The latest articles on DEV Community by Daniel Pepuho (@danielcristho). https://dev.to/danielcristho https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F694497%2Fe70913a8-75a3-48ab-981d-39b2ae24cccc.jpg https://dev.to/danielcristho en Daniel Pepuho Fri, 06 Feb 2026 05:55:38 +0000 https://dev.to/danielcristho/aws-eks-running-your-first-workload-using-aws-cdk-424g https://dev.to/danielcristho/aws-eks-running-your-first-workload-using-aws-cdk-424g <h2> TL;DR </h2> <p><strong>-</strong> Created an EKS cluster and deployed a workload using AWS CDK</p> <p><strong>-</strong> Separated stack between infrastructure and application</p> <p><strong>-</strong> Defined Kubernetes resources (ConfigMap, Deployment, Service) in code</p> <p><strong>-</strong> Learned why <code>cdk deploy --all</code> is often required to apply updates</p> <p>Now that we have a running EKS cluster created with AWS CDK, it’s time to deploy our first workload. In this post, we’ll define Kubernetes resources using AWS CDK, deploy a simple web workload to the cluster, and expose it so it can be accessed externally.</p> <p>This will give us a practical foundation before moving on to ingress, scaling, and Karpenter in later posts.</p> <h2> Defining Kubernetes manifests in CDK </h2> <p>By default, Kubernetes workloads are defined using <strong>YAML manifests and applied manually using <code>kubectl</code></strong>. While this approach works, it often leads to duplicated configuration, limited reusability, and infrastructure logic being scattered across multiple files.</p> <p>With AWS CDK, we can define Kubernetes resources directly in code and let CDK handle applying them to the cluster. Under the hood, CDK still talks to the Kubernetes API, but we gain the benefits of using a real programming language—such as structure, composition, and version control.</p> <p>BTW, our project structure should be like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>running-first-workloads/ ├── app.py ├── cdk.json ├── requirements.txt ├── eks │ ├── __init__.py │ └── eks_stack.py <span class="c"># 1. Create EKS cluster </span> ├── workloads │ ├── __init__.py │ └── running_first_workloads_stack.py <span class="c"># 2. Running workload</span> └── tests </code></pre> </div> <p><strong>-</strong> <code>eks/eks_stack.py</code></p> <p>Defines the core EKS infrastructure, including the VPC, EKS control plane, managed node group, and IAM access configuration. This stack is responsible only for the cluster itself.</p> <p><strong>-</strong> <code>workloads/running_first_workloads_stack.py</code></p> <p>Defines Kubernetes resources that run on top of the existing cluster. In this post, this includes the ConfigMap, Deployment, and Service for the Caddy web server.</p> <p><strong>-</strong> <code>app.py</code></p> <p>Acts as the entry point that wires the two stacks together. The EKS cluster created in <code>eks_stack.py</code> is passed into the workload stack, allowing workloads to be deployed without recreating the cluster.</p> <p>Now let’s do some work and start defining our first Kubernetes workload using AWS CDK inside <code>running_first_workloads_stack.py</code>.</p> <h3> Stack Definition and Constructor </h3> <p>We start by defining a new CDK stack class that accepts an existing EKS cluster as a parameter.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">RunningFirstWorkloadsStack</span><span class="p">(</span><span class="n">Stack</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">Construct</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">cluster</span><span class="p">:</span> <span class="n">eks</span><span class="p">.</span><span class="n">Cluster</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>Unlike the cluster stack, this stack does not create any AWS infrastructure. Instead, it receives a reference to an already running EKS cluster. This reference allows CDK to know <strong>where Kubernetes resources should be applied</strong>.</p> <p>For our first workload, we’ll deploy Caddy, a lightweight and modern web server. Caddy is a good fit for this example because it behaves like a real-world application component while remaining simple enough to focus on Kubernetes and CDK concepts rather than application logic.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwxfubpvg7ubz4g0goce1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwxfubpvg7ubz4g0goce1.png" alt="Caddy Logo" width="800" height="359"></a></p> <blockquote> <p>Image Source: Caddy Community</p> </blockquote> <ul> <li><p>A ConfigMap to store the Caddy configuration</p></li> <li><p>A Deployment to run the Caddy containers</p></li> <li><p>A Service to expose the application externally</p></li> </ul> <p>All of these resources are defined using <code>cluster.add_manifest()</code> in the workload stack. CDK takes care of applying the manifests to the cluster in the correct order, allowing us to focus on how the workload is structured rather than how it is manually deployed.</p> <p>Next, we’ll start by defining a ConfigMap to store the Caddy configuration.</p> <h3> ConfigMap: Storing the Caddy Config </h3> <p>Before running any containers, we need to define how Caddy should behave. Instead of embedding configuration directly into the container image, we store the configuration in a ConfigMap. This is a common Kubernetes pattern that keeps application configuration separate from the runtime environment.</p> <p>For this example, the configuration is intentionally minimal. We configure Caddy to listen on port 80 and return a simple HTTP response. This keeps the focus on how the workload is deployed, not on application logic. This ConfigMap will create an object named <code>caddy-config</code> that contains a <code>Caddyfile</code>. Caddy automatically reads its configuration from this file when it starts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="c1"># ConfigMap for Caddyfile </span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_manifest</span><span class="p">(</span> <span class="sh">"</span><span class="s">CaddyConfig</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">apiVersion</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">kind</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ConfigMap</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Caddyfile</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> :80 { respond </span><span class="sh">"</span><span class="s">Hello from Caddy v1</span><span class="sh">"</span><span class="s"> } </span><span class="sh">"""</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Deployment: Running the Containers </h3> <p>The next step is to run the application containers. In Kubernetes, this is done using a Deployment, which manages how pods are created, updated, and kept running.</p> <p>In this example, the Deployment is responsible for:</p> <p><strong>-</strong> Running the Caddy container image</p> <p><strong>-</strong> Mounting the ConfigMap as a volume</p> <p><strong>-</strong> Managing multiple replicas for availability<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="c1"># Caddy Deployment </span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_manifest</span><span class="p">(</span> <span class="sh">"</span><span class="s">CaddyDeployment</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">apiVersion</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">apps/v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">kind</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Deployment</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">spec</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">replicas</span><span class="sh">"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="sh">"</span><span class="s">selector</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">matchLabels</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">app</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="sh">"</span><span class="s">template</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">labels</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">app</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">annotations</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">configmap-reload-ts</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="nf">int</span><span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()))</span> <span class="p">}</span> <span class="p">},</span> <span class="sh">"</span><span class="s">spec</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">containers</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">image</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy:2</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ports</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">containerPort</span><span class="sh">"</span><span class="p">:</span> <span class="mi">80</span> <span class="p">}</span> <span class="p">],</span> <span class="sh">"</span><span class="s">volumeMounts</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">mountPath</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/etc/caddy</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="sh">"</span><span class="s">volumes</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">configMap</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>Let’s do some break down:</p> <p><strong>-</strong> <code>replicas: 2</code>: Runs two instances of the Caddy container, providing basic availability and allowing us to observe how Kubernetes distributes traffic.</p> <p><strong>-</strong> <code>container image</code>: Uses the official caddy:2 image</p> <p><strong>-</strong> <code>volumeMounts and volumes</code>: The ConfigMap created earlier is mounted into the container at <code>/etc/caddy</code>, which is where Caddy expects its configuration file by default.</p> <h3> Service: Exposing the Application </h3> <p>At this point, the Caddy pods are running perfectly fine inside the cluster—buuut from the outside world, they might as well not exist. You can <code>kubectl get pods</code> all day long, but your browser still won’t load anything.</p> <p>To make the application actually usable, we define a <strong>Service</strong>, which gives our pods a stable identity and a proper way to receive traffic.</p> <p>In this example, we use a Service of type <strong>LoadBalancer</strong>, which is the simplest way to expose an application externally on AWS.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="c1"># Service to expose Caddy </span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_manifest</span><span class="p">(</span> <span class="sh">"</span><span class="s">CaddyService</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">apiVersion</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">kind</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Service</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-service</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">spec</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">LoadBalancer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">selector</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">app</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">ports</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">port</span><span class="sh">"</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="sh">"</span><span class="s">targetPort</span><span class="sh">"</span><span class="p">:</span> <span class="mi">80</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>Once the Service is created, Kubernetes and AWS work together to expose the application. After a short delay, the Service will receive an external IP or DNS name that can be used to access Caddy from a browser or via <code>curl</code></p> <h2> Deploying the Stack (EKS Stack and Workload Stack) </h2> <p>Before we dive deeper, here is the full code for <code>eks_stack.py</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">Stack</span><span class="p">,</span> <span class="n">aws_eks</span> <span class="k">as</span> <span class="n">eks</span><span class="p">,</span> <span class="n">aws_ec2</span> <span class="k">as</span> <span class="n">ec2</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">aws_cdk.lambda_layer_kubectl_v32</span> <span class="kn">import</span> <span class="n">KubectlV32Layer</span> <span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="n">aws_iam</span> <span class="k">as</span> <span class="n">iam</span> <span class="kn">from</span> <span class="n">constructs</span> <span class="kn">import</span> <span class="n">Construct</span> <span class="k">class</span> <span class="nc">CdkEksStack</span><span class="p">(</span><span class="n">Stack</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">Construct</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="n">kubectl_layer</span> <span class="o">=</span> <span class="nc">KubectlV32Layer</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">KubectlLayer</span><span class="sh">"</span><span class="p">)</span> <span class="n">vpc</span> <span class="o">=</span> <span class="n">ec2</span><span class="p">.</span><span class="nc">Vpc</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksVpc</span><span class="sh">"</span><span class="p">,</span> <span class="n">max_azs</span><span class="o">=</span><span class="mi">2</span> <span class="c1"># AZ </span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">cluster</span> <span class="o">=</span> <span class="n">eks</span><span class="p">.</span><span class="nc">Cluster</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksCluster</span><span class="sh">"</span><span class="p">,</span> <span class="n">version</span><span class="o">=</span><span class="n">eks</span><span class="p">.</span><span class="n">KubernetesVersion</span><span class="p">.</span><span class="n">V1_32</span><span class="p">,</span> <span class="n">vpc</span><span class="o">=</span><span class="n">vpc</span><span class="p">,</span> <span class="n">default_capacity</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">kubectl_layer</span><span class="o">=</span><span class="n">kubectl_layer</span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">cluster</span><span class="p">.</span><span class="nf">add_nodegroup_capacity</span><span class="p">(</span> <span class="sh">"</span><span class="s">ManagedNodeGroup</span><span class="sh">"</span><span class="p">,</span> <span class="n">desired_size</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span> <span class="n">min_size</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">max_size</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span> <span class="n">instance_types</span><span class="o">=</span><span class="p">[</span><span class="n">ec2</span><span class="p">.</span><span class="nc">InstanceType</span><span class="p">(</span><span class="sh">"</span><span class="s">t3.medium</span><span class="sh">"</span><span class="p">)],</span> <span class="c1"># 2vcpu/4gi </span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">cluster</span><span class="p">.</span><span class="n">aws_auth</span><span class="p">.</span><span class="nf">add_user_mapping</span><span class="p">(</span> <span class="n">iam</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="nf">from_user_name</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">AdminUser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">&lt;YOUR_IAM&gt;</span><span class="sh">"</span> <span class="p">),</span> <span class="n">groups</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">system:masters</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <p>Also, the <code>running_first_workloads_stack.py</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">Stack</span><span class="p">,</span> <span class="n">aws_eks</span> <span class="k">as</span> <span class="n">eks</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">constructs</span> <span class="kn">import</span> <span class="n">Construct</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">class</span> <span class="nc">RunningFirstWorkloadsStack</span><span class="p">(</span><span class="n">Stack</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">Construct</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">cluster</span><span class="p">:</span> <span class="n">eks</span><span class="p">.</span><span class="n">Cluster</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">class</span> <span class="nc">RunningFirstWorkloadsStack</span><span class="p">(</span><span class="n">Stack</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">Construct</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">cluster</span><span class="p">:</span> <span class="n">eks</span><span class="p">.</span><span class="n">Cluster</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="c1"># ConfigMap for Caddyfile </span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_manifest</span><span class="p">(</span> <span class="sh">"</span><span class="s">CaddyConfig</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">apiVersion</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">kind</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ConfigMap</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Caddyfile</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> :80 { respond </span><span class="sh">"</span><span class="s">Hello from Caddy v2</span><span class="sh">"</span><span class="s"> } </span><span class="sh">"""</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="c1"># Caddy Deployment </span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_manifest</span><span class="p">(</span> <span class="sh">"</span><span class="s">CaddyDeployment</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">apiVersion</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">apps/v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">kind</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Deployment</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">spec</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">replicas</span><span class="sh">"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="sh">"</span><span class="s">selector</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">matchLabels</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">app</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="sh">"</span><span class="s">template</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">labels</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">app</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">annotations</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">configmap-reload-ts</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="nf">int</span><span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()))</span> <span class="p">}</span> <span class="p">},</span> <span class="sh">"</span><span class="s">spec</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">containers</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">image</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy:2</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ports</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">containerPort</span><span class="sh">"</span><span class="p">:</span> <span class="mi">80</span> <span class="p">}</span> <span class="p">],</span> <span class="sh">"</span><span class="s">volumeMounts</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">mountPath</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/etc/caddy</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="sh">"</span><span class="s">volumes</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">configMap</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-config</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="c1"># Service to expose Caddy </span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_manifest</span><span class="p">(</span> <span class="sh">"</span><span class="s">CaddyService</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">apiVersion</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">kind</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Service</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy-service</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">spec</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">LoadBalancer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">selector</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">app</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">caddy</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">ports</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">port</span><span class="sh">"</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="sh">"</span><span class="s">targetPort</span><span class="sh">"</span><span class="p">:</span> <span class="mi">80</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>And the last one, <code>app.py</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#!/usr/bin/env python3 </span><span class="kn">import</span> <span class="n">aws_cdk</span> <span class="k">as</span> <span class="n">cdk</span> <span class="kn">from</span> <span class="n">eks.eks_stack</span> <span class="kn">import</span> <span class="n">CdkEksStack</span> <span class="kn">from</span> <span class="n">workloads.running_first_workloads_stack</span> <span class="kn">import</span> <span class="n">RunningFirstWorkloadsStack</span> <span class="n">app</span> <span class="o">=</span> <span class="n">cdk</span><span class="p">.</span><span class="nc">App</span><span class="p">()</span> <span class="c1"># 1. Create EKS cluster stack </span><span class="n">eks_stack</span> <span class="o">=</span> <span class="nc">CdkEksStack</span><span class="p">(</span> <span class="n">app</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksStack</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># 2. Deploy workloads on top of the cluster </span><span class="nc">RunningFirstWorkloadsStack</span><span class="p">(</span> <span class="n">app</span><span class="p">,</span> <span class="sh">"</span><span class="s">RunningFirstWorkloadsStack</span><span class="sh">"</span><span class="p">,</span> <span class="n">cluster</span><span class="o">=</span><span class="n">eks_stack</span><span class="p">.</span><span class="n">cluster</span><span class="p">,</span> <span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="nf">synth</span><span class="p">()</span> </code></pre> </div> <h3> Listing Available Stacks </h3> <p>Before deploying, it’s often useful to see which stacks are defined in the application. You can list them using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk list </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fard4llmu8ku31ghrhkag.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fard4llmu8ku31ghrhkag.png" alt="CDK List" width="399" height="86"></a></p> <h3> Deploying All Stacks </h3> <p>Since the workload stack depends on the EKS stack, the simplest approach is to deploy all stacks at once:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk deploy <span class="nt">--all</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5t6jccchdv2urbi234ez.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5t6jccchdv2urbi234ez.png" alt="CDK Deploy" width="800" height="290"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fku90shadmkai9oetdxi0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fku90shadmkai9oetdxi0.png" alt="CDK Deploy" width="800" height="267"></a></p> <p>CDK will:</p> <p><strong>-</strong> Deploy the EKS infrastructure first</p> <p><strong>-</strong> Wait for the cluster to become available</p> <p><strong>-</strong> Apply the Kubernetes manifests defined in the workload stack</p> <h3> Deploying a Single Stack </h3> <p>If you want to deploy only a specific stack, you can target it by name:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk deploy EksStack or <span class="nv">$ </span>cdk deploy RunningFirstWorkloadsStack </code></pre> </div> <h2> Verify Deployment </h2> <p>Once the deployment is complete, let's see that the workload is running correctly using Kubernetes commands.</p> <p>First, let’s check the pods:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqffkuar5h25zua5k27q2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqffkuar5h25zua5k27q2.png" alt="List pods" width="800" height="118"></a></p> <p>Both pods are in the Running state and ready, which means the Caddy containers started successfully and are using the configuration provided via the <code>ConfigMap</code>.</p> <p>Next, let’s check the Service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get svc </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnflin3eb1roqk0tmr6yb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnflin3eb1roqk0tmr6yb.png" alt="Get services" width="800" height="86"></a></p> <p>Here we can see that the <code>caddy-service</code> has been assigned an external endpoint by AWS. This means the load balancer is ready and traffic can now reach the application from outside the cluster.