UPDATE May 2021: Lovia Group is no longer using Unleash. For feature flags, we are using AWS AppConfig.
Unleash is a feature flag service, that is also provided by GitLab. GitLab is currently open sourcing the feature flags feature, and when it arrives in GitLab.com we will not need to host our own Unleash.
Unleash on Kubernetes
We deploy Unleash on our Kubernetes DO Singapore cluster. It requires PostgreSQL which can be set up as DigitalOcean Managed PostgreSQL database (unfortunately its CA is not publicly trusted). Unfortunately nimrodshn/unleash-helm is no longer maintained so we deploy Unleash manually.
PostgreSQL Preparation and Secrets
Workaround: Until unleash PR #585 is accepted, we use PostgreSQL helm chart instead of Managed DigitalOcean.
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install postgresql bitnami/postgresql --set persistence.size=1Gi
Create PostgreSQL instance (if not exists), create user “unleash”, then create the database “unleash” with that user.
CREATE USER unleash PASSWORD '***';
GRANT unleash TO doadmin;
CREATE DATABASE unleash OWNER unleash;
Save the JDBC URL secret in Kubernetes as unleash with keys postgresql-url.
apiVersion: v1
kind: Secret
metadata:
name: unleash
data:
postgresql-url: *BASE64 ENCODED postgres:// URL*
kubectl apply -f unleash-secret.yaml
Deploy Unleash DaemonSet
Ideally we could add CA certificate using Kubernetes ConfigMap, but this doesn’t work for Node.js. 🙁
Make the deployment unleash-server.yaml:
apiVersion: apps/v1
# https://www.magalix.com/blog/kubernetes-daemonsets-101
# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
kind: DaemonSet
metadata:
name: unleash-server-daemonset
spec:
selector:
matchLabels:
app: unleash-server
template:
metadata:
labels:
app: unleash-server
spec:
hostNetwork: true
containers:
- name: unleash-server
image: unleashorg/unleash-server:latest
imagePullPolicy: IfNotPresent
ports:
- protocol: TCP
name: http
containerPort: 4242
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_ENV
value: 'production'
# value: 'development'
- name: DATABASE_URL
#value: postgres://postgres:[email protected]/postgres
valueFrom:
secretKeyRef:
name: unleash
key: postgresql-url
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
nodeSelector:
kubernetes.io/hostname: pool-2gb-3ng5e
Open Firewall for Unleash only for our app server: (since Unleash is by default unsecured)
doctl compute firewall create --name unleash --inbound-rules "protocol:tcp,ports:4242,address:54.208.38.215" --tag-names=k8s:84a39cbd-ecbe-4dfd-86ea-2bc789ca5198
You can also add the Kubernetes cluster. For administration purposes, you may open the firewall temporarily for your own IP address.
Check DaemonSets:
kubectl get daemonset -o wide
Now you can manage feature toggles:
Unleash Client Libraries
https://docs.gitlab.com/ee/user/project/operations/feature_flags.html#client-libraries