into Deis Workflow in our [Concepts][concepts], [Architecture][arch], and 20 | [Components][components] sections. 21 | 22 | Feel like contibuting some code or want to get started as a maintainer? Pick an issue tagged as an 23 | [easy fix][] or [help wanted][] and start contributing! 24 | 25 | ## Service and Support 26 | 27 | If you are interested in commercial service and support for Deis Workflow, check out the various 28 | [services offerings on deis.com](https://deis.com/services). 29 | 30 | 31 | [arch]: understanding-workflow/architecture.md 32 | [concepts]: understanding-workflow/concepts.md 33 | [components]: understanding-workflow/components.md 34 | [easy fix]: https://github.com/pulls?utf8=%E2%9C%93&q=user%3Adeis+label%3A%22easy+fix%22+is%3Aopen 35 | [help wanted]: https://github.com/pulls?utf8=%E2%9C%93&q=user%3Adeis+label%3A%22help+wanted%22+is%3Aopen 36 | [quickstart]: quickstart/index.md 37 | -------------------------------------------------------------------------------- /src/installing-workflow/chart-provenance.md: -------------------------------------------------------------------------------- 1 | # Chart Provenance 2 | 3 | As of Workflow [v2.8.0](../changelogs/v2.8.0.md), Deis has released [Kubernetes Helm][helm] charts for Workflow 4 | and for each of its [components](../understanding-workflow/components.md). 5 | 6 | Helm provides tools for establishing and verifying chart integrity. (For an overview, see the [Provenance](https://github.com/kubernetes/helm/blob/master/docs/provenance.md) doc.) All release charts from the Deis Workflow team are now signed using this mechanism. 7 | 8 | The full `Deis, Inc. (Helm chart signing key) ` public key can be found [here](../security/1d6a97d0.txt), as well as the [pgp.mit.edu](http://pgp.mit.edu/pks/lookup?op=vindex&fingerprint=on&search=0x17E526B51D6A97D0) keyserver and the official Deis Keybase [account][deis-keybase]. The key's fingerprint can be cross-checked against all of these sources. 9 | 10 | ## Verifying a signed chart 11 | 12 | The public key mentioned above must exist in a local keyring before a signed chart can be verified. 13 | 14 | To add it to the default `~/.gnupg/pubring.gpg` keyring, any of the following commands will work: 15 | 16 | ``` 17 | $ # via our hosted location 18 | $ curl https://deis.com/workflow/docs/security/1d6a97d0.txt | gpg --import 19 | 20 | $ # via the pgp.mit.edu keyserver 21 | $ gpg --keyserver pgp.mit.edu --recv-keys 1D6A97D0 22 | 23 | $ # via Keybase with account... 24 | $ keybase follow deis 25 | $ keybase pgp pull 26 | 27 | $ # via Keybase by curl 28 | $ curl https://keybase.io/deis/key.asc | gpg --import 29 | ``` 30 | 31 | Charts signed with this key can then be verified when fetched: 32 | 33 | ``` 34 | $ helm repo add deis https://charts.deis.com/workflow 35 | "deis" has been added to your repositories 36 | 37 | $ helm fetch --verify deis/workflow --version v2.18.0 38 | Verification: &{0xc42077e460 sha256:c8fe609e70f6f11299c2e1fa130433254d747fc0a694a2928a1c5d3d3c986ce8 workflow-v2.18.0.tgz} 39 | ``` 40 | 41 | One can then inspect the fetched `workflow-v2.18.0.tgz.prov` provenance file. 42 | 43 | If the chart was not signed, the command above would result in: 44 | 45 | ``` 46 | Error: Failed to fetch provenance "https://charts.deis.com/workflow/workflow-v2.18.0.tgz.prov" 47 | ``` 48 | 49 | Alternatively, the chart can also be verified at install time: 50 | 51 | ``` 52 | $ helm install --verify deis/workflow --namespace deis 53 | NAME: exiled-mink 54 | LAST DEPLOYED: Wed Sep 7 08:22:16 2017 55 | NAMESPACE: deis 56 | STATUS: DEPLOYED 57 | ... 58 | 59 | $ helm ls 60 | NAME REVISION UPDATED STATUS CHART 61 | exiled-mink 1 Wed Sep 7 08:22:16 2017 DEPLOYED workflow-v2.18.0 62 | ``` 63 | 64 | Having done so, one is assured of the origin and authenticity of any installed Workflow chart released by Deis. 65 | 66 | [helm]: https://github.com/kubernetes/helm/blob/master/docs/install.md 67 | [deis-keybase]: https://keybase.io/deis 68 | -------------------------------------------------------------------------------- /src/installing-workflow/configuring-object-storage.md: -------------------------------------------------------------------------------- 1 | # Configuring Object Storage 2 | 3 | A variety of Deis Workflow components rely on an object storage system to do their work including storing application slugs, Docker images and database logs. 4 | 5 | Deis Workflow ships with [Minio][minio] by default, which provides in-cluster, ephemeral object storage. This means that _if the Minio server crashes, all data will be lost_. Therefore, **Minio should be used for development or testing only**. 6 | 7 | ## Configuring off-cluster Object Storage 8 | 9 | Every component that relies on object storage uses two inputs for configuration: 10 | 11 | 1. Component-specific environment variables (e.g. `BUILDER_STORAGE` and `REGISTRY_STORAGE`) 12 | 2. Access credentials stored as a Kubernetes secret named `objectstorage-keyfile` 13 | 14 | The helm chart for Deis Workflow can be easily configured to connect Workflow components to off-cluster object storage. Deis Workflow currently supports Google Compute Storage, Amazon S3, [Azure Blob Storage][] and OpenStack Swift Storage. 15 | 16 | ### Step 1: Create storage buckets 17 | 18 | Create storage buckets for each of the Workflow subsystems: `builder`, `registry`, and `database`. 19 | 20 | Depending on your chosen object storage you may need to provide globally unique bucket names. If you are using S3, use hyphens instead of periods in the bucket names. Using periods in the bucket name will cause an [ssl certificate validation issue with S3](https://forums.aws.amazon.com/thread.jspa?threadID=105357). 21 | 22 | If you provide credentials with sufficient access to the underlying storage, Workflow components will create the buckets if they do not exist. 23 | 24 | ### Step 2: Generate storage credentials 25 | 26 | If applicable, generate credentials that have create and write access to the storage buckets created in Step 1. 27 | 28 | If you are using AWS S3 and your Kubernetes nodes are configured with appropriate [IAM][aws-iam] API keys via InstanceRoles, you do not need to create API credentials. Do, however, validate that the InstanceRole has appropriate permissions to the configured buckets! 29 | 30 | ### Step 3: Add Deis Repo 31 | 32 | If you haven't already added the Helm repo, do so with `helm repo add deis https://charts.deis.com/workflow` 33 | 34 | ### Step 4: Configure Workflow Chart 35 | 36 | Operators should configure object storage by editing the Helm values file before running `helm install`. To do so: 37 | 38 | * Fetch the Helm values by running `helm inspect values deis/workflow > values.yaml` 39 | * Update the `global/storage` parameter to reference the platform you are using, e.g. `s3`, `azure`, `gcs`, or `swift` 40 | * Find the corresponding section for your storage type and provide appropriate values including region, bucket names, and access credentials. 41 | * Save your changes. 42 | 43 | !!! note 44 | All values will be automatically (base64) encoded _except_ the `key_json` values under `gcs`/`gcr`. These must be base64-encoded. This is to support cleanly passing said encoded text via `helm --set` cli functionality rather than attempting to pass the raw JSON data. For example: 45 | 46 | $ helm install workflow --namespace deis \ 47 | --set global.storage=gcs,gcs.key_json="$(cat /path/to/gcs_creds.json | base64 -w 0)" 48 | 49 | You are now ready to run `helm install deis/workflow --namespace deis -f values.yaml` using your desired object storage. 50 | 51 | 52 | [minio]: ../understanding-workflow/components.md#object-storage 53 | [aws-iam]: http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html 54 | [Azure Blob Storage]: https://azure.microsoft.com/en-us/services/storage/blobs/ 55 | -------------------------------------------------------------------------------- /src/installing-workflow/configuring-postgres.md: -------------------------------------------------------------------------------- 1 | # Configuring Postgres 2 | 3 | Deis Workflow's controller component relies on a PostgreSQL database to store platform state. 4 | 5 | By default, Deis Workflow ships with the [database] component, which provides an in-cluster PostgreSQL database backed up to in-cluster or off-cluster [object storage]. Currently, for object storage, which is utilized by _several_ Workflow components, only off-cluster solutions such as S3 or GCS are recommended in production environments. Experience has shown that many operators already opting for off-cluster object storage similarly prefer to host Postgres off-cluster as well, using Amazon RDS or similar. When excercising both options, a Workflow installation becomes entirely stateless, and is thus restored or rebuilt with greater ease should the need ever arise. 6 | 7 | ## Provisioning off-cluster Postgres 8 | 9 | First, provision a PostgreSQL RDBMS using the cloud provider or other infrastructure of your choice. Take care to ensure that security groups or other firewall rules will permit connectivity from your Kubernetes worker nodes, any of which may play host to the Workflow controller component. 10 | 11 | Take note of the following: 12 | 13 | 1. The hostname or public IP of your PostgreSQL RDBMS 14 | 2. The port on which your PostgreSQL RDBMS runs-- typically 5432 15 | 16 | Within the off-cluster RDBMS, manually provision the following: 17 | 18 | 1. A database user (take note of the username and password) 19 | 2. A database owned by that user (take note of its name) 20 | 21 | If you are able to log into the RDBMS as a superuser or a user with appropriate permissions, this process will _typically_ look like this: 22 | 23 | ``` 24 | $ psql -h -p -d postgres -U <"postgres" or your own username> 25 | > create user with password ''; 26 | > create database with owner ; 27 | > \q 28 | ``` 29 | 30 | ## Configuring Workflow 31 | 32 | The Helm chart for Deis Workflow can be easily configured to connect the Workflow controller component to an off-cluster PostgreSQL database. 33 | 34 | * **Step 1:** If you haven't already fetched the values, do so with `helm inspect values deis/workflow > values.yaml` 35 | * **Step 2:** Update database connection details by modifying `values.yaml`: 36 | * Update the `database_location` parameter to `off-cluster`. 37 | * Update the values in the `[database]` configuration section to properly reflect all connection details. 38 | * Save your changes. 39 | * Note: you do not need to (and must not) base64 encode any values, as the Helm chart will automatically handle encoding as necessary. 40 | 41 | You are now ready to `helm install deis/workflow --namespace deis -f values.yaml` [as usual][installing]. 42 | 43 | [database]: ../understanding-workflow/components.md#database 44 | [object storage]: configuring-object-storage.md 45 | [installing]: ../installing-workflow/index.md 46 | -------------------------------------------------------------------------------- /src/installing-workflow/download-linux-brightgreen.svg: -------------------------------------------------------------------------------- 1 | downloaddownloadLinuxLinux -------------------------------------------------------------------------------- /src/installing-workflow/download-osx-brightgreen.svg: -------------------------------------------------------------------------------- 1 | downloaddownloadMac OS XMac OS X -------------------------------------------------------------------------------- /src/installing-workflow/experimental-native-ingress.md: -------------------------------------------------------------------------------- 1 | # Experimental Native Ingress 2 | 3 | ## Install Deis Workflow (With experimental native ingress support) 4 | 5 | Now that Helm is installed and the repository has been added, install Workflow with a native ingress by running: 6 | 7 | ``` 8 | $ helm install deis/workflow --namespace deis --set global.experimental_native_ingress=true,controller.platform_domain=deis.com 9 | ``` 10 | 11 | Where `controller.platform_domain` is a **required** parameter that is traditionally not required for Workflow that is explained in the next section. In this example we are using `deis.com` for `$hostname`. 12 | 13 | Helm will install a variety of Kubernetes resources in the `deis` namespace. 14 | Wait for the pods that Helm launched to be ready. Monitor their status by running: 15 | 16 | ``` 17 | $ kubectl --namespace=deis get pods 18 | ``` 19 | 20 | You should also notice that several Kubernetes ingresses has been installed on your cluster. You can view it by running: 21 | 22 | ``` 23 | $ kubectl get ingress --namespace deis 24 | ``` 25 | 26 | Depending on the order in which the Workflow components initialize, some pods may restart. This is common during the 27 | installation: if a component's dependencies are not yet available, that component will exit and Kubernetes will 28 | automatically restart it. 29 | 30 | Here, it can be seen that the controller, builder and registry all took a few loops waiting for minio before they were able to start: 31 | 32 | ``` 33 | $ kubectl --namespace=deis get pods 34 | NAME READY STATUS RESTARTS AGE 35 | deis-builder-hy3xv 1/1 Running 5 5m 36 | deis-controller-g3cu8 1/1 Running 5 5m 37 | deis-database-rad1o 1/1 Running 0 5m 38 | deis-logger-fluentd-1v8uk 1/1 Running 0 5m 39 | deis-logger-fluentd-esm60 1/1 Running 0 5m 40 | deis-logger-sm8b3 1/1 Running 0 5m 41 | deis-minio-4ww3t 1/1 Running 0 5m 42 | deis-registry-asozo 1/1 Running 1 5m 43 | deis-workflow-manager-68nu6 1/1 Running 0 5m 44 | ``` 45 | 46 | ## Install a Kubernetes Ingress Controller 47 | 48 | Now that Workflow has been deployed with the `global.experimental_native_ingress` flag set to `true`, we will need a Kubernetes ingress controller in place to begin routing traffic. 49 | 50 | Here is an example of how to use [traefik](https://traefik.io/) as an ingress controller for Workflow. Of course, you are welcome to use any controller you wish. 51 | 52 | ``` 53 | $ helm install stable/traefik --name ingress --namespace kube-system 54 | ``` 55 | 56 | ## Configure DNS 57 | 58 | The experimental ingress feature requires a user to set up a hostname, and assumes the `deis.$host` convention. 59 | 60 | We need to point the `*.$host` record to the public IP address of your ingress controller. You can get the public IP using the following command. A wildcard entry is necessary here as apps will use the same rule after they are deployed. 61 | 62 | ``` 63 | $ kubectl get svc ingress-traefik --namespace kube-system 64 | NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE 65 | ingress-traefik 10.0.25.3 138.91.243.152 80:31625/TCP,443:30871/TCP 33m 66 | ``` 67 | 68 | Additionally, we need to point the `deis-builder.$host` record to the public IP address of the [Builder][]. 69 | 70 | ``` 71 | $ kubectl get svc deis-builder --namespace deis 72 | NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE 73 | deis-builder 10.0.165.140 40.86.182.187 2222:32488/TCP 33m 74 | ``` 75 | 76 | If we were using `deis.com` as a hostname, we would need to create the following A DNS records. 77 | 78 | | Name | Type | Value | 79 | | ---------------------------- |:-------------:| --------------:| 80 | | *.deis.com | A | 138.91.243.152 | 81 | | deis-builder.deis.com | A | 40.86.182.187 | 82 | 83 | Once all of the pods are in the `READY` state, and `deis.$host` resolves to the external IP found above, Workflow is up and running! 84 | 85 | After installing Workflow, [register a user and deploy an application](../quickstart/deploy-an-app.md). 86 | 87 | ##### Feedback 88 | 89 | While this feature is experimental we welcome feedback on the issue. We would like to learn more about use cases, and user experience. Please [open a new issue](https://github.com/deis/workflow/issues/new) for feedback. 90 | 91 | 92 | [builder]: ../understanding-workflow/components.md#builder 93 | -------------------------------------------------------------------------------- /src/installing-workflow/system-requirements.md: -------------------------------------------------------------------------------- 1 | # Requirements 2 | 3 | To run Deis Workflow on a Kubernetes cluster, there are a few requirements to keep in mind. 4 | 5 | ## Kubernetes Versions 6 | 7 | Deis Workflow requires Kubernetes v1.3.4 or later, or Kubernetes v1.6.2 or later. Kubernetes v1.6.0 8 | and v1.6.1 have [a bug](https://github.com/kubernetes/kubernetes/pull/44406) that can prevent 9 | `git push deis master` from completing successfully. 