</p> <h3> Accessing the Application </h3> <p>Copy the value from the <strong>EXTERNAL-IP</strong> column and open it in your browser, or use curl:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr3oybgjabz7zjr5vgbhz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr3oybgjabz7zjr5vgbhz.png" alt="Curl external url" width="800" height="271"></a></p> <p>At this point, the workload is fully deployed and accessible.</p> <h3> Make Changes </h3> <p>To see how changes are applied, let’s update the Caddy configuration. We’ll modify the <code>response</code> in the Caddyfile from v1 to v2:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>respond <span class="s2">"Hello from Caddy v1"</span> -&gt; respond <span class="s2">"Hello from Caddy v2"</span> </code></pre> </div> <p>First, try deploying only the workload stack:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk deploy RunningFirstWorkloadsStack </code></pre> </div> <p>At first glance, this looks like the correct approach—after all, only the workload code has changed. However, after the deployment completes, nothing appears to have changed:</p> <p><strong>-</strong> The running pods are still the same</p> <p><strong>-</strong> No rolling update is triggered</p> <p><strong>-</strong> The application response still returns Hello from Caddy v1</p> <p>In other words, from the cluster’s point of view, the workload has not been updated.</p> <h4> Why Didn’t This Work? </h4> <p>Although the <code>ConfigMap</code> content changed in code, Kubernetes manifests defined using <code>cluster.add_manifest()</code> are applied through a custom resource backed by the EKS stack. When deploying only the workload stack, CDK may determine that there are no CloudFormation-level changes that require reapplying the manifests.</p> <p>As a result, the Kubernetes provider is not re-invoked, and the updated configuration is never applied to the cluster.</p> <p>Next, we deploy all stacks together:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk deploy <span class="nt">--all</span> </code></pre> </div> <p>This time, the behavior is different:</p> <p><strong>-</strong> The EKS stack is re-evaluated</p> <p><strong>-</strong> The Kubernetes provider is refreshed</p> <p><strong>-</strong> The updated manifests are applied to the cluster</p> <p><strong>-</strong> A rolling update is triggered on the Deployment</p> <p><strong>-</strong> New pods are created with the updated configuration</p> <p>After the rollout completes, the application now responds with:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fho7x9phqjhj8mxjlcxx8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fho7x9phqjhj8mxjlcxx8.png" alt="Changes to v2" width="800" height="171"></a></p> <h2> What’s next </h2> <p>At this point, we’ve successfully deployed a workload to EKS using AWS CDK. We defined Kubernetes resources in code, deployed them through CDK, exposed the application externally, and verified that updates can be rolled out predictably.</p> <p>This setup it’s still just the beginning.</p> <p>In the next posts, we’ll continue building on top of this foundation by exploring more production-oriented patterns, including:</p> <p><strong>-</strong> CDK for more<br> <strong>-</strong> Ingress<br> <strong>-</strong> Autoscaling with Karpenter</p> <p>Each of these topics will build directly on the cluster and workload we’ve created, moving the setup closer to a production-ready environment.</p> <p>Aight, thanks for taking the time read this post. Here is the full code of this post:</p> <p><a href="https://github.com/danielcristho/that-i-write/tree/main/eks-cdk/running-first-workloads" rel="noopener noreferrer">danielcristho/that-i-write/running-first-workloads</a></p> aws python kubernetes tutorial Daniel Pepuho Wed, 28 Jan 2026 08:33:53 +0000 https://dev.to/danielcristho/aws-eks-create-your-first-cluster-using-aws-cdk-fg2 https://dev.to/danielcristho/aws-eks-create-your-first-cluster-using-aws-cdk-fg2 <h2> TL;DR </h2> <p><strong>-</strong> Create an EKS cluster using AWS CDK Python</p> <p><strong>-</strong> Provision infrastructure via AWS CloudFormation</p> <p><strong>-</strong> The setup includes a VPC, EKS control plane, and a managed EC2 node group</p> <p><strong>-</strong> Configure IAM access to use <code>kubectl</code></p> <p><strong>-</strong> Verify the cluster and clean up resources when done</p> <h2> Introduction </h2> <p>About 2 years ago, I’ve been using AWS CDK to manage infrastructure, mostly for smaller workloads like deploying APIs on AWS Lambda. You can see the repo here: <a href="https://github.com/danielcristho/cdk-go-simple-restapi" rel="noopener noreferrer">cdk-go-simple-restapi</a>. This year, I want to take it a step further by using AWS CDK to create and manage an AWS EKS cluster.</p> <p>I’ll be writing a short series of posts around this topic, starting with the basics. In this first post we’ll focus on building a minimal EKS cluster using AWS CDK as the foundation for the next parts of the series.</p> <h2> Why AWS CDK for EKS? </h2> <p>Amazon EKS already provides multiple ways to create and manage clusters, from the AWS Console to CloudFormation and Terraform. However, when infrastructure starts to grow in complexity, the way it’s defined and maintained becomes just as important as the resources themselves.</p> <p>CDK allows you to define infrastructure using familiar programming languages. Instead of managing large YAML or JSON templates, you work with code—loops, conditions, and abstractions included. This makes infrastructure easier to reason about, review, and evolve over time. According to the documentation, AWS CDK supports multiple languages such as Python, Go, TypeScript, JavaScript, and C#</p> <p>For EKS specifically, the kit provides higher-level constructs that abstract away a lot of the boilerplate required to get a cluster running. Networking, IAM roles, and node groups can be defined in a few lines of code while still allowing you to customize the parts that matter.</p> <h2> How AWS CDK Works with Amazon EKS </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnefzb4h0nso440i0ose.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnefzb4h0nso440i0ose.png" alt="How CDK works with EKS" width="800" height="200"></a></p> <p>The diagram above shows us how CDK interacts with AWS services when creating an Amazon EKS cluster.</p> <p>Everything starts from your CDK application (stack), where infrastructure is defined using a programming language such as Go, TypeScript, or Python. At this stage, no AWS resources are created yet. When you run <code>cdk synth</code>, AWS CDK translates your code into a standard AWS CloudFormation template.</p> <p>This CloudFormation template is then deployed using <code>cdk deploy</code>. At this point, AWS CloudFormation becomes responsible for provisioning the infrastructure. It creates all required AWS resources, including the VPC, IAM roles, the EKS control plane, and the managed node group. <strong>AWS CDK itself does not bypass CloudFormation, it simply acts as a higher-level abstraction on top of it</strong>.</p> <p>Once CloudFormation finishes, the Amazon EKS cluster is fully provisioned and exposes a Kubernetes control plane backed by AWS-managed infrastructure. From this point forward, the cluster behaves like a standard Kubernetes cluster.</p> <p>Optionally, the CDK can also interact with the Kubernetes API to manage workloads, such as applying Kubernetes manifests or deploying Helm charts. This step usually happens after the cluster is ready and is covered in later parts of this series.</p> <h2> Setup </h2> <p>In this series, all AWS CDK examples will be written in Python.<br> While AWS CDK supports multiple languages such as TypeScript and Go, the underlying concepts and constructs remain the same regardless of the language used.</p> <h3> Prerequisites </h3> <ul> <li> <p><strong>AWS account and configured AWS CLI</strong></p> <p>An active AWS account with permissions to create EKS, VPC, IAM, and CloudFormation resources. Installed and configured with valid credentials (<code>aws configure</code>).</p> </li> <li> <p><strong>Python 3.10+</strong></p> <p>Used for writing the AWS CDK application in this series.</p> </li> <li> <p><strong>AWS CDK installed</strong></p> <p>Installed globally via npm:<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>npm <span class="nb">install</span> <span class="nt">-g</span> aws-cdk </code></pre> </li> <li> <p><strong>kubectl installed</strong></p> <p>Used to interact with the EKS cluster once it is created.</p> </li> </ul> <p>Notes</p> <ul> <li><p>This post focuses on creating the EKS cluster. No Kubernetes workloads are deployed yet.</p></li> <li><p>Make sure your AWS credentials have sufficient permissions before running cdk deploy, as EKS provisioning may take several minutes.</p></li> </ul> <h3> Project Initialization </h3> <p>We’ll start by creating a new AWS CDK project using Python. AWS CDK provides a project template that sets up the basic structure, dependencies, and configuration needed to get started.</p> <p>First, create a new directory and initialize a CDK app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir </span>cdk-eks <span class="nv">$ </span><span class="nb">cd </span>cdk-eks <span class="nv">$ </span>cdk init app <span class="nt">--language</span> python </code></pre> </div> <p>This command generates a basic project structure for a Python-based CDK application. The output after you run <code>cdk init</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Applying project template app <span class="k">for </span>python <span class="c"># Welcome to your CDK Python project!</span> This is a blank project <span class="k">for </span>CDK development with Python. The <span class="sb">`</span>cdk.json<span class="sb">`</span> file tells the CDK Toolkit how to execute your app. ... Enjoy! Executing Creating virtualenv... Executing Installing dependencies... ✅ All <span class="k">done</span><span class="o">!</span> </code></pre> </div> <p>After initialization, you should see a structure similar to this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">.</span> ├── app.py ├── cdk_eks │   ├── cdk_eks_stack.py │   └── __init__.py ├── cdk.json ├── README.md ├── requirements-dev.txt ├── requirements.txt ├── source.bat └── tests ├── __init__.py └── unit </code></pre> </div> <p><strong>-</strong> <code>app.py</code></p> <p>The entry point of the CDK application. This is where the stack is instantiated.</p> <p><strong>-</strong> <code>cdk_eks_stack.py</code></p> <p>Contains the definition of the CDK stack where we’ll define the EKS cluster.</p> <p><strong>-</strong> <code>requirements.txt</code></p> <p>Python dependencies for the CDK app.</p> <p><strong>-</strong> <code>cdk.json</code></p> <p>CDK configuration file, including the command used to run the app.</p> <p><strong>-</strong> <code>tests/</code></p> <p>A placeholder for unit tests, which we’ll use in a later post.</p> <p><strong>1. Install Dependencies</strong></p> <p>Before writing any code, activate the Python virtual environment and install the dependencies. BTW, you need add this one to your <code>requirements.txt</code>: <code>aws-cdk.lambda-layer-kubectl-v34</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">source</span> .venv/bin/activate <span class="nv">$ </span>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <p>Keeping dependencies isolated using a virtual environment helps avoid version conflicts and keeps the project reproducible.</p> <p><strong>2. Run Bootsrap</strong></p> <p>If this is your first time using AWS CDK in the selected AWS account and region, you’ll need to bootstrap the environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk bootstrap </code></pre> </div> <p>This command creates the necessary resources in your AWS account that CDK requires to deploy stacks.</p> <p>At this point, the project is ready, and we can start defining the EKS cluster using AWS CDK.</p> <h3> Creating the EKS Cluster </h3> <p>In this section, we’ll define a minimal EKS cluster using AWS CDK. The goal is not to build a production-ready cluster yet, but to create a foundation that we can extend in later posts.</p> <p>All changes will be made inside the CDK stack file</p> <p><strong>1.</strong> Import Required Modules</p> <p>Open <code>cdk_eks/cdk_eks_stack.py</code> and start by importing the required CDK modules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">Stack</span><span class="p">,</span> <span class="n">aws_eks</span> <span class="k">as</span> <span class="n">eks</span><span class="p">,</span> <span class="n">aws_ec2</span> <span class="k">as</span> <span class="n">ec2</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">aws_cdk.lambda_layer_kubectl_v32</span> <span class="kn">import</span> <span class="n">KubectlV32Layer</span> <span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="n">aws_iam</span> <span class="k">as</span> <span class="n">iam</span> <span class="kn">from</span> <span class="n">constructs</span> <span class="kn">import</span> <span class="n">Construct</span> </code></pre> </div> <p>We’ll use:</p> <ul> <li><p><code>ec2</code> for networking (VPC)</p></li> <li><p><code>eks</code> for creating the EKS cluster and its node groups</p></li> </ul> <p><strong>2.</strong> Define the VPC</p> <p>EKS requires a VPC. For simplicity, we’ll let CDK create one for us:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">CdkEksStack</span><span class="p">(</span><span class="n">Stack</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">Construct</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="n">kubectl_layer</span> <span class="o">=</span> <span class="nc">KubectlV32Layer</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">KubectlLayer</span><span class="sh">"</span><span class="p">)</span> <span class="n">vpc</span> <span class="o">=</span> <span class="n">ec2</span><span class="p">.</span><span class="nc">Vpc</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksVpc</span><span class="sh">"</span><span class="p">,</span> <span class="n">max_azs</span><span class="o">=</span><span class="mi">2</span> <span class="c1"># AZ </span> <span class="p">)</span> </code></pre> </div> <p>This creates a basic VPC across two Availability Zones, which is sufficient for a minimal cluster.</p> <p><strong>3.</strong> Create the EKS Cluster</p> <p>Next, we define the EKS cluster itself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">cluster</span> <span class="o">=</span> <span class="n">eks</span><span class="p">.</span><span class="nc">Cluster</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksCluster</span><span class="sh">"</span><span class="p">,</span> <span class="n">version</span><span class="o">=</span><span class="n">eks</span><span class="p">.</span><span class="n">KubernetesVersion</span><span class="p">.</span><span class="n">V1_32</span><span class="p">,</span> <span class="n">vpc</span><span class="o">=</span><span class="n">vpc</span><span class="p">,</span> <span class="n">default_capacity</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">kubectl_layer</span><span class="o">=</span><span class="n">kubectl_layer</span> <span class="p">)</span> </code></pre> </div> <p>A few important points:</p> <ul> <li><p>Kubernetes version is explicitly set to avoid unexpected upgrades.</p></li> <li><p><code>default_capacity=0</code> disables the default node group so we can define our own.</p></li> </ul> <p><strong>4.</strong> Add a Managed Node Group</p> <p>Now we add a managed node group to run workloads:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">cluster</span><span class="p">.</span><span class="nf">add_nodegroup_capacity</span><span class="p">(</span> <span class="sh">"</span><span class="s">ManagedNodeGroup</span><span class="sh">"</span><span class="p">,</span> <span class="n">desired_size</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span> <span class="n">min_size</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">max_size</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span> <span class="n">instance_types</span><span class="o">=</span><span class="p">[</span><span class="n">ec2</span><span class="p">.</span><span class="nc">InstanceType</span><span class="p">(</span><span class="sh">"</span><span class="s">t3.medium</span><span class="sh">"</span><span class="p">)],</span> <span class="p">)</span> </code></pre> </div> <p>This creates:</p> <ul> <li><p>A managed EC2-based node group</p></li> <li><p>Autoscaling between 1 and 3 nodes</p></li> <li><p>Instance type for testing</p></li> </ul> <p><strong>5.</strong> Add IAM</p> <p>By default, creating an EKS cluster with AWS CDK does not automatically grant Kubernetes access to the IAM identity used to deploy the stack. While the control plane and node group roles are configured, additional IAM-to-Kubernetes RBAC mapping is required to access the cluster using kubectl.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">cluster</span><span class="p">.</span><span class="n">aws_auth</span><span class="p">.</span><span class="nf">add_user_mapping</span><span class="p">(</span> <span class="n">iam</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="nf">from_user_name</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">AdminUser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">&lt;REPLACE_WITH_YOUR_IAM&gt;</span><span class="sh">"</span> <span class="p">),</span> <span class="n">groups</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">system:masters</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <p>Or using Role<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">cluster</span><span class="p">.</span><span class="n">aws_auth</span><span class="p">.</span><span class="nf">add_role_mapping</span><span class="p">(</span> <span class="n">iam</span><span class="p">.</span><span class="n">Role</span><span class="p">.</span><span class="nf">from_role_name</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksAdminRole</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">&lt;REPLACE_WITH_YOUR_ROLE&gt;</span><span class="sh">"</span> <span class="p">),</span> <span class="n">groups</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">system:masters</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <p>Here is the full code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">Stack</span><span class="p">,</span> <span class="n">aws_eks</span> <span class="k">as</span> <span class="n">eks</span><span class="p">,</span> <span class="n">aws_ec2</span> <span class="k">as</span> <span class="n">ec2</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">aws_cdk.lambda_layer_kubectl_v32</span> <span class="kn">import</span> <span class="n">KubectlV32Layer</span> <span class="kn">from</span> <span class="n">aws_cdk</span> <span class="kn">import</span> <span class="n">aws_iam</span> <span class="k">as</span> <span class="n">iam</span> <span class="kn">from</span> <span class="n">constructs</span> <span class="kn">import</span> <span class="n">Construct</span> <span class="k">class</span> <span class="nc">CdkEksStack</span><span class="p">(</span><span class="n">Stack</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">Construct</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="n">construct_id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="n">kubectl_layer</span> <span class="o">=</span> <span class="nc">KubectlV32Layer</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">KubectlLayer</span><span class="sh">"</span><span class="p">)</span> <span class="n">vpc</span> <span class="o">=</span> <span class="n">ec2</span><span class="p">.</span><span class="nc">Vpc</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksVpc</span><span class="sh">"</span><span class="p">,</span> <span class="n">max_azs</span><span class="o">=</span><span class="mi">2</span> <span class="p">)</span> <span class="n">cluster</span> <span class="o">=</span> <span class="n">eks</span><span class="p">.</span><span class="nc">Cluster</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">EksCluster</span><span class="sh">"</span><span class="p">,</span> <span class="n">version</span><span class="o">=</span><span class="n">eks</span><span class="p">.</span><span class="n">KubernetesVersion</span><span class="p">.</span><span class="n">V1_32</span><span class="p">,</span> <span class="n">vpc</span><span class="o">=</span><span class="n">vpc</span><span class="p">,</span> <span class="n">default_capacity</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">kubectl_layer</span><span class="o">=</span><span class="n">kubectl_layer</span> <span class="p">)</span> <span class="n">cluster</span><span class="p">.</span><span class="nf">add_nodegroup_capacity</span><span class="p">(</span> <span class="sh">"</span><span class="s">ManagedNodeGroup</span><span class="sh">"</span><span class="p">,</span> <span class="n">desired_size</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span> <span class="n">min_size</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">max_size</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span> <span class="n">instance_types</span><span class="o">=</span><span class="p">[</span><span class="n">ec2</span><span class="p">.</span><span class="nc">InstanceType</span><span class="p">(</span><span class="sh">"</span><span class="s">t3.medium</span><span class="sh">"</span><span class="p">)],</span> <span class="p">)</span> <span class="n">cluster</span><span class="p">.</span><span class="n">aws_auth</span><span class="p">.</span><span class="nf">add_user_mapping</span><span class="p">(</span> <span class="n">iam</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="nf">from_user_name</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">AdminUser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">&lt;YOUR_IAM&gt;</span><span class="sh">"</span> <span class="p">),</span> <span class="n">groups</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">system:masters</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <p>At this point, our CDK stack defines:</p> <ul> <li><p>A VPC</p></li> <li><p>An EKS control plane</p></li> <li><p>A managed node group for worker nodes</p></li> </ul> <p>All of this is defined as code and will be provisioned via CloudFormation.</p> <p><strong>5</strong> Synthesize the Stack</p> <p>Before deploying, it’s a good idea to check what CDK will generate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk synth </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk synth 2&gt;&amp;1 | <span class="nb">head</span> <span class="nt">-50</span> Resources: KubectlLayer600207B5: Type: AWS::Lambda::LayerVersion Properties: Content: S3Bucket: Fn::Sub: cdk-hnb659fds-assets-<span class="k">${</span><span class="nv">AWS</span>::AccountId<span class="k">}</span>-<span class="k">${</span><span class="nv">AWS</span>::Region<span class="k">}</span> S3Key: cc5bb5a423d0f1ccbfa20b3016434049b477f393e38ad2be0e8cba029f2a2373.zip Description: /opt/kubectl/kubectl 1.32.3<span class="p">;</span> /opt/helm/helm 3.17.2 LicenseInfo: Apache-2.0 ... </code></pre> </div> <p>This command outputs the CloudFormation template that will be used to create the EKS cluster.</p> <h3> Deploying the Stack </h3> <p>With the stack definition in place, we can now deploy the EKS cluster using AWS CDK. This step will trigger AWS CloudFormation to provision all required resources.</p> <p><strong>1.</strong> Deploy the Stack</p> <p>Run the following command from the project root:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk deploy </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4mbyz9t6es9bifdn1qxc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4mbyz9t6es9bifdn1qxc.png" alt="Deployment" width="800" height="378"></a></p> <p>During deployment, CDK will:</p> <ul> <li><p>Package and upload assets (if any)</p></li> <li><p>Create or update the CloudFormation stack</p></li> <li><p>Provision AWS resources such as the VPC, IAM roles, EKS control plane, and managed node group</p></li> </ul> <p>You’ll be prompted to confirm the deployment, as the stack creates IAM roles and other security-related resources. Review the changes and approve the deployment when prompted.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foblkxdb3um5ob3f7cat4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foblkxdb3um5ob3f7cat4.png" alt="CDK Deploy" width="800" height="322"></a></p> <h3> Verifying the Cluster </h3> <p>After the deployment completes, the next step is to verify that the EKS cluster has been created successfully and is in a healthy state.</p> <p>At this point, you should see a CloudFormation stack created by AWS CDK in the AWS Console.<br> This stack represents all resources defined in the CDK application, including the VPC, IAM roles, EKS control plane, and the managed node group.