Create a minimal Kubernetes charm

From Zero to Hero: Write your first Kubernetes charm > Create a minimal Kubernetes charm

See previous: Set up your development environment

As you already know from your knowledge of Juju, when you deploy a Kubernetes charm, the following things happen:

  1. The Juju controller provisions a pod with two containers, one for the Juju unit agent and the charm itself and one container for each application workload container that is specified in the containers field of a file in the charm that is called charmcraft.yaml.
  2. The same Juju controller injects Pebble – a lightweight, API-driven process supervisor – into each workload container and overrides the container entrypoint so that Pebble starts when the container is ready.
  3. When the Kubernetes API reports that a workload container is ready, the Juju controller informs the charm that the instance of Pebble in that container is ready. At that point, the charm knows that it can start communicating with Pebble.
  4. Typically, at this point the charm will make calls to Pebble so that Pebble can configure and start the workload and begin operations.

Note: In the past, the containers were specified in a metadata.yaml file, but the modern practice is that all charm specification is in a single charmcraft.yaml file.

All subsequent workload management happens in the same way – the Juju controller sends events to the charm and the charm responds to these events by managing the workload application in various ways via Pebble. The picture below illustrates all of this for a simple case where there is just one workload container.


Refresh your memory: Juju | Kubernetes deployment

As a charm developer, your first job is to use this knowledge to create the basic structure and content for your charm:

  • descriptive files (e.g., YAML configuration files like the charmcraft.yaml file mentioned above) that give Juju, Python, or Charmcraft various bits of information about your charm, and
  • executable files (like the src/charm.py file that we will see shortly) where you will use Ops-enriched Python to write all the logic of your charm.

Content:

  1. Set the basic information, requirements, and workload for your charm
  2. Define the charm initialisation and application services
  3. Add logger functionality
  4. Tell Charmcraft how to build your charm
  5. Validate your charm
  6. Review the final code

Set the basic information, requirements, and workload for your charm

Create a file called charmcraft.yaml. This is a file that describes metadata such as the charm name, purpose, environment constraints, workload containers, etc., in short, all the information that tells Juju what it can do with your charm.

Read more: File charmcraft.yaml

In this file, do all of the following:

First, add basic information about your charm:

name: demo-api-charm
title: |
  demo-fastapi-k8s
description: |
  This is a demo charm built on top of a small Python FastAPI server.
  This charm could be related to PostgreSQL charm and COS Lite bundle (Canonical Observability Stack).
summary: |
  FastAPI Demo charm for Kubernetes

Second, add an environment constraint assuming the latest major Juju version and a Kubernetes-type cloud:

assumes:
  - juju >= 3.1
  - k8s-api

Read more: assumes

Third, describe the workload container, as below. Below, demo-server is the name of the container, and demo-server-image is the name of its OCI image.

containers:
  demo-server:
    resource: demo-server-image

Read more: containers

Fourth, describe the workload container resources, as below. The name of the resource below, demo-server-image, is the one you defined above.

resources:
  # An OCI image resource for each container listed above.
  # You may remove this if your charm will run without a workload sidecar container.
  demo-server-image:
    type: oci-image
    description: OCI image from GitHub Container Repository
    # The upstream-source field is ignored by Juju. It is included here as a reference
    # so the integration testing suite knows which image to deploy during testing. This field
    # is also used by the 'canonical/charming-actions' Github action for automated releasing.
    upstream-source: ghcr.io/canonical/api_demo_server:1.0.1

Read more: resources

Define the charm initialisation and application services

Create a file called requirements.txt. This is a file that describes all the required external Python dependencies that will be used by your charm.

Read more: File requirements.txt

In this file, declare the ops dependency, as below. At this point you’re ready to start using constructs from the Ops library.

ops >= 2.11

Read more: Ops (ops)

Create a file called src/charm.py. This is the file that you will use to write all the Python code that you want your charm to execute in response to events it receives from the Juju controller.