10 | 11 | ## Storage Requirements 12 | 13 | A variety of Deis Workflow components rely on an object storage system to do their work, including storing application 14 | slugs, Docker images and database logs. 15 | 16 | Deis Workflow ships with Minio by default, which provides in-cluster, ephemeral object storage. This means that if the 17 | Minio server crashes, all data will be lost. Therefore, Minio should be used for development or testing only. 18 | 19 | Workflow supports Amazon Simple Storage Service (S3), Google Cloud Storage (GCS), OpenShift Swift, and Azure Blob 20 | Storage. See [configuring object storage](configuring-object-storage) for setup instructions. 21 | 22 | ## Resource Requirements 23 | 24 | When deploying Deis Workflow, it's important to provision machines with adequate resources. Deis is a highly-available 25 | distributed system, which means that Deis components and your deployed applications will move around the cluster onto 26 | healthy hosts as hosts leave the cluster for various reasons (failures, reboots, autoscalers, etc.). Because of this, 27 | you should have ample spare resources on any machine in your cluster to withstand the additional load of running 28 | services for failed machines. 29 | 30 | Deis Workflow components use about 2.5GB of memory across the cluster, and require approximately 30GB of hard disk 31 | space. Because it may need to handle additional load if another one fails, each machine has minimum requirements of: 32 | 33 | * At least 4GB of RAM (more is better) 34 | * At least 40GB of hard disk space 35 | 36 | Note that these estimates are for Deis Workflow and Kubernetes only. Be sure to leave enough spare capacity for your 37 | application footprint as well. 38 | 39 | Running smaller machines will likely result in increased system load and has been known to result in component failures 40 | and instability. 41 | 42 | !!! warning 43 | Workflow versions prior to 2.2 require '--insecure-registry' to function properly. Depending on 44 | your Kubernetes and Docker configuration, setting 45 | `EXTRA_DOCKER_OPTS="--insecure-registry=10.0.0.0/8"` may be sufficient. 46 | 47 | ## SELinux + OverlayFS 48 | 49 | If you are using Docker with OverlayFS, you must disable SELinux by adding `--selinux-enabled=false` to 50 | `EXTRA_DOCKER_OPTS`. For more background information, see: 51 | 52 | * [https://github.com/docker/docker/issues/7952](https://github.com/docker/docker/issues/7952) 53 | * [https://github.com/deis/workflow/issues/63](https://github.com/deis/postgres/issues/63) 54 | -------------------------------------------------------------------------------- /src/managing-workflow/deploy-hooks.md: -------------------------------------------------------------------------------- 1 | # Deploy Hooks 2 | 3 | Deploy hooks allow an external service to receive a notification whenever a new version of your app 4 | is pushed to Workflow. It’s useful to help keep the development team informed about deploys, while 5 | it can also be used to integrate different systems together. 6 | 7 | After one or more hooks are setup, hook output and errors appear in your application’s logs: 8 | 9 | ``` 10 | $ deis logs 11 | ... 12 | 2011-03-15T15:07:29-07:00 deis[api]: Deploy hook sent to http://deis.rocks 13 | ``` 14 | 15 | Deploy hooks are a generic HTTP hook. An administrator can create and configure multiple deploy 16 | hooks by [tuning the controller settings][controller-settings] via the Helm chart. 17 | 18 | ## HTTP POST Hook 19 | 20 | The HTTP deploy hook performs an HTTP POST to a URL. The parameters included in the request are the 21 | same as the variables available in the hook message: `app`, `release`, `release_summary`, `sha` and 22 | `user`. See below for their descriptions: 23 | 24 | ``` 25 | app=secure-woodland&release=v4&release_summary=gabrtv%20deployed%35b3726&sha=35b3726&user=gabrtv 26 | ``` 27 | 28 | Optionally, if a deploy hook secret key is added to the controller through 29 | [tuning the controller settings][controller-settings], a new `Authorization` header will be 30 | present in the POST request. The value of this header is computed as the [HMAC][] hex digest of the 31 | request URL, using the secret as the key. 32 | 33 | In order to authenticate that this request came from Workflow, use the secret key, the full URL and 34 | the HMAC-SHA1 hashing algorithm to compute the signature. In Python, that would look something like 35 | this: 36 | 37 | ```python 38 | import hashlib 39 | import hmac 40 | 41 | hmac.new("my_secret_key", "http://deis.rocks?app=secure-woodland&release=v4&release_summary=gabrtv%20deployed%35b3726&sha=35b3726&user=gabrtv", digestmod=hashlib.sha1).hexdigest() 42 | ``` 43 | 44 | If the value of the computed HMAC hex digest and the value in the `Authorization` header are 45 | identical, then the request came from Workflow. 46 | 47 | !!! important 48 | When computing the signature, ensure that the URL parameters are in alphabetic order. This is 49 | critical when computing the cryptographic signature as most web applications don't care about 50 | the order of the HTTP parameters, but the cryptographic signature will not be the same. 51 | 52 | 53 | [controller-settings]: tuning-component-settings.md#customizing-the-controller 54 | [hmac]: https://en.wikipedia.org/wiki/Hash-based_message_authentication_code 55 | -------------------------------------------------------------------------------- /src/managing-workflow/extending-workflow.md: -------------------------------------------------------------------------------- 1 | # Extending Workflow 2 | 3 | Deis Workflow is an open source project which wouldn't be here without the amazing skill 4 | and enthusiasm of the community that has grown up around it. Several projects have blossomed 5 | which extend Workflow in various ways. 6 | 7 | These links are to community-contributed extensions of Deis Workflow. Deis makes no 8 | guarantees about the functionality, security, or code contained within. As with any software, 9 | use with caution in a production environment. 10 | 11 | ## Workflow Community Projects 12 | 13 | - [alea][] is a backing services manager for Deis Workflow, providing easy 14 | access to PostgreSQL, Redis, MongoDB, and memcached. 15 | - [deisdash][] is a web-based UI supporting many user and app actions without need of the 16 | `deis` command-line interface. 17 | - [deis-cleanup][] is a Deis-friendly, configurable approach to purging unneeded Docker 18 | containers and images. 19 | - [deis-global-config-plugin][] stores config values in [Vault][] for easy use in Workflow apps. 20 | - [deis-node][] is a controller API client for a browser in NodeJS. 21 | - [deis-ui][] is the beginning of a full client-side dashboard that interfaces with the 22 | controller API. 23 | - [deis-workflow-aws][] simplifies installing Workflow on [Amazon Web Services][], backed by 24 | S3 and using ECR as the container registry. 25 | - [deis-workflow-gke][] simplifies installing Workflow on [Google Container Engine][], backed 26 | by Google Cloud Storage and using gcr.io as the container registry. 27 | - [deis-workflow-ruby][] contains Workflow controller API bindings for Ruby programming. 28 | - [heroku-to-deis][] migrates existing Heroku applications to the Workflow platform. 29 | - [kube-solo-osx][] creates a zero-to-Kubernetes development environment for macOS in under 30 | two minutes, with specific support for installing Workflow with [Helm][] or Helm Classic. 31 | 32 | Are we missing something? Please open a [documentation pull request][] to add it. 33 | 34 | [alea]: https://github.com/Codaisseur/alea 35 | [Amazon Web Services]: https://aws.amazon.com/ 36 | [deisdash]: https://github.com/olalonde/deisdash 37 | [deis-cleanup]: https://github.com/Ragnarson/deis-cleanup 38 | [deis-global-config-plugin]: https://github.com/Rafflecopter/deis-global-config-plugin 39 | [deis-node]: https://github.com/olalonde/deis-node 40 | [deis-ui]: https://github.com/jumbojett/deis-ui 41 | [deis-workflow-aws]: https://github.com/rimusz/deis-workflow-aws 42 | [deis-workflow-gke]: https://github.com/rimusz/deis-workflow-gke 43 | [deis-workflow-ruby]: https://github.com/thomas0087/deis-workflow-ruby 44 | [documentation pull request]: https://github.com/deis/workflow/pulls 45 | [Google Container Engine]: https://cloud.google.com/container-engine/ 46 | [Helm]: https://github.com/kubernetes/helm 47 | [heroku-to-deis]: https://github.com/emartech/heroku-to-deis 48 | [kube-solo-osx]: https://github.com/TheNewNormal/kube-solo-osx 49 | [Vault]: https://www.vaultproject.io/ 50 | -------------------------------------------------------------------------------- /src/managing-workflow/platform-ssl.md: -------------------------------------------------------------------------------- 1 | # Platform SSL 2 | 3 | SSL/TLS is the standard security technology for establishing an encrypted link between a web server 4 | and a browser. This link ensures that all data passed between the web server and browsers remain 5 | private and integral. 6 | 7 | To enable SSL for the Workflow API and all managed apps, you can add an SSL certificate to the Deis Workflow router. You 8 | must provide either an SSL certificate that was registered with a CA or [your own self-signed SSL 9 | certificate](../reference-guide/creating-a-self-signed-ssl-certificate.md). 10 | 11 | Note that the platform SSL certificate also functions as a default certificate for your apps that are deployed via 12 | Workflow. If you would like to attach a specific certificate to an application and domain see [Application SSL 13 | Certificates](../applications/ssl-certificates.md). 14 | 15 | ## Installing SSL on the Deis Router 16 | 17 | To terminate SSL connections on the Deis Router use `kubectl` to create a new Secret at a known name. The Deis Workflow 18 | router will automatically detect this secret and reconfigure itself appropriately. 19 | 20 | The following criteria must be met: 21 | 22 | - The name of the secret must be `deis-router-platform-cert` 23 | - The certificate's public key must be supplied as the value of the `tls.crt` key 24 | - The certificate's private key must be supplied as the value of the `tls.key` key 25 | - Both the certificate and private key must be base64 encoded 26 | 27 | If your certificate has intermediate certs, append the intermediate signing certs to the bottom of the `cert` file 28 | before base64 encoding the combined certificates. 29 | 30 | Prepare your certificate and key files by encoding them in base64: 31 | 32 | ``` 33 | $ cat certificate-file.crt 34 | -----BEGIN CERTIFICATE----- 35 | / * your SSL certificate here */ 36 | -----END CERTIFICATE----- 37 | -----BEGIN CERTIFICATE----- 38 | /* any intermediate certificates */ 39 | -----END CERTIFICATE----- 40 | $ cat certificate-file.crt | base64 -e 41 | LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi8gKiB5b3VyIFNTTCBjZXJ0aWZpY2F0ZSBoZXJlICovCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi8qIGFueSBpbnRlcm1lZGlhdGUgY2VydGlmaWNhdGVzICovCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 42 | $ cat certificate.key 43 | -----BEGIN RSA PRIVATE KEY----- 44 | /* your unencrypted private key here */ 45 | -----END RSA PRIVATE KEY----- 46 | $ cat certificate.key | base64 -e 47 | LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQovKiB5b3VyIHVuZW5jcnlwdGVkIHByaXZhdGUga2V5IGhlcmUgKi8KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K 48 | ``` 49 | 50 | Open your favorite text editor and create the Kubernetes manifest: 51 | 52 | ``` 53 | $ $EDITOR deis-router-platform-cert.yaml 54 | ``` 55 | 56 | The format of the Secret manifest should match the below example. Make sure you paste the appropriate values for `cert` 57 | and `key` from the above examples: 58 | 59 | ``` 60 | $ cat deis-router-platform-cert.yaml 61 | apiVersion: v1 62 | kind: Secret 63 | metadata: 64 | name: deis-router-platform-cert 65 | namespace: deis 66 | type: Opaque 67 | data: 68 | tls.crt: LS0...tCg== 69 | tls.key: LS0...LQo= 70 | ``` 71 | 72 | Once you've created the `deis-router-platform-cert.yaml` file, you can install the manifest with `kubectl create -f 73 | deis-router-platform-cert.yaml`. The Deis Workflow router will automatically notice the new secret and update its 74 | configuration on-the-fly. 75 | 76 | ## Installing SSL on a Load Balancer 77 | 78 | Most cloud-based load balancers also support SSL termination in addition to passing traffic through to Deis Router. Any 79 | communication inbound to the load balancer will be encrypted while the internal components of Deis Workflow will still 80 | communicate over HTTP. This offloads SSL processing to the cloud load balancer but also means that any 81 | application-specific SSL certificates must **also** be configured on the cloud load balancer. 82 | 83 | To terminate SSL on the cloud load balancer you will need to modify the load balancer's listener settings: 84 | 85 | - Swap the load balancer protocol on port 443 to use HTTPS instead of TCP 86 | - Swap the backend protocol to use HTTP instead of TCP 87 | - Change the destination backend port to match the port configured for HTTP, usually port 80 88 | - Install the certificate on the listener associated with port 443 89 | 90 | See your vendor's specific instructions on installing SSL on your load balancer. For AWS, see their 91 | documentation on [installing an SSL cert for load balancing](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html). 92 | -------------------------------------------------------------------------------- /src/managing-workflow/security-considerations.md: -------------------------------------------------------------------------------- 1 | # Security Considerations 2 | 3 | !!! important 4 | Workflow is not suitable for multi-tenant environments or hosting untrusted code. 5 | 6 | A major goal of Workflow is to be operationally secure and trusted by operations engineers in every 7 | deployed environment. There are, however, two notable security-related considerations to be aware 8 | of when deploying Workflow. 9 | 10 | # Application Runtime Segregation 11 | 12 | Users of Workflow often want to deploy their applications to separate environments. Typically, 13 | physical network isolation isn’t the goal, but rather segregation of application environments - if a 14 | region goes haywire, it shouldn’t affect applications that are running in a separate region. 15 | 16 | In Workflow, deployed applications can be segregated by using the `deis tags` command. This enables 17 | you to tag machines in your cluster with arbitrary metadata, then configure your applications to be 18 | scheduled to machines which match the metadata. 19 | 20 | For example, if some machines in your cluster are tagged with `region=us-west-1` and some 21 | with `region=us-east-1`, you can configure an application to be deployed to us-west-1 22 | by using `deis tags set region=us-west-1`. Workflow will pass this configuration 23 | along to Kubernetes, which will schedule your application in different regions. 24 | 25 | See [Isolate the Application][] for more information. 