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fipncjwqhydm19t8em75s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fipncjwqhydm19t8em75s.png" alt="CDK CloudFormation stack" width="800" height="142"></a></p> <p>The stack status should be <strong>CREATE_COMPLETE</strong>, indicating that all resources were provisioned without errors. This also reinforces that AWS CDK relies on CloudFormation as the underlying provisioning engine.</p> <p>Next, navigate to the Amazon EKS console. You should see the newly created cluster listed and marked as Active.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0gpxqqay0u2ax8t1ej6f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0gpxqqay0u2ax8t1ej6f.png" alt="EKC Cluster" width="800" height="142"></a></p> <p><strong>1.</strong> Accessing the Cluster with kubectl</p> <p>To interact with the cluster, update your kubeconfig:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>aws eks update-kubeconfig <span class="nt">--name</span> &lt;cluster-name&gt; <span class="nt">--region</span> &lt;region&gt; </code></pre> </div> <p>Once configured, verify that the nodes are registered:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get nodes </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fju5xt6lfw3ddwurc5tjy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fju5xt6lfw3ddwurc5tjy.png" alt="kubectl get nodes" width="800" height="146"></a></p> <h3> Cleaning Up Resources </h3> <p>This command deletes the CloudFormation stack and all resources created by AWS CDK, including the EKS cluster, node groups, and networking components.<br> Since EKS is not covered by the AWS free tier, it’s recommended to clean up resources when they are no longer needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>cdk destroy </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjynt9073i5uk6sd88ysi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjynt9073i5uk6sd88ysi.png" alt="Stack Destroy" width="800" height="228"></a></p> <h2> What’s Next? </h2> <p>At this point, we have a fully functional Amazon EKS cluster created and managed using AWS CDK. The cluster is accessible via kubectl, the node group is running, and IAM access has been configured correctly. This gives us a foundation, but so far, the cluster is still empty.</p> <p>In the next post, we’ll move beyond infrastructure and start running actual workloads on this cluster. Instead of applying raw Kubernetes YAML files manually, we’ll use AWS CDK to deploy workloads in a more structured and repeatable way.</p> <p>Aight, thanks for taking the time read this post. Here is the full code of this post:</p> <p><a href="https://github.com/danielcristho/that-i-write/tree/main/eks-cdk/create-kube-cluster" rel="noopener noreferrer">danielcristho/that-i-write/create-kube-cluster</a></p> aws kubernetes python tutorial Daniel Pepuho Wed, 17 Dec 2025 18:45:40 +0000 https://dev.to/danielcristho/exploring-logging-in-caddy-adb https://dev.to/danielcristho/exploring-logging-in-caddy-adb <p>At some point, I realized that <strong><em>‘it works’</em></strong> is not enough. I need to know <strong><em>how it works</em></strong> too.”</p> <p>When something slows down or fails, the question is no longer <strong><em>“is the service running?”</em></strong> but:</p> <p><strong>-</strong> Which component handled this request?</p> <p><strong>-</strong> How long did it take?</p> <p><strong>-</strong> Did the proxy retry or switch upstreams?</p> <p><strong>Without clear answers, even a simple issue can turn into a long time debugging😆. This is where logging stops being a checkbox feature and starts becoming a core part of system design.</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fevaxa1ig6lh41stjpxfw.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fevaxa1ig6lh41stjpxfw.jpg" alt="Logs Meme" width="600" height="546"></a></p> <h2> Why Default Logs Are Not Enough? </h2> <p>By default, Caddy already gives you access logs. They show incoming requests, response status codes, and basic metadata. For simple setups, that might be sufficient.</p> <p>But once a system grows even slightly those logs start to fall short.</p> <p>The first issue is noise. Default logs tend to mix everything together: health checks, internal probes, real user traffic. Important signals get buried under routine requests.</p> <p>The second issue is missing context. When a request goes through a reverse proxy with load balancing, the most interesting part is often not the request itself, but what happens behind the scenes:</p> <p><strong>-</strong> How long did the upstream take to respond?</p> <p><strong>-</strong> Was there a retry or a fallback?</p> <p>Without this information, debugging becomes guesswork. A 502 response tells you that something failed, but not where or why.</p> <p><strong>This post explores how to make Caddy logs actually useful especially in a Dockerized setup with reverse proxying and load-balanced Go APIs.</strong></p> <h2> Understanding Caddy Logging Model </h2> <p>Like most web servers, Caddy separates access logs from error logs. <strong>Access logs tell you what happened to a request</strong>. <strong>Error logs tell you why something went wrong</strong>.</p> <p><strong>1.</strong> Access Logs</p> <p>Access logs describe the lifecycle of an incoming request:</p> <p><strong>-</strong> who made the request</p> <p><strong>-</strong> what was requested</p> <p><strong>-</strong> how the server responded</p> <p><strong>-</strong> how long it took</p> <p>This is where most operational insights come from. When properly configured, access logs can tell you:</p> <p><strong>-</strong> which upstream handled a request</p> <p><strong>-</strong> how traffic is distributed</p> <p><strong>-</strong> where latency is introduced</p> <p><strong>2.</strong> Error Logs</p> <p>Error logs focus on failures and exceptional cases:</p> <p><strong>-</strong> upstream connection errors</p> <p><strong>-</strong> timeouts</p> <p><strong>-</strong> TLS or protocol issues</p> <p>These logs are usually quieter, but they become critical when things break. They complement access logs by explaining why a request failed, not just that it failed.</p> <h2> Enabling JSON Access Logs </h2> <p>For this setup, I’m using a simple Go application as the backend worker. Each instance responds with its hostname, making it easy to see how requests are distributed by the load balancer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">hostname</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Hostname</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"Hello from %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">hostname</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>The full load-balancing setup, Caddy in front of three Go workers running in Docker has already been covered in a previous post.<br> If you need the full context, you can refer to here:</p> <p><a href="https://danielcristho.site/blog/go-caddy-load-balancer#the-project-setup" rel="noopener noreferrer">https://danielcristho.site/blog/go-caddy-load-balancer#the-project-setup</a></p> </blockquote> <h3> Logging in a Docker-Based Load Balancer </h3> <p>When running Caddy inside Docker, the most practical logging strategy is to write logs to <code>stdout</code> and let Docker handle log collection.</p> <p>When you first run the stack:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> <span class="nv">$ </span>docker logs load_balancer </code></pre> </div> <p>You’ll mostly see logs like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5864136,<span class="s2">"msg"</span>:<span class="s2">"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.586685,<span class="s2">"msg"</span>:<span class="s2">"GOMEMLIMIT is updated"</span>,<span class="s2">"package"</span>:<span class="s2">"github.com/KimMachineGun/automemlimit/memlimit"</span>,<span class="s2">"GOMEMLIMIT"</span>:16911289958,<span class="s2">"previous"</span>:9223372036854775807<span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.586744,<span class="s2">"msg"</span>:<span class="s2">"using config from file"</span>,<span class="s2">"file"</span>:<span class="s2">"/etc/caddy/Caddyfile"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5883265,<span class="s2">"msg"</span>:<span class="s2">"adapted config to JSON"</span>,<span class="s2">"adapter"</span>:<span class="s2">"caddyfile"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"warn"</span>,<span class="s2">"ts"</span>:1765883971.5883417,<span class="s2">"msg"</span>:<span class="s2">"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies"</span>,<span class="s2">"adapter"</span>:<span class="s2">"caddyfile"</span>,<span class="s2">"file"</span>:<span class="s2">"/etc/caddy/Caddyfile"</span>,<span class="s2">"line"</span>:2<span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5897346,<span class="s2">"logger"</span>:<span class="s2">"admin"</span>,<span class="s2">"msg"</span>:<span class="s2">"admin endpoint started"</span>,<span class="s2">"address"</span>:<span class="s2">"localhost:2019"</span>,<span class="s2">"enforce_origin"</span>:false,<span class="s2">"origins"</span>:[<span class="s2">"//localhost:2019"</span>,<span class="s2">"//[::1]:2019"</span>,<span class="s2">"//127.0.0.1:2019"</span><span class="o">]}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"warn"</span>,<span class="s2">"ts"</span>:1765883971.5899262,<span class="s2">"logger"</span>:<span class="s2">"http.auto_https"</span>,<span class="s2">"msg"</span>:<span class="s2">"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server"</span>,<span class="s2">"server_name"</span>:<span class="s2">"srv0"</span>,<span class="s2">"http_port"</span>:80<span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"warn"</span>,<span class="s2">"ts"</span>:1765883971.5901978,<span class="s2">"logger"</span>:<span class="s2">"http"</span>,<span class="s2">"msg"</span>:<span class="s2">"HTTP/2 skipped because it requires TLS"</span>,<span class="s2">"network"</span>:<span class="s2">"tcp"</span>,<span class="s2">"addr"</span>:<span class="s2">":80"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"warn"</span>,<span class="s2">"ts"</span>:1765883971.590206,<span class="s2">"logger"</span>:<span class="s2">"http"</span>,<span class="s2">"msg"</span>:<span class="s2">"HTTP/3 skipped because it requires TLS"</span>,<span class="s2">"network"</span>:<span class="s2">"tcp"</span>,<span class="s2">"addr"</span>:<span class="s2">":80"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5902092,<span class="s2">"logger"</span>:<span class="s2">"http.log"</span>,<span class="s2">"msg"</span>:<span class="s2">"server running"</span>,<span class="s2">"name"</span>:<span class="s2">"srv0"</span>,<span class="s2">"protocols"</span>:[<span class="s2">"h1"</span>,<span class="s2">"h2"</span>,<span class="s2">"h3"</span><span class="o">]}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5905173,<span class="s2">"logger"</span>:<span class="s2">"tls.cache.maintenance"</span>,<span class="s2">"msg"</span>:<span class="s2">"started background certificate maintenance"</span>,<span class="s2">"cache"</span>:<span class="s2">"0xc00070c200"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5906706,<span class="s2">"msg"</span>:<span class="s2">"autosaved config (load with --resume flag)"</span>,<span class="s2">"file"</span>:<span class="s2">"/config/caddy/autosave.json"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.591785,<span class="s2">"msg"</span>:<span class="s2">"serving initial configuration"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5926607,<span class="s2">"logger"</span>:<span class="s2">"tls"</span>,<span class="s2">"msg"</span>:<span class="s2">"cleaning storage unit"</span>,<span class="s2">"storage"</span>:<span class="s2">"FileStorage:/data/caddy"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765883971.5949264,<span class="s2">"logger"</span>:<span class="s2">"tls"</span>,<span class="s2">"msg"</span>:<span class="s2">"finished cleaning storage units"</span><span class="o">}</span> </code></pre> </div> <blockquote> <p>These are startup and internal runtime logs, not HTTP access logs. Access logs only appear after real HTTP traffic flows through Caddy.</p> </blockquote> <p>To make access logs enable JSON logging globally in the Caddyfile you can put <code>output stdout</code> like this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">level</span><span class="w"> </span><span class="err">INFO</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">:</span><span class="mi">80</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">output</span><span class="w"> </span><span class="err">stdout</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">reverse_proxy</span><span class="w"> </span><span class="err">worker_</span><span class="mi">1</span><span class="err">:</span><span class="mi">8081</span><span class="w"> </span><span class="err">worker_</span><span class="mi">2</span><span class="err">:</span><span class="mi">8081</span><span class="w"> </span><span class="err">worker_</span><span class="mi">3</span><span class="err">:</span><span class="mi">8081</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">lb_policy</span><span class="w"> </span><span class="err">random</span><span class="w"> </span><span class="err">health_uri</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="err">health_interval</span><span class="w"> </span><span class="mi">3</span><span class="err">s</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>At this point:</p> <p><strong>-</strong> logs are emitted to stdout</p> <p><strong>-</strong> Docker captures them automatically</p> <p>Once the stack is running, send a few requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:8082 curl http://localhost:8082 curl http://localhost:8082 </code></pre> </div> <p>You should see responses like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Hello from worker_1 Hello from worker_2 Hello from worker_3 </code></pre> </div> <p>Now check the logs again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884414.2170205</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"tls"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"cleaning storage unit"</span><span class="p">,</span><span class="nl">"storage"</span><span class="p">:</span><span class="s2">"FileStorage:/data/caddy"</span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884414.2187994</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"tls"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"finished cleaning storage units"</span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884423.2440372</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"51346"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"Sec-Fetch-Mode"</span><span class="p">:[</span><span class="s2">"navigate"</span><span class="p">],</span><span class="nl">"Sec-Gpc"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">],</span><span class="nl">"Connection"</span><span class="p">:[</span><span class="s2">"keep-alive"</span><span class="p">],</span><span class="nl">"Priority"</span><span class="p">:[</span><span class="s2">"u=0, i"</span><span class="p">],</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Dest"</span><span class="p">:[</span><span class="s2">"document"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Site"</span><span class="p">:[</span><span class="s2">"none"</span><span class="p">],</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"Mozilla/5.0 (X11; Linux x86_64; rv:145.0) Gecko/20100101 Firefox/145.0"</span><span class="p">],</span><span class="nl">"Sec-Fetch-User"</span><span class="p">:[</span><span class="s2">"?1"</span><span class="p">],</span><span class="nl">"Accept-Language"</span><span class="p">:[</span><span class="s2">"en-US,en;q=0.5"</span><span class="p">],</span><span class="nl">"Accept-Encoding"</span><span class="p">:[</span><span class="s2">"gzip, deflate, br, zstd"</span><span class="p">],</span><span class="nl">"Upgrade-Insecure-Requests"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000733253</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">],</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:03 GMT"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884423.7748682</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"51346"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"Mozilla/5.0 (X11; Linux x86_64; rv:145.0) Gecko/20100101 Firefox/145.0"</span><span class="p">],</span><span class="nl">"Sec-Fetch-User"</span><span class="p">:[</span><span class="s2">"?1"</span><span class="p">],</span><span class="nl">"Sec-Gpc"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">],</span><span class="nl">"Upgrade-Insecure-Requests"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Dest"</span><span class="p">:[</span><span class="s2">"document"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Site"</span><span class="p">:[</span><span class="s2">"none"</span><span class="p">],</span><span class="nl">"Accept-Language"</span><span class="p">:[</span><span class="s2">"en-US,en;q=0.5"</span><span class="p">],</span><span class="nl">"Accept-Encoding"</span><span class="p">:[</span><span class="s2">"gzip, deflate, br, zstd"</span><span class="p">],</span><span class="nl">"Priority"</span><span class="p">:[</span><span class="s2">"u=0, i"</span><span class="p">],</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span><span class="p">],</span><span class="nl">"Connection"</span><span class="p">:[</span><span class="s2">"keep-alive"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Mode"</span><span class="p">:[</span><span class="s2">"navigate"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000783659</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:03 GMT"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">],</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884424.1060758</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"51346"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"Upgrade-Insecure-Requests"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Site"</span><span class="p">:[</span><span class="s2">"none"</span><span class="p">],</span><span class="nl">"Accept-Language"</span><span class="p">:[</span><span class="s2">"en-US,en;q=0.5"</span><span class="p">],</span><span class="nl">"Sec-Gpc"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Dest"</span><span class="p">:[</span><span class="s2">"document"</span><span class="p">],</span><span class="nl">"Sec-Fetch-User"</span><span class="p">:[</span><span class="s2">"?1"</span><span class="p">],</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"Mozilla/5.0 (X11; Linux x86_64; rv:145.0) Gecko/20100101 Firefox/145.0"</span><span class="p">],</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span><span class="p">],</span><span class="nl">"Accept-Encoding"</span><span class="p">:[</span><span class="s2">"gzip, deflate, br, zstd"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Mode"</span><span class="p">:[</span><span class="s2">"navigate"</span><span class="p">],</span><span class="nl">"Priority"</span><span class="p">:[</span><span class="s2">"u=0, i"</span><span class="p">],</span><span class="nl">"Connection"</span><span class="p">:[</span><span class="s2">"keep-alive"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.002117571</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:04 GMT"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">],</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884424.456112</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"51346"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"Connection"</span><span class="p">:[</span><span class="s2">"keep-alive"</span><span class="p">],</span><span class="nl">"Upgrade-Insecure-Requests"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Site"</span><span class="p">:[</span><span class="s2">"none"</span><span class="p">],</span><span class="nl">"Sec-Fetch-User"</span><span class="p">:[</span><span class="s2">"?1"</span><span class="p">],</span><span class="nl">"Priority"</span><span class="p">:[</span><span class="s2">"u=0, i"</span><span class="p">],</span><span class="nl">"Accept-Language"</span><span class="p">:[</span><span class="s2">"en-US,en;q=0.5"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Mode"</span><span class="p">:[</span><span class="s2">"navigate"</span><span class="p">],</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span><span class="p">],</span><span class="nl">"Accept-Encoding"</span><span class="p">:[</span><span class="s2">"gzip, deflate, br, zstd"</span><span class="p">],</span><span class="nl">"Sec-Fetch-Dest"</span><span class="p">:[</span><span class="s2">"document"</span><span class="p">],</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"Mozilla/5.0 (X11; Linux x86_64; rv:145.0) Gecko/20100101 Firefox/145.0"</span><span class="p">],</span><span class="nl">"Sec-Gpc"</span><span class="p">:[</span><span class="s2">"1"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000959646</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">],</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:04 GMT"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884440.3606126</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"49074"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"curl/7.81.0"</span><span class="p">],</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"*/*"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000425884</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:20 GMT"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">],</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">],</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884442.148407</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"49090"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"*/*"</span><span class="p">],</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"curl/7.81.0"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000592974</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:22 GMT"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">],</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884442.6677225</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"49102"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"curl/7.81.0"</span><span class="p">],</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"*/*"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000432397</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">],</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:22 GMT"</span><span class="p">]}}</span><span class="w"> </span><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"ts"</span><span class="p">:</span><span class="mf">1765884443.2411807</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"handled request"</span><span class="p">,</span><span class="nl">"request"</span><span class="p">:{</span><span class="nl">"remote_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"remote_port"</span><span class="p">:</span><span class="s2">"49106"</span><span class="p">,</span><span class="nl">"client_ip"</span><span class="p">:</span><span class="s2">"172.21.0.1"</span><span class="p">,</span><span class="nl">"proto"</span><span class="p">:</span><span class="s2">"HTTP/1.1"</span><span class="p">,</span><span class="nl">"method"</span><span class="p">:</span><span class="s2">"GET"</span><span class="p">,</span><span class="nl">"host"</span><span class="p">:</span><span class="s2">"localhost:8082"</span><span class="p">,</span><span class="nl">"uri"</span><span class="p">:</span><span class="s2">"/"</span><span class="p">,</span><span class="nl">"headers"</span><span class="p">:{</span><span class="nl">"Accept"</span><span class="p">:[</span><span class="s2">"*/*"</span><span class="p">],</span><span class="nl">"User-Agent"</span><span class="p">:[</span><span class="s2">"curl/7.81.0"</span><span class="p">]}},</span><span class="nl">"bytes_read"</span><span class="p">:</span><span class="mi">0</span><span class="p">,</span><span class="nl">"user_id"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"duration"</span><span class="p">:</span><span class="mf">0.000496529</span><span class="p">,</span><span class="nl">"size"</span><span class="p">:</span><span class="mi">20</span><span class="p">,</span><span class="nl">"status"</span><span class="p">:</span><span class="mi">200</span><span class="p">,</span><span class="nl">"resp_headers"</span><span class="p">:{</span><span class="nl">"Content-Type"</span><span class="p">:[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="p">],</span><span class="nl">"Date"</span><span class="p">:[</span><span class="s2">"Tue, 16 Dec 2025 11:27:23 GMT"</span><span class="p">],</span><span class="nl">"Via"</span><span class="p">:[</span><span class="s2">"1.1 Caddy"</span><span class="p">],</span><span class="nl">"Content-Length"</span><span class="p">:[</span><span class="s2">"20"</span><span class="p">]}}</span><span class="w"> </span></code></pre> </div> <p>To make the logs more readable you can use <code>jq</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker logs <span class="nt">-f</span> load_balancer 2&gt;&amp;1 | jq <span class="nt">-R</span> <span class="s1">'fromjson? | {level, logger, msg, request: {method: .request.method, uri: .request.uri}, status, duration}'</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">...