Read more: src/charm.py

This file needs to be executable. One way you can do this is:

chmod a+x src/charm.py

In this file, do all of the following:

First, add a shebang to ensure that the file is directly executable. Then, import the ops package to access theCharmBase class and the main function. Next, use CharmBase to create a charm class FastAPIDemoCharm and then invoke this class in the main function of Ops. As you can see, a charm is a pure Python class that inherits from the CharmBase class of Ops and which we pass to the main function defined in the ops.main module.

#!/usr/bin/env python3

import ops

class FastAPIDemoCharm(ops.CharmBase):
    """Charm the service."""

    def __init__(self, framework: ops.Framework) -> None:
        super().__init__(framework)

if __name__ == "__main__":  # pragma: nocover
    ops.main(FastAPIDemoCharm)

Read more: CharmBase

Now, in the __init__ function of your charm class, use Ops constructs to add an observer for when the Juju controller informs the charm that the Pebble in its workload container is up and running, as below. As you can see, the observer is a function that takes as an argument an event and an event handler. The event name is created automatically by Ops for each container on the template <container>-pebble-ready. The event handler is a method in your charm class that will be executed when the event is fired; in this case, you will use it to tell Pebble how to start your application.

framework.observe(self.on.demo_server_pebble_ready, self._on_demo_server_pebble_ready)

Read more: <container>-pebble-ready

Generally speaking: A charm class is a collection of event handling methods. When you want to install, remove, upgrade, configure, etc., an application, Juju sends information to your charm. Ops translates this information into events and your job is to write event handlers

Pro tip: Use __init__ to hold references (pointers) to other Objects or immutable state only. That is because a charm is reinitialised on every event. See Talking to a workload: Control flow from A to Z.

Next, define the event handler, as follows:

We’ll use the ActiveStatus class to set the charm status to active. Note that almost everything you need to define your charm is in the ops package that you imported earlier - there’s no need to add additional imports.

Use ActiveStatus as well as further Ops constructs to define the event handler, as below. As you can see, what is happening is that, from the event argument, you extract the workload container object in which you add a custom layer. Once the layer is set you replan your service and set the charm status to active.

def _on_demo_server_pebble_ready(self, event: ops.PebbleReadyEvent)  -> None:
    """Define and start a workload using the Pebble API.

    Change this example to suit your needs. You'll need to specify the right entrypoint and
    environment configuration for your specific workload.

    Learn more about interacting with Pebble at at https://juju.is/docs/sdk/pebble
    Learn more about Pebble layers at
        https://canonical-pebble.readthedocs-hosted.com/en/latest/reference/layers
    """
    # Get a reference the container attribute on the PebbleReadyEvent
    container = event.workload
    # Add initial Pebble config layer using the Pebble API
    container.add_layer("fastapi_demo", self._pebble_layer, combine=True)
    # Make Pebble reevaluate its plan, ensuring any services are started if enabled.
    container.replan()
    # Learn more about statuses in the SDK docs:
    # https://juju.is/docs/sdk/status
    self.unit.status = ops.ActiveStatus()

The custom Pebble layer that you just added is defined in the self._pebble_layer property. Update this property to match your application, as follows:

In the __init__ method of your charm class, name your service to fastapi-service and add it as a class attribute :

self.pebble_service_name = "fastapi-service"

Finally, define the pebble_layer function as below. The command variable represents a command line that should be executed in order to start our application.

@property
def _pebble_layer(self) -> ops.pebble.Layer:
    """A Pebble layer for the FastAPI demo services."""
    command = ' '.join(
        [
            'uvicorn',
            'api_demo_server.app:app',
            '--host=0.0.0.0',
            '--port=8000',
        ]
    )
    pebble_layer: ops.pebble.LayerDict = {
        'summary': 'FastAPI demo service',
        'description': 'pebble config layer for FastAPI demo server',
        'services': {
            self.pebble_service_name: {
                'override': 'replace',
                'summary': 'fastapi demo',
                'command': command,
                'startup': 'enabled',
            }
        },
    }
    return ops.pebble.Layer(pebble_layer)