26 | 27 | # Running Workflow on Public Clouds 28 | 29 | If you are running on a public cloud without security group features, you will have to set up 30 | security groups yourself through either `iptables` or a similar tool. The only ports on worker 31 | nodes that should be exposed to the public are: 32 | 33 | - 22: (optional) for remote SSH 34 | - 80: for the routers 35 | - 443: (optional) routers w/ SSL enabled 36 | - 2222: for the routers proxying TCP to the builder 37 | - 9090: for the routers' health check 38 | 39 | # IP Whitelist 40 | 41 | Enforcing a cluster-wide IP whitelist may be advisable for routers governing ingress to a cluster 42 | that hosts applications intended for a limited audience-- e.g. applications for internal use within 43 | an organization. You can enforce cluster-wide IP whitelisting by enabling whitelists, then 44 | attaching an annotation to the router: 45 | 46 | $ kubectl --namespace=deis annotate deployments/deis-router router.deis.io/nginx.enforceWhitelists=true 47 | $ kubectl --namespace=deis annotate deployments/deis-router router.deis.io/nginx.defaultWhitelist="0.0.0.0/0" 48 | 49 | The format is the same for the controller whitelist but you need to specify the whitelist directly 50 | to the controller's service. For example: 51 | 52 | $ kubectl --namespace=deis annotate service deis-controller router.deis.io/whitelist="10.0.1.0/24,121.212.121.212" 53 | 54 | And the same applies to applications. For example, to apply a whitelist to an application named 55 | `example`: 56 | 57 | $ kubectl --namespace=example annotate service example-web router.deis.io/whitelist="10.0.1.0/24,121.212.121.212" 58 | 59 | Application level whitelisting can also be done using the Deis client. To add/remove/list addresses of an application whitelist, use `deis whitelist`: 60 | 61 | $ deis whitelist:add 10.0.1.0/24,121.212.121.212 -a drafty-zaniness 62 | Adding 10.0.1.0/24,121.212.121.212 to drafty-zaniness whitelist...done 63 | 64 | $ deis whitelist:remove 121.212.121.212 -a drafty-zaniness 65 | Removing 121.212.121.212 from drafty-zaniness whitelist... done 66 | 67 | $ deis whitelist -a drafty-zaniness 68 | === drafty-zaniness Whitelisted Addresses 69 | 10.0.1.0/24 70 | 71 | 72 | [Isolate the Application]: ../applications/managing-app-configuration.md#isolate-the-application 73 | -------------------------------------------------------------------------------- /src/quickstart/index.md: -------------------------------------------------------------------------------- 1 | # Quick Start 2 | 3 | Get started with Deis Workflow in three easy steps. 4 | 5 | 1. Install CLI tools for Helm and Deis Workflow 6 | 2. Boot a Kubernetes and install Deis Workflow 7 | 3. Deploy your first application 8 | 9 | This guide will help you set up a cluster suitable for evaluation, development and testing. When you are ready for staging and production, view our [production checklist](../managing-workflow/production-deployments.md). 10 | 11 | ## Step 1: Install CLI tools 12 | 13 | For the quickstart we will [install both Helm and Deis Workflow CLI](install-cli-tools.md). 14 | 15 | ## Step 2: Boot Kubernetes and Install Deis Workflow 16 | 17 | There are many ways to boot and run Kubernetes. You may choose to get up and running in cloud environments or locally on 18 | your laptop. 19 | 20 | Cloud-based options: 21 | 22 | * [Google Container Engine](provider/gke/boot.md): provides a managed Kubernetes environment, available with a few clicks. 23 | * [Amazon Web Services](provider/aws/boot.md): uses Kubernetes upstream `kube-up.sh` to boot a cluster on AWS EC2. 24 | * [Azure Container Service](provider/azure-acs/boot.md): uses Azure Container Service to provision Kubernetes and install Workflow. 25 | 26 | If you would like to test on your local machine follow, our guide for [Minikube](provider/minikube/boot.md). 27 | 28 | If you have already created a Kubernetes cluster, check out the [system requirements](../installing-workflow/system-requirements.md) and then proceed to [install Deis Workflow on your own Kubernetes cluster](../installing-workflow/index.md). 29 | 30 | ## Step 3: Deploy your first app 31 | 32 | Last but not least, [register a user and deploy your first application](deploy-an-app.md). 33 | -------------------------------------------------------------------------------- /src/quickstart/install-cli-tools.md: -------------------------------------------------------------------------------- 1 | ## Deis Workflow Client CLI 2 | 3 | The Deis command-line interface (CLI), lets you interact with Deis Workflow. 4 | Use the CLI to create and configure and manage applications. 5 | 6 | Install the latest `deis` client for Linux or Mac OS X with: 7 | 8 | $ curl -sSL http://deis.io/deis-cli/install-v2.sh | bash 9 | 10 | The installer places the `deis` binary in your current directory, but you 11 | should move it somewhere in your $PATH: 12 | 13 | $ sudo ln -fs $PWD/deis /usr/local/bin/deis 14 | 15 | *or*: 16 | 17 | $ sudo mv $PWD/deis /usr/local/bin/deis 18 | 19 | Check your work by running `deis version`: 20 | 21 | $ deis version 22 | v2.18.0 23 | 24 | !!! note 25 | Note that version numbers may vary as new releases become available 26 | 27 | ## Helm Installation 28 | 29 | We will install Deis Workflow using Helm which is a tool for installing and managing software in a 30 | Kubernetes cluster. 31 | 32 | Install the latest `helm` cli for Linux or Mac OS X by following the 33 | [installation instructions][helm-install]. 34 | 35 | ## Step 2: Boot a Kubernetes Cluster and Install Deis Workflow 36 | 37 | There are many ways to boot and run Kubernetes. You may choose to get up and running in cloud environments or locally on your laptop. 38 | 39 | Cloud-based options: 40 | 41 | * [Google Container Engine](provider/gke/boot.md): provides a managed Kubernetes environment, available with a few clicks. 42 | * [Amazon Web Services](provider/aws/boot.md): uses Kubernetes upstream [kops](https://github.com/kubernetes/kops) to boot a cluster on AWS EC2. 43 | * [Azure Container Service](provider/azure-acs/boot.md): provides a managed Kubernetes environment. 44 | 45 | If you would like to test on your local machine follow our guide for [Minikube](provider/minikube/boot.md). 46 | 47 | 48 | [helm-install]: https://github.com/kubernetes/helm#install 49 | -------------------------------------------------------------------------------- /src/quickstart/provider/aws/install-aws.md: -------------------------------------------------------------------------------- 1 | # Installing Deis Workflow on Amazon Web Services 2 | 3 | {!install-workflow.md!} 4 | 5 | ## Configure your AWS Load Balancer 6 | 7 | After installing Workflow on your cluster, you will need to adjust your load balancer 8 | configuration. By default, the connection timeout for Elastic Load Blancers is 60 seconds. 9 | Unfortunately, this timeout is too short for long running connections when using `git push` 10 | functionality of Deis Workflow. 11 | 12 | Deis Workflow will automatically provision and attach a Elastic Loadbalancer to the router 13 | component. This component is responsible for routing HTTP and HTTPS requests from the public 14 | internet to applications that are deployed and managed by Deis Workflow. 15 | 16 | By describing the `deis-router` service, you can see what IP hostname has been allocated by AWS for 17 | your Deis Workflow cluster: 18 | 19 | ``` 20 | $ kubectl --namespace=deis describe svc deis-router | egrep LoadBalancer 21 | Type: LoadBalancer 22 | LoadBalancer Ingress: abce0d48217d311e69a470643b4d9062-2074277678.us-west-1.elb.amazonaws.com 23 | ``` 24 | 25 | The AWS name for the ELB is the first part of hostname, before the `-`. List all of your ELBs by 26 | name to confirm: 27 | 28 | ``` 29 | $ aws elb describe-load-balancers --query 'LoadBalancerDescriptions[*].LoadBalancerName' 30 | abce0d48217d311e69a470643b4d9062 31 | ``` 32 | 33 | Set the connection timeout to 1200 seconds, make sure you use your load balancer name: 34 | 35 | ``` 36 | $ aws elb modify-load-balancer-attributes \ 37 | --load-balancer-name abce0d48217d311e69a470643b4d9062 \ 38 | --load-balancer-attributes "{\"ConnectionSettings\":{\"IdleTimeout\":1200}}" 39 | abce0d48217d311e69a470643b4d9062 40 | CONNECTIONSETTINGS 1200 41 | ``` 42 | -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/dns.md: -------------------------------------------------------------------------------- 1 | ## Find the Load Balancer Address 2 | 3 | On Azure Container Engine, Deis Workflow will automatically provision and 4 | attach a Azure Load Balancer to the router component. This component is 5 | responsible for routing HTTP and HTTPS requests from the public internet to 6 | applications that are deployed and managed by Deis Workflow. 7 | 8 | Discover the ip address assigned to the `deis-router`, by describing the 9 | `deis-router` service: 10 | 11 | ``` 12 | $ kubectl --namespace=deis get service deis-router 13 | NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE 14 | deis-router 10.0.60.172 13.82.148.57 80/TCP,443/TCP,2222/TCP,9090/TCP 54m 15 | ``` 16 | 17 | If the `EXTERNAL-IP` column shows `` instead of an ip address continue 18 | to wait until Azure finishes provisioning and attaching the load balancer. 19 | 20 | ## Prepare the Hostname 21 | 22 | Now that an ip address has been attached to the load balancer use the `nip.io` 23 | DNS service to route arbitrary hostnames to the Deis Workflow edge router. 24 | Usage of `nip.io` is not recommended for long-term use and is intended here as 25 | a short cut to prevent fiddling with DNS. 26 | 27 | To verify connectivity to the Workflow API server and nip.io, construct the 28 | hostname by taking the ip address of load balancer and adding `nip.io`. 29 | 30 | For our example above, the address would be: `13.82.148.57.nip.io`. 31 | 32 | Nip answers with the ip address no matter the hostname: 33 | ``` 34 | $ host 13.82.148.57.nip.io 35 | 13.82.148.57.nip.io has address 13.82.148.57 36 | $ host something-random.13.82.148.57.nip.io 37 | something-random.13.82.148.57.nip.io has address 13.82.148.57 38 | ``` 39 | 40 | By default, any HTTP traffic destined for the hostname `deis` is automatically sent to the Workflow API service. To test that everything is connected properly use `curl`: 41 | 42 | ``` 43 | $ curl http://deis.13.82.148.57.nip.io/v2/ && echo 44 | {"detail":"Authentication credentials were not provided."} 45 | ``` 46 | 47 | Since no authentication information has been provided, `curl` will return an error. However this does validate that `curl` has reached the Workflow API service. 48 | 49 | Remember the hostname, it will used in the next step. 50 | 51 | You are now ready to [register an admin user and deploy your first app](../../deploy-an-app.md). 52 | -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/cloudshell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/cloudshell.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/step1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/step1.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/step2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/step2.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/step3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/step3.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/step4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/step4.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/step5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/step5.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/images/step6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/azure-acs/images/step6.png -------------------------------------------------------------------------------- /src/quickstart/provider/azure-acs/install-azure-acs.md: -------------------------------------------------------------------------------- 1 | # Install Deis Workflow on Azure Container Service 2 | 3 | ## Check Your Setup 4 | 5 | First check that the `helm` command is available and the version is v2.5.0 or newer. 6 | 7 | ``` 8 | $ helm version 9 | Client: &version.Version{SemVer:"v2.5.0", GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"} 10 | Server: &version.Version{SemVer:"v2.5.0", GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"} 11 | ``` 12 | 13 | Finally, initialize Helm: 14 | ``` 15 | helm init 16 | ``` 17 | 18 | Ensure the `kubectl` client is installed and can connect to your Kubernetes cluster. 19 | 20 | ## Add the Deis Chart Repository 21 | 22 | The Deis Chart Repository contains everything needed to install Deis Workflow onto a Kubernetes cluster, with a single `helm install deis/workflow --namespace deis` command. 23 | 24 | Add this repository to Helm: 25 | 26 | ``` 27 | $ helm repo add deis https://charts.deis.com/workflow 28 | ``` 29 | 30 | ## Create New Azure Storage Account 31 | 32 | It is recommended to use a dedicated storage account for the operational aspects of Workflow, which includes storing slug and container images, database backups, and disaster recovery. This storage account is passed as parameters during the `helm install` command in the next step. Replace the `AZURE_SA_NAME` variable with a unique name for your storage account and execute these commands. 33 | ``` 34 | $ export AZURE_SA_NAME=YourGlobalUniqueName 35 | $ az storage account create -n $AZURE_SA_NAME -l $AZURE_DC_LOCATION -g $AZURE_RG_NAME --sku Standard_LRS 36 | $ export AZURE_SA_KEY=`az storage account keys list -n $AZURE_SA_NAME -g $AZURE_RG_NAME --query [0].value --output tsv` 37 | 38 | ``` 39 | 40 | > Note: Premium Storage skus are not supported yet due to [lack of block blob storage support](https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/using-blob-service-operations-with-azure-premium-storage) required for the deis database to function. 41 | 42 | ## Install Deis Workflow 43 | 44 | Now that Helm is installed and the repository has been added, install Workflow by running: 45 | 46 | ``` 47 | $ helm install deis/workflow --namespace=deis --set global.storage=azure,azure.accountname=$AZURE_SA_NAME,azure.accountkey=$AZURE_SA_KEY,azure.registry_container=registry,azure.database_container=database,azure.builder_container=builder 48 | ``` 49 | 50 | Helm will install a variety of Kubernetes resources in the `deis` namespace. 51 | Wait for the pods that Helm launched to be ready. Monitor their status by running: 52 | 53 | ``` 54 | $ kubectl --namespace=deis get pods 55 | ``` 56 | 57 | If it's preferred to have `kubectl` automatically update as the pod states change, run (type Ctrl-C to stop the watch): 58 | 59 | ``` 60 | $ kubectl --namespace=deis get pods -w 61 | ``` 62 | 63 | Depending on the order in which the Workflow components initialize, some pods may restart. This is common during the 64 | installation: if a component's dependencies are not yet available, that component will exit and Kubernetes will 65 | automatically restart it. 66 | 67 | Here, it can be seen that the controller, builder and registry all took a few loops before they were able to start: 68 | 69 | ``` 70 | $ kubectl --namespace=deis get pods 71 | NAME READY STATUS RESTARTS AGE 72 | deis-builder-hy3xv 1/1 Running 5 5m 73 | deis-controller-g3cu8 1/1 Running 5 5m 74 | deis-database-rad1o 1/1 Running 0 5m 75 | deis-logger-fluentd-1v8uk 1/1 Running 0 5m 76 | deis-logger-fluentd-esm60 1/1 Running 0 5m 77 | deis-logger-sm8b3 1/1 Running 0 5m 78 | deis-minio-4ww3t 1/1 Running 0 5m 79 | deis-registry-asozo 1/1 Running 1 5m 80 | deis-router-k1ond 1/1 Running 0 5m 81 | deis-workflow-manager-68nu6 1/1 Running 0 5m 82 | ``` 83 | 84 | Once all of the pods are in the `READY` state, Deis Workflow is up and running! 85 | 86 | Next, [configure dns](dns.md) so you can register your first user and deploy an application. 87 | 88 | -------------------------------------------------------------------------------- /src/quickstart/provider/gke/dns.md: -------------------------------------------------------------------------------- 1 | ## Find Your Load Balancer Address 2 | 3 | On Google Container Engine, Deis Workflow will automatically provision and 4 | attach a Google Cloud Loadbalancer to the router copmonent. This component is 5 | responsible for routing HTTP and HTTPS requests from the public internet to 6 | applications that are deployed and managed by Deis Workflow. 7 | 8 | By describing the `deis-router` service, you can see what IP address has been 9 | allocated by Google Cloud for your Deis Workflow cluster: 10 | 11 | ``` 12 | $ kubectl --namespace=deis describe svc deis-router | grep LoadBalancer 13 | Type: LoadBalancer 14 | LoadBalancer Ingress: 104.197.125.75 15 | ``` 16 | 17 | ## Prepare the Hostname 18 | 19 | Now that you have the ip address of your load balancer we can use the `nip.io` 20 | DNS service to route arbitrary hostnames to the Deis Workflow edge router. This 21 | lets us point the Workflow CLI at your cluster without having to either use 22 | your own domain or update DNS! 23 | 24 | To verify the Workflow API server and nip.io, construct your hostname by taking 25 | the ip address for your load balancer and adding `nip.io`. For our example 26 | above, the address would be: `104.197.125.75.nip.io`. 