</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"level"</span><span class="p">:</span><span class="w"> </span><span class="s2">"info"</span><span class="p">,</span><span class="w"> </span><span class="nl">"logger"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tls"</span><span class="p">,</span><span class="w"> </span><span class="nl">"msg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"finished cleaning storage units"</span><span class="p">,</span><span class="w"> </span><span class="nl">"request"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"method"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"uri"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"level"</span><span class="p">:</span><span class="w"> </span><span class="s2">"info"</span><span class="p">,</span><span class="w"> </span><span class="nl">"logger"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http.log.access.log0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"msg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"handled request"</span><span class="p">,</span><span class="w"> </span><span class="nl">"request"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"GET"</span><span class="p">,</span><span class="w"> </span><span class="nl">"uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"duration"</span><span class="p">:</span><span class="w"> </span><span class="mf">0.000733253</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">...</span><span class="w"> </span></code></pre> </div> <h3> Which Upstream Handled This Request? </h3> <p>Using Debug Logs to Expose Load Balancer Decisions</p> <p>Earlier, we saw that standard access logs don’t explicitly show which backend handled a request. Caddy can expose upstream selection details, just not in access logs. The information lives in debug-level logs, specifically inside the reverse proxy handler.</p> <p>By enabling debug mode, Caddy reveals how routing decisions are made internally.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">level</span><span class="w"> </span><span class="err">DEBUG</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>In this mode, a single request produces logs like this, you can see which upstream that handled request <code>"dial":"worker_3:8081"</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"debug"</span><span class="p">,</span><span class="nl">"logger"</span><span class="p">:</span><span class="s2">"http.handlers.reverse_proxy"</span><span class="p">,</span><span class="nl">"msg"</span><span class="p">:</span><span class="s2">"selected upstream"</span><span class="p">,</span><span class="nl">"dial"</span><span class="p">:</span><span class="s2">"worker_3:8081"</span><span class="p">,</span><span class="nl">"total_upstreams"</span><span class="p">:</span><span class="mi">3</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Simulating Failure (Error Logs) </h2> <p>So far, everything looks fine. Requests succees and access logs show no anomalies.</p> <p>Real systems rarely fail all at once. They fail partially one backend goes down, a health check starts failing, or a connection becomes unstable. In this setup, stopping one worker is enough:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop worker_2 </code></pre> </div> <p>Try to hit the URL again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://localhost:8082 </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Hello from worker_3 Hello from worker_1 Hello from worker_3 </code></pre> </div> <p>From the client’s perspective, nothing breaks. Requests are still served, and responses keep coming back from the remaining healthy workers. This is exactly what we expect from a load balancer.</p> <p>Now if you see the logs again, there is an unhealthy upstream:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span>: dial tcp: lookup worker_2 on 127.0.0.11:53: no such host<span class="s2">"} {"</span>level<span class="s2">":"</span>info<span class="s2">","</span>ts<span class="s2">":1765992098.8407533,"</span>logger<span class="s2">":"</span>http.handlers.reverse_proxy.health_checker.active<span class="s2">","</span>msg<span class="s2">":"</span>HTTP request failed<span class="s2">","</span>host<span class="s2">":"</span>worker_2:8081<span class="s2">","</span>error<span class="s2">":"</span>Get <span class="se">\"</span>http://worker_2:8081/<span class="se">\"</span>: dial tcp: lookup worker_2 on 127.0.0.11:53: no such host<span class="s2">"} {"</span>level<span class="s2">":"</span>info<span class="s2">","</span>ts<span class="s2">":1765992101.6597724,"</span>logger<span class="s2">":"</span>http.handlers.reverse_proxy.health_checker.active<span class="s2">","</span>msg<span class="s2">":"</span>HTTP request failed<span class="s2">","</span>host<span class="s2">":"</span>worker_2:8081<span class="s2">","</span>error<span class="s2">":"</span>Get <span class="se">\"</span>http://worker_2:8081/<span class="se">\"</span>: dial tcp: lookup worker_2 on 127.0.0.11:53: no such host<span class="s2">"} {"</span>level<span class="s2">":"</span>info<span class="s2">","</span>ts<span class="s2">":1765992104.640808,"</span>logger<span class="s2">":"</span>http.handlers.reverse_proxy.health_checker.active<span class="s2">","</span>msg<span class="s2">":"</span>HTTP request failed<span class="s2">","</span>host<span class="s2">":"</span>worker_2:8081<span class="s2">","</span>error<span class="s2">":"</span>Get <span class="se">\"</span>http://worker_2:8081/<span class="se">\"</span>: dial tcp: lookup worker_2 on 127.0.0.11:53: no such host<span class="s2">"} </span></code></pre> </div> <p>This message is emitted by Caddy’s active health checker. It indicates that:</p> <p><strong>-</strong> <code>worker_2</code> is no longer reachable</p> <p><strong>-</strong> the failure happens during health check probes</p> <h2> Customizing Log Output </h2> <p>Up to this point, all examples use JSON access logs. They are structured, machine-friendly, and easy to filter.</p> <p>Caddy allows you to control how logs are encoded, not just what gets logged. This is useful when the goal shifts from processing logs to reading them.</p> <h3> Console Logs </h3> <p>Besides json, Caddy also provides a console encoder. It formats logs in a more friendly way while still preserving structure.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">level</span><span class="w"> </span><span class="err">INFO</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">:</span><span class="mi">80</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">output</span><span class="w"> </span><span class="err">stdout</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">console</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">reverse_proxy</span><span class="w"> </span><span class="err">worker_</span><span class="mi">1</span><span class="err">:</span><span class="mi">8081</span><span class="w"> </span><span class="err">worker_</span><span class="mi">2</span><span class="err">:</span><span class="mi">8081</span><span class="w"> </span><span class="err">worker_</span><span class="mi">3</span><span class="err">:</span><span class="mi">8081</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">lb_policy</span><span class="w"> </span><span class="err">random</span><span class="w"> </span><span class="err">health_uri</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="err">health_interval</span><span class="w"> </span><span class="mi">3</span><span class="err">s</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker restart load_balancer </code></pre> </div> <p>After restarting the container, access logs will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker logs load_balancer </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>2025/12/17 17:31:44.788 INFO http.log.access.log0 handled request <span class="o">{</span><span class="s2">"request"</span>: <span class="o">{</span><span class="s2">"remote_ip"</span>: <span class="s2">"172.21.0.1"</span>, <span class="s2">"remote_port"</span>: <span class="s2">"36598"</span>, <span class="s2">"client_ip"</span>: <span class="s2">"172.21.0.1"</span>, <span class="s2">"proto"</span>: <span class="s2">"HTTP/1.1"</span>, <span class="s2">"method"</span>: <span class="s2">"GET"</span>, <span class="s2">"host"</span>: <span class="s2">"localhost:8082"</span>, <span class="s2">"uri"</span>: <span class="s2">"/"</span>, <span class="s2">"headers"</span>: <span class="o">{</span><span class="s2">"User-Agent"</span>: <span class="o">[</span><span class="s2">"curl/7.81.0"</span><span class="o">]</span>, <span class="s2">"Accept"</span>: <span class="o">[</span><span class="s2">"*/*"</span><span class="o">]}}</span>, <span class="s2">"bytes_read"</span>: 0, <span class="s2">"user_id"</span>: <span class="s2">""</span>, <span class="s2">"duration"</span>: 0.001321876, <span class="s2">"size"</span>: 20, <span class="s2">"status"</span>: 200, <span class="s2">"resp_headers"</span>: <span class="o">{</span><span class="s2">"Date"</span>: <span class="o">[</span><span class="s2">"Wed, 17 Dec 2025 17:31:44 GMT"</span><span class="o">]</span>, <span class="s2">"Content-Length"</span>: <span class="o">[</span><span class="s2">"20"</span><span class="o">]</span>, <span class="s2">"Content-Type"</span>: <span class="o">[</span><span class="s2">"text/plain; charset=utf-8"</span><span class="o">]</span>, <span class="s2">"Via"</span>: <span class="o">[</span><span class="s2">"1.1 Caddy"</span><span class="o">]}}</span> </code></pre> </div> <h4> Choosing the Right Format </h4> <p>There is no universally “correct” log format.</p> <p><strong>-</strong> <code>JSON</code> works best when logs are consumed by tools or pipelines.</p> <p><strong>-</strong> <code>Console</code> works better when you are actively watching logs and debugging in real time.</p> <h3> Shaping Logs Without Changing Their Meaning </h3> <p>Caddy also allows fine-grained control over how log fields are named and formatted. This is not about adding new information, but about making existing information easier to work with.</p> <p>For example, you can:</p> <p><strong>-</strong> rename common fields</p> <p><strong>-</strong> control timestamp formats</p> <p><strong>-</strong> standardize duration units</p> <p><strong>-</strong> normalize log levels<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">...</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">output</span><span class="w"> </span><span class="err">stdout</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">time_format</span><span class="w"> </span><span class="s2">"2006-01-02 15:04:05 MST"</span><span class="w"> </span><span class="err">time_local</span><span class="w"> </span><span class="err">duration_format</span><span class="w"> </span><span class="s2">"ms"</span><span class="w"> </span><span class="err">level_format</span><span class="w"> </span><span class="s2">"upper"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Here’s the updated access log after applying the custom JSON format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span>sp_headers<span class="s2">":{"</span>Via<span class="s2">":["</span>1.1 Caddy<span class="s2">"],"</span>Content-Type<span class="s2">":["</span>text/plain<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8<span class="s2">"],"</span>Date<span class="s2">":["</span>Wed, 17 Dec 2025 17:36:47 GMT<span class="s2">"],"</span>Content-Length<span class="s2">":["</span>20<span class="s2">"]}} {"</span>level<span class="s2">":"</span>debug<span class="s2">","</span>ts<span class="s2">":1765993007.632117,"</span>logger<span class="s2">":"</span>http.handlers.reverse_proxy<span class="s2">","</span>msg<span class="s2">":"</span>selected upstream<span class="s2">","</span>dial<span class="s2">":"</span>worker_1:8081<span class="s2">","</span>total_upstreams<span class="s2">":3} {"</span>level<span class="s2">":"</span>debug<span class="s2">","</span>ts<span class="s2">":1765993007.6339025,"</span>logger<span class="s2">":"</span>http.handlers.reverse_proxy<span class="s2">","</span>msg<span class="s2">":"</span>upstream roundtrip<span class="s2">","</span>upstream<span class="s2">":"</span>worker_1:8081<span class="s2">","</span>duration<span class="s2">":0.001633852,"</span>request<span class="s2">":{"</span>remote_ip<span class="s2">":"</span>172.21.0.1<span class="s2">","</span>remote_port<span class="s2">":"</span>36378<span class="s2">","</span>client_ip<span class="s2">":"</span>172.21.0.1<span class="s2">","</span>proto<span class="s2">":"</span>HTTP/1.1<span class="s2">","</span>method<span class="s2">":"</span>GET<span class="s2">","</span>host<span class="s2">":"</span>localhost:8082<span class="s2">","</span>uri<span class="s2">":"</span>/<span class="s2">","</span>headers<span class="s2">":{"</span>X-Forwarded-For<span class="s2">":["</span>172.21.0.1<span class="s2">"],"</span>X-Forwarded-Proto<span class="s2">":["</span>http<span class="s2">"],"</span>X-Forwarded-Host<span class="s2">":["</span>localhost:8082<span class="s2">"],"</span>Via<span class="s2">":["</span>1.1 Caddy<span class="s2">"],"</span>User-Agent<span class="s2">":["</span>curl/7.81.0<span class="s2">"],"</span>Accept<span class="s2">":["</span><span class="k">*</span>/<span class="k">*</span><span class="s2">"]}},"</span>headers<span class="s2">":{"</span>Date<span class="s2">":["</span>Wed, 17 Dec 2025 17:36:47 GMT<span class="s2">"],"</span>Content-Length<span class="s2">":["</span>20<span class="s2">"],"</span>Content-Type<span class="s2">":["</span>text/plain<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8<span class="s2">"]},"</span>status<span class="s2">":200} {"</span>level<span class="s2">":"</span>INFO<span class="s2">","</span>ts<span class="s2">":"</span>2025-12-17 17:36:47 UTC<span class="s2">","</span>logger<span class="s2">":"</span>http.log.access.log0<span class="s2">","</span>msg<span class="s2">":"</span>handled request<span class="s2">","</span>request<span class="s2">":{"</span>remote_ip<span class="s2">":"</span>172.21.0.1<span class="s2">","</span>remote_port<span class="s2">":"</span>36378<span class="s2">","</span>client_ip<span class="s2">":"</span>172.21.0.1<span class="s2">","</span>proto<span class="s2">":"</span>HTTP/1.1<span class="s2">","</span>method<span class="s2">":"</span>GET<span class="s2">","</span>host<span class="s2">":"</span>localhost:8082<span class="s2">","</span>uri<span class="s2">":"</span>/<span class="s2">","</span>headers<span class="s2">":{"</span>User-Agent<span class="s2">":["</span>curl/7.81.0<span class="s2">"],"</span>Accept<span class="s2">":["</span><span class="k">*</span>/<span class="k">*</span><span class="s2">"]}},"</span>bytes_read<span class="s2">":0,"</span>user_id<span class="s2">":"","</span>duration<span class="s2">":2,"</span>size<span class="s2">":20,"</span>status<span class="s2">":200,"</span>resp_headers<span class="s2">":{"</span>Via<span class="s2">":["</span>1.1 Caddy<span class="s2">"],"</span>Date<span class="s2">":["</span>Wed, 17 Dec 2025 17:36:47 GMT<span class="s2">"],"</span>Content-Length<span class="s2">":["</span>20<span class="s2">"],"</span>Content-Type<span class="s2">":["</span>text/plain<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8<span class="s2">"]}} </span></code></pre> </div> <p>What Changed?</p> <p>The structure of the log is still JSON, but key fields are now normalized:</p> <p><strong>-</strong> level is uppercase (INFO)</p> <p><strong>-</strong> readable timestamps and localized</p> <p><strong>-</strong> duration is expressed in milliseconds instead of fractional seconds</p> <p>This makes the log easier to read during debugging.</p> <h3> Reducing Noise and Risk in Logs </h3> <p>Once logs are readable and structured, the next concern is volume and exposure. Not every field in an access log is equally useful, and some of them are better left out entirely.</p> <p>Caddy allows selective filtering at the log level, making it possible to reduce noise without changing how requests are handled.</p> <h4> Reducing Noise by Removing Fields </h4> <p>Access logs often include fields that are technically correct but not relevant, like <code>request headers</code>.</p> <p>If headers are not part of your debugging workflow, you can remove them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">...</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">request</span><span class="w"> </span><span class="err">delete</span><span class="w"> </span><span class="err">wrap</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>With the request field removed entirely, access logs become significantly smaller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"msg"</span>:<span class="s2">"handled request"</span>,<span class="s2">"duration"</span>:0.001026852,<span class="s2">"size"</span>:20,<span class="s2">"status"</span>:200<span class="o">}</span> </code></pre> </div> <p>In other cases, it’s enough to remove only specific nested fields:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">...</span><span class="w"> </span><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">request&gt;headers&gt;Authorization</span><span class="w"> </span><span class="err">delete</span><span class="w"> </span><span class="err">resp_headers&gt;Server</span><span class="w"> </span><span class="err">delete</span><span class="w"> </span><span class="err">wrap</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Instead of deleting the entire request, selectively removing fields gives a better balance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="s2">"headers"</span>: <span class="o">{</span><span class="s2">"User-Agent"</span>: <span class="o">[</span><span class="s2">"curl/7.81.0"</span><span class="o">]</span>, <span class="s2">"Accept"</span>: <span class="o">[</span><span class="s2">"*/*"</span><span class="o">]}</span> </code></pre> </div> <h3> Obscuring Sensitive Information </h3> <p>Some fields should not be stored in plain text at all. Rather than relying on downstream redaction, Caddy can obscure sensitive data at the source:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">log</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">request&gt;client_ip</span><span class="w"> </span><span class="err">ip_mask</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">ipv</span><span class="mi">4</span><span class="w"> </span><span class="mi">24</span><span class="w"> </span><span class="err">ipv</span><span class="mi">6</span><span class="w"> </span><span class="mi">56</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">wrap</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>With IP masking enabled, the change is subtle but important:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span><span class="s2">"level"</span>:<span class="s2">"info"</span>,<span class="s2">"ts"</span>:1765994419.4105134,<span class="s2">"logger"</span>:<span class="s2">"http.log.access.log0"</span>,<span class="s2">"msg"</span>:<span class="s2">"handled request"</span>,<span class="s2">"request"</span>:<span class="o">{</span><span class="s2">"remote_ip"</span>:<span class="s2">"172.21.0.1"</span>,<span class="s2">"remote_port"</span>:<span class="s2">"58562"</span>,<span class="s2">"client_ip"</span>:<span class="s2">"172.21.0.0"</span>,<span class="s2">"proto"</span>:<span class="s2">"HTTP/1.1"</span>,<span class="s2">"method"</span>:<span class="s2">"GET"</span>,<span class="s2">"host"</span>:<span class="s2">"localhost:8082"</span>,<span class="s2">"uri"</span>:<span class="s2">"/"</span>,<span class="s2">"headers"</span>:<span class="o">{</span><span class="s2">"Accept"</span>:[<span class="s2">"*/*"</span><span class="o">]</span>,<span class="s2">"User-Agent"</span>:[<span class="s2">"curl/7.81.0"</span><span class="o">]}}</span>,<span class="s2">"bytes_read"</span>:0,<span class="s2">"user_id"</span>:<span class="s2">""</span>,<span class="s2">"duration"</span>:0.00146917,<span class="s2">"size"</span>:20,<span class="s2">"status"</span>:200,<span class="s2">"resp_headers"</span>:<span class="o">{</span><span class="s2">"Content-Type"</span>:[<span class="s2">"text/plain; charset=utf-8"</span><span class="o">]</span>,<span class="s2">"Date"</span>:[<span class="s2">"Wed, 17 Dec 2025 18:00:19 GMT"</span><span class="o">]</span>,<span class="s2">"Via"</span>:[<span class="s2">"1.1 Caddy"</span><span class="o">]</span>,<span class="s2">"Content-Length"</span>:[<span class="s2">"20"</span><span class="o">]}}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="s2">"client_ip"</span>: <span class="s2">"172.21.0.0"</span> </code></pre> </div> <p>The request remains traceable across logs, but the exact client address is no longer exposed.</p> <blockquote> <p>Filtering is not about producing minimal logs. It’s about producing <code>intentional</code> logs.</p> <p>I only apply filters after understanding:</p> <p><strong>-</strong> which fields I actually use</p> <p><strong>-</strong> which ones are never read</p> </blockquote> <h2> TL;DR </h2> <p><strong>-</strong> Enabling logs is easy. Making them useful takes effort.</p> <p><strong>-</strong> Access logs show what happened to a request.</p> <p><strong>-</strong> Debug logs show how requests are routed.</p> <p><strong>-</strong> Error logs show what fails behind the scenes.</p> <p><strong>-</strong> Filtering and formatting reduce noise without hiding behavior.</p> <p>Aight, that's all. Thank you for taking your time to read this post.</p> <p>Feel free to give me feedback, tips, or a different perspective. I’d love to hear yours and continue the discussion.</p> <p>Happy logging!🧐</p> <p>References:</p> <p><strong>-</strong> <a href="https://caddyserver.com/docs/caddyfile/directives/log#log" rel="noopener noreferrer">Caddy Documentation: log</a></p> <p><strong>-</strong> <a href="https://caddyserver.com/docs/logging" rel="noopener noreferrer">Caddy Documentation: How Logging Works</a></p> docker containers linux tutorial Daniel Pepuho Tue, 02 Dec 2025 15:15:35 +0000 https://dev.to/danielcristho/docker-image-compression-gzip-vs-zstd-4eod https://dev.to/danielcristho/docker-image-compression-gzip-vs-zstd-4eod <p>Docker images are already compressed when you push them to registries like <a href="https://hub.docker.com" rel="noopener noreferrer">Docker Hub</a>, <a href="//ghcr.io">GHCR</a>, <a href="https://aws.amazon.com/ecr" rel="noopener noreferrer">AWS ECR</a>, etc.</p> <p>So why would anyone compress an image again by using <a href="https://www.gzip.org" rel="noopener noreferrer">gzip</a> or <a href="https://github.com/facebook/zstd" rel="noopener noreferrer">zstd</a>?</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6uf3u6wgvy995kjhmtcv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6uf3u6wgvy995kjhmtcv.png" alt="why this happen meme" width="400" height="295"></a></p> <p>Because in the real world, engineers often need to:</p> <p><strong>-</strong> move images between servers (air-gapped networks),</p> <p><strong>-</strong> migrates registries,</p> <p><strong>-</strong> backup image to object,</p> <p><strong>-</strong> load or save images repeatedly in Continuous Integration (CI) pipelines.</p> <p>In these cases, <code>docker save</code> produces a raw <code>.tar</code> file often huge.<br> Compressing that tarball can cut transfer and storage time by 50-80%.</p> <p><strong>But what’s the best compression tool? So we will test gzip vs zstd</strong>.</p> <h2> 🤔 When Do We Need Image Compression? </h2> <p>Like I said before, you need to compress your image to:</p> <p><strong>-</strong> transfer image between SSH or local network (LAN),</p> <p><strong>-</strong> work with offline or air-gapped servers,</p> <p><strong>-</strong> backup images to object storage,</p> <p><strong>-</strong> migrate to new registry.</p> <blockquote> <p><strong>Skip compression when images are pushed directly to registry like DockerHub, registries are handled that</strong>.