Read more: How to configure a Pebble layer

Add logger functionality

In the src/charm.py file, in the imports section, import the Python logging module and define a logger object, as below. This will allow you to read log data in juju.

import logging

# Log messages can be retrieved using juju debug-log
logger = logging.getLogger(__name__)

Read more: juju debug-log

Tell Charmcraft how to build your charm

In the same charmcraft.yaml file you created earlier, you need to describe all the information needed for Charmcraft to be able to pack your charm. In this file, do the following:

First, add the block below. This will identify your charm as a charm (as opposed to something else you might know from using Juju, namely, a bundle).

type: charm

Read more: type

Also add the block below. This declares that your charm will build and run charm on Ubuntu 22.04.

bases:
  - build-on:
    - name: ubuntu
      channel: "22.04"
    run-on:
    - name: ubuntu
      channel: "22.04"

Read more: bases

Aaaand that’s it! Time to validate your charm!

Pro tip: Once you’ve mastered the basics, you can speed things up by navigating to your empty charm project directory and running charmcraft init --profile kubernetes. This will create all the files above and more, along with helpful descriptor keys and code scaffolding.

Validate your charm

First, ensure that you are inside the Multipass Ubuntu VM, in the ~/fastapi-demo folder:

multipass shell charm-dev
cd ~/fastapi-demo

Now, pack your charm project directory into a .charm file, as below. This will produce a .charm file. In our case it was named demo-api-charm_ubuntu-22.04-amd64.charm; yours should be named similarly, though the name might vary slightly depending on your architecture.

charmcraft pack
# Packed demo-api-charm_ubuntu-22.04-amd64.charm

If packing failed - perhaps you forgot to make the charm.py executable earlier - you may need to run charmcraft clean before re-running charmcraft pack. charmcraft will generally detect when files have changed, but will miss only file attributes changing.

Did you know? A .charm file is really just a zip file of your charm files and code dependencies that makes it more convenient to share, publish, and retrieve your charm contents.

Deploy the .charm file, as below. Juju will create a Kubernetes StatefulSet named after your application with one replica.

juju deploy ./demo-api-charm_ubuntu-22.04-amd64.charm --resource \
     demo-server-image=ghcr.io/canonical/api_demo_server:1.0.1

If you’ve never deployed a local charm (i.e., a charm from a location on your machine) before:
As you may know, when you deploy a charm from Charmhub it is sufficient to run juju deploy <charm name>. However, to deploy a local charm you need to explicitly define a --resource parameter with the same resource name and resource upstream source as in the charmcraft.yaml.

Monitor your deployment:

juju status --watch 1s

When all units are settled down, you should see the output below, where 10.152.183.215 is the IP of the K8s Service and 10.1.157.73 is the IP of the pod.

Model        Controller           Cloud/Region        Version  SLA          Timestamp
welcome-k8s  tutorial-controller  microk8s/localhost  3.0.0    unsupported  13:38:19+01:00

App             Version  Status  Scale  Charm           Channel  Rev  Address         Exposed  Message
demo-api-charm           active      1  demo-api-charm             1  10.152.183.215  no       

Unit               Workload  Agent  Address      Ports  Message
demo-api-charm/0*  active    idle   10.1.157.73  

Now, validate that the app is running and reachable by sending an HTTP request as below, where 10.1.157.73 is the IP of our pod and 8000 is the default application port.

curl 10.1.157.73:8000/version

You should see a JSON string with the version of the application:

{"version":"1.0.0"}

Expand if you wish to inspect your deployment further
  1. Run:
kubectl get namespaces

You should see that Juju has created a namespace called welcome-k8s.

  1. Try:
kubectl -n welcome-k8s get pods

You should see that your application has been deployed in a pod that has 2 containers running in it, one for the charm and one for the application. The containers talk to each other via the Pebble API using the UNIX socket.