27 | 28 | Nip answers with the ip address no matter the hostname: 29 | ``` 30 | $ host 104.197.125.75.nip.io 31 | 104.197.125.75.nip.io has address 104.197.125.75 32 | $ host something-random.104.197.125.75.nip.io 33 | something-random.104.197.125.75.nip.io has address 104.197.125.75 34 | ``` 35 | 36 | By default, any HTTP traffic for the hostname `deis` will be sent to the Workflow API service. To test that everything is connected properly you may validate connectivity using `curl`: 37 | 38 | ``` 39 | $ curl http://deis.104.197.125.75.nip.io/v2/ && echo 40 | {"detail":"Authentication credentials were not provided."} 41 | ``` 42 | 43 | You should see a failed request because we provided no credentials to the API server. 44 | 45 | Remember the hostname, we will use it in the next step. 46 | 47 | You are now ready to [register an admin user and deploy your first app](../../deploy-an-app.md). 48 | -------------------------------------------------------------------------------- /src/quickstart/provider/gke/images/first-kubernetes-cluster-gke-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/gke/images/first-kubernetes-cluster-gke-2.png -------------------------------------------------------------------------------- /src/quickstart/provider/gke/images/first-kubernetes-cluster-gke-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/gke/images/first-kubernetes-cluster-gke-3.png -------------------------------------------------------------------------------- /src/quickstart/provider/gke/images/first-kubernetes-cluster-gke-select.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/gke/images/first-kubernetes-cluster-gke-select.png -------------------------------------------------------------------------------- /src/quickstart/provider/gke/images/gke-cluster-sizing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/gke/images/gke-cluster-sizing.png -------------------------------------------------------------------------------- /src/quickstart/provider/gke/images/gke-create-container-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/gke/images/gke-create-container-cluster.png -------------------------------------------------------------------------------- /src/quickstart/provider/gke/images/gke-node-version.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/src/quickstart/provider/gke/images/gke-node-version.jpg -------------------------------------------------------------------------------- /src/quickstart/provider/gke/install-gke.md: -------------------------------------------------------------------------------- 1 | # Install Deis Workflow on Google Compute Engine 2 | 3 | {!install-workflow.md!} 4 | -------------------------------------------------------------------------------- /src/quickstart/provider/minikube/boot.md: -------------------------------------------------------------------------------- 1 | # Booting Kubernetes Using Minikube 2 | 3 | This guide will walk you through the process of installing a small development 4 | Kubernetes cluster on your local machine using [minikube](https://github.com/kubernetes/minikube). 5 | 6 | ## Pre-requisites 7 | 8 | * OS X 9 | * [xhyve driver](https://github.com/kubernetes/minikube/blob/master/DRIVERS.md#xhyve-driver), [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or [VMware Fusion](https://www.vmware.com/products/fusion) installation 10 | * Linux 11 | * [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or [KVM](http://www.linux-kvm.org/) installation 12 | * Windows 13 | * [Hyper-V](https://github.com/kubernetes/minikube/blob/master/DRIVERS.md#hyperv-driver) 14 | * VT-x/AMD-v virtualization must be enabled in BIOS 15 | * The most recent version of `kubectl`. You can install kubectl following 16 | [these steps](https://kubernetes.io/docs/user-guide/prereqs/). 17 | * Internet connection 18 | * You will need a decent internet connection running `minikube start` for the first time for 19 | Minikube to pull its Docker images. It might take Minikube some time to start. 20 | 21 | ## Download and Unpack Minikube 22 | 23 | See the installation instructions for the 24 | [latest release of minikube](https://github.com/kubernetes/minikube/releases). 25 | 26 | ## Set your VM driver (optional) 27 | 28 | You can set your preferred driver (virtualbox - default, vmwarefusion, kvm, xhyve) using the following command: 29 | 30 | ``` 31 | minikube config set vm-driver virtualbox 32 | ``` 33 | 34 | ## Boot Your First Cluster 35 | 36 | We are now ready to boot our first Kubernetes cluster using Minikube! 37 | 38 | ``` 39 | $ minikube start --disk-size=60g --memory=4096 40 | Starting local Kubernetes cluster... 41 | Kubectl is now configured to use the cluster. 42 | ``` 43 | 44 | Now that the cluster is up and ready, `minikube` automatically configures `kubectl` on your machine 45 | with the appropriate authentication and endpoint information. 46 | 47 | ``` 48 | $ kubectl cluster-info 49 | Kubernetes master is running at https://192.168.99.100:8443 50 | KubeDNS is running at https://192.168.99.100:8443/api/v1/proxy/namespaces/kube-system/services/kube-dns 51 | kubernetes-dashboard is running at https://192.168.99.100:8443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard 52 | 53 | To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. 54 | ``` 55 | 56 | You are now ready to [install Deis Workflow](install-minikube.md) 57 | -------------------------------------------------------------------------------- /src/quickstart/provider/minikube/dns.md: -------------------------------------------------------------------------------- 1 | ## Find Your Load Balancer Address 2 | 3 | During installation, Deis Workflow specifies that Kubernetes should provision and attach a load 4 | balancer to the router component. The router component is responsible for routing HTTP and HTTPS 5 | requests from outside the cluster to applications that are managed by Deis Worfklow. In cloud 6 | environments, Kubernetes provisions and attaches a load balancer for you. Since we are running in a 7 | local environment, we need to do a little bit of extra work to send requests to the router. 8 | 9 | First, determine the ip address allocated to the worker node. 10 | 11 | ``` 12 | $ minikube ip 13 | 192.168.99.100 14 | ``` 15 | 16 | ## Prepare the Hostname 17 | 18 | Now that you have the ip address of your virtual machine, we can use the `nip.io` DNS service or `dnsmasq` to 19 | route arbitrary hostnames to the Deis Workflow edge router. This lets us point the Workflow CLI at 20 | your cluster without having to either use your own domain or update DNS! 21 | 22 | ### Using `nip.io` 23 | 24 | To verify the Workflow API server and nip.io, construct your hostname by taking the ip address for 25 | your load balancer and adding `nip.io`. For our example above, the address would be `192.168.99.100`. 26 | 27 | Nip answers with the ip address no matter the hostname: 28 | 29 | ``` 30 | $ host 192.168.99.100.nip.io 31 | 192.168.99.100.nip.io has address 192.168.99.100 32 | $ host something-random.192.168.99.100.nip.io 33 | something-random.192.168.99.100.nip.io has address 192.168.99.100 34 | ``` 35 | 36 | ### Using DNSMasq 37 | 38 | If `nip.io` is working for you, you can skip this section, and proceed to verify the hostname. 39 | 40 | If you prefer not to use `nip.io` or cannot (because your DNS provider might have blocked it), you can use `dnsmasq` on Linux and macOS or `Acrylic` on Windows. 41 | 42 | You can install and configure `dnsmasq` on macOS with [Homebrew](https://brew.sh) with the following commands: 43 | 44 | ```sh 45 | # Installing dnsmasq 46 | $ brew install dnsmasq 47 | 48 | # Configure `.minikube` subdomains to always use minikube IP: 49 | $ echo "address=/.minikube/`minikube ip`" >> /usr/local/etc/dnsmasq.conf 50 | $ sudo brew services start dnsmasq 51 | 52 | # Make the system resolver use dnsmasq to resolve addresses: 53 | $ sudo mkdir /etc/resolver 54 | $ echo nameserver 127.0.0.1 | sudo tee /etc/resolver/minikube 55 | 56 | # You might need to clear the DNS resolver cache: 57 | $ sudo killall -HUP mDNSResponder 58 | ``` 59 | 60 | You may need to ensure that the `dnsmasq` service at 127.0.0.1 is listed as a DNS server for your network connection. You may check this using the following command: 61 | 62 | ```sh 63 | $ scutil --dns | grep minikube -B 1 -A 3 64 | resolver #8 65 | domain : minikube 66 | nameserver[0] : 127.0.0.1 67 | flags : Request A records, Request AAAA records 68 | reach : Reachable, Local Address, Directly Reachable Address 69 | ``` 70 | 71 | To verify the hostname, you will need to use `deis.minikube` as hostname instead of `deis.192.168.99.100.nip.io` in the next section. We will also use it in the next step. 72 | 73 | ### Verify the hostname 74 | 75 | By default, any HTTP traffic for the hostname `deis` will be sent to the Workflow API service. To test that everything is connected properly you may validate connectivity using `curl`: 76 | 77 | ``` 78 | $ curl http://deis.192.168.99.100.nip.io/v2/ && echo 79 | {"detail":"Authentication credentials were not provided."} 80 | ``` 81 | 82 | You should see a failed request because we provided no credentials to the API server. 83 | 84 | Remember the hostname, we will use it in the next step. 85 | 86 | [next: deploy your first app](../../deploy-an-app.md) 87 | -------------------------------------------------------------------------------- /src/quickstart/provider/minikube/install-minikube.md: -------------------------------------------------------------------------------- 1 | # Install Deis Workflow on Minikube 2 | 3 | ## Check Your Setup 4 | 5 | First check that the `helm` command is available and the version is v2.5.0 or newer. 6 | 7 | ``` 8 | $ helm version 9 | Client: &version.Version{SemVer:"v2.5.0", GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"} 10 | Server: &version.Version{SemVer:"v2.5.0", GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"} 11 | ``` 12 | 13 | Ensure the `kubectl` client is installed and can connect to your Kubernetes cluster. 14 | 15 | ## Add the Deis Chart Repository 16 | 17 | The Deis Chart Repository contains everything needed to install Deis Workflow onto a Kubernetes cluster, with a single `helm install deis/workflow --namespace deis` command. 18 | 19 | Add this repository to Helm: 20 | 21 | ``` 22 | $ helm repo add deis https://charts.deis.com/workflow 23 | ``` 24 | 25 | ## Install Deis Workflow 26 | 27 | Now that Helm is installed and the repository has been added, install Workflow by running: 28 | 29 | ``` 30 | $ helm install deis/workflow --namespace deis --set router.host_port.enabled=true 31 | ``` 32 | 33 | Helm will install a variety of Kubernetes resources in the `deis` namespace. 34 | Wait for the pods that Helm launched to be ready. Monitor their status by running: 35 | 36 | ``` 37 | $ kubectl --namespace=deis get pods 38 | ``` 39 | 40 | If it's preferred to have `kubectl` automatically update as the pod states change, run (type Ctrl-C to stop the watch): 41 | 42 | ``` 43 | $ kubectl --namespace=deis get pods -w 44 | ``` 45 | 46 | Depending on the order in which the Workflow components initialize, some pods may restart. This is common during the 47 | installation: if a component's dependencies are not yet available, that component will exit and Kubernetes will 48 | automatically restart it. 49 | 50 | Here, it can be seen that the controller, builder and registry all took a few loops before they were able to start: 51 | 52 | ``` 53 | $ kubectl --namespace=deis get pods 54 | NAME READY STATUS RESTARTS AGE 55 | deis-builder-hy3xv 1/1 Running 5 5m 56 | deis-controller-g3cu8 1/1 Running 5 5m 57 | deis-database-rad1o 1/1 Running 0 5m 58 | deis-logger-fluentd-1v8uk 1/1 Running 0 5m 59 | deis-logger-fluentd-esm60 1/1 Running 0 5m 60 | deis-logger-sm8b3 1/1 Running 0 5m 61 | deis-minio-4ww3t 1/1 Running 0 5m 62 | deis-registry-asozo 1/1 Running 1 5m 63 | deis-router-k1ond 1/1 Running 0 5m 64 | deis-workflow-manager-68nu6 1/1 Running 0 5m 65 | ``` 66 | 67 | Once all of the pods are in the `READY` state, Deis Workflow is up and running! 68 | 69 | Next, [configure dns](dns.md) so you can register your first user and deploy an application. 70 | -------------------------------------------------------------------------------- /src/reference-guide/creating-a-self-signed-ssl-certificate.md: -------------------------------------------------------------------------------- 1 | # Creating a Self-Signed SSL Certificate 2 | 3 | When [using the app ssl][app ssl] feature for non-production applications or when [installing SSL for the platform][platform ssl], you can avoid the costs associated with the SSL certificate by using a self-signed SSL certificate. Though the certificate implements full encryption, visitors to your site will see a browser warning indicating that the certificate should not be trusted. 4 | 5 | ## Prerequisites 6 | 7 | The openssl library is required to generate your own certificate. Run the following command in your local environment to see if you already have openssl installed. 8 | 9 | $ which openssl 10 | /usr/bin/openssl 11 | 12 | If the which command does not return a path then you will need to install openssl yourself: 13 | 14 | If you have... | Install with... 15 | ---------------|------------------------ 16 | Mac OS X | Homebrew: `brew install openssl` 17 | Windows | complete package .exe installed 18 | Ubuntu Linux | `apt-get install openssl` 19 | 20 | ## Generate Private Key and Certificate Signing Request 21 | 22 | A private key and certificate signing request are required to create an SSL certificate. These can be generated with a few simple commands. When the openssl req command asks for a “challenge password”, just press return, leaving the password empty. 23 | 24 | $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 25 | ... 26 | $ openssl rsa -passin pass:x -in server.pass.key -out server.key 27 | writing RSA key 28 | $ rm server.pass.key 29 | $ openssl req -new -key server.key -out server.csr 30 | ... 31 | Country Name (2 letter code) [AU]:US 32 | State or Province Name (full name) [Some-State]:California 33 | ... 34 | A challenge password []: 35 | ... 36 | 37 | ## Generate SSL Certificate 38 | 39 | The self-signed SSL certificate is generated from the server.key private key and server.csr files. 40 | 41 | $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 42 | 43 | The server.crt file is your site certificate suitable for use with [Deis's SSL endpoint][app ssl] along with the server.key private key. 44 | 45 | [app ssl]: ../applications/ssl-certificates.md 46 | [platform ssl]: ../managing-workflow/platform-ssl.md 47 | -------------------------------------------------------------------------------- /src/reference-guide/migration.md: -------------------------------------------------------------------------------- 1 | # Migrating from Deis v1 2 | 3 | Workflow uses [`kubectl`][kubectl] and [`helm`][helm] to manage the cluster. These tools are 4 | equivalent to Deis v1's [`fleetctl`][fleetctl] and [`deisctl`][deisctl]. These two tools are used 5 | for managing the cluster's state, installing the platform and inspecting its state. 6 | 7 | This document is a "cheat sheet" for users migrating from Deis v1 to Workflow (v2). It lists most of 8 | the known commands administrators would use with `deisctl` and translates their usage in Workflow. 