</p> </blockquote> <h2> Test Up </h2> <p>To get a realistic number, we will test three images:</p> <p><strong>-</strong> <a href="https://hub.docker.com/layers/library/alpine/latest/images/sha256-9eec16c5eada75150a82666ba0ad6df76b164a6f8582ba5cb964c0813fa56625" rel="noopener noreferrer">alpine:latest</a> -&gt; ~8MB</p> <p><strong>-</strong> <a href="https://hub.docker.com/layers/library/mariadb/10.6.18/images/sha256-23492dcccccd10285fd946f2d07956aed1dbd56f34d153d7de367840fc0afa88" rel="noopener noreferrer">maridb:10.6.18</a> -&gt; ~396MB</p> <p><strong>-</strong> <a href="https://hub.docker.com/repository/docker/danielcristh0/datascience-notebook/tags/python-3.10.11/sha256-7d1c9ee5ee5d2ad2051f5a2e56d0861e28ced6b8a76ce0928075426b3762b79d" rel="noopener noreferrer">Custom Jupyterlab image</a> -&gt; ~5.4GB</p> <h3> Environment </h3> <h4> 1. Local Computer </h4> <p><strong>-</strong> CPU: 4 cores / 8 threads</p> <p><strong>-</strong> Storage: NVMe SSD</p> <p><strong>-</strong> OS: Ubuntu 22.04</p> <p><strong>-</strong> Docker Version: 27x</p> <p><strong>-</strong> Tools: <code>gzip</code>, <code>zstd</code>, <code>time</code>, <code>scp</code></p> <h4> 2. VPS </h4> <p><strong>-</strong> CPU: 4 cores / 8 threads</p> <p><strong>-</strong> Storage: VirtIO-backed SSD</p> <p><strong>-</strong> OS: Ubuntu 22.04</p> <p><strong>-</strong> Docker Version: 27x</p> <p><strong>-</strong> Tools: <code>gzip</code>, <code>zstd</code>, <code>time</code></p> <h3> Command used </h3> <p>Below are the commands used to save, compress, transfer, decompress, and load the Docker images during testing.</p> <h4> 1. Save the image (local machine) </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker pull &lt;image_name&gt; docker save &lt;image_name&gt; <span class="nt">-o</span> &lt;image_name&gt;.tar </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker pull alpine:latest latest: Pulling from library/alpine Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ... </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker save alpine:latest <span class="nt">-o</span> alpine_latest.tar <span class="nv">$ </span>docker save mariadb:10.6.18 <span class="nt">-o</span> mariadb_10.tar <span class="nv">$ </span>docker save danielcristh0/datascience-notebook:python-3.10.11 <span class="nt">-o</span> jupyter_notebook.tar </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span><span class="nb">ls</span> <span class="nt">-lh</span> total 5,6G <span class="nt">-rw-------</span> 1 user group 8,3M Nov 28 19:51 alpine_latest.tar <span class="nt">-rw-------</span> 1 user group 5,2G Nov 28 20:18 jupyter_notebook.tar <span class="nt">-rw-------</span> 1 user group 384M Nov 28 20:14 mariadb_10.tar </code></pre> </div> <h4> 2. Compress the image (local machine) </h4> <p><strong>-</strong> <code>gzip</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time gzip</span> <span class="nt">-k</span> &lt;image&gt;.tar </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time gzip</span> <span class="nt">-k</span> alpine_latest.tar <span class="nb">gzip</span> <span class="nt">-k</span> alpine_latest.tar 0,44s user 0,01s system 99% cpu 0,452 total </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time gzip</span> <span class="nt">-k</span> mariadb_10.tar <span class="nb">gzip</span> <span class="nt">-k</span> mariadb_10.tar 17,21s user 0,62s system 99% cpu 17,979 total </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time gzip</span> <span class="nt">-k</span> jupyter_notebook.tar <span class="nb">gzip</span> <span class="nt">-k</span> jupyter_notebook.tar 238,83s user 3,56s system 99% cpu 4:03,16 total </code></pre> </div> <blockquote> <p><code>-k</code> → keep original file</p> <p>gzip uses a single CPU thread at its default level (≈ level 6)</p> </blockquote> <p><strong>-</strong> <code>zstd</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time </span>zstd <span class="nt">-T0</span> <span class="nt">-19</span> &lt;image&gt;.tar </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> <span class="nb">time </span>zstd <span class="nt">-T0</span> <span class="nt">-19</span> alpine_latest.tar alpine_latest.tar : 37.01% <span class="o">(</span>8617984 <span class="o">=&gt;</span> 3189867 bytes, alpine_latest.tar.zst<span class="o">)</span> zstd <span class="nt">-T0</span> <span class="nt">-19</span> alpine_latest.tar 3,64s user 0,10s system 100% cpu 3,734 total </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> <span class="nb">time </span>zstd <span class="nt">-T0</span> <span class="nt">-19</span> mariadb_10.tar mariadb_10.tar : 16.95% <span class="o">(</span>402636288 <span class="o">=&gt;</span> 68258055 bytes, mariadb_10.tar.zst<span class="o">)</span> zstd <span class="nt">-T0</span> <span class="nt">-19</span> mariadb_10.tar 172,89s user 0,66s system 191% cpu 1:30,81 total </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> <span class="nb">time </span>zstd <span class="nt">-T0</span> <span class="nt">-22</span> jupyter_notebook.tar Warning : compression level higher than max, reduced to 19 zstd: jupyter_notebook.tar.zst already exists<span class="p">;</span> overwrite <span class="o">(</span>y/n<span class="o">)</span> ? y jupyter_notebook.tar : 24.79% <span class="o">(</span>5560227328 <span class="o">=&gt;</span> 1378450873 bytes, jupyter_notebook.tar.zst<span class="o">)</span> zstd <span class="nt">-T0</span> <span class="nt">-22</span> jupyter_notebook.tar 4759,54s user 19,32s system 188% cpu 42:11,68 total </code></pre> </div> <blockquote> <p><code>-T0</code> → use all CPU threads</p> <p><code>-22</code> → request maximum compression (automatically reduced to <code>-19</code> by zstd)</p> </blockquote> <h4> 3. Transfer to VPS </h4> <p><strong>-</strong> <code>gzip</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time </span>scp &lt;image_name&gt;.tar.gz user@vps:/tmp/ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time </span>scp alpine_latest.tar.gz onomi@myserver:/tmp alpine_latest.tar.gz 100% 3588KB 174.8KB/s 00:20 scp alpine_latest.tar.gz onomi@myserver:/tmp 0,11s user 0,29s system 1% cpu 23,208 total <span class="nv">$ </span><span class="nb">time </span>scp mariadb_10.tar.gz onomi@myserver:/tmp/ mariadb_10.tar.gz 100% 114MB 2.2MB/s 00:50 scp mariadb_10.tar.gz onomi@myserver:/tmp/ 0,46s user 0,84s system 2% cpu 52,457 total <span class="nv">$ </span><span class="nb">time </span>scp jupyter_notebook.tar.gz onomi@myserver:/tmp/ jupyter_notebook.tar.gz 100% 1765MB 3.4MB/s 08:35 scp jupyter_notebook.tar.gz onomi@myserver:/tmp/ 5,03s user 10,42s system 2% cpu 8:38,50 total </code></pre> </div> <p><strong>-</strong> <code>zstd</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time </span>scp &lt;image_name&gt;.tar.zst user@vps:/tmp/ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time </span>scp alpine_latest.tar.zst onomi@myserver:/tmp alpine_latest.tar.zst 100% 3115KB 343.4KB/s 00:09 scp alpine_latest.tar.zst onomi@myserver:/tmp 0,10s user 0,18s system 1% cpu 22,728 total <span class="nv">$ </span><span class="nb">time </span>scp mariadb_10.tar.zst onomi@myserver:/tmp/ mariadb_10.tar.zst 100% 65MB 3.0MB/s 00:21 scp mariadb_10.tar.zst onomi@myserver:/tmp/ 0,29s user 0,59s system 3% cpu 23,285 total <span class="nv">$ </span><span class="nb">time </span>scp jupyter_notebook.tar.zst onomi@myserver:/tmp/ jupyter_notebook.tar.zst 100% 1315MB 2.3MB/s 09:44 scp jupyter_notebook.tar.zst onomi@myserver:/tmp/ 3,94s user 7,64s system 1% cpu 9:46,33 total </code></pre> </div> <h4> 4. Load the Image on the Server (VPS) </h4> <p>Now the compressed images are transferred to the VPS, the next step is to decompress them and load the Docker image into the remote server.</p> <p><strong>-</strong> <code>gzip</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time gzip</span> <span class="nt">-dk</span> &lt;image&gt;.tar.gz </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time gzip</span> <span class="nt">-dk</span> alpine_latest.tar.gz real 0m0.189s user 0m0.116s sys 0m0.039s <span class="nv">$ </span><span class="nb">time gzip</span> <span class="nt">-dk</span> mariadb_10.tar.gz real 0m5.108s user 0m3.813s sys 0m1.129s <span class="nv">$ </span><span class="nb">time gzip</span> <span class="nt">-dk</span> jupyter_notebook.tar.gz real 1m8.344s user 0m48.466s sys 0m13.408s </code></pre> </div> <p><strong>-</strong> <code>zstd</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time </span>zstd <span class="nt">-d</span> &lt;image&gt;.tar.zst </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">time </span>zstd <span class="nt">-d</span> alpine_latest.tar.zst alpine_latest.tar.zst: 8617984 bytes real 0m4.121s user 0m0.041s sys 0m0.043s <span class="nv">$ </span><span class="nb">time </span>zstd <span class="nt">-d</span> mariadb_10.tar.zst mariadb_10.tar.zst : 402636288 bytes real 0m3.455s user 0m0.983s sys 0m0.927s <span class="nv">$ </span><span class="nb">time </span>zstd <span class="nt">-d</span> jupyter_notebook.tar.zst jupyter_notebook.tar.zst: 5560227328 bytes real 0m31.810s user 0m14.599s sys 0m13.600s </code></pre> </div> <blockquote> <p>Decompression in <code>zstd</code>is extremely fast, 5-10x faster than compression, even for large files.</p> </blockquote> <h4> 5. Loading the Image Into Docker </h4> <p>Once decompressed, load the <code>.tar</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker load <span class="nt">-i</span> &lt;image&gt;.tar </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker load <span class="nt">-i</span> jupyter_notebook.tar Loaded image: danielcristh0/datascience-notebook:python-3.10.11 </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker images IMAGE ID DISK USAGE CONTENT SIZE EXTRA danielcristh0/datascience-notebook:python-3.10.11 9b38bf7c570f 11.4GB 5.56GB </code></pre> </div> <h4> 6. Analysis: gzip vs zstd </h4> <p>After running all compression, transfer, decompression, and loading tests across three different Docker images, let's compare gzip and zstd.</p> <h5> Size Comparison </h5> <blockquote> <p><code>zstd</code> consistently produces much smaller output files than <code>gzip</code>, especially on medium and large images.</p> </blockquote> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Image</th> <th>Actual Size</th> <th>gzip Size</th> <th>zstd Size</th> <th>Reduction (gzip)</th> <th>Reduction (zstd)</th> </tr> </thead> <tbody> <tr> <td>alpine:latest</td> <td>8.3 MB</td> <td>3.5 MB</td> <td>3.1 MB</td> <td>~57%</td> <td>~62%</td> </tr> <tr> <td>mariadb:10.6.18</td> <td>384 MB</td> <td>114 MB</td> <td>65 MB</td> <td>~70%</td> <td>~83%</td> </tr> <tr> <td>jupyter-notebook</td> <td>5.2 GB</td> <td>1.7 GB</td> <td>1.3 GB</td> <td>~67%</td> <td>~75%</td> </tr> </tbody> </table></div> <blockquote> <p><code>zstd</code> gives around 20-50% better compression than gzip.</p> </blockquote> <h5> Speed </h5> <blockquote> <p><code>gzip</code>is faster than <code>zstd</code> at compression.</p> </blockquote> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Image</th> <th>gzip (time)</th> <th>zstd (time)</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td>alpine</td> <td>0.45 s</td> <td>3.7 s</td> <td>8x slower</td> </tr> <tr> <td>mariadb</td> <td>17.9 s</td> <td>90.8 s</td> <td>5x slower</td> </tr> <tr> <td>jupyter-notebook</td> <td>243 s</td> <td>42 minutes</td> <td><strong>10x slower</strong></td> </tr> </tbody> </table></div> <blockquote> <p><code>zstd</code> gives better compression but requires significantly more CPU.</p> </blockquote> <h5> Transfer Speed (via SCP) </h5> <blockquote> <p>Because <code>zstd</code> produces smaller files, transfer times are 2x faster. But on larger files, <code>zstd</code> can still lose to <code>gzip</code> depending on <strong>CPU and disk performance</strong>.</p> </blockquote> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Image</th> <th>gzip Transfer</th> <th>zstd Transfer</th> </tr> </thead> <tbody> <tr> <td>alpine</td> <td>20 s</td> <td>9 s</td> </tr> <tr> <td>mariadb</td> <td>50 s</td> <td>21 s</td> </tr> <tr> <td>jupyter-notebook</td> <td>8m 35s</td> <td>9m 44s</td> </tr> </tbody> </table></div> <h2> When Should You Use gzip or zstd? </h2> <h4> Use zstd when you want </h4> <p><strong>-</strong> The smallest compressed Docker images</p> <p><strong>-</strong> Fast decompression</p> <p><strong>-</strong> Faster transfers across networks</p> <p><strong>-</strong> Long-term backups</p> <h4> Use gzip when you want: </h4> <p><strong>-</strong> Fast compression</p> <p><strong>-</strong> Low CPU usage</p> <p><strong>-</strong> Simple, predictable behavior</p> <p><strong>-</strong> Occasional small image transfers</p> <h2> Conclusion </h2> <p>If you need to compress Docker images, here’s the quick answer:</p> <p>Use <code>zstd</code> when you want:</p> <p><strong>-</strong> Smaller archive sizes (around 20-50% smaller than <code>gzip</code>)</p> <p><strong>-</strong> Faster decompression</p> <p><strong>-</strong> Faster network transfers</p> <p>Use gzip when you want:</p> <p><strong>-</strong> Fast compression</p> <p><strong>-</strong> Low CPU usage</p> <p><strong>-</strong> Simplicity</p> <p>Aight, that's all. Thank you for taking your time to read this post.</p> <p>Feel free to give me feedback, tips, or different benchmarks. I’d love to hear your feedback and continue the discussion.</p> <p>Happy containerization! 🐳</p> docker containers linux discuss Daniel Pepuho Fri, 21 Nov 2025 15:02:15 +0000 https://dev.to/danielcristho/running-firefox-in-docker-yes-with-a-gui-and-novnc-5fk https://dev.to/danielcristho/running-firefox-in-docker-yes-with-a-gui-and-novnc-5fk <p>Docker isn’t just for serve your code, appliactions. you can actually run a full desktop app inside it. In this project, I containerized Firefox with a virtual desktop and made it accessible through a browser using noVNC.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F18da77maiv2f289gqnfc.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F18da77maiv2f289gqnfc.jpg" alt="noVNC Docker meme" width="500" height="567"></a></p> <h2> What this project does? </h2> <p>It creates a lightweight container that:</p> <p><strong>-</strong> Runs a minimal desktop environment (<code>Fluxbox</code>)<br> <strong>-</strong> Launches Firefox<br> <strong>-</strong> Serves a VNC display using <code>x11vnc</code><br> <strong>-</strong> Exposes that desktop through <code>noVNC</code> (so you can open it in your web browser)</p> <p>You can literally open Firefox running inside Docker, from your browser tab.<br> All using a single <code>docker compose up</code>.</p> <h2> How it works? </h2> <p>Here’s a quick breakdown of what happens inside the container:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy45ijip0090ocsckbj4l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy45ijip0090ocsckbj4l.png" alt="Breakddown" width="800" height="589"></a></p> <p>Everything runs headlessly, there’s no physical display, but the combo of <code>Xvfb + Fluxbox</code> gives Firefox a virtual desktop.</p> <h2> 🐋 Dockerfile Overview </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> alpine:edge</span> <span class="k">RUN </span>apk add <span class="nt">--no-cache</span> <span class="se">\ </span> faenza-icon-theme <span class="se">\ </span> firefox <span class="se">\ </span> fluxbox <span class="se">\ </span> xfce4 <span class="se">\ </span> xvfb <span class="se">\ </span> x11vnc <span class="se">\ </span> novnc <span class="se">\ </span> supervisor <span class="se">\ </span> bash <span class="se">\ </span> net-tools <span class="c"># Install noVNC &amp; websockify from source code</span> <span class="k">RUN </span>apk add <span class="nt">--no-cache</span> git python3 py3-pip <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /usr/share/novnc <span class="se">\ </span> <span class="o">&amp;&amp;</span> git clone https://github.com/novnc/noVNC.git /usr/share/novnc <span class="se">\ </span> <span class="o">&amp;&amp;</span> git clone https://github.com/novnc/websockify.git /usr/share/novnc/utils/websockify <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">ln</span> <span class="nt">-sf</span> /usr/share/novnc/vnc.html /usr/share/novnc/index.html <span class="k">ENV</span><span class="s"> DISPLAY=:1</span> <span class="k">ENV</span><span class="s"> RESOLUTION=1920x1080x24</span> <span class="c"># Set vnc password</span> <span class="k">ARG</span><span class="s"> VNC_PASS=dummypass</span> <span class="c"># Create vnc password file</span> <span class="k">RUN </span><span class="nb">mkdir</span> <span class="nt">-p</span> /root/.vnc <span class="o">&amp;&amp;</span> <span class="se">\ </span> x11vnc <span class="nt">-storepasswd</span> <span class="s2">"</span><span class="nv">$VNC_PASS</span><span class="s2">"</span> /root/.vnc/passwd <span class="k">COPY</span><span class="s"> supervisord.conf /etc/supervisord.conf</span> <span class="k">EXPOSE</span><span class="s"> 5900 6080</span> <span class="k">CMD</span><span class="s"> ["supervisord", "-c", "/etc/supervisord.conf", "-n"]</span> </code></pre> </div> <h2> 📦 Docker Compose Setup </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">vnc_firefox</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">vnc_firefox</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5901:5900"</span> <span class="c1"># VNC</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6080:6080"</span> <span class="c1"># noVNC web UI</span> <span class="err"> </span><span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">netstat</span><span class="nv"> </span><span class="s">-tln</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">grep</span><span class="nv"> </span><span class="s">-q</span><span class="nv"> </span><span class="s">6080</span><span class="nv"> </span><span class="s">||</span><span class="nv"> </span><span class="s">exit</span><span class="nv"> </span><span class="s">1"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">1m30s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">start_period</span><span class="pi">:</span> <span class="s">30s</span> </code></pre> </div> <h2> Under the Hood (process supervision) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvs50q9kmku12resihs17.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvs50q9kmku12resihs17.jpg" alt="Supervisor meme" width="735" height="495"></a></p> <p>Everything is managed by <code>supervisord</code>, which runs:</p> <p><code>Xvfb</code> - virtual framebuffer display</p> <p><code>x11vnc</code> - provides VNC access</p> <p><code>fluxbox</code> - lightweight window manager (WM)</p> <p><code>firefox</code> - your GUI browser</p> <p><code>novnc_proxy</code> - web socket bridge</p> <p>Example <code>supervisord.conf</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Supervisor main config</span> <span class="o">[</span>supervisord] <span class="nv">nodaemon</span><span class="o">=</span><span class="nb">true </span><span class="nv">logfile</span><span class="o">=</span>/var/log/supervisord.log <span class="nv">pidfile</span><span class="o">=</span>/var/run/supervisord.pid <span class="nv">childlogdir</span><span class="o">=</span>/var/log <span class="c"># XVirtual Framebuffer (Xvfb)</span> <span class="c"># Creates a virtual display environment (:1)</span> <span class="o">[</span>program:xvfb] <span class="nb">command</span><span class="o">=</span>/usr/bin/Xvfb :1 <span class="nt">-screen</span> 0 1920x1080x24 <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">priority</span><span class="o">=</span>10 <span class="c"># x11vnc, VNC server</span> <span class="o">[</span>program:x11vnc] <span class="nb">command</span><span class="o">=</span>/usr/bin/x11vnc <span class="nt">-display</span> :1 <span class="nt">-rfbauth</span> /root/.vnc/passwd <span class="nt">-forever</span> <span class="nt">-shared</span> <span class="nt">-rfbport</span> 5900 <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">priority</span><span class="o">=</span>20 <span class="c"># fluxbox, lightweight window manager</span> <span class="o">[</span>program:fluxbox] <span class="nb">command</span><span class="o">=</span>/usr/bin/fluxbox <span class="nv">environment</span><span class="o">=</span><span class="nv">DISPLAY</span><span class="o">=</span><span class="s2">":1"</span> <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">priority</span><span class="o">=</span>30 <span class="c"># Runs firefox inside the Xvfb + Fluxbox environment</span> <span class="o">[</span>program:firefox] <span class="nb">command</span><span class="o">=</span>/usr/bin/firefox <span class="nv">environment</span><span class="o">=</span><span class="nv">DISPLAY</span><span class="o">=</span><span class="s2">":1"</span> <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">priority</span><span class="o">=</span>40 <span class="c"># noVNC, WebSocket VNC Proxy</span> <span class="c"># Bridges VNC (port 5900) to a web interface (port 6080)</span> <span class="o">[</span>program:novnc] <span class="nb">command</span><span class="o">=</span>/usr/share/novnc/utils/novnc_proxy <span class="nt">--vnc</span> localhost:5900 <span class="nt">--listen</span> 6080 <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">priority</span><span class="o">=</span>50 </code></pre> </div> <p>Our project structure should look likes this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">.</span> ├── docker-compose.yml ├── Dockerfile └── supervisord.conf </code></pre> </div> <h2> How to Run It? </h2> <p><strong>1.</strong> Build &amp; start the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker compose up <span class="nt">--build</span> <span class="nt">-d</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyz3dm9hawgosaa4ymcrc.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyz3dm9hawgosaa4ymcrc.gif" alt="Docker compose up" width="720" height="495"></a></p> <p><strong>2</strong> Access it by using your browser or VNC client. Using <code>dummypass</code> as password:</p> <p><strong>-</strong> Using noVNC Web: <code>http://localhost:6080</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ivebvy7nku1luu3vh8n.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ivebvy7nku1luu3vh8n.gif" alt="noVNC Access" width="760" height="590"></a></p> <p><strong>-</strong> Open any VNC viewer (e.g., RealVNC, TigerVNC, Remmina), then connect to: <code>localhost:5901</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpazgjw1zzwint87vnlwi.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpazgjw1zzwint87vnlwi.gif" alt="VNC viewwer" width="600" height="465"></a></p> <h2> What’s Next? </h2> <p>While this is mostly a fun experiment, it can be used for:</p> <p><strong>-</strong> Headless browser testing environments</p> <p><strong>-</strong> Remote browsing (isolated Firefox)</p> <p><strong>-</strong> Demonstrating GUI automation setups</p> <p><strong>NB</strong>: 😎 This post is part of my <strong>“Container Stuffs”</strong> open-source project on GitHub. Upcoming labs include:</p> <p><strong>-</strong> PostgreSQL master–replica setup</p> <p><strong>-</strong> Redis Sentinel cluster</p> <p><strong>-</strong> Multi-node Docker Swarm simulations</p> <p><strong>-</strong> and more to come!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn5g8udk80m4xd47d679g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn5g8udk80m4xd47d679g.png" alt="Container Stuff" width="648" height="168"></a></p> <p><a href="https://github.com/danielcristho/container-stuffs" rel="noopener noreferrer"><strong>danielcristho/container-stuffs</strong></a></p> <h2> Conclusion </h2> <p>Docker is more than backend services you can literally containerize <code>entire user experiences</code>.</p> <p>Projects like this prove that containers aren’t limited to APIs, databases, and background workers. With a bit of creativity, you can run full desktops, interactive UIs, browsers, automation toolchains, and even full development environments inside isolated, reproducible containers.</p> <p>Running Firefox inside Docker with noVNC shows how:</p> <p><strong>-</strong> system-level components (Xvfb, window managers, VNC)</p> <p><strong>-</strong> web technologies (WebSockets, noVNC)</p> <p><strong>-</strong> and container orchestration (Docker + Compose) can blend together to create something both useful and fun. </p> <p>Cheers, feel free to give me a feedback, and happy containerizing! 🐳</p> docker containers linux tutorial Daniel Pepuho Tue, 04 Nov 2025 01:02:13 +0000 https://dev.to/danielcristho/my-first-experience-as-a-speaker-at-aws-community-day-2ki3 https://dev.to/danielcristho/my-first-experience-as-a-speaker-at-aws-community-day-2ki3 <p>Hello everyone! 👋</p> <p>Last weekend, I had the amazing opportunity to be a speaker at <strong>AWS Community Day Indonesia 2025</strong>.<br> It was one of the most rewarding and eye-opening experiences in my tech journey and in this post, I’d love to share what the day was like, what I learned, and why it meant so much to me. BTW, I shared about <strong>“Building a Multi-Tenant Machine Learning Platform on AWS EKS with Ray and JupyterHub”</strong>.</p> <h2> Before the Event: Preparation </h2> <p>A few days before the event, to be honest, I felt a mix of excitement and nervousness.<br> Even though I’ve presented in smaller settings before, speaking at a community event like this felt special and a bit more serious!</p> <p>Here’s what I did to prepare:</p> <p><strong>-</strong> Finalized my presentation topic, making sure the content was practical and relevant for developers and cloud enthusiast<br> <strong>-</strong> Practiced my talk several times out loud to get comfortable with the flow<br> <strong>-</strong> Set my mindset: <em>I’m not just here to present. I’m here to connect, share, and learn from others</em>.</p> <p><strong>That mindset shift really helped me calm down before stepping on stage</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F48rkqkvsdk5g98odacgi.