Deis Workflow 2.5 Release

9 Sep 2016

The best way to roll into the weekend is with fresh software, hot off the presses. The Deis Workflow team just merged the final charts for 2.5!

We've got a ton of functionality packed into 2.5, so hold on to your horses!

Workflow 2.5 includes initial support for Kubernetes Horizontal Pod Autoscaling. Which is not only a mouthful, but pretty neat to boot. Workflow 2.5's theme song is "Glassworks" by Philip Glass. I'm pretty sure this is what a Horizontal Pod Autoscaler would sound like if it made noise.

Cast scale at the darkness...

Setting a scaling policy for your application is straightforward. Policies are set per process-type, which allows developers to easily scale processes independently:

$ deis autoscale:set web --min=3 --max=8 --cpu-percent=75
Applying autoscale settings for process type web on scenic-icehouse... done

The Kubernetes HorizontalPodAutoscaler (HPA) does require CPU limits to be set for the application process type, so makes sure you set a limit:

$ deis limits:set web=250m -c
Applying limits... done

=== scenic-icehouse Limits

--- Memory
web     Unlimited

--- CPU
web     250m

Behind the scenes, the HorizontalPodAutoscaler (HPA) will spring into action, adding or removing pods so that the average CPU utilization of your application processes approach the CPU target.

There is a bit of nuance to the way HPAs work so spend a bit of time with the Kubernetes documentation on the algorithm.

Viewing and removing scaling policies are simple CLI commands as well:

$ deis autoscale:list
=== scenic-icehouse Autoscale

--- web:
Min Replicas: 3
Max Replicas: 8
CPU: 75%

$ deis autoscale:unset web
Removing autoscale for process type web on scenic-icehouse... done

Autoscaling in Workflow should be considered Alpha and we would love your feedback!

Build Result Caching

Thanks to community member @jeroenvisser101 the Workflow build system now caches build results. This change greatly speeds up the process on subsequent builds.

Enforce SSL Application by Application

Workflow 2.5 now allows developers to require TLS on a per-application basis. Instead of a global setting in the router (via router.deis.io/nginx.ssl.enforce), Workflow CLI has a few new tricks:

$ deis tls:enable -a spicy-icehouse
Enabling https-only requests for spicy-icehouse... done

Now, connections on port 80 for this application will be be redirected with HTTP status code 301 to the HTTPS version. Since this interaction occurs at the edge router, developers aren't required to use application middleware to enforce HTTPS.

To allow both HTTP and HTTPS traffic for an application (which is the default) use tls:disable:

$ deis tls:disable -a foo
Disabling https-only requests for foo... done

Application-specific IP Address Whitelisting

Developers and operators who need to control access to applications by IP address, Workflow 2.5 makes this process much easier!

Using the CLI developers may manage IP whitelisting per application:

$ deis whitelist:add 10.0.1.0/24,121.212.121.212 -a drafty-zaniness
Adding 10.0.1.0/24,121.212.121.212 to drafty-zaniness whitelist...done

$ deis whitelist:remove 121.212.121.212 -a drafty-zaniness
Removing 121.212.121.212 from drafty-zaniness whitelist... done

$ deis whitelist -a drafty-zaniness
=== drafty-zaniness Whitelisted Addresses
10.0.1.0/24

Adding a whitelist to an application automatically rejects connections from any un-listed address. Removing the last IP address from a whitelist returns the application to the default behavior, which accepts connections from any IP address.

Full Release Changelogs

Workflow 2.5 changes are now available in the Workflow documentation. No more crawling through GitHub repositories or past blog posts to learn about changes.

Up Next

Our next release is scheduled for September 28th, 2016. You can check out the 2.6 milestone on each of the component repositories, or take a gander at the Workflow Roadmap.

Posted in Workflow, Release, Announcement

triangle square circle

Did you enjoy this post?