9 | 10 | ## Listing all Components 11 | 12 | ``` 13 | # Deis v1 14 | $ deisctl list 15 | 16 | # Workflow 17 | $ kubectl --namespace=deis get deployments 18 | ``` 19 | 20 | ## Listing all Nodes 21 | 22 | ``` 23 | # Deis v1 24 | $ fleetctl list-machines 25 | 26 | # Workflow 27 | $ kubectl get nodes 28 | ``` 29 | 30 | ## Custom Configuration 31 | 32 | ``` 33 | # Deis v1 34 | $ deisctl config controller set registrationMode=admin_only 35 | 36 | # Workflow 37 | $ kubectl --namespace=deis patch deployment deis-controller -p '{"spec":{"containers":{"env":[{"name":"REGISTRATION_MODE","value":"admin_only"}]}}}' 38 | ``` 39 | 40 | ## View Component Configuration 41 | 42 | ``` 43 | # Deis v1 44 | $ deisctl config router get bodySize 45 | 46 | # Workflow 47 | $ kubectl --namespace=deis get deployment deis-router -o yaml 48 | ``` 49 | 50 | ## Running a Command Within a Component 51 | 52 | ``` 53 | # Deis v1 54 | $ deisctl dock router@1 55 | 56 | # Workflow 57 | $ kubectl get po --namespace=deis -l app=deis-router --output="jsonpath={.items[0].metadata.name}" 58 | deis-router-1930478716-iz6oq 59 | $ kubectl --namespace=deis exec -it deis-router-1930478716-iz6oq bash 60 | ``` 61 | 62 | ## Follow the Logs for a Component 63 | 64 | ``` 65 | # Deis v1 66 | $ fleetctl journal -f deis-builder 67 | 68 | # Workflow 69 | $ kubectl get po --namespace=deis -l app=deis-builder --output="jsonpath={.items[0].metadata.name}" 70 | deis-builder-1851090495-5n0sn 71 | $ kubectl --namespace=deis logs -f deis-builder-1851090495-5n0sn 72 | ``` 73 | 74 | 75 | [deisctl]: http://docs.deis.io/en/latest/installing_deis/install-deisctl/ 76 | [fleetctl]: https://github.com/coreos/fleet/blob/master/Documentation/using-the-client.md 77 | [kubectl]: http://kubernetes.io/docs/user-guide/kubectl-overview/ 78 | [helm]: https://github.com/kubernetes/helm 79 | -------------------------------------------------------------------------------- /src/reference-guide/terms.md: -------------------------------------------------------------------------------- 1 | # Terms 2 | 3 | 4 | ## Application 5 | 6 | An application services requests and background jobs for a deployed git repository. Each application includes a set of Containers used to run isolated processes, and a Release that defines the current Build and Config deployed by containers. 7 | 8 | 9 | ## Build 10 | 11 | Deis builds are created automatically on the controller when a developer uses `git push deis master`. When a new build is created, a new Release is created automatically. 12 | 13 | 14 | # Config 15 | 16 | Config refers to a set of environment variables used by Containers in as Application. 17 | 18 | When Config is changed, a new Release is created automatically. 19 | 20 | 21 | ## Container 22 | 23 | Deis containers are instances of Docker containers used to run Applications. Containers perform the actual work of an Application by servicing requests or by running background tasks as part of the cluster. 24 | 25 | 26 | ### Ephemeral Filesystem 27 | 28 | Each container gets its own ephemeral filesystem, with a fresh copy of the most recently deployed code. During the container’s lifetime, its running processes can use the filesystem as a temporary scratchpad, but no files that are written are visible to processes in any other container. Any files written to the ephemeral filesystem will be discarded the moment the container is either stopped or restarted. 29 | 30 | 31 | ### Container States 32 | 33 | There are several states that a container can be in at any time. The states are: 34 | 35 | - initialized - the state of the container before it is created 36 | - created - the container is built and ready for operation 37 | - up - the container is running 38 | - down - the container crashed or is stopped 39 | - destroyed - the container has been destroyed 40 | 41 | 42 | ## Controller 43 | 44 | The controller is the "brain" of the Deis platform. A controller manages Applications and their lifecycle. 45 | 46 | The controller is in charge of: 47 | 48 | - Authenticating and authorizing clients 49 | - Processing client API calls 50 | - Managing containers that perform work for applications 51 | - Managing proxies that route traffic to containers 52 | - Managing users, keys and other base configuration 53 | 54 | The Controller stack includes: 55 | 56 | - Django API Server for handling API calls 57 | 58 | 59 | ## Key 60 | 61 | Deis keys are SSH Keys used during the git push process. Each user can use the client to manage a list of keys on the Controller. 62 | 63 | 64 | ## Release 65 | 66 | A Deis release is a combination of a Build with a Config. Each Application is associated with one release at a time. Deis releases are numbered and new releases always increment by one (e.g. v1, v2, v3). 67 | 68 | Containers that host an application use these release versions to pull the correct code and configuration. 69 | 70 | 71 | ## Scheduler 72 | 73 | The Scheduler is responsible for creating, starting, stopping, and destroying Containers. For example, a command such as `deis scale cmd=10` tells the Scheduler to run ten Containers from the Docker image for your Application. 74 | 75 | The Scheduler must decide which machines are eligible to run these container jobs. Scheduler backends vary in the details of their job allocation policies and whether or not they are resource-aware, among other features. 76 | 77 | The Deis scheduler client is implemented in the Controller component. 78 | 79 | 80 | ## Service 81 | 82 | A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them. In Workflow, a Service is used to load-balance an application's [Containers](#containers) internally through a virtual IP address. 83 | -------------------------------------------------------------------------------- /src/roadmap/planning-process.md: -------------------------------------------------------------------------------- 1 | # Planning Process 2 | 3 | Deis features a lightweight process that emphasizes openness and ensures every community member can be an integral part of planning for the future. 4 | 5 | ## The Role of Maintainers 6 | 7 | [Maintainers][] lead the Deis projects. Their duties include proposing the Roadmap, reviewing and integrating contributions and maintaining the vision of the project. 8 | 9 | ## Open Roadmap 10 | 11 | The [Deis Roadmap](roadmap.md) is a community document. While Maintainers propose the Roadmap, it gets discussed and refined in Release Planning Meetings. 12 | 13 | ## Contributing to the Roadmap 14 | 15 | Proposals and issues can be opened by anyone. Every member of the [community][] is welcome to participate in the discussion by providing feedback and/or offering counter-proposals. 16 | 17 | ## Release Milestones 18 | 19 | The Roadmap gets delivered progressively via the [Release Schedule][]. Releases are defined during Release Planning Meetings and managed using GitHub Milestones which track specific deliverables and work-in-progress. 20 | 21 | ## Release Planning Meetings 22 | 23 | Major decisions affecting the Roadmap are discussed during Release Planning Meetings on the first Thursday of each month, aligned with the [Release Schedule][]. 24 | 25 | Release Planning Meetings are open to the public with access coordinated via the [Deis #community Slack channel](https://slack.deis.io). 26 | Notes from past meetings are below, along with links to a recording of the entire meeting on YouTube. 27 | 28 | ## Credits 29 | 30 | Thanks to [Amy Lindburg][] and our friends at [Docker][] for their inspiration. 31 | 32 | [Amy Lindburg]: https://twitter.com/amylindburg 33 | [community]: ../contributing/community.md 34 | [Docker]: https://www.docker.com/ 35 | [event]: https://goo.gl/q27Jyh 36 | [Maintainers]: ../contributing/maintainers.md 37 | [Release Schedule]: releases.md 38 | -------------------------------------------------------------------------------- /src/roadmap/roadmap.md: -------------------------------------------------------------------------------- 1 | # Deis Workflow Roadmap 2 | 3 | The Deis Workflow Roadmap is a community document created as part of the open 4 | [Planning Process](planning-process.md). Each roadmap item describes a high-level capability or 5 | grouping of features that are deemed important to the future of Deis. 6 | 7 | Given the project's rapid [Release Schedule](releases.md), roadmap 8 | items are designed to provide a sense of direction over many releases. 9 | 10 | ## Interactive `deis run /bin/bash` 11 | 12 | Provide the ability for developers to launch an interactive terminal session in 13 | their application environment. 14 | 15 | Related issues: 16 | 17 | * 18 | * 19 | 20 | ## Log Streaming 21 | 22 | Stream application logs via `deis logs -f` 23 | 24 | ## Teams and Permissions 25 | 26 | Teams and Permissions represents a more flexible permissions model to allow 27 | more nuanced control to applications, capabilities and resources on the 28 | platform. There have been a number of proposals in this area which need to be 29 | reconciled for Deis Workflow before we begin implementation. 30 | 31 | Related issues: 32 | 33 | * Deploy Keys: 34 | * Teams: 35 | * Fine grained permissions: 36 | * Admins create apps only: 37 | * Admin Certificate Permissions: 38 | 39 | ## Monitoring 40 | 41 | * [ ] Define and deliver alerts with Kapacitor: 42 | 43 | ## Workflow Addons/Services 44 | 45 | Developers should be able to quickly and easily provision application 46 | dependencies using a services or addon abstraction. 47 | 48 | 49 | ## Inbound/Outbound Webhooks 50 | 51 | Deis Workflow should be able to send and receive webhooks from external 52 | systems. Facilitating integration with third party services like GitHub, 53 | Gitlab, Slack, Hipchat. 54 | 55 | * [X] Send webhook on platform events: (Workflow v2.10) 56 | -------------------------------------------------------------------------------- /src/troubleshooting/applications.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting Applications 2 | 3 | This document describes how one can troubleshoot common issues when deploying or debugging an 4 | application that fails to start or deploy. 5 | 6 | 7 | ## Application has a Dockerfile, but a Buildpack Deployment Occurs 8 | 9 | When you deploy an application to Workflow using `git push deis master` and the [Builder][] 10 | attempts to deploy using the Buildpack workflow, check the following steps: 11 | 12 | 1. Are you deploying the correct project? 13 | 2. Are you pushing the correct git branch (`git push deis `)? 14 | 3. Is the `Dockerfile` in the project's root directory? 15 | 4. Have you committed the `Dockerfile` to the project? 16 | 17 | ## Application was Deployed, but is Failing to Start 18 | 19 | If you deployed your application but it is failing to start, you can use `deis logs` to check 20 | why the application fails to boot. Sometimes, the application container may fail to boot without 21 | logging any information about the error. This typically occurs when the healthcheck configured for 22 | the application fails. In this case, you can start by 23 | [troubleshooting using kubectl][troubleshooting-kubectl]. You can inspect the application's current 24 | state by examining the pod deployed in the application's namespace. To do that, run 25 | 26 | $ kubectl --namespace=myapp get pods 27 | NAME READY STATUS RESTARTS AGE 28 | myapp-cmd-1585713350-3brbo 0/1 CrashLoopBackOff 2 43s 29 | 30 | We can then describe the pod and determine why it is failing to boot: 31 | 32 | 33 | Events: 34 | FirstSeen LastSeen Count From SubobjectPath Type Reason Message 35 | --------- -------- ----- ---- ------------- -------- ------ ------- 36 | 43s 43s 1 {default-scheduler } Normal Scheduled Successfully assigned myapp-cmd-1585713350-3brbo to kubernetes-node-1 37 | 41s 41s 1 {kubelet kubernetes-node-1} spec.containers{myapp-cmd} Normal Created Created container with docker id b86bd851a61f 38 | 41s 41s 1 {kubelet kubernetes-node-1} spec.containers{myapp-cmd} Normal Started Started container with docker id b86bd851a61f 39 | 37s 35s 1 {kubelet kubernetes-node-1} spec.containers{myapp-cmd} Warning Unhealthy Liveness probe failed: Get http://10.246.39.13:8000/healthz: dial tcp 10.246.39.13:8000: getsockopt: connection refused 40 | 41 | In this instance, we set the healthcheck initial delay timeout for the application at 1 second, 42 | which is too aggressive. The application needs some time to set up the API server after the 43 | container has booted. By increasing the healthcheck initial delay timeout to 10 seconds, the 44 | application is able to boot and is responding correctly. 45 | 46 | See [Custom Health Checks][healthchecks] for more information on how to customize the application's 47 | health checks to better suit the application's needs. 48 | 49 | 50 | [builder]: ../understanding-workflow/components.md#builder 51 | [healthchecks]: ../applications/managing-app-configuration.md#custom-health-checks 52 | [troubleshooting-kubectl]: kubectl.md 53 | -------------------------------------------------------------------------------- /src/troubleshooting/index.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting Workflow 2 | 3 | Common issues that users have run into when provisioning Workflow are detailed below. 4 | 5 | ## A Component Fails to Start 6 | 7 | For information on troubleshooting a failing component, see 8 | [Troubleshooting with Kubectl][kubectl]. 9 | 10 | ## An Application Fails to Start 11 | 12 | For information on troubleshooting application deployment issues, see 13 | [Troubleshooting Applications][troubleshooting-app]. 14 | 15 | 16 | ## Permission denied (publickey) 17 | 18 | The most common problem for this issue is the user forgetting to run `deis keys:add` or add their 19 | private key to their SSH agent. To do so, run `ssh-add ~/.ssh/id_rsa` and try running 20 | `git push deis master` again. 21 | 22 | If you happen get a `Could not open a connection to your authentication agent` 23 | error after trying to run `ssh-add` command above, you may need to load the SSH 24 | agent environment variables issuing the `eval "$(ssh-agent)"` command before. 25 | 26 | ## Other Issues 27 | 28 | Running into something not detailed here? Please [open an issue][issue] or hop into 29 | [#community on Slack][slack] for help! 30 | 31 | [kubectl]: kubectl.md 32 | [issue]: https://github.com/deis/workflow/issues/new 33 | [slack]: http://slack.deis.io/ 34 | [troubleshooting-app]: applications.md 35 | -------------------------------------------------------------------------------- /src/troubleshooting/kubectl.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting using Kubectl 2 | 3 | This document describes how one can use `kubectl` to debug any issues with the cluster. 4 | 5 | ## Diving into the Components 6 | 7 | Using `kubectl`, one can inspect the cluster's current state. When Workflow is installed 8 | with `helm`, Workflow is installed into the `deis` namespace. To inspect if Workflow is 9 | running, run: 10 | 11 | $ kubectl --namespace=deis get pods 12 | NAME READY STATUS RESTARTS AGE 13 | deis-builder-gqum7 0/1 ContainerCreating 0 4s 14 | deis-controller-h6lk6 0/1 ContainerCreating 0 4s 15 | deis-database-56v39 0/1 ContainerCreating 0 4s 16 | deis-logger-fluentd-xihr1 0/1 Pending 0 2s 17 | deis-logger-grupg 0/1 ContainerCreating 0 3s 18 | deis-minio-c2exb 0/1 Pending 0 3s 19 | deis-monitor-grafana-9ccur 0/1 Pending 0 3s 20 | deis-monitor-influxdb-f9ftm 0/1 Pending 0 3s 21 | deis-monitor-stdout-novxs 0/1 Pending 0 3s 22 | deis-monitor-telegraf-dc3y3 0/1 Pending 0 2s 23 | deis-registry-5bor6 0/1 Pending 0 3s 24 | deis-router-r02sd 0/1 Pending 0 2s 25 | deis-workflow-manager-hizv6 0/1 Pending 0 2s 26 | 27 | !!! tip 28 | To save precious keystrokes, alias `kubectl --namespace=deis` to `kd` so it is easier to type 29 | in the future. 30 | 31 | To fetch the logs of a specific component, use `kubectl logs`: 32 | 33 | $ kubectl --namespace=deis logs deis-controller-h6lk6 34 | system information: 35 | Django Version: 1.9.6 36 | Python 3.5.1 37 | addgroup: gid '0' in use 38 | Django checks: 39 | System check identified no issues (2 silenced). 40 | [...] 41 | 42 | To dive into a running container to inspect its environment, use `kubectl exec`: 43 | 44 | $ kubectl --namespace=deis exec -it deis-database-56v39 gosu postgres psql 45 | psql (9.4.7) 46 | Type "help" for help. 47 | 48 | postgres=# \l 49 | List of databases 50 | Name | Owner | Encoding | Collate | Ctype | Access privileges 51 | ----------------------------------+----------+----------+------------+------------+----------------------- 52 | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc | postgres | UTF8 | en_US.utf8 | en_US.utf8 | 53 | postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | 54 | template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + 55 | | | | | | postgres=CTc/postgres 56 | template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + 57 | | | | | | postgres=CTc/postgres 58 | (4 rows) 59 | postgres=# \connect V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 60 | You are now connected to database "V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc" as user "postgres". 