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F48rkqkvsdk5g98odacgi.jpg" alt="Pre Event" width="800" height="1013"></a></p> <h2> During the Event: On Stage and Beyond </h2> <p>When the day finally came, the atmosphere was incredible buzzing with conversations, excitement, and passion for AWS and cloud technologies.</p> <p>Some of my favorite moments were:<br> <strong>-</strong> Meeting so many people from the AWS community, many of whom I had only interacted with online before.<br> <strong>-</strong> Taking the stage to deliver my session “Building a Multi-Tenant Machine Learning Platform on AWS EKS with Ray and JupyterHub”.<br> <strong>-</strong> Even though I was nervous at first, once I started talking, everything clicked. It didn’t feel like a “presentation” anymore it felt like a conversation with friends who shared the same curiosity and enthusiasm.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1762141756%2FHLP00496_yl8br2.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1762141756%2FHLP00496_yl8br2.jpg" alt="Demo" width="800" height="533"></a></p> <h2> Key Takeaways &amp; Reflections </h2> <p>Looking back, here are a few lessons that really stuck with me:</p> <p><strong>-</strong> <strong>Community is everything</strong>. Behind every technology, it’s always about people learning, sharing, and growing together.<br> <strong>-</strong> <strong>Preparation builds confidence</strong>. The more I practiced, the more natural it felt on stage.<br> <strong>-</strong> <strong>Sharing is a two-way process</strong>. I came to give a talk, but I left with more insights from the audience than I expected<br> <strong>-</strong> <strong>Stay adaptable</strong>. Every crowd is different. Reading the room and adjusting how you explain something is an important skill.<br> <strong>-</strong> <strong>Keep growing</strong>. This experience reminded me <em>that growth doesn’t just happen behind the keyboard it happens when you step out, speak, and share what you’ve learned</em>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1762242426%2FSTY07845_dkqweb.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1762242426%2FSTY07845_dkqweb.jpg" alt="Post Event" width="800" height="533"></a></p> <h2> What's Next? </h2> <p>To be honest, there are still many aspects I haven’t fully covered in my presentation. After this event, I plan to expand this talk into a deeper technical series exploring the end-to-end ML lifecycle using Ray on AWS.</p> <p>While this session mainly focused on the infrastructure layer, there’s so much more to uncover about how Ray can power the entire machine learning pipeline from data preprocessing and distributed training with <code>Ray Train</code>, to hyperparameter tuning with <code>Ray Tune</code>, and serving models in production with <code>Ray Serve</code>.</p> <p>You can see my deck here: <a href="https://speakerdeck.com/danielcristho/building-a-multi-tenant-machine-learning-platform-on-aws-eks-with-ray-and-jupyterhub" rel="noopener noreferrer">Deck</a></p> todayilearned aws learning Daniel Pepuho Wed, 27 Aug 2025 15:55:33 +0000 https://dev.to/danielcristho/exploring-load-balancing-in-caddy-using-docker-5gn6 https://dev.to/danielcristho/exploring-load-balancing-in-caddy-using-docker-5gn6 <p>Hello there! In this post, we'll dive into the world of Caddy, a modern and powerful web server. Built using Go, Caddy offers a range of built-in features, including <strong>reverse proxy</strong> and <strong>load balancing</strong>.</p> <p>By the way, in this project, I'll use <strong>Caddy 2</strong>, the latest version, which comes with a completely rewritten architecture and enhanced features. To make our setup and testing as smooth as possible, we'll leverage Docker. Docker allows us to create a reproducible environment with all the necessary components easily.</p> <p>The main focus of this post will be on understanding and experimenting with Caddy's <strong>load balancing algorithms</strong>. We'll explore how Caddy intelligently distributes incoming traffic, the different strategies it offers (such as <strong>Round Robin</strong>, <strong>Least Connection</strong>, <strong>Random</strong>, and more), and how you can configure the for various use cases.</p> <p>By using Docker, we'll quickly spin up multiple backend services (which are called "workers") and route requests through a single Caddy instance acting as our load balancer.</p> <h2> The Project Setup </h2> <p>To get started, let's look at the project structure. Our setup is straightforward, allowing us to focus on the core concepts of load balancing.</p> <p>Here's the project structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>├── caddy │ └── Caddyfile ├── docker-compose.yml └── src ├── Dockerfile ├── go.mod └── main.go </code></pre> </div> <p>Our setup is composes of three main parts:</p> <p><strong>1.</strong> <strong>Backend Workers (<code>src</code>)</strong>: These are simple Go applications the will handle the requests. Each worker will simply return a "Hello form [hostname]" message, allowing us to sess which server is handling the request. This is the perfect way to visualize how Caddy distributes the load.</p> <p><strong>2.</strong> <strong>Caddy Load Balancer (<code>caddy</code>)</strong>: Our Caddy instance will act as the reverse proxy, forwarding requests to the worker services. We'll use the <code>Caddyfile</code> to define our load balancing rules.</p> <p><strong>3.</strong> <strong>Docker Compose (<code>docker.compose.yml</code>)</strong>: This file orchestrates everything, defining and running our multi-container application with a single-command.</p> <h2> Understanding the Components </h2> <p>Let's break down the files in our project.</p> <p><code>src/main.go</code></p> <p>This is a simple Go HTTP server. It listens on port <code>8081</code> and responds to any request by printing its <code>hostname</code>. This is our primary tool for observing the load balancing behavior.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"os"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">hostname</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Hostname</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"Hello from %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">hostname</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">handler</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8081"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><code>src/Dockerfile</code></p> <p>This <code>Dockerfile</code> builds our Go application into a lightweight, self-contained Docker image.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">golang:1.24</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /go/src/app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>go mod download <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 go build <span class="nt">-o</span> /go/bin/app <span class="k">FROM</span><span class="s"> golang:1.24-alpine</span> <span class="k">COPY</span><span class="s"> --from=builder /go/bin/app /</span> <span class="k">EXPOSE</span><span class="s"> 8081</span> <span class="k">ENV</span><span class="s"> PORT 8081</span> <span class="k">CMD</span><span class="s"> ["/app"]</span> </code></pre> </div> <p><code>docker-compose.yml</code></p> <p>This file ties everything together. We define a service for our Caddy load balancer and three worker services.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.8"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">load_balancer</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">caddy:2.10-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">load_balancer</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8082:80"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./caddy/Caddyfile:/etc/caddy/Caddyfile</span> <span class="na">worker_1</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./src</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">worker_1</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">worker_1</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8081"</span> <span class="na">worker_2</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./src</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">worker_2</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">worker_2</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8081"</span> <span class="na">worker_3</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./src</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">worker_3</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">worker_3</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8081"</span> </code></pre> </div> <p><code>caddy/Caddyfile</code></p> <p>This is where the magic happens! The <code>Caddyfile</code> is Caddy's configuration file. We'll define a <strong>reverse proxy</strong> that routes to our workers. The <code>lb_policy</code> directive is where we'll specify our load balancing algorithms.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">:</span><span class="m">80</span> <span class="p">{</span> <span class="n">reverse_proxy</span> <span class="n">worker_1</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_2</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_3</span><span class="o">:</span><span class="m">8081</span> <span class="p">{</span> <span class="n">lb_policy</span> <span class="n">round_robin</span> <span class="n">health_uri</span> <span class="o">/</span> <span class="n">health_interval</span> <span class="m">3</span><span class="n">s</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Experimenting with Load Balancing Algorithms </h2> <p>Now that our project is set up, we can start experimenting. To run the project, simply execute docker-compose up in your terminal. You can then send requests to <code>http://127.0.0.1:8082</code> and observe which worker responds.</p> <p><strong>1.</strong> Round Robin (<code>lb_policy round_robin</code>)</p> <p>This is the most common and simplest load balancing algorithm. Caddy distributes incoming requests to the backend servers in a sequential, rotating manner. It's a fair and predictable method, assuming all servers are equally capable of handling the load.</p> <p><strong>How to Configure</strong>:</p> <p>Modify your <code>caddy/Caddyfile</code> to use the <code>round_robin</code> policy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">:</span><span class="m">80</span> <span class="p">{</span> <span class="n">reverse_proxy</span> <span class="n">worker_1</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_2</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_3</span><span class="o">:</span><span class="m">8081</span> <span class="p">{</span> <span class="n">lb_policy</span> <span class="n">round_robin</span> <span class="n">health_uri</span> <span class="o">/</span> <span class="n">health_interval</span> <span class="m">3</span><span class="n">s</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>How to Test</strong>:</p> <p>After running <code>docker-compose up -d --build</code>, open your terminal and send a few requests using <code>curl</code>. You should see that Caddy distributes the traffic evenly among the three workers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_2</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_3</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> </code></pre> </div> <p>Now, let's test Caddy's fault tolerance. In a real-world scenario, a server might crash or become unresponsive. We'll simulate this by manually stopping one of the workers.</p> <p>Run the following command in your terminal to stop <code>worker_1</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop worker_1 </code></pre> </div> <p>After a few moments (the health_interval you set, e.g., 3 seconds), Caddy will perform its next health check, detect that <code>worker_1</code> is unresponsive, and automatically mark it as unhealthy.</p> <p>Now, send a few more requests. What do you expect to happen? With <code>worker_1</code> down, Caddy should intelligently stop routing traffic to it and redirect all requests to the remaining healthy servers (<code>worker_2</code> and <code>worker_3</code>).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxgewmphcg5wdyfd9nqap.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxgewmphcg5wdyfd9nqap.gif" alt="Demo Round Robin" width="600" height="399"></a></p> <p><strong>2.</strong> Weighted Round Robin (<code>lb_policy weighted_round_robin</code>)</p> <p>This algorithm is a more advanced version of Round Robin. It allows you to assign a "weight" to each backend server, which determines its share of the requests. <strong>Servers with a higher weight will receive more traffic than those with a lower weight</strong>. <strong>This is ideal when you have servers with varying capacities, for example, a new, more powerful server and an older, less powerful one</strong>.</p> <p>You can also use this policy to gradually drain traffic from an old server or ramp up traffic to a new one during deployments, making it a very useful strategy.</p> <p><strong>How to Configure</strong>:</p> <p>To use this policy, you need to add the weight to each server's address in the <code>Caddyfile</code>. For our example, let's give <code>worker_1</code> a higher weight of 3, while <code>worker_2</code> and <code>worker_3</code> each have a weight of 1. This means <code>worker_1</code> should handle three out of every five requests.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">:</span><span class="m">80</span> <span class="p">{</span> <span class="n">reverse_proxy</span> <span class="n">worker_1</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_2</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_3</span><span class="o">:</span><span class="m">8081</span> <span class="p">{</span> <span class="n">lb_policy</span> <span class="n">weighted_round_robin</span> <span class="m">3</span> <span class="m">1</span> <span class="m">1</span> <span class="n">health_uri</span> <span class="o">/</span> <span class="n">health_interval</span> <span class="m">3</span><span class="n">s</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>After updating the <code>Caddyfile</code>, make sure to reload or restart your Caddy container to apply the changes. You can do this with <code>docker-compose up -d --build</code>.</p> <p><strong>How to Test</strong>:</p> <p>Now, let's send a few requests to our load balancer and see how Caddy distributes the traffic according to the assigned weights. Send a few requests using curl and observe the responses.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_2</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_3</span> <span class="nv">$ </span>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lf7qh9kycbisoq35l4n.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lf7qh9kycbisoq35l4n.gif" alt="Weighted Round Robin Demo" width="600" height="541"></a></p> <p><strong>3.</strong> Least Connection (<code>lb_policy ip_hash</code>)</p> <p>Aight, let's dive into Least Connection. Unlike Round Robin, which is a simple, sequential algorithm, Least Connection is a dynamic and more intelligent load balancing policy. It chooses the backend server with the fewest number of currently active requests. This policy is excellent for situations where your requests have a highly variable processing time.</p> <p>For example, if one of your servers gets a handful of complex, long-running requests while the others are handling many small, quick ones, this algorithm will automatically route new traffic to the servers that are less burdened, preventing a single server from becoming a bottleneck. If there's a tie, meaning two or more servers have the same lowest number of connections, Caddy will randomly choose one of them.</p> <p><strong>How to Configure</strong>:</p> <p>Configuring this policy is simple. You just need to change the <code>lb_policy</code> directive in your Caddyfile.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">:</span><span class="m">80</span> <span class="p">{</span> <span class="n">reverse_proxy</span> <span class="n">worker_1</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_2</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_3</span><span class="o">:</span><span class="m">8081</span> <span class="p">{</span> <span class="n">lb_policy</span> <span class="n">least_conn</span> <span class="n">health_uri</span> <span class="o">/</span> <span class="n">health_interval</span> <span class="m">3</span><span class="n">s</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>After updating your <code>Caddyfile</code>, make sure to restart your Caddy container with <code>docker-compose up -d --build</code> to apply the changes.</p> <p><strong>How to Test</strong>:</p> <p>To demonstrate the Least Connection algorithm, you'll need to modify your Go code to simulate a long-running request. This will allow you to see how Caddy intelligently routes traffic away from the busy worker.</p> <p><strong>-</strong> <code>Update Your Go Code</code></p> <p>Open your <code>src/main.go</code> file and add a new handler that will simulate a task with a significant delay. This will act as our "long-running request."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"os"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">hostname</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Hostname</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"Hello from %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">hostname</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">longHandler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">hostname</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Hostname</span><span class="p">()</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">10</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"Hello! long running request finished from %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">hostname</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">handler</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/long"</span><span class="p">,</span> <span class="n">longHandler</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8081"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><strong>-</strong> <code>Rebuild and Run Docker Compose</code></p> <p>After updating your code, you must rebuild and run your containers to apply the changes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker-compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p><strong>-</strong> <code>Test the Scenario</code></p> <p>Now, you can test the Least Connection algorithm using two separate terminals.</p> <p><code>Terminal 1 (Long-Running Request)</code>:</p> <p>Start a request to the /long endpoint. This will open a connection to one of the workers and hold it for 10 seconds. Caddy will detect that this worker has an active, ongoing connection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://127.0.0.1:8082/long </code></pre> </div> <p><code>Terminal 2 (Normal Requests)</code>:</p> <p>Immediately after running the command in Terminal 1, switch to Terminal 2 and send several quick requests to the root endpoint (/).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>curl http://127.0.0.1:8082/ <span class="c"># Output: Hello from worker_2</span> <span class="nv">$ </span>curl http://127.0.0.1:8082/ <span class="c"># Output: Hello from worker_3</span> <span class="nv">$ </span>curl http://127.0.0.1:8082/ <span class="c"># Output: Hello from worker_2</span> </code></pre> </div> <p>You will observe that Caddy will not send requests to the worker that is currently busy with the long-running request. Instead, all new requests will be routed to the other two workers, demonstrating how the <code>least_conn</code> algorithm effectively balances load dynamically. Once the long-running request is complete, that worker will once again be available to handle new requests.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffmmaoembqb6yii7amg1n.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffmmaoembqb6yii7amg1n.gif" alt="Least Connection" width="720" height="388"></a></p> <p><strong>4.</strong> IP Hash (<code>lb_policy ip_hash</code>)</p> <p>The IP Hash load balancing algorithm is different from the previous ones because it's focused on session persistence. Instead of distributing requests based on a sequential or random order, it creates a hash from the client's IP address and uses that hash to consistently route all requests from that same client to the <strong>same backend server</strong>.</p> <p><strong>How to Configure</strong>:</p> <p>Configuring the IP Hash policy is straightforward. You simply need to replace the lb_policy directive in your Caddyfile with <code>ip_hash</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">:</span><span class="m">80</span> <span class="p">{</span> <span class="n">reverse_proxy</span> <span class="n">worker_1</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_2</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_3</span><span class="o">:</span><span class="m">8081</span> <span class="p">{</span> <span class="n">lb_policy</span> <span class="n">ip_hash</span> <span class="n">health_uri</span> <span class="o">/</span> <span class="n">health_interval</span> <span class="m">3</span><span class="n">s</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>After updating your Caddyfile, make sure to restart your Caddy container with <code>docker-compose up -d --build</code> to apply the changes.</p> <p><strong>How to Test</strong>:</p> <p>To test this algorithm, you'll need to send requests from different "clients" (i.e., different IP addresses) and observe where they are routed. The easiest way to simulate this is by sending requests from your local machine and then using a proxy or a different network to see if the requests are routed to a different server.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F88d0fgizt4w279r8c6d0.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F88d0fgizt4w279r8c6d0.gif" alt="IP Hash Demo" width="720" height="550"></a></p> <p>No matter how many times you run <code>curl</code> from the same machine, the requests will always be routed to the same worker. <strong>This is because Caddy is hashing your local IP address (127.0.0.1 or the container's internal IP) and consistently mapping it to that specific worker</strong>.</p> <p>This demonstrates how IP Hash ensures <strong>session stickiness</strong> without needing to share session data across all servers. It’s a powerful tool for maintaining a consistent user experience.</p> <p><strong>5.</strong> Random (<code>lb_policy random</code>)</p> <p>The Random load balancing policy is the simplest and most unpredictable of all the algorithms. As its name suggests, it selects a backend server at random for each new request. There is no sequential pattern or special logic; every request has an equal chance of being routed to any of the available servers.</p> <p>While it may seem less sophisticated than other algorithms, the Random policy is surprisingly effective in many scenarios. It's fast, has a very low overhead, and can be a great choice for distributing traffic evenly across a large pool of homogenous servers. It naturally avoids the <strong>"thundering herd"</strong> problem that can sometimes occur with Round Robin on <strong>first-come-first-served</strong> requests, as it prevents all clients from hitting the same server at the same time.</p> <p><strong>How to Configure</strong>:</p> <p>Configuring this policy is the easiest. Simply replace the <code>lb_policy</code> directive in your Caddyfile with <code>random</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">:</span><span class="m">80</span> <span class="p">{</span> <span class="n">reverse_proxy</span> <span class="n">worker_1</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_2</span><span class="o">:</span><span class="m">8081</span> <span class="n">worker_3</span><span class="o">:</span><span class="m">8081</span> <span class="p">{</span> <span class="n">lb_policy</span> <span class="n">random</span> <span class="n">health_uri</span> <span class="o">/</span> <span class="n">health_interval</span> <span class="m">3</span><span class="n">s</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>After updating your Caddyfile, make sure to restart your Caddy container with <code>docker-compose up -d --build</code> to apply the changes.</p> <p><strong>How to Test</strong>:</p> <p>To test the Random policy, send a series of quick requests and observe the output. Unlike the predictable pattern of Round Robin or the consistent output of IP Hash, the responses will come from different workers in an unpredictable order.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_3</span> curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_2</span> curl http://127.0.0.1:8082 <span class="c"># Output: Hello from worker_1</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lug035saq9bhaue3y7r.