NAME                             READY   STATUS    RESTARTS        AGE
modeloperator-5df6588d89-ghxtz   1/1     Running   3 (7d2h ago)    13d
demo-api-charm-0                 2/2     Running   0               7d2h
  1. Check also:
kubectl -n welcome-k8s describe pod demo-api-charm-0

In the output you should see the definition for both containers. You’ll be able to verify that the default command and arguments for our application container (demo-server) have been displaced by the Pebble service. You should be able to verify the same for the charm container (charm).


Congratulations, you’ve successfully created a minimal Kubernetes charm!

Review the final code

For the full code see: 01_create_minimal_charm

For a comparative view of the code before and after our edits see: Comparison

See next: Make your charm configurable


Contributors: @abatisse, @beliaev-maksim, @dkazants, @maabujayyab, @mylesjp, @nsakkos, @orfeas-k, @ppasotti, @rsyring, @tony-meyer, @tmihoc

Where is this created?

@erik-lonroth Please note that is a doc in a series; things make more sense when you’ve read the docs before. PS The docs are unlisted because still work in progress. Things should be clearer once they’re published.

2 Likes

@tmihoc I’m totally game. I’m writing a translation on this for LXD as we speak and testing it for tomorrows workshop.

How can I transfer the material to you?

Pro tip: Try to make your __init__ method as lightweight as possible. The reason is because a charm is a stateless application, so the class is reinitialised on every event, so a heavy init could result in high load calls.

Not sure what ‘high load calls’ means here, and the whole paragraph is a bit ambiguous. I think the ‘keep your __init__ light’ is a good principle, but I’d argue for it differently.

Maybe I would instead recommend: use __init__ to hold references (pointers) to other objects (relation wrappers for example) or immutable state only: mutable state is confusing in a charm’s context, because, as you say, a fresh instance will be created at each hook execution, so the state’s lifetime is bound to that of a single event handler (or several, if you factor deferrals in, but let’s say only one ‘juju event’).

I don’t think charm runtime (including __init__ runtime) is ever a realistic concern, given how little time charm execution takes compared to the broader Juju thing. So long as the charm takes under ~30 seconds to return, you’re fine.

1 Like

I had to use --force flag to make this work. Here is what I have in the logs

2023-02-23 19:44:19.698 :: 2023-02-24 02:44:18.921 - entrypoint: The entrypoint file is not executable: '/root/prime/src/charm.py' (https://juju.is/docs/sdk/charmcraft-analyzers-and-linters#heading--entrypoint)
2023-02-23 19:44:19.698 :: 2023-02-24 02:44:18.921 Aborting due to lint errors (use --force to override).
2023-02-23 19:44:20.955 Failed to build charm for bases index '0'.
2023-02-23 19:44:20.963 Traceback (most recent call last):
2023-02-23 19:44:20.964   File "/snap/charmcraft/1171/lib/charmcraft/commands/build.py", line 376, in pack_charm_in_instance
2023-02-23 19:44:20.964     instance.execute_run(cmd, check=True, cwd=instance_output_dir)
2023-02-23 19:44:20.964   File "/snap/charmcraft/1171/lib/craft_providers/lxd/lxd_instance.py", line 289, in execute_run
2023-02-23 19:44:20.964     return self.lxc.exec(
2023-02-23 19:44:20.964   File "/snap/charmcraft/1171/lib/craft_providers/lxd/lxc.py", line 329, in exec
2023-02-23 19:44:20.964     return runner(final_cmd, **kwargs)  # pylint: disable=subprocess-run-check
2023-02-23 19:44:20.964   File "/snap/charmcraft/1171/usr/lib/python3.8/subprocess.py", line 516, in run
2023-02-23 19:44:20.964     raise CalledProcessError(retcode, process.args,
2023-02-23 19:44:20.964 subprocess.CalledProcessError: Command '['lxc', '--project', 'charmcraft', 'exec', 'local:charmcraft-demo-api-charm-258049-0-0-amd64', '--cwd', '/root/project', '--', 'env', 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin', 'CHARMCRAFT_MANAGED_MODE=1', 'charmcraft', 'pack', '--bases-index', '0', '--verbosity=brief']' returned non-zero exit status 2.

it says that there are some linting issues

have you checked that code is fine?