61 | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc=# \dt 62 | List of relations 63 | Schema | Name | Type | Owner 64 | --------+--------------------------------+-------+---------------------------------- 65 | public | api_app | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 66 | public | api_build | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 67 | public | api_certificate | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 68 | public | api_config | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 69 | public | api_domain | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 70 | public | api_key | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 71 | public | api_push | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 72 | public | api_release | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 73 | public | auth_group | table | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc 74 | --More-- 75 | V7wckOHIAn3MZ7mO5du4q5IRq7yib1Oc=# SELECT COUNT(*) from api_app; 76 | count 77 | ------- 78 | 0 79 | (1 row) 80 | -------------------------------------------------------------------------------- /src/understanding-workflow/architecture.md: -------------------------------------------------------------------------------- 1 | # Architecture 2 | 3 | Deis Workflow is built using a service oriented architecture. All components 4 | are published as a set of container images which can be deployed to any 5 | compliant Kubernetes cluster. 6 | 7 | ## Overview 8 | 9 | ![System Overview](../diagrams/Ecosystem_Basic.png) 10 | 11 | Operators use [Helm][] to configure and install the Workflow components which 12 | interface directly with the underlying Kubernetes cluster. Service discovery, 13 | container availability and networking are all delegated to Kubernetes, while 14 | Workflow provides a clean and simple developer experience. 15 | 16 | ## Platform Services 17 | 18 | ![Workflow Overview](../diagrams/Workflow_Overview.png) 19 | 20 | Deis Workflow provides additional functionality to your Kubernetes cluster, including: 21 | 22 | * [Source to Image Builder][builder] which compiles your Application code via Buildpacks or Dockerfiles 23 | * [Cross-Pod Log Aggregation][logger] which gathers logs from all of your Application processes 24 | * [Simple REST API][controller] which powers the CLI and any external integrations 25 | * Application release and rollback 26 | * Authentication and Authorization to Application resources 27 | * [HTTP/HTTPS edge routing][router] for your Applications 28 | 29 | ## Kubernetes-Native 30 | 31 | All platform components and applications deployed via Workflow expect to be 32 | running on an existing Kubernetes cluster. This means that you can happily run 33 | your Kubernetes-native workloads next to applications that are managed through 34 | Deis Workflow. 35 | 36 | ![Workflow and Kubernetes](../diagrams/Workflow_Detail.png) 37 | 38 | ## Application Layout and Edge Routing 39 | 40 | By default Workflow creates per-application Namespaces and Services so you can 41 | easily connect your applications to other on-cluster services through standard 42 | Kubernetes mechanisms. 43 | 44 | ![Application Configuration](../diagrams/Application_Layout.png) 45 | 46 | The router component is responsible for routing HTTP/s traffic to your 47 | Applications as well as proxying `git push` and platform API traffic. 48 | 49 | By default, the router component is deployed as a Kubernetes service with type 50 | `LoadBalancer`; which, depending on your configuration, will provision a 51 | cloud-native load balancer automatically. 52 | 53 | The router automatically discovers routable Applications, SSL/TLS certificates 54 | and application-specific configurations through the use of Kubernetes 55 | annotations. Any changes to router configuration or certificates are applied 56 | within seconds. 57 | 58 | ## Topologies 59 | 60 | Deis Workflow no longer dictates a specific topology or server count for your 61 | deployment. The platform components will happily run on single-server 62 | configurations as well as multi-server production clusters. 63 | 64 | [builder]: components.md#builder 65 | [components]: components.md 66 | [controller]: components.md#controller 67 | [helm]: https://github.com/kubernetes/helm 68 | [logger]: components.md#logger 69 | [router]: components.md#router 70 | -------------------------------------------------------------------------------- /src/users/cli.md: -------------------------------------------------------------------------------- 1 | # Deis Workflow CLI 2 | 3 | The Deis Workflow command-line interface (CLI), or client, allows you to interact 4 | with Deis Workflow. 5 | 6 | ## Installation 7 | 8 | Install the latest `deis` client for Linux or Mac OS X with: 9 | 10 | $ curl -sSL http://deis.io/deis-cli/install-v2.sh | bash 11 | 12 | The installer puts `deis` in your current directory, but you should move it 13 | somewhere in your $PATH: 14 | 15 | $ ln -fs $PWD/deis /usr/local/bin/deis 16 | 17 | ## Getting Help 18 | 19 | The Deis client comes with comprehensive documentation for every command. 20 | Use `deis help` to explore the commands available to you: 21 | 22 | $ deis help 23 | The Deis command-line client issues API calls to a Deis controller. 24 | 25 | Usage: deis [...] 26 | 27 | Auth commands:: 28 | 29 | register register a new user with a controller 30 | login login to a controller 31 | logout logout from the current controller 32 | 33 | Subcommands, use `deis help [subcommand]` to learn more:: 34 | ... 35 | 36 | To get help on subcommands, use `deis help [subcommand]`: 37 | 38 | $ deis help apps 39 | Valid commands for apps: 40 | 41 | apps:create create a new application 42 | apps:list list accessible applications 43 | apps:info view info about an application 44 | apps:open open the application in a browser 45 | apps:logs view aggregated application logs 46 | apps:run run a command in an ephemeral app container 47 | apps:destroy destroy an application 48 | 49 | Use `deis help [command]` to learn more 50 | 51 | 52 | ## Support for Multiple Profiles 53 | 54 | The CLI reads from the default `client` profile, which is located on your 55 | workstation at `$HOME/.deis/client.json`. 56 | 57 | Easily switch between multiple Deis Workflow installations or users by setting 58 | the `$DEIS_PROFILE` environment variable or by using the `-c` flag. 59 | 60 | There are two ways to set the `$DEIS_PROFILE` option. 61 | 62 | 1. Path to a json configuration file. 63 | 2. Profile name. If you set profile to just a name, it will be saved alongside the default profile, 64 | in `$HOME/.deis/.json`. 65 | 66 | Examples: 67 | 68 | $ DEIS_PROFILE=production deis login deis.production.com 69 | ... 70 | Configuration saved to /home/testuser/.deis/production.json 71 | $ DEIS_PROFILE=~/config.json deis login deis.example.com 72 | ... 73 | Configuration saved to /home/testuser/config.json 74 | 75 | The configuration flag works identically to and overrides `$DEIS_PROFILE`: 76 | 77 | $ deis whoami -c ~/config.json 78 | You are deis at deis.example.com 79 | 80 | ## Proxy Support 81 | 82 | If your workstation uses a proxy to reach the network where the cluster lies, 83 | set the `http_proxy` or `https_proxy` environment variable to enable proxy support: 84 | 85 | $ export http_proxy="http://proxyip:port" 86 | $ export https_proxy="http://proxyip:port" 87 | 88 | !!! note 89 | Configuring a proxy is generally not necessary for local Minikube clusters. 90 | 91 | ## CLI Plugins 92 | 93 | Plugins allow developers to extend the functionality of the Deis Client, adding new commands or features. 94 | 95 | If an unknown command is specified, the client will attempt to execute the command as a dash-separated command. In this case, `deis resource:command` will execute `deis-resource` with the argument list `command`. In full form: 96 | 97 | $ # these two are identical 98 | $ deis accounts:list 99 | $ deis-accounts list 100 | 101 | Any flags after the command will also be sent to the plugin as an argument: 102 | 103 | $ # these two are identical 104 | $ deis accounts:list --debug 105 | $ deis-accounts list --debug 106 | 107 | But flags preceding the command will not: 108 | 109 | $ # these two are identical 110 | $ deis --debug accounts:list 111 | $ deis-accounts list 112 | -------------------------------------------------------------------------------- /src/users/ssh-keys.md: -------------------------------------------------------------------------------- 1 | # Users and SSH Keys 2 | 3 | For **Dockerfile** and **Buildpack** based application deploys via `git push`, Deis Workflow identifies users via SSH 4 | keys. SSH keys are pushed to the platform and must be unique to each user. Users may have multiple SSH keys as needed. 5 | 6 | ## Generate an SSH Key 7 | 8 | If you do not already have an SSH key or would like to create a new key for Deis Workflow, generate a new key using 9 | `ssh-keygen`: 10 | 11 | ``` 12 | $ ssh-keygen -f ~/.ssh/id_deis -t rsa 13 | Generating public/private rsa key pair. 14 | Enter passphrase (empty for no passphrase): 15 | Enter same passphrase again: 16 | Your identification has been saved in /Users/admin/.ssh/id_deis. 17 | Your public key has been saved in /Users/admin/.ssh/id_deis.pub. 18 | The key fingerprint is: 19 | 3d:ac:1f:f4:83:f7:64:51:c1:7e:7f:80:b6:70:36:c9 admin@plinth-23437.local 20 | The key's randomart image is: 21 | +--[ RSA 2048]----+ 22 | | .. | 23 | | ..| 24 | | . o. .| 25 | | o. E .o.| 26 | | S == o..o| 27 | | o +. .o| 28 | | . o + o .| 29 | | . o = | 30 | | . . | 31 | +-----------------+ 32 | $ ssh-add ~/.ssh/id_deis 33 | Identity added: /Users/admin/.ssh/id_deis (/Users/admin/.ssh/id_deis) 34 | ``` 35 | 36 | ## Adding and Removing SSH Keys 37 | 38 | By publishing the **public** half of your SSH key to Deis Workflow the component responsible for receiving `git push` 39 | will be able to authenticate the user and ensure that they have access to the destination application. 40 | 41 | ``` 42 | $ deis keys:add ~/.ssh/id_deis.pub 43 | Uploading id_deis.pub to deis... done 44 | ``` 45 | 46 | You can always view the keys associated with your user as well: 47 | 48 | ``` 49 | $ deis keys:list 50 | === admin Keys 51 | admin@plinth-23437.local ssh-rsa AAAAB3Nz...3437.local 52 | admin@subgenius.local ssh-rsa AAAAB3Nz...nius.local 53 | ``` 54 | 55 | Remove keys by their name: 56 | ``` 57 | $ deis keys:remove admin@plinth-23437.local 58 | Removing admin@plinth-23437.local SSH Key... don 59 | ``` 60 | -------------------------------------------------------------------------------- /themes/deis/base.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | {% if canonical_url %}{% endif %} 14 | 15 | 16 | 17 | 18 | {% if page_title %}{{ page_title }} - {% endif %}{{ site_name }} 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 |
28 | 31 | 32 | {%- include "topbar.html" %} 33 | {%- include "offcanvas.html" %} 34 | 35 | 36 | 38 | 39 |
40 | 41 |
42 |
43 |
44 |
45 | {{ content }} 46 |
47 |
48 |
49 |
50 | 51 | {%- include "sidebar.html" %} 52 |
53 | 54 | {%- include "footer.html" %} 55 |
56 |
57 | 58 | 59 | 60 | 61 | {% for path in extra_javascript %} 62 | 63 | {% endfor %} 64 | 65 | {% if google_analytics %} 66 | 75 | {% endif %} 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /themes/deis/bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "deis workflow docs", 3 | "dependencies": { 4 | "headroom.js": "^0.9.3", 5 | "font-awesome": "^4.6.3", 6 | "foundation": "^5.5.3" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /themes/deis/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/favicon.ico -------------------------------------------------------------------------------- /themes/deis/nav.html: -------------------------------------------------------------------------------- 1 | {% for nav_item in nav %} 2 |
  • 3 | {{ nav_item.title }} 4 | {% if nav_item.children %} 5 | 12 | {% endif %} 13 |
    • 14 | {% endfor %} 15 |
    16 | -------------------------------------------------------------------------------- /themes/deis/offcanvas.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /themes/deis/search.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block extrahead %} 4 | 5 | 6 | {% endblock %} 7 | 8 | {% block content %} 9 | 10 |

    Search Results

    11 | 12 |
    13 | 14 | 15 |
    16 | 17 |
    18 | Sorry, page not found. 19 |
    20 | 21 | {% endblock %} 22 | -------------------------------------------------------------------------------- /themes/deis/sidebar.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /themes/deis/sitemap.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | {% for nav_item in nav %} 4 | {% if nav_item.children %} 5 | {% for nav_item in nav_item.children %} 6 | 7 | {{ site_url }}{{ nav_item.abs_url }} 8 | 9 | {% endfor %} 10 | {% else %} 11 | 12 | {{ site_url }}{{ nav_item.abs_url }} 13 | 14 | {% endif %} 15 | {% endfor %} 16 | 17 | -------------------------------------------------------------------------------- /themes/deis/static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/favicon.ico -------------------------------------------------------------------------------- /themes/deis/static/fonts/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/FontAwesome.otf -------------------------------------------------------------------------------- /themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/bootstrap/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /themes/deis/static/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /themes/deis/static/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /themes/deis/static/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /themes/deis/static/fonts/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabbook-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabbook-webfont.eot -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabbook-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabbook-webfont.ttf -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabbook-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabbook-webfont.woff -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabbook-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabbook-webfont.woff2 -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabmedium-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabmedium-webfont.eot -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabmedium-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabmedium-webfont.ttf -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabmedium-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabmedium-webfont.woff -------------------------------------------------------------------------------- /themes/deis/static/fonts/klinicslabmedium-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/fonts/klinicslabmedium-webfont.woff2 -------------------------------------------------------------------------------- /themes/deis/static/img/404.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/404.png -------------------------------------------------------------------------------- /themes/deis/static/img/aws-ec2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/aws-ec2.png -------------------------------------------------------------------------------- /themes/deis/static/img/blog-social.