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lug035saq9bhaue3y7r.gif" alt="Demo Random" width="720" height="550"></a></p> <h2> Conclusion </h2> <p>Throughout this post, we've explored the core capabilities of Caddy as a powerful web server and a flexible load balancer. Using a simple Docker setup, we were able to quickly demonstrate five different load balancing algorithms, each with its own unique advantages:</p> <p><strong>-</strong> <strong>Round Robin</strong>: The classic, simple approach for evenly distributing traffic in a predictable sequence.</p> <p><strong>-</strong> <strong>Weighted Round Robin</strong>: A smarter version of Round Robin that allows you to prioritize traffic to more powerful servers.</p> <p><strong>-</strong> <strong>Least Connection</strong>: A dynamic algorithm that routes traffic based on real-time load, preventing a single server from becoming a bottleneck.</p> <p><strong>-</strong> <strong>IP Hash</strong>: The ideal choice for session stickiness, ensuring a consistent user experience by always routing a client to the same backend server.</p> <p><strong>-</strong> <strong>Random</strong>: A straightforward and fast algorithm for scattering traffic across servers, effective for a large pool of homogenous workers.</p> <p>This hands-on experience proved that Caddy is not just a simple web server but a robust tool for building scalable and reliable applications. Caddy's elegant syntax and powerful features make it an excellent choice for anyone looking to simplify their server configurations without sacrificing control or performance. Whether you're a seasoned developer or just starting, Caddy offers a smooth and intuitive experience that can handle everything from a single website to a complex, distributed application.</p> <p>References:</p> <p><strong>-</strong> <a href="https://caddyserver.com/docs/caddyfile/directives/reverse_proxy" rel="noopener noreferrer">Caddy Documentation: Reverse Proxy</a></p> <p><strong>-</strong> <a href="https://caddy.community" rel="noopener noreferrer">Caddy Community Wiki</a></p> docker go tutorial todayilearned Daniel Pepuho Mon, 18 Aug 2025 02:24:50 +0000 https://dev.to/danielcristho/dockerizing-go-api-and-caddy-ge4 https://dev.to/danielcristho/dockerizing-go-api-and-caddy-ge4 <p>Hello! In this post I'll walk through how to use Caddy as a reverse proxy and Docker for containerization to deploy a simple Go API. This method offers a quick and modern to getting your Go API up and running.</p> <p>Before we dive into the deployment steps, let's briefly discuss why Docker and Caddy are an excellent combination.</p> <ul> <li> <strong>Docker</strong> is a containerization platform that packages your app and all its dependecies into an isolated unit. This guarantess that your app runs consistenly everywhere, eliminating the classic <em>"</em><em>it works on my machine</em><em>"</em> problem.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1755401332%2Fdocker-meme_n1ca7c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1755401332%2Fdocker-meme_n1ca7c.png" alt="it works on my machine meme" width="676" height="930"></a></p> <ul> <li> <strong>Dockerile</strong> is the blueprint that defines how your Docker image is built. It specifies the base image, the steps to compile your application, and how the container should run.</li> <li> <strong>Docker Compose</strong> is a tool for defining and running multi-container Docker applications. Instead of starting each container manually, we can describe the entire stack in a single YAML file.</li> <li> <strong>Caddy</strong> is a modern reverse proxy and web server built using Go. Caddy is renowned for its ease of use, especially its <strong>automatic HTTPS</strong> feature. Its simple configuration makes it an ideal choice for serving our API.</li> </ul> <h2> Requirements </h2> <p>Before we start, you'll need to install Go, Docker and Docker Compose on your system.</p> <h3> 1. Go </h3> <p>Make sure Go is installed. You can check your version with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="k">go</span> <span class="n">version</span> <span class="k">go</span> <span class="n">version</span> <span class="n">go1</span><span class="m">.24.0</span> <span class="n">linux</span><span class="o">/</span><span class="n">amd6</span> </code></pre> </div> <p>If it's not installed, you can download it from <a href="https://go.dev/dl" rel="noopener noreferrer">the official site</a>.</p> <h3> 2. Docker &amp; Docker Compose </h3> <p>Make sure Docker &amp; Docker Compose are installed. You can check your docker version with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker <span class="nt">--version</span> Docker version 27.5.1, build 9f9e405 </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker compose version Docker Compose version v2.3.3 </code></pre> </div> <p>Follow the official guides to install Docker and Docker Compose for your operating system if you haven't installed them before. <a href="https://docs.docker.com/engine/install" rel="noopener noreferrer">The official site</a>.</p> <h2> Setting Up the Project </h2> <h3> Step 1: Create and Run a Simple Go API </h3> <ul> <li>First, create a new directory for the project and initialize a Go module: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir </span>go-api <span class="o">&amp;&amp;</span> <span class="nb">cd </span>go-api </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="k">go</span> <span class="n">mod</span> <span class="n">init</span> <span class="n">example</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="k">go</span><span class="o">-</span><span class="n">api</span> </code></pre> </div> <blockquote> <p>This command creates a Go module (go.mod) named example.com/go-api, which helps manage dependencies and makes the project reproducible.</p> </blockquote> <ul> <li>Next, create a new file <code>main.go</code> and define a simple HTTP server using Chi as the router.</li> </ul> <p>The server exposes two routes:</p> <ul> <li>Root path <code>/</code> -&gt; return an ASCII banner generated with the <code>go-figure</code> package. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"text/plain"</span><span class="p">)</span> <span class="n">asciiArt</span> <span class="o">:=</span> <span class="n">figure</span><span class="o">.</span><span class="n">NewFigure</span><span class="p">(</span><span class="s">"Go API - Caddy"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="no">true</span><span class="p">)</span><span class="o">.</span><span class="n">String</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">asciiArt</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>/api/hello</code> -&gt; returns a simple JSON response. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">apiHandler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">`{"message":"Hello, World!"}`</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li>In the main function, we:</li> </ul> <blockquote> <ol> <li>Initialize the Chi router and register both routes.</li> <li>Configure an HTTP server to listen on port 8081.</li> <li>Run the server in a goroutine and listen for shutdown signals (SIGINT, SIGTERM).</li> <li>Gracefully shut down the server with a 5-second timeout when a termination signal is received. </li> </ol> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">r</span> <span class="o">:=</span> <span class="n">chi</span><span class="o">.</span><span class="n">NewRouter</span><span class="p">()</span> <span class="c">// API Route</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">handler</span><span class="p">)</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/api/hello"</span><span class="p">,</span> <span class="n">apiHandler</span><span class="p">)</span> <span class="n">srv</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Server</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="s">":8081"</span><span class="p">,</span> <span class="n">Handler</span><span class="o">:</span> <span class="n">r</span><span class="p">,</span> <span class="p">}</span> <span class="n">stop</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">os</span><span class="o">.</span><span class="n">Signal</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="n">signal</span><span class="o">.</span><span class="n">Notify</span><span class="p">(</span><span class="n">stop</span><span class="p">,</span> <span class="n">syscall</span><span class="o">.</span><span class="n">SIGINT</span><span class="p">,</span> <span class="n">syscall</span><span class="o">.</span><span class="n">SIGTERM</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Server started at :8081"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">&amp;&amp;</span> <span class="n">err</span> <span class="o">!=</span> <span class="n">http</span><span class="o">.</span><span class="n">ErrServerClosed</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not listen on port 8081: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}()</span> <span class="o">&lt;-</span><span class="n">stop</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Shutting down server..."</span><span class="p">)</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">Shutdown</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Server shutdown failed: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Here is the full code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"os"</span> <span class="s">"os/signal"</span> <span class="s">"syscall"</span> <span class="s">"time"</span> <span class="s">"github.com/common-nighthawk/go-figure"</span> <span class="s">"github.com/go-chi/chi/v5"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"text/plain"</span><span class="p">)</span> <span class="n">asciiArt</span> <span class="o">:=</span> <span class="n">figure</span><span class="o">.</span><span class="n">NewFigure</span><span class="p">(</span><span class="s">"Go API - Caddy"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="no">true</span><span class="p">)</span><span class="o">.</span><span class="n">String</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">asciiArt</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">apiHandler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/json"</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">`{"message":"Hello, World!"}`</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">r</span> <span class="o">:=</span> <span class="n">chi</span><span class="o">.</span><span class="n">NewRouter</span><span class="p">()</span> <span class="c">// API Route</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">handler</span><span class="p">)</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"/api/hello"</span><span class="p">,</span> <span class="n">apiHandler</span><span class="p">)</span> <span class="n">srv</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Server</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="s">":8081"</span><span class="p">,</span> <span class="n">Handler</span><span class="o">:</span> <span class="n">r</span><span class="p">,</span> <span class="p">}</span> <span class="n">stop</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">os</span><span class="o">.</span><span class="n">Signal</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="n">signal</span><span class="o">.</span><span class="n">Notify</span><span class="p">(</span><span class="n">stop</span><span class="p">,</span> <span class="n">syscall</span><span class="o">.</span><span class="n">SIGINT</span><span class="p">,</span> <span class="n">syscall</span><span class="o">.</span><span class="n">SIGTERM</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Server started at :8081"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">&amp;&amp;</span> <span class="n">err</span> <span class="o">!=</span> <span class="n">http</span><span class="o">.</span><span class="n">ErrServerClosed</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not listen on port 8081: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}()</span> <span class="o">&lt;-</span><span class="n">stop</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Shutting down server..."</span><span class="p">)</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">Shutdown</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Server shutdown failed: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Then, try run the main.go using <code>go run</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="k">go</span> <span class="n">run</span> <span class="n">main</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <p>After that, you should see this message in the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Server started at :8081 </code></pre> </div> <p>Finally, you can test the API using <code>curl</code> or access from the browser on <code>http://127.0.0.1:8081</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl 127.0.0.1:8081 ____ _ ____ ___ ____ _ _ / ___| ___ / <span class="se">\ </span> | _ <span class="se">\ </span> |_ _| / ___| __ _ __| | __| | _ _ | | _ / _ <span class="se">\ </span> / _ <span class="se">\ </span> | |_<span class="o">)</span> | | | _____ | | / _<span class="sb">`</span> | / _<span class="sb">`</span> | / _<span class="sb">`</span> | | | | | | |_| | | <span class="o">(</span>_<span class="o">)</span> | / ___ <span class="se">\ </span> | __/ | | |_____| | |___ | <span class="o">(</span>_| | | <span class="o">(</span>_| | | <span class="o">(</span>_| | | |_| | <span class="se">\_</span>___| <span class="se">\_</span>__/ /_/ <span class="se">\_\ </span>|_| |___| <span class="se">\_</span>___| <span class="se">\_</span>_,_| <span class="se">\_</span>_,_| <span class="se">\_</span>_,_| <span class="se">\_</span>_, | |___/ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl 127.0.0.1:8081/api/hello <span class="o">{</span><span class="s2">"message"</span>:<span class="s2">"Hello, World!"</span><span class="o">}</span> </code></pre> </div> <h3> Step 2: The Dockerfile </h3> <p>We'll use a multi-stage build to create a minimal and secure Docker image. This process compiles our Go application in one stage and then copies only the final binary to a much smaller final image. This keeps our final image size low.</p> <p>Create a <code>Dockerfile</code> in your project directory and add the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># First stage: builder</span> <span class="k">FROM</span><span class="w"> </span><span class="s">golang:1.24</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /go/src/app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>go mod download <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 go build <span class="nt">-o</span> /go/bin/app </code></pre> </div> <ul> <li>In the builder stage, we use the official Go image to compile our code.</li> <li>We copy the entire project into the container and run go mod download to fetch dependencies.</li> <li>Then we build the binary with CGO_ENABLED=0 to ensure it’s statically compiled and portable. The binary is placed in /go/bin/app. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Second stage: final image</span> <span class="k">FROM</span><span class="s"> golang:1.24-alpine</span> <span class="c"># Copy only the compiled binary from builder stage</span> <span class="k">COPY</span><span class="s"> --from=builder /go/bin/app /</span> <span class="k">EXPOSE</span><span class="s"> 8081</span> <span class="k">ENV</span><span class="s"> PORT 8081</span> <span class="k">CMD</span><span class="s"> ["/app"]</span> </code></pre> </div> <ul> <li>In the final stage, only the compiled binary is copied over from the builder stage. This keeps the image small because source code, dependencies, and build tools are excluded.</li> <li>We expose port 8081 so Docker knows which port the app listens on.</li> <li> <code>CMD ["/app"]</code> runs the binary as the container’s main process.</li> </ul> <p>Here is the full code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">golang:1.24</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /go/src/app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>go mod download <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 go build <span class="nt">-o</span> /go/bin/app <span class="k">FROM</span><span class="s"> golang:1.24-alpine</span> <span class="k">COPY</span><span class="s"> --from=builder /go/bin/app /</span> <span class="k">EXPOSE</span><span class="s"> 8081</span> <span class="k">ENV</span><span class="s"> PORT 8081</span> <span class="k">CMD</span><span class="s"> ["/app"]</span> </code></pre> </div> <h3> Step 3: Configure Caddy </h3> <p>Caddy will act as a reverse proxy that forwards incoming requests to the Go API container. This allows us to:</p> <ul> <li>Tells Caddy to listen on port 80 (HTTP).</li> <li>Forwards requests to the Go API container, using the Docker service name go-api and port 8081.</li> </ul> <p>Create a file named <code>Caddyfile</code> in your project directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>:80 <span class="o">{</span> reverse_proxy go-api:8081 <span class="o">}</span> </code></pre> </div> <blockquote> <p>💡 If you later have a domain (e.g., api.example.com), you can replace <code>:80</code> with your domain<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>api.example.com <span class="o">{</span> reverse_proxy go-api:8081 <span class="o">}</span> </code></pre> </div> <h3> Step 4: Configure Docker Compose </h3> <p>Create a file named <code>docker-compose.yml</code> in your project directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.8"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">go-api</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">go-api</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8081"</span> <span class="c1"># Expose port internally (only visible to other services in this network)</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">caddy</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">caddy:2.10-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">caddy</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8082:80"</span> <span class="c1"># Map host port 8082 -&gt; container port 80</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./Caddyfile:/etc/caddy/Caddyfile</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">go-api</span> </code></pre> </div> <h4> Explanation </h4> <p><code>go-api</code> service</p> <ul> <li>Built from your local Dockerfile.</li> <li>Uses expose instead of ports → this means the Go API is reachable inside the Docker network but not directly exposed to the host machine.</li> <li>The Go API will listen on :8081, but only Caddy can access it.</li> </ul> <p><code>caddy</code> service</p> <ul> <li>Uses the official lightweight <a href="https://hub.docker.com/_/caddy" rel="noopener noreferrer">caddy:2.10-alpine</a> image.</li> <li> <code>ports: "8082:80"</code> -&gt; exposes port 80 from the container to port 8082 on your host machine. So when you open <code>http://127.0.0.1:8082</code>, requests are routed through Caddy.</li> <li>The Caddyfile is mounted so you can configure reverse proxy behavior.</li> <li> <code>depends_on</code> ensures Caddy waits for the Go API container to start.</li> </ul> <h3> Step 5: Test the Setup </h3> <p>Once all files are ready (<code>main.go</code>, <code>Dockerfile</code>, <code>Caddyfile</code>, <code>docker-compose.yml</code>), run the stack using the <code>docker compose up</code> command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">.</span> ├── Caddyfile ├── docker-compose.yml ├── Dockerfile ├── go.mod ├── go.sum └── main.go </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p>Make sure the containers are running using <code>docker ps</code> command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6b6b35487d77 caddy:2.10-alpine <span class="s2">"caddy run --config …"</span> 9 minutes ago Up 9 minutes 443/tcp, 2019/tcp, 443/udp, 0.0.0.0:8082-&gt;80/tcp, <span class="o">[</span>::]:8082-&gt;80/tcp caddy 20cbb2209fe7 docker-go-api-caddy_go-api <span class="s2">"/app"</span> 9 minutes ago Up 9 minutes 0.0.0.0:32770-&gt;8081/tcp, <span class="o">[</span>::]:32770-&gt;8081/tcp </code></pre> </div> <p>Now, test the endpoints through Caddy (reverse proxy):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://127.0.0.1:8082 </code></pre> </div> <p>Expected output: the ASCII art rendered by <code>go-figure</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://127.0.0.1:8082/api/hello </code></pre> </div> <p>Expected output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span><span class="s2">"message"</span>:<span class="s2">"Hello, World!"</span><span class="o">}</span> </code></pre> </div> <h2> Conclusion </h2> <p>In this guide, we successfully deployed a simple Go API containerized approach. By leveraging Docker, we created an isolated and reproducible environment for our application. We used a multi-stage build in our Dockerfile to keep the final image lightweight and secure, and Docker Compose to easily manage both our Go API and Caddy services with a single command.</p> <p>Feel free to explore further by adding more features to your API or by setting up a domain with Caddy’s automatic HTTPS. Happy deployment!🚀</p> <p>References:</p> <ul> <li><a href="https://docs.docker.com" rel="noopener noreferrer">Docker Documentation</a></li> <li><a href="https://docs.docker.com/compose" rel="noopener noreferrer">Docker Compose Documenation</a></li> <li><a href="https://caddyserver.com/docs" rel="noopener noreferrer">Caddy Documentation</a></li> </ul> docker go tutorial Daniel Pepuho Wed, 30 Apr 2025 15:21:10 +0000 https://dev.to/danielcristho/deploying-a-simple-flask-api-using-gunicorn-supervisor-nginx-eki https://dev.to/danielcristho/deploying-a-simple-flask-api-using-gunicorn-supervisor-nginx-eki <h2> Intro </h2> <p>Hi there! Flask is great for building APIs quickly. But turning your local project into a publicly accessible web service involves a few extra steps that aren’t always obvious.</p> <p>In this guide, I'll show you how to deploy a Flask API using Gunicorn as the WSGI server, Supervisor to manage the process, and Nginx as a reverse proxy.</p> <h2> Overview </h2> <ul> <li><p><a href="https://flask.palletsprojects.com/en/stable" rel="noopener noreferrer"><strong>Flask</strong></a>: The Python microframework we’ll use to build the API.</p></li> <li><p><a href="https://gunicorn.org" rel="noopener noreferrer"><strong>Gunicorn</strong></a>: A Python WSGI HTTP server for running Flask in production.</p></li> <li><p><a href="https://supervisord.org" rel="noopener noreferrer"><strong>Supervisor</strong></a>: A process control system to ensure the Gunicorn server stays alive.</p></li> <li><p><a href="https://nginx.org" rel="noopener noreferrer"><strong>Nginx</strong></a>: A reverse proxy to handle client requests and route them to Gunicorn.</p></li> </ul> <h3> Flask API Deployment Flow </h3> <p>The diagram below illustrates the flow of a request and response when using Flask, Gunicorn, Supervisor, and Nginx.</p> <p>When a user sends an HTTP request, it first reaches the Nginx reverse proxy. Nginx forwards the request to Gunicorn, which serves the Flask application via the WSGI protocol. Supervisor ensures that Gunicorn keeps running and automatically restarts it if needed. The response follows the same path back to the user.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1746028839%2Fflask-api-flow_ouvbts.