Code as is from the repo. It’s complaining about the entry point not being executable and I am wondering how does it end up checking for that? through permissions?

maybe by shebang ?

do you have it included in your python file? also might worth to check permissions

Why are not use charmcraft init?

I had it added and I chmod u+x the file. This seems to resolve the issue.

1 Like

we had to revert this idea because it was too confusing for the tutorial

@sergiusens, does charmcraft require executable python files in order to pack it? or maybe the issue is somewhere else and we just see a side effect?

I have the same entrypoint not executable error as noted above. I’ve made the entrypoint executable in my local directory but that has not resolved anything for me:

rsyring@meld:~/projects/charm-caddy$ chmod u+x src/charm.py 
rsyring@meld:~/projects/charm-caddy$ charmcraft pack
Packing the charm                                                                                                                                                                            
Lint Errors:                                                                                                                                                                                 
- entrypoint: The entrypoint file is not executable: '/root/prime/src/charm.py' (https://juju.is/docs/sdk/charmcraft-analyzers-and-linters#heading--entrypoint)                              
Aborting due to lint errors (use --force to override).                                                                                                                                       
Failed to build charm for bases index '0'.                                                                                                                                                   

Anyone have further ideas?

I ended up finding the answer at: https://github.com/canonical/charmcraft/issues/907#issuecomment-1289249016. It has to do with the packer not detecting that the file’s permissions have changed.

Option #1

charmcraft clean
charmcraft pack  # Works

Option #2

$ touch src/charm.py
4 Likes

There is a minor typo in the doc having the word class twice in a row:

1 Like

@beliaev-maksim Since src/charm.py file must be executable and contain shebang #!/usr/bin/env python3 in order to work I think this info needs to be explicitly added in to this tutorial. Based on my experience without setting charm.py to be executable charmcraft wan’t pack it and also if shebang is missing application does not start:

2023-06-12T14:13:59.097Z [container-agent] 2023-06-12 14:13:59 WARNING install ./src/charm.py: 1: from: not found 2023-06-12T14:13:59.098Z [container-agent] 2023-06-12 14:13:59 WARNING install ./src/charm.py: 2: from: not found 2023-06-12T14:13:59.100Z [container-agent] 2023-06-12 14:13:59 WARNING install ./src/charm.py: 3: from: not found 2023-06-12T14:13:59.100Z [container-agent] 2023-06-12 14:13:59 WARNING install ./src/charm.py: 4: from: not found 2023-06-12T14:13:59.100Z [container-agent] 2023-06-12 14:13:59 WARNING install ./src/charm.py: 5: import: not found 2023-06-12T14:13:59.100Z [container-agent] 2023-06-12 14:13:59 WARNING install ./src/charm.py: 8: Syntax error: “(” unexpected 2023-06-12T14:13:59.300Z [container-agent] 2023-06-12 14:13:59 ERROR juju.worker.uniter.operation runhook.go:167 hook “install” (via hook dispatching script: dispatch) failed: exit status 2 2023-06-12T14:13:59.301Z [container-agent] 2023-06-12 14:13:59 INFO juju.worker.uniter resolver.go:151 awaiting error resolution for “install” hook 2023-06-12T14:14:03.971Z [pebble] Check “readiness” failure 19 (threshold 3): received non-20x status code 418 2023-06-12T14:14:13.973Z [pebble] Check “readiness” failure 20 (threshold 3): received non-20x status code 418 2023-06-12T14:14:23.971Z [pebble] Check “readiness” failure 21 (threshold 3): received non-20x status code 418

1 Like

Thanks, will update! (Just ran into this issue myself earlier today.)

What I’m missing here is a) a definition of “local charm” and b) how to provide credentials for pulling a container image from a private registry.

On Kubernetes there is the concept of an ImagePullSecret to allow authenticating with a container registry. Is there a similar concept with charms, or what do you need to do to make your charm pull an image from a private registry?