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/blog-social.png -------------------------------------------------------------------------------- /themes/deis/static/img/cover-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/cover-image.png -------------------------------------------------------------------------------- /themes/deis/static/img/deis-graphic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/deis-graphic.png -------------------------------------------------------------------------------- /themes/deis/static/img/deis-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/deis-logo.png -------------------------------------------------------------------------------- /themes/deis/static/img/deis_builder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/deis_builder.png -------------------------------------------------------------------------------- /themes/deis/static/img/deis_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/deis_logo.png -------------------------------------------------------------------------------- /themes/deis/static/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/favicon.ico -------------------------------------------------------------------------------- /themes/deis/static/img/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/favicon.png -------------------------------------------------------------------------------- /themes/deis/static/img/footer-engine-yard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/footer-engine-yard.png -------------------------------------------------------------------------------- /themes/deis/static/img/footer-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/footer-logo.png -------------------------------------------------------------------------------- /themes/deis/static/img/fork.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/fork.png -------------------------------------------------------------------------------- /themes/deis/static/img/glyphs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/glyphs.png -------------------------------------------------------------------------------- /themes/deis/static/img/large-social.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/large-social.png -------------------------------------------------------------------------------- /themes/deis/static/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/logo.png -------------------------------------------------------------------------------- /themes/deis/static/img/mag_glass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/mag_glass.png -------------------------------------------------------------------------------- /themes/deis/static/img/menu-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/menu-logo.png -------------------------------------------------------------------------------- /themes/deis/static/img/social.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/deis/workflow/889f6ce1633dddc52c84eba168f76f57d18bab3e/themes/deis/static/img/social.png -------------------------------------------------------------------------------- /themes/deis/static/img/svg/circle.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Fill 31 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /themes/deis/static/img/svg/helm-logo.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /themes/deis/static/img/svg/square.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Fill 26 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /themes/deis/static/img/svg/steward-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Steward Bot 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /themes/deis/static/img/svg/triangle.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Fill 21 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /themes/deis/static/img/svg/workflow-logo.svg: -------------------------------------------------------------------------------- 1 | Logo Box -------------------------------------------------------------------------------- /themes/deis/static/js/adjustments.js: -------------------------------------------------------------------------------- 1 | $(document).ready(function() { 2 | 3 | // init foundation for offcanvas menu 4 | $(document).foundation(); 5 | 6 | 7 | // custom theme js for sidebar links 8 | var allClosed; 9 | 10 | // close all accordions, besides the menu containing the page that you've clicked on. 11 | $('.toctree-l1').each(function(){ 12 | if($(this).children('a').attr('state') == 'open') { 13 | $(this).children('ul').show(); 14 | allClosed = false; 15 | return false; 16 | } else { 17 | allClosed = true; 18 | } 19 | }); 20 | 21 | if (allClosed == true) { } 22 | 23 | // if menu is closed when clicked, expand it 24 | $('.toctree-l1 > a').click(function() { 25 | 26 | //Make the titles of open accordions dead links 27 | if ($(this).attr('state') == 'open') {return false;} 28 | 29 | //Clicking on a title of a closed accordion 30 | if($(this).attr('state') != 'open' && $(this).siblings().size() > 0) { 31 | $('.toctree-l1 > ul').hide(); 32 | $('.toctree-l1 > a').attr('state', ''); 33 | $(this).attr('state', 'open'); 34 | $(this).next().slideDown(function(){}); 35 | return false; 36 | } 37 | }); 38 | 39 | 40 | // insert urls into markdown 41 | $(function(){ 42 | $('a#AWS').attr('href', documentationBaseURL + '/quickstart/provider/aws/boot/') 43 | $('a#GKE').attr('href', documentationBaseURL + '/quickstart/provider/gke/boot/') 44 | $('a#Minikube').attr('href', documentationBaseURL + '/quickstart/provider/minikube/boot/') 45 | $('a#Azure').attr('href', documentationBaseURL + '/quickstart/provider/azure-acs/boot/') 46 | }); 47 | 48 | }); 49 | 50 | 51 | // use headroom.js for sticky topbar 52 | (function() { 53 | var searchBar = document.querySelector(".top-bar"); 54 | new Headroom(searchBar, { 55 | offset: 50, 56 | classes: { 57 | "initial": "headroom", 58 | "pinned": "headroom--pinned", 59 | "unpinned": "headroom--unpinned", 60 | "top" : "headroom--top", 61 | "notTop" : "headroom--not-top" 62 | } 63 | }).init(); 64 | }()); 65 | -------------------------------------------------------------------------------- /themes/deis/static/js/headroom.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * headroom.js v0.7.0 - Give your page some headroom. Hide your header until you need it 3 | * Copyright (c) 2014 Nick Williams - http://wicky.nillia.ms/headroom.js 4 | * License: MIT 5 | */ 6 | 7 | !function(a,b){"use strict";function c(a){this.callback=a,this.ticking=!1}function d(b){return b&&"undefined"!=typeof a&&(b===a||b.nodeType)}function e(a){if(arguments.length<=0)throw new Error("Missing arguments in extend function");var b,c,f=a||{};for(c=1;ca,c=a+this.getViewportHeight()>this.getScrollerHeight();return b||c},toleranceExceeded:function(a,b){return Math.abs(a-this.lastKnownScrollY)>=this.tolerance[b]},shouldUnpin:function(a,b){var c=a>this.lastKnownScrollY,d=a>=this.offset;return c&&d&&b},shouldPin:function(a,b){var c=athis.lastKnownScrollY?"down":"up",c=this.toleranceExceeded(a,b);this.isOutOfBounds(a)||(a<=this.offset?this.top():this.notTop(),this.shouldUnpin(a,c)?this.unpin():this.shouldPin(a,c)&&this.pin(),this.lastKnownScrollY=a)}},g.options={tolerance:{up:0,down:0},offset:0,scroller:a,classes:{pinned:"headroom--pinned",unpinned:"headroom--unpinned",top:"headroom--top",notTop:"headroom--not-top",initial:"headroom"}},g.cutsTheMustard="undefined"!=typeof h&&h.rAF&&h.bind&&h.classList,a.Headroom=g}(window,document); -------------------------------------------------------------------------------- /themes/deis/static/scss/_buttons.scss: -------------------------------------------------------------------------------- 1 | a.button { 2 | color: white; 3 | 4 | &:hover { 5 | color: white; 6 | } 7 | 8 | &.hollow { 9 | color: $dark1; 10 | } 11 | } 12 | 13 | .button { 14 | @include transition; 15 | background-color: $blue; 16 | color: white; 17 | 18 | &:hover { 19 | background-color: darken($blue, 10%); 20 | color: white; 21 | } 22 | 23 | &.hollow { 24 | background-color: transparent; 25 | border: 2px solid darken($light1, 10%); 26 | 27 | &:hover, 28 | &:active { 29 | background-color: transparent; 30 | border: 2px solid $lightpink; 31 | } 32 | } 33 | 34 | &.primary { 35 | background-color: $pink; 36 | color: white; 37 | 38 | &:hover, 39 | &:active { 40 | background-color: darken($pink, 10%); 41 | color: white; 42 | } 43 | } 44 | 45 | &.secondary { 46 | background-color: $blue; 47 | color: white; 48 | 49 | &:hover, 50 | &:active { 51 | background-color: darken($blue, 10%); 52 | color: white; 53 | } 54 | } 55 | 56 | .fa { 57 | font-size: 0.875em; 58 | margin: 0.25em 1.5em; 59 | 60 | &.left { 61 | margin-left: -0.7em; 62 | } 63 | 64 | &.right { 65 | margin-right: -0.7em; 66 | } 67 | &.fa-github { 68 | font-size: 19px; 69 | margin: initial; 70 | padding-right: 10px; 71 | } 72 | &.fa-caret-up, &.fa-caret-down { 73 | margin: initial; 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_doc-layout.scss: -------------------------------------------------------------------------------- 1 | html, 2 | body { 3 | height:100%; 4 | } 5 | 6 | .off-canvas-wrap, 7 | .inner-wrap { 8 | min-height: 100%; 9 | } 10 | 11 | body { 12 | @include helvetica; 13 | overflow-x: hidden; 14 | 15 | .row { 16 | max-width: 75rem; 17 | } 18 | 19 | .row.fullwidth { 20 | max-width: 100%; 21 | padding-left: 1.25em; 22 | padding-right: 1.25em; 23 | } 24 | } 25 | 26 | .content-wrap { 27 | position: relative; 28 | padding-left: 320px; 29 | min-height: 100%; 30 | margin-bottom: -335px; 31 | 32 | @media #{$small-only} { 33 | padding-left: 5%; 34 | padding-right: 5%; 35 | } 36 | @media #{$medium-only} { 37 | padding-left: 5%; 38 | padding-right: 5%; 39 | } 40 | 41 | &:after { 42 | content: ""; 43 | display: block; 44 | height: 390px; 45 | } 46 | } 47 | 48 | .content-inner { 49 | width: auto; 50 | max-width: 800px; 51 | margin-left: auto; 52 | margin-right: auto; 53 | padding-top: 128px; 54 | padding-bottom: 128px; 55 | } 56 | 57 | .sidebar { 58 | width: 290px; 59 | position: fixed; 60 | top: 0; 61 | left: 0; 62 | background: white; 63 | z-index: 1010; 64 | height: 100%; 65 | overflow-y: scroll; 66 | border-bottom: 2px solid $light1; 67 | } 68 | 69 | .alert-box.banner { 70 | background: $pink; 71 | text-align: center; 72 | color: white; 73 | position: relative; 74 | z-index: 10; 75 | display: block; 76 | margin-left: 290px; 77 | padding: 88px 0 8px; 78 | margin-bottom: -75px; 79 | font-size: 0.925rem; 80 | letter-spacing: 0.025em; 81 | 82 | a { 83 | color: white; 84 | border-bottom: 1px dotted white; 85 | } 86 | } -------------------------------------------------------------------------------- /themes/deis/static/scss/_doc-responsive.scss: -------------------------------------------------------------------------------- 1 | @media only screen and (max-width: 40em) { 2 | .content-wrap { 3 | padding-left: 0px; 4 | } 5 | .alert-box.banner { 6 | margin-left: 0; 7 | } 8 | 9 | .navbar h1 { 10 | margin: 0.1em 0 0.125em -0.75em; 11 | } 12 | 13 | .content-inner { 14 | padding-top: 105px; 15 | padding-left: 1em; 16 | padding-right: 1em; 17 | 18 | h1, h2, h3, h4, h5, h6, p, li { 19 | padding-right: 0%; 20 | } 21 | 22 | h1 { 23 | font-size: 1.75em; 24 | } 25 | 26 | h1 + p { 27 | font-size: 1.25em; 28 | line-height: 1.4; 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_doc-sidebar.scss: -------------------------------------------------------------------------------- 1 | .sidebar { 2 | 3 | .sidebar-inner { 4 | padding: 120px 0 40px; 5 | max-width: 320px; 6 | position: relative; 7 | z-index: 50; 8 | 9 | h1 { 10 | margin: 0 0 70px; 11 | padding: 0; 12 | border-bottom: 2px solid $light1; 13 | height: 82px; 14 | width: 290px; 15 | position: fixed; 16 | top: 0; 17 | 18 | &:hover { 19 | border-color: $blue; 20 | } 21 | 22 | a.logo { 23 | padding: 0 0 0 0.825em; 24 | display: block; 25 | line-height: 78px; 26 | background: white; 27 | border-right: 2px solid $light1; 28 | 29 | img { 30 | margin-top: -10px; 31 | } 32 | } 33 | } 34 | 35 | &:hover li a { 36 | color: darken($grey, 33.333%); 37 | } 38 | 39 | ul, li { 40 | list-style: none; 41 | padding: 0; 42 | margin: 0; 43 | } 44 | 45 | li { 46 | font-size: 1.125em; 47 | 48 | a { 49 | padding: 0.333em 2.5em; 50 | display: inline-block; 51 | width: 100%; 52 | color: darken($grey, 17.5%); 53 | font-size: 0.825em; 54 | @include transition; 55 | 56 | &[state=open], 57 | &.current { 58 | color: $pink; 59 | font-weight: bold; 60 | 61 | + ul > li a { 62 | font-weight: normal !important; 63 | color: $dark1; 64 | 65 | &:before { 66 | content: " "; 67 | position: absolute; 68 | width: 8px; 69 | height: 8px; 70 | border-radius: 4px; 71 | display: inline-block; 72 | border: 4px solid lighten($lightpink, 25%); 73 | margin: 0.5em 0 0 0; 74 | left: 2.8em; 75 | } 76 | } 77 | } 78 | 79 | &:hover { 80 | background: $light1; 81 | } 82 | } 83 | 84 | &.toctree-l1.current { 85 | ul { 86 | display: block !important; 87 | } 88 | } 89 | } 90 | 91 | ul { 92 | padding-bottom: 1.5em; 93 | } 94 | 95 | li li a { 96 | padding-left: 4em; 97 | font-size: 0.75em; 98 | } 99 | } 100 | 101 | .sidebar-bg { 102 | position: fixed; 103 | top: 0; 104 | bottom: 0; 105 | width: 290px; 106 | border-right: 2px solid $light1; 107 | z-index: 10; 108 | } 109 | } 110 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_media.scss: -------------------------------------------------------------------------------- 1 | @media only screen and (max-width: 40.063em) { 2 | 3 | .billboard-home section { 4 | width: 100%; 5 | z-index: 50; 6 | 7 | h1 { 8 | font-size: 1.425em; 9 | } 10 | 11 | p { 12 | font-size: 0.925em; 13 | margin: 0 20% 2em; 14 | } 15 | 16 | .button { 17 | min-width: 85%; 18 | margin: 0.25em 7.5%; 19 | max-width: 200px; 20 | } 21 | } 22 | 23 | .content-wrap { 24 | margin-bottom: -225px !important; 25 | } 26 | 27 | footer { 28 | height: 225px !important; 29 | } 30 | 31 | .shape-position.shape-position-bottom { 32 | bottom: -3.5em; 33 | width: 117.5%; 34 | z-index: 150; 35 | } 36 | 37 | .off-canvas-wrap.move-right, 38 | .off-canvas-wrap.move-left { 39 | height: 100%; 40 | 41 | .inner-wrap, 42 | .content-wrap { 43 | height: 100%; 44 | 45 | & + footer { 46 | display: none; 47 | } 48 | } 49 | } 50 | 51 | aside.right-off-canvas-menu { 52 | 53 | ul:first-child { 54 | height: 100%; 55 | max-height: 100%; 56 | overflow-y: scroll; 57 | 58 | ul { 59 | height: auto; 60 | margin: 0 0 1.25em 0; 61 | } 62 | 63 | ul li a { 64 | font-size: 0.875em; 65 | padding-left: 2.75rem; 66 | opacity: 0.75; 67 | } 68 | } 69 | } 70 | } 71 | 72 | @media only screen and (max-width: 64.063em) { 73 | 74 | 75 | 76 | } 77 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_mixins.scss: -------------------------------------------------------------------------------- 1 | /** 2 | * Media query breakpoints 3 | */ 4 | $desktopFloor: 64.0625em; 5 | $tabletFloor: 40.063em; 6 | $tabletCeiling: 64.0624em; 7 | $mobileCeiling: 40em; 8 | 9 | @mixin mobile { 10 | @media only screen and (max-width: $mobileCeiling) { 11 | @content; 12 | } 13 | } 14 | 15 | @mixin tablet { 16 | @media only screen and (min-width: $tabletFloor) { 17 | @content; 18 | } 19 | } 20 | 21 | @mixin mobileAndTablet { 22 | @media only screen and (max-width: $tabletCeiling) { 23 | @content; 24 | } 25 | } 26 | 27 | @mixin desktop { 28 | @media only screen and (min-width: $desktopFloor) { 29 | @content; 30 | } 31 | } 32 | 33 | @mixin landscape { 34 | @media only screen and (min-width: 569px) and (max-width: 736px) and (orientation: landscape) { 35 | @content; 36 | } 37 | } 38 | 39 | @mixin smallLandscape { 40 | @media only screen and (max-width: 568px) and (orientation: landscape) { 41 | @content; 42 | } 43 | } 44 | 45 | // type 46 | @mixin klinicReg { 47 | font-family: $klinic; 48 | font-weight: 400; 49 | letter-spacing: 0.0125em; 50 | } 51 | 52 | @mixin klinicBold { 53 | font-family: $klinic; 54 | font-weight: 500; 55 | letter-spacing: 0.02em; 56 | } 57 | 58 | @mixin helvetica { 59 | font-family: $font-family-sans-serif; 60 | } 61 | 62 | @mixin quote { 63 | font-size: 0.875em; 64 | font-family: $font-family-serif; 65 | line-height: 1.7; 66 | color: darken($light2, 33.33%); 67 | padding: 0.5em 5%; 68 | margin-right: -3.333em; 69 | font-style: italic; 70 | letter-spacing: 0.015em; 71 | position: relative; 72 | 73 | &:before { 74 | content: "\“"; 75 | position: absolute; 76 | font-size: 3em; 77 | left: -0.125em; 78 | top: -0.25em; 79 | width: 1em; 80 | opacity: 0.3; 81 | z-index: 500; 82 | } 83 | } 84 | 85 | 86 | // vertical alignment 87 | 88 | @mixin fullheight { 89 | min-height: 100%; 90 | height: 100%; 91 | } 92 | 93 | @mixin centerer { 94 | position: absolute; 95 | top: 50%; 96 | left: 50%; 97 | transform: translate(-50%, -50%); 98 | } 99 | 100 | @mixin topper { 101 | position: absolute; 102 | top: 0%; 103 | } 104 | 105 | @mixin bottomer { 106 | position: absolute; 107 | bottom: 0%; 108 | } 109 | 110 | 111 | // css3 112 | @mixin transition($property:all, $duration:0.3s, $easing:ease-in-out) { 113 | transition: $property $duration $easing; 114 | } 115 | 116 | @mixin border-radius($radius1:3px, $radius2:3px) { 117 | -webkit-border-radius: $radius1 $radius2 $radius1 $radius2; 118 | -moz-border-radius: $radius1 $radius2 $radius1 $radius2; 119 | border-radius: $radius1 $radius2 $radius1 $radius2; 120 | } 121 | 122 | @mixin box-shadow($xlength:0, $ylength:2px, $size:0, $color:rgba(30,30,30,0.25)) { 123 | -webkit-box-shadow: $xlength $ylength $size $color; 124 | -moz-box-shadow: $xlength $ylength $size $color; 125 | box-shadow: $xlength $ylength $size $color; 126 | } 127 | 128 | @mixin keyframes($name) { 129 | @-webkit-keyframes #{$name} { 130 | @content; 131 | } 132 | @-moz-keyframes #{$name} { 133 | @content; 134 | } 135 | @-o-keyframes #{$name} { 136 | @content; 137 | } 138 | @keyframes #{$name} { 139 | @content; 140 | } 141 | } 142 | 143 | @mixin animation ($delay, $duration, $animation) { 144 | -webkit-animation-delay: $delay; 145 | -webkit-animation-duration: $duration; 146 | -webkit-animation-name: $animation; 147 | -webkit-animation-fill-mode: forwards; 148 | -moz-animation-delay: $delay; 149 | -moz-animation-duration: $duration; 150 | -moz-animation-name: $animation; 151 | -moz-animation-fill-mode: forwards; 152 | animation-delay: $delay; 153 | animation-duration: $duration; 154 | animation-name: $animation; 155 | animation-fill-mode: forwards; 156 | } 157 | 158 | 159 | // link effect 160 | @mixin ripple($color: $pink) { 161 | position: relative; 162 | display: inline-block; 163 | text-align: center; 164 | @include transition; 165 | 166 | &::after { 167 | display: inline-block; 168 | content: ""; 169 | background: $color; 170 | height: 3px; 171 | width: 10%; 172 | opacity: 0; 173 | margin: -0.75em auto 0; 174 | @include transition; 175 | } 176 | 177 | &:hover::after { 178 | width: 100%; 179 | opacity: 1; 180 | } 181 | } 182 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_offcanvas.scss: -------------------------------------------------------------------------------- 1 | .right-off-canvas-toggle.fa { 2 | color: $light2; 3 | font-size: 1.5em; 4 | padding: 1em 0.5em; 5 | position: absolute; 6 | margin-top: -0.5em; 7 | top: 0; 8 | right: 0; 9 | z-index: 1250; 10 | @include transition; 11 | 12 | &:hover { 13 | background: lighten($light1, 3.5%); 14 | color: $dark1; 15 | } 16 | } 17 | 18 | aside.right-off-canvas-menu { 19 | ul { 20 | margin: 1.25em 0; 21 | 22 | li { 23 | @include klinicReg; 24 | 25 | a { 26 | color: white; 27 | padding: 0.5em 2em; 28 | display: block; 29 | line-height: 1.2; 30 | @include transition; 31 | 32 | &:hover { 33 | background: darken($darkpink, 25%); 34 | } 35 | } 36 | } 37 | } 38 | 39 | .button { 40 | margin: 2.5em 10% 1em; 41 | width: 80%; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_shapes.scss: -------------------------------------------------------------------------------- 1 | // Sass for custom Deis shape blocks 2 | // see docs here: http://codepen.io/flynnduism/pen/BjGZPp 3 | 4 | 5 | // circles, squares, triangles 6 | 7 | .geo-shapes { 8 | padding-bottom: 2em; 9 | 10 | hr { 11 | border-width: 5px 0 0; 12 | margin-top: -0.667em; 13 | margin-left: 40%; 14 | margin-right: 40%; 15 | opacity: 0.13; 16 | } 17 | 18 | span { 19 | position: relative; 20 | z-index: 650; 21 | margin: 0 0 -2em; 22 | } 23 | } 24 | 25 | 26 | // block shapes 27 | 28 | .shapes { 29 | .row { 30 | display: block; 31 | 32 | span { 33 | display: inline-block; 34 | width: 10%; 35 | padding-bottom: 10%; 36 | height: 0; 37 | overflow: hidden; 38 | float: left; 39 | position: relative; 40 | 41 | em { 42 | transform: rotate(45deg); 43 | display: block; 44 | width: 150%; 45 | padding-bottom: 150%; 46 | position: absolute; 47 | right: -75%; 48 | top: -81.5%; 49 | height: 0; 50 | } 51 | } 52 | } 53 | 54 | .shape-row-6 > span { 55 | width: 16.666%; 56 | padding-bottom: 16.666%; 57 | } 58 | 59 | .shape-row-8 > span { 60 | width: 12.5%; 61 | padding-bottom: 12.5%; 62 | } 63 | 64 | .shape-row-12 > span { 65 | width: 8.3333%; 66 | padding-bottom: 8.3333%; 67 | } 68 | 69 | // shape colors 70 | .s-p { background: $pink } 71 | .s-b { background: $blue } 72 | .s-g { background: $green } 73 | 74 | //lighter colors 75 | .s-pl { background: $lightpink } 76 | .s-bl { background: $lightblue } 77 | .s-gl { background: $lightgreen } 78 | 79 | // darker deis colors 80 | .s-pd { background: $darkpink } 81 | .s-bd { background: $darkblue } 82 | .s-gd { background: $darkgreen } 83 | 84 | .s-d1 { background: $dark1 } 85 | .s-d2 { background: $dark2 } 86 | 87 | .s-l1 { background: $light1} 88 | .s-l2 { background: $light2 } 89 | 90 | .s-w { background: white } 91 | 92 | // hover effect 93 | &.shapes-animate { 94 | .row { 95 | display: block; 96 | 97 | span { 98 | transition: all 0.85s ease-in-out; 99 | 100 | &:hover { 101 | transform: rotate(90deg); 102 | } 103 | } 104 | } 105 | } 106 | } 107 | 108 | // vertical alignment 109 | .shape-position { 110 | width: 100%; 111 | 112 | .row { 113 | max-width: 100%; 114 | } 115 | 116 | &.shape-position-top { 117 | @include topper; 118 | } 119 | 120 | &.shape-position-bottom { 121 | @include bottomer; 122 | 123 | .row span em { 124 | transform: rotate(45deg); 125 | left: -75%; 126 | right: auto; 127 | top: -81.5%; 128 | } 129 | } 130 | } 131 | -------------------------------------------------------------------------------- /themes/deis/static/scss/_typography.scss: -------------------------------------------------------------------------------- 1 | $fa-font-path: "../fonts" !default; 2 | @import '../../bower_components/font-awesome/scss/font-awesome.scss'; 3 | 4 | 5 | @font-face { 6 | font-family: 'klinic'; 7 | src: url('../fonts/klinicslabbook-webfont.eot'); 8 | src: url('../fonts/klinicslabbook-webfont.eot?#iefix') format('embedded-opentype'), 9 | url('../fonts/klinicslabbook-webfont.woff2') format('woff2'), 10 | url('../fonts/klinicslabbook-webfont.woff') format('woff'), 11 | url('../fonts/klinicslabbook-webfont.ttf') format('truetype'), 12 | url('../fonts/klinicslabbook-webfont.svg#klinic_slabbook') format('svg'); 13 | font-weight: 400; 14 | font-style: normal; 15 | } 16 | 17 | @font-face { 18 | font-family: 'klinic'; 19 | src: url('../fonts/klinicslabmedium-webfont.eot'); 20 | src: url('../fonts/klinicslabmedium-webfont.eot?#iefix') format('embedded-opentype'), 21 | url('../fonts/klinicslabmedium-webfont.woff2') format('woff2'), 22 | url('../fonts/klinicslabmedium-webfont.woff') format('woff'), 23 | url('../fonts/klinicslabmedium-webfont.ttf') format('truetype'), 24 | url('../fonts/klinicslabmedium-webfont.svg#klinic_slabmedium') format('svg'); 25 | font-weight: 500; 26 | font-style: normal; 27 | } 28 | 29 | 30 | h1 { 31 | @include klinicBold; 32 | } 33 | 34 | h2, h3, h4, h5 { 35 | @include klinicReg; 36 | } 37 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_animated.scss: -------------------------------------------------------------------------------- 1 | // Spinning Icons 2 | // -------------------------- 3 | 4 | .#{$fa-css-prefix}-spin { 5 | -webkit-animation: fa-spin 2s infinite linear; 6 | animation: fa-spin 2s infinite linear; 7 | } 8 | 9 | .#{$fa-css-prefix}-pulse { 10 | -webkit-animation: fa-spin 1s infinite steps(8); 11 | animation: fa-spin 1s infinite steps(8); 12 | } 13 | 14 | @-webkit-keyframes fa-spin { 15 | 0% { 16 | -webkit-transform: rotate(0deg); 17 | transform: rotate(0deg); 18 | } 19 | 100% { 20 | -webkit-transform: rotate(359deg); 21 | transform: rotate(359deg); 22 | } 23 | } 24 | 25 | @keyframes fa-spin { 26 | 0% { 27 | -webkit-transform: rotate(0deg); 28 | transform: rotate(0deg); 29 | } 30 | 100% { 31 | -webkit-transform: rotate(359deg); 32 | transform: rotate(359deg); 33 | } 34 | } 35 | 36 | // Fade In 37 | // ------- 38 | 39 | @keyframes fadein { 40 | from { opacity: 0; } 41 | to { opacity: 1; } 42 | } 43 | 44 | /* Firefox < 16 */ 45 | @-moz-keyframes fadein { 46 | from { opacity: 0; } 47 | to { opacity: 1; } 48 | } 49 | 50 | /* Safari, Chrome and Opera > 12.1 */ 51 | @-webkit-keyframes fadein { 52 | from { opacity: 0; } 53 | to { opacity: 1; } 54 | } 55 | 56 | /* Internet Explorer */ 57 | @-ms-keyframes fadein { 58 | from { opacity: 0; } 59 | to { opacity: 1; } 60 | } 61 | 62 | /* Opera < 12.1 */ 63 | @-o-keyframes fadein { 64 | from { opacity: 0; } 65 | to { opacity: 1; } 66 | } 67 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_bordered-pulled.scss: -------------------------------------------------------------------------------- 1 | // Bordered & Pulled 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-border { 5 | padding: .2em .25em .15em; 6 | border: solid .08em $fa-border-color; 7 | border-radius: .1em; 8 | } 9 | 10 | .#{$fa-css-prefix}-pull-left { float: left; } 11 | .#{$fa-css-prefix}-pull-right { float: right; } 12 | 13 | .#{$fa-css-prefix} { 14 | &.#{$fa-css-prefix}-pull-left { margin-right: .3em; } 15 | &.#{$fa-css-prefix}-pull-right { margin-left: .3em; } 16 | } 17 | 18 | /* Deprecated as of 4.4.0 */ 19 | .pull-right { float: right; } 20 | .pull-left { float: left; } 21 | 22 | .#{$fa-css-prefix} { 23 | &.pull-left { margin-right: .3em; } 24 | &.pull-right { margin-left: .3em; } 25 | } 26 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_core.scss: -------------------------------------------------------------------------------- 1 | // Base Class Definition 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix} { 5 | display: inline-block; 6 | font: normal normal normal #{$fa-font-size-base}/#{$fa-line-height-base} FontAwesome; // shortening font declaration 7 | font-size: inherit; // can't have font-size inherit on line above, so need to override 8 | text-rendering: auto; // optimizelegibility throws things off #1094 9 | -webkit-font-smoothing: antialiased; 10 | -moz-osx-font-smoothing: grayscale; 11 | 12 | } 13 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_fixed-width.scss: -------------------------------------------------------------------------------- 1 | // Fixed Width Icons 2 | // ------------------------- 3 | .#{$fa-css-prefix}-fw { 4 | width: (18em / 14); 5 | text-align: center; 6 | } 7 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_larger.scss: -------------------------------------------------------------------------------- 1 | // Icon Sizes 2 | // ------------------------- 3 | 4 | /* makes the font 33% larger relative to the icon container */ 5 | .#{$fa-css-prefix}-lg { 6 | font-size: (4em / 3); 7 | line-height: (3em / 4); 8 | vertical-align: -15%; 9 | } 10 | .#{$fa-css-prefix}-2x { font-size: 2em; } 11 | .#{$fa-css-prefix}-3x { font-size: 3em; } 12 | .#{$fa-css-prefix}-4x { font-size: 4em; } 13 | .#{$fa-css-prefix}-5x { font-size: 5em; } 14 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_list.scss: -------------------------------------------------------------------------------- 1 | // List Icons 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-ul { 5 | padding-left: 0; 6 | margin-left: $fa-li-width; 7 | list-style-type: none; 8 | > li { position: relative; } 9 | } 10 | .#{$fa-css-prefix}-li { 11 | position: absolute; 12 | left: -$fa-li-width; 13 | width: $fa-li-width; 14 | top: (2em / 14); 15 | text-align: center; 16 | &.#{$fa-css-prefix}-lg { 17 | left: -$fa-li-width + (4em / 14); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_mixins.scss: -------------------------------------------------------------------------------- 1 | // Mixins 2 | // -------------------------- 3 | 4 | @mixin fa-icon() { 5 | display: inline-block; 6 | font: normal normal normal #{$fa-font-size-base}/#{$fa-line-height-base} FontAwesome; // shortening font declaration 7 | font-size: inherit; // can't have font-size inherit on line above, so need to override 8 | text-rendering: auto; // optimizelegibility throws things off #1094 9 | -webkit-font-smoothing: antialiased; 10 | -moz-osx-font-smoothing: grayscale; 11 | 12 | } 13 | 14 | @mixin fa-icon-rotate($degrees, $rotation) { 15 | filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=#{$rotation}); 16 | -webkit-transform: rotate($degrees); 17 | -ms-transform: rotate($degrees); 18 | transform: rotate($degrees); 19 | } 20 | 21 | @mixin fa-icon-flip($horiz, $vert, $rotation) { 22 | filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=#{$rotation}); 23 | -webkit-transform: scale($horiz, $vert); 24 | -ms-transform: scale($horiz, $vert); 25 | transform: scale($horiz, $vert); 26 | } 27 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_path.scss: -------------------------------------------------------------------------------- 1 | /* FONT PATH 2 | * -------------------------- */ 3 | 4 | @font-face { 5 | font-family: 'FontAwesome'; 6 | src: url('#{$fa-font-path}/fontawesome-webfont.eot?v=#{$fa-version}'); 7 | src: url('#{$fa-font-path}/fontawesome-webfont.eot?#iefix&v=#{$fa-version}') format('embedded-opentype'), 8 | url('#{$fa-font-path}/fontawesome-webfont.woff2?v=#{$fa-version}') format('woff2'), 9 | url('#{$fa-font-path}/fontawesome-webfont.woff?v=#{$fa-version}') format('woff'), 10 | url('#{$fa-font-path}/fontawesome-webfont.ttf?v=#{$fa-version}') format('truetype'), 11 | url('#{$fa-font-path}/fontawesome-webfont.svg?v=#{$fa-version}#fontawesomeregular') format('svg'); 12 | // src: url('#{$fa-font-path}/FontAwesome.otf') format('opentype'); // used when developing fonts 13 | font-weight: normal; 14 | font-style: normal; 15 | } 16 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_rotated-flipped.scss: -------------------------------------------------------------------------------- 1 | // Rotated & Flipped Icons 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-rotate-90 { @include fa-icon-rotate(90deg, 1); } 5 | .#{$fa-css-prefix}-rotate-180 { @include fa-icon-rotate(180deg, 2); } 6 | .#{$fa-css-prefix}-rotate-270 { @include fa-icon-rotate(270deg, 3); } 7 | 8 | .#{$fa-css-prefix}-flip-horizontal { @include fa-icon-flip(-1, 1, 0); } 9 | .#{$fa-css-prefix}-flip-vertical { @include fa-icon-flip(1, -1, 2); } 10 | 11 | // Hook for IE8-9 12 | // ------------------------- 13 | 14 | :root .#{$fa-css-prefix}-rotate-90, 15 | :root .#{$fa-css-prefix}-rotate-180, 16 | :root .#{$fa-css-prefix}-rotate-270, 17 | :root .#{$fa-css-prefix}-flip-horizontal, 18 | :root .#{$fa-css-prefix}-flip-vertical { 19 | filter: none; 20 | } 21 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/_stacked.scss: -------------------------------------------------------------------------------- 1 | // Stacked Icons 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-stack { 5 | position: relative; 6 | display: inline-block; 7 | width: 2em; 8 | height: 2em; 9 | line-height: 2em; 10 | vertical-align: middle; 11 | } 12 | .#{$fa-css-prefix}-stack-1x, .#{$fa-css-prefix}-stack-2x { 13 | position: absolute; 14 | left: 0; 15 | width: 100%; 16 | text-align: center; 17 | } 18 | .#{$fa-css-prefix}-stack-1x { line-height: inherit; } 19 | .#{$fa-css-prefix}-stack-2x { font-size: 2em; } 20 | .#{$fa-css-prefix}-inverse { color: $fa-inverse; } 21 | -------------------------------------------------------------------------------- /themes/deis/static/scss/fontawesome/font-awesome.scss: -------------------------------------------------------------------------------- 1 | /*! 2 | * Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome 3 | * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) 4 | */ 5 | 6 | @import "variables"; 7 | @import "mixins"; 8 | @import "path"; 9 | @import "core"; 10 | @import "larger"; 11 | @import "fixed-width"; 12 | @import "list"; 13 | @import "bordered-pulled"; 14 | @import "animated"; 15 | @import "rotated-flipped"; 16 | @import "stacked"; 17 | @import "icons"; 18 | -------------------------------------------------------------------------------- /themes/deis/theme.conf: -------------------------------------------------------------------------------- 1 | [theme] 2 | inherit = classic 3 | pygments_style = monokai 4 | 5 | [options] 6 | rightsidebar = true 7 | -------------------------------------------------------------------------------- /themes/deis/topbar.html: -------------------------------------------------------------------------------- 1 |
    2 |
    3 |
    4 |

    5 |
    6 |
    7 | 8 | 28 | 29 |
    30 |
    31 |
    32 | 33 | 54 | --------------------------------------------------------------------------------