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fres.cloudinary.com%2Fdiunivf9n%2Fimage%2Fupload%2Fv1746028839%2Fflask-api-flow_ouvbts.png" alt="Deployment Flow" width="800" height="335"></a></p> <h2> Requirements </h2> <p>Before starting, make sure you have the following installed on your system:</p> <ul> <li>Python 3 and Virtualenv</li> </ul> <p>Check if Python is installed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>python3 <span class="nt">--version</span> Python 3.10.14 </code></pre> </div> <p>If not installed, install it:</p> <p>Ubuntu/Debian:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>apt update <span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>python3 python3-venv <span class="nt">-y</span> </code></pre> </div> <p>CentOS/RHEL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>python3 python3-venv <span class="nt">-y</span> </code></pre> </div> <p>Homebrew (macOS):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>python </code></pre> </div> <ul> <li>Nginx</li> </ul> <p>Ubuntu/Debian:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>nginx <span class="nt">-y</span> </code></pre> </div> <p>CentOS/RHEL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>nginx <span class="nt">-y</span> </code></pre> </div> <p>Homebrew (macOS):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>nginx </code></pre> </div> <p>After installation, check if Nginx is running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl status nginx </code></pre> </div> <p>If it’s not running, start and enable it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl start nginx <span class="nv">$ </span><span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx </code></pre> </div> <ul> <li>Supervisor</li> </ul> <p>Ubuntu/Debian:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>apt update <span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>supervisor <span class="nt">-y</span> </code></pre> </div> <p>CentOS/RHEL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>supervisor <span class="nt">-y</span> </code></pre> </div> <p>Homebrew (macOS):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>supervisor </code></pre> </div> <p>After installation, check if Supervisor is running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl status supervisor </code></pre> </div> <p>If it’s not running, start and enable it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl start supervisor <span class="nv">$ </span><span class="nb">sudo </span>systemctl <span class="nb">enable </span>supervisor </code></pre> </div> <h2> Setting Up the Flask Project </h2> <p>First, create a project directory and set up a virtual environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir </span>flask-api <span class="o">&amp;&amp;</span> <span class="nb">cd </span>flask-api </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>python3 <span class="nt">-m</span> venv venv <span class="nv">$ </span><span class="nb">source </span>venv/bin/activate </code></pre> </div> <p>With the virtual environment activated, install Flask and Gunicorn:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>pip <span class="nb">install </span>flask gunicorn </code></pre> </div> <p>You can verify the installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>flask <span class="nt">--version</span> <span class="nv">$ </span>gunicorn <span class="nt">--version</span> </code></pre> </div> <p>Next, you need to create a file called app.py inside your project directory. You can use any text editor you prefer, such as nano, vim, or others:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>vim app.py from flask import Flask app <span class="o">=</span> Flask<span class="o">(</span>__name__<span class="o">)</span> @app.route<span class="o">(</span><span class="s2">"/api/hello"</span><span class="o">)</span> def hello<span class="o">()</span>: <span class="k">return</span> <span class="o">{</span><span class="s2">"message"</span>: <span class="s2">"Hello from Flask API!"</span><span class="o">}</span> </code></pre> </div> <p>Then, try to run your Flask app using <code>Gunicorn</code> command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>gunicorn app:app <span class="o">[</span>2025-04-30 20:37:49 +0700] <span class="o">[</span>1085004] <span class="o">[</span>INFO] Starting gunicorn 23.0.0 <span class="o">[</span>2025-04-30 20:37:49 +0700] <span class="o">[</span>1085004] <span class="o">[</span>INFO] Listening at: http://127.0.0.1:8000 <span class="o">(</span>1085004<span class="o">)</span> <span class="o">[</span>2025-04-30 20:37:49 +0700] <span class="o">[</span>1085004] <span class="o">[</span>INFO] Using worker: <span class="nb">sync</span> <span class="o">[</span>2025-04-30 20:37:49 +0700] <span class="o">[</span>1085005] <span class="o">[</span>INFO] Booting worker with pid: 1085005 <span class="o">[</span>2025-04-30 20:38:58 +0700] <span class="o">[</span>1085004] <span class="o">[</span>INFO] Handling signal: winch </code></pre> </div> <p>To try your app, just open another terminal session or window. You can use a tool like <code>curl</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://127.0.0.1:8000/api/hello <span class="o">{</span><span class="s2">"message"</span>:<span class="s2">"Hello from Flask API!"</span><span class="o">}</span> </code></pre> </div> <h3> Running with Multiple Workers </h3> <p>You can run Gunicorn with multiple worker processes using the -w option. For example, to run your app with 3 workers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>gunicorn <span class="nt">-w</span> 3 app:app <span class="o">[</span>2025-04-30 20:49:13 +0700] <span class="o">[</span>1085759] <span class="o">[</span>INFO] Starting gunicorn 23.0.0 <span class="o">[</span>2025-04-30 20:49:13 +0700] <span class="o">[</span>1085759] <span class="o">[</span>INFO] Listening at: http://127.0.0.1:8000 <span class="o">(</span>1085759<span class="o">)</span> <span class="o">[</span>2025-04-30 20:49:13 +0700] <span class="o">[</span>1085759] <span class="o">[</span>INFO] Using worker: <span class="nb">sync</span> <span class="o">[</span>2025-04-30 20:49:13 +0700] <span class="o">[</span>1085760] <span class="o">[</span>INFO] Booting worker with pid: 1085759 <span class="o">[</span>2025-04-30 20:49:13 +0700] <span class="o">[</span>1085761] <span class="o">[</span>INFO] Booting worker with pid: 1085760 <span class="o">[</span>2025-04-30 20:49:13 +0700] <span class="o">[</span>1085762] <span class="o">[</span>INFO] Booting worker with pid: 1085761 </code></pre> </div> <p>To confirm that Gunicorn is running with multiple workers, you can use tools like top or htop.</p> <p>Install htop (optional but nicer to read):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>htop <span class="nt">-y</span> </code></pre> </div> <p>Then run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>htop </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fli6icrynwizksqga238x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fli6icrynwizksqga238x.png" alt="Gunicorn Process" width="800" height="54"></a></p> <p>To bind it to a different port (e.g., 8081) and listen on all interfaces:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>gunicorn <span class="nt">-b</span> 0.0.0.0:8081 app:app <span class="o">[</span>2025-04-30 21:14:29 +0700] <span class="o">[</span>1085847] <span class="o">[</span>INFO] Starting gunicorn 23.0.0 <span class="o">[</span>2025-04-30 21:14:29 +0700] <span class="o">[</span>1085847] <span class="o">[</span>INFO] Listening at: http://0.0.0.0:8081 <span class="o">(</span>1085847<span class="o">)</span> <span class="o">[</span>2025-04-30 21:14:29 +0700] <span class="o">[</span>1085847] <span class="o">[</span>INFO] Using worker: <span class="nb">sync</span> <span class="o">[</span>2025-04-30 21:14:29 +0700] <span class="o">[</span>1085848] <span class="o">[</span>INFO] Booting worker with pid: 1085848 </code></pre> </div> <h3> Adding Supervisor and Nginx Configuration </h3> <h4> Supervisor Setup </h4> <p>To make sure Gunicorn runs in the background and restarts automatically if it crashes, you'll want to use Supervisor. Here's how to set it up:</p> <p>Create a configuration file for your app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/supervisor/conf.d/flask-api.conf </code></pre> </div> <p>Insert this configuration (adjust paths as needed):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>program:flask-api] <span class="nv">directory</span><span class="o">=</span>/home/youruser/flask-api <span class="nb">command</span><span class="o">=</span>/home/youruser/flask-api/venv/bin/gunicorn <span class="nt">-w</span> 3 <span class="nt">-b</span> 127.0.0.1:8000 app:app <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">user</span><span class="o">=</span>www-data <span class="nv">stdout_logfile</span><span class="o">=</span>/var/log/flask-api.out.log <span class="nv">stderr_logfile</span><span class="o">=</span>/var/log/flask-api.err.log <span class="nv">environment</span><span class="o">=</span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"/home/youruser/flask-api/venv/bin"</span> </code></pre> </div> <blockquote> <p>directory=/home/youruser/flask-api → The working directory where your Flask project is located.</p> <p>command=/home/youruser/flask-api/venv/bin/gunicorn -w 3 -b 127.0.0.1:8000 app:app → Runs the Gunicorn server with 3 workers, binding to localhost on port 8000.</p> <p>autostart=true → Automatically starts the app when Supervisor starts (e.g., on boot).</p> <p>autorestart=true → Restarts the app automatically if it crashes.</p> <p>user=www-data → Runs the process as the www-data user (you can change this to your own user if needed).</p> <p>stdout_logfile=/var/log/api/flask-api.out.log → File where standard output (including errors) is logged.</p> <p>stderr_logfile=/var/log/api/flask-api.err.log → (Optional if using redirect_stderr) File for capturing standard error output.</p> <p>environment=PATH="..." → Ensures Supervisor uses the correct Python virtual environment for Gunicorn.</p> </blockquote> <p>Then reload Supervisor to pick up the new config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>supervisorctl reread <span class="nv">$ </span><span class="nb">sudo </span>supervisorctl update <span class="nv">$ </span><span class="nb">sudo </span>supervisorctl status </code></pre> </div> <p>If the API is not running, check the logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cat</span> /var/log/flask-api.out.log <span class="nv">$ </span><span class="nb">cat</span> /var/log/flask-api.err.log </code></pre> </div> <p>Or use Supervisor’s built-in log viewer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">tail</span> <span class="nt">-f</span> flask-api <span class="o">==&gt;</span> Press Ctrl-C to <span class="nb">exit</span> &lt;<span class="o">==</span> </code></pre> </div> <h4> Nginx Configuration </h4> <p>Now that Gunicorn is running your Flask app on port 8000, you’ll want Nginx to act as a reverse proxy.</p> <p>Create a new Nginx config file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/sites-available/flask-api </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>server <span class="o">{</span> listen 80<span class="p">;</span> server_name _<span class="p">;</span> location / <span class="o">{</span> proxy_pass http://127.0.0.1:8000<span class="p">;</span> proxy_set_header Host <span class="nv">$host</span><span class="p">;</span> proxy_set_header X-Real-IP <span class="nv">$remote_addr</span><span class="p">;</span> proxy_set_header X-Forwarded-For <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> proxy_set_header X-Forwarded-Proto <span class="nv">$scheme</span><span class="p">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Enable the site and test:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/flask-api /etc/nginx/sites-enabled <span class="nv">$ </span><span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="nv">$ </span><span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <p>Finally, ff everything is set up correctly, you should now be able to access your Flask API at <a href="http://YOUR_SERVER_IP/api/hello" rel="noopener noreferrer">http://YOUR_SERVER_IP/api/hello</a> if you're using a public server or VPS.</p> <h4> Optional: Project Structure &amp; Requirements </h4> <p>To easily reinstall dependencies later:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>pip freeze <span class="o">&gt;</span> requirements.txt </code></pre> </div> <p>However, it’s better to specify only the packages you need manually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>vim requirements.txt </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>flask gunicorn </code></pre> </div> <p>To install all requirements, just run <code>pip install</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <p>Your project structure should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>flask-api/ ├── app.py ├── venv/ └── requirements.txt </code></pre> </div> <h3> Common Issues </h3> <p>Here are a few quick troubleshooting tips:</p> <blockquote> <p>502 Bad Gateway: Usually means Gunicorn isn't running or the Nginx config has the wrong port.</p> <p>Supervisor status shows STOPPED: Check your config file paths and the logs:<br> <code>sudo tail -f /var/log/flask-api.err.log</code></p> <p>Permission errors: Ensure all paths used by Supervisor and Gunicorn are accessible by the appropriate user.</p> </blockquote> <h3> Conclusion </h3> <p>In this guide, we deployed a Flask API using Gunicorn as the WSGI server, Supervisor to keep the app running reliably, and Nginx as a reverse proxy to handle incoming requests. With this setup, your Flask app is ready to serve real traffic efficiently and automatically recover from crashes. Thanks for reading — and good luck with your deployment! 🚀</p> <p>Project Reference:</p> <ul> <li><a href="https://medium.com/ymedialabs-innovation/deploy-flask-app-with-nginx-using-gunicorn-and-supervisor-d7a93aa07c18" rel="noopener noreferrer">Rahul Nayak: Deploy flask app with nginx using gunicorn and supervisor</a></li> </ul> python linux tutorial Daniel Pepuho Thu, 20 Mar 2025 06:02:30 +0000 https://dev.to/danielcristho/deploying-a-simple-go-api-with-supervisor-and-nginx-fh5 https://dev.to/danielcristho/deploying-a-simple-go-api-with-supervisor-and-nginx-fh5 <h2> Intro </h2> <p>Hi! In this post, I'll show you how to deploy a simple Go API using Supervisor to manage the process and Nginx as a web server to serve it.</p> <p>Before we dive into the deployment steps, let's briefly discuss why we're using Supervisor and Nginx.</p> <ul> <li><p>Supervisor is a process control system that helps manage and monitor applications running in the background. It ensures that your Go API stays up and automatically restarts it if it crashes. <a href="https://supervisord.org/introduction.html" rel="noopener noreferrer">See the full documentation</a></p></li> <li><p>Nginx is a high-performance web server that can also function as a reverse proxy, making it ideal for serving our Go API to the internet. <a href="https://nginx.org/en" rel="noopener noreferrer">See the full documentation</a></p></li> </ul> <h3> 🤔 Why Choose Supervisor Over Other Options? </h3> <p>You might wonder why we use Supervisor instead of alternatives like <a href="https://systemd.io" rel="noopener noreferrer">Systemd</a>, <a href="https://pm2.keymetrics.io" rel="noopener noreferrer">PM2</a>, or containerized solutions like <a href="https://www.docker.com/get-started" rel="noopener noreferrer">Docker</a>. Here’s a quick comparison:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tools</th> <th>Pros</th> <th>Cons</th> </tr> </thead> <tbody> <tr> <td>Supervisor</td> <td>Simple setup, great for managing multiple processes, easy log management</td> <td>Requires manual config</td> </tr> <tr> <td>Systemd</td> <td>Native to Linux, faster startup</td> <td>More complex setup, harder to debug</td> </tr> <tr> <td>PM2</td> <td>Built for Node.js, supports process monitoring</td> <td>Not ideal for Go applications</td> </tr> <tr> <td>Docker</td> <td>Isolated environment, easy deployment, scalable</td> <td>More setup overhead, requires container knowledge</td> </tr> </tbody> </table></div> <h4> When Should You Use Supervisor? </h4> <p>Use Supervisor when you want a simple, non-containerized way to manage a Go service, with features like auto-restart and log management, without dealing with systemd’s complexity or Docker’s extra overhead.</p> <h2> Setup and Run a Simple Go API </h2> <h3> Requirements </h3> <p>Before starting, make sure you have the following installed on your system:</p> <ul> <li> <p>Go<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>go version go version go1.24.0 linux/amd64 </code></pre> <p>If not installed, download it from <a href="https://go.dev/dl" rel="noopener noreferrer">the official site</a>.</p> </li> <li><p>Supervisor</p></li> <li> <p>Ubuntu/Debian<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>apt update <span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>supervisor <span class="nt">-y</span> </code></pre> </li> <li> <p>CentOS/RHEL<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>supervisor <span class="nt">-y</span> </code></pre> </li> <li> <p>Homebrew (macOS)<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>supervisor </code></pre> <p>After installation, check if Supervisor is running:<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl status supervisor </code></pre> <p>If it’s not running, start and enable it:<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl start supervisor <span class="nv">$ </span><span class="nb">sudo </span>systemctl <span class="nb">enable </span>supervisor </code></pre> </li> <li><p>Nginx</p></li> <li> <p>Ubuntu/Debian<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>nginx <span class="nt">-y</span> </code></pre> </li> <li> <p>CentOS/RHEL<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>nginx <span class="nt">-y</span> </code></pre> </li> <li> <p>Homebrew (macOS)<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>nginx </code></pre> <p>After installation, check if Nginx is running:<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl status nginx </code></pre> <p>If it’s not running, start and enable it:<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl start nginx <span class="nv">$ </span><span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx </code></pre> </li> </ul> <h3> Initialize a New Go Project </h3> <p>First, create a new directory for the project and initialize a Go module:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd</span> /var/www/ <span class="nv">$ </span><span class="nb">mkdir </span>go-api <span class="o">&amp;&amp;</span> <span class="nb">cd </span>go-api </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>go mod init example.com/go-api </code></pre> </div> <p>This command creates a Go module named <code>example.com/go-api</code>, which helps manage dependencies.</p> <h4> Create a Simple API </h4> <p>Now, create a new file <code>main.go</code> and add the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>vim main.go </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"text/plain"</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"Simple Go API"</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">handler</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Server started at :8080"</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8080"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Compile and run the Go server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>go run main.go </code></pre> </div> <p>If successful, you should see this message in the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Server started at :8080 </code></pre> </div> <p>Now test the API using <code>curl</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl localhost:8080 Simple Go API </code></pre> </div> <h4> Create a Simple API with ASCII Text Response (Optional) </h4> <p>First, install the go-figure package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>go get github.com/common-nighthawk/go-figure </code></pre> </div> <p>Now, modify <code>main.go</code> to generate an ASCII text response dynamically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"github.com/common-nighthawk/go-figure"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">w</span><span class="o">.</span><span class="n">Header</span><span class="p">()</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"text/plain"</span><span class="p">)</span> <span class="n">asciiArt</span> <span class="o">:=</span> <span class="n">figure</span><span class="o">.</span><span class="n">NewFigure</span><span class="p">(</span><span class="s">"Simple Go API"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="no">true</span><span class="p">)</span><span class="o">.</span><span class="n">String</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">asciiArt</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="n">handler</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Server started at :8080"</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8080"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl localhost:8080 ____ _ _ ____ _ ____ ___ / ___| <span class="o">(</span>_<span class="o">)</span> _ __ ___ _ __ | | ___ / ___| ___ / <span class="se">\ </span> | _ <span class="se">\ </span> |_ _| <span class="se">\_</span>__ <span class="se">\ </span> | | | <span class="s1">'_ ` _ \ | '</span>_ <span class="se">\ </span> | | / _ <span class="se">\ </span> | | _ / _ <span class="se">\ </span> / _ <span class="se">\ </span> | |_<span class="o">)</span> | | | ___<span class="o">)</span> | | | | | | | | | | |_<span class="o">)</span> | | | | __/ | |_| | | <span class="o">(</span>_<span class="o">)</span> | / ___ <span class="se">\ </span> | __/ | | |____/ |_| |_| |_| |_| | .__/ |_| <span class="se">\_</span>__| <span class="se">\_</span>___| <span class="se">\_</span>__/ /_/ <span class="se">\_\ </span>|_| |___| |_| </code></pre> </div> <h3> Running the API as a Background Service with Supervisor </h3> <h4> Create a Supervisor Configuration for the Go API </h4> <p>Create a new Supervisor config file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/supervisor/conf.d/go-api.conf </code></pre> </div> <p>Add the following configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>program:go-api] <span class="nv">process_name</span><span class="o">=</span>%<span class="o">(</span>program_name<span class="o">)</span>s_%<span class="o">(</span>process_num<span class="o">)</span>02d <span class="nv">directory</span><span class="o">=</span>/var/www/go-api <span class="nb">command</span><span class="o">=</span>bash <span class="nt">-c</span> <span class="s1">'cd /var/www/go-api &amp;&amp; ./main'</span> <span class="nv">autostart</span><span class="o">=</span><span class="nb">true </span><span class="nv">autorestart</span><span class="o">=</span><span class="nb">true </span><span class="nv">user</span><span class="o">=</span>www-data <span class="nv">redirect_stderr</span><span class="o">=</span><span class="nb">true </span><span class="nv">stderr_logfile</span><span class="o">=</span>/var/log/go-api.err.log <span class="nv">stdout_logfile</span><span class="o">=</span>/var/log/go-api.out.log </code></pre> </div> <blockquote> <p><strong>Explanation</strong>:</p> <p><code>directory=/var/www/go-api</code> → The working directory of the Go API.<br> <code>command=bash -c 'cd /var/www/go-api &amp;&amp; ./main'</code> → Runs the API.<br> <code>autostart=true</code> → Starts automatically on system boot.<br> <code>autorestart=true</code> → Restarts if the process crashes.<br> <code>user=www-data</code> → Runs as the www-data user (adjust as needed).<br> <code>redirect_stderr=true</code> → Redirects error logs to stdout.<br> <code>stdout_logfile=/var/log/go-api.out.log</code> → Standard output log file.<br> <code>stderr_logfile=/var/log/go-api.err.log</code> → Error log file.</p> </blockquote> <p>Now, we need build the Go API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>go build <span class="nt">-o</span> main <span class="nb">.</span> </code></pre> </div> <p>Ensure the directory and binary have the correct permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo chown</span> <span class="nt">-R</span> www-data:www-data /var/www/go-api <span class="nv">$ </span><span class="nb">sudo chmod </span>775 /var/www/go-api/main </code></pre> </div> <h4> Apply the Supervisor Configuration </h4> <p>Reload Supervisor and start the service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>supervisorctl reread <span class="nv">$ </span><span class="nb">sudo </span>supervisorctl update <span class="nv">$ </span><span class="nb">sudo </span>supervisorctl start go-api:<span class="k">*</span> </code></pre> </div> <p>Check the service status:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>supervisorctl avail go-api:go-api_00 <span class="k">in </span>use auto 999:999 </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>supervisorctl status go-api:<span class="k">*</span> go-api:go-api_00 RUNNING pid 198867, <span class="nb">uptime </span>0:01:52 </code></pre> </div> <h4> Check Logs and Debugging </h4> <p>If the API is not running, check the logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo cat</span> /var/log/go-api.out.log <span class="nv">$ </span><span class="nb">sudo cat</span> /var/log/go-api.err.log </code></pre> </div> <p>Or use Supervisor’s built-in log viewer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>supervisorctl <span class="nb">tail</span> <span class="nt">-f</span> go-api:go-api_00 <span class="o">==&gt;</span> Press Ctrl-C to <span class="nb">exit</span> &lt;<span class="o">==</span> Server started at :8080 </code></pre> </div> <h3> Setting Up Nginx as a Reverse Proxy for the API </h3> <h4> Create a new configuration file: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/sites-available/go-api </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>server <span class="o">{</span> server_name _<span class="p">;</span> location / <span class="o">{</span> proxy_pass http://127.0.0.1:8080<span class="p">;</span> proxy_http_version 1.1<span class="p">;</span> proxy_set_header Upgrade <span class="nv">$http_upgrade</span><span class="p">;</span> proxy_set_header Connection <span class="s1">'upgrade'</span><span class="p">;</span> proxy_set_header Host <span class="nv">$host</span><span class="p">;</span> <span class="o">}</span> error_log /var/log/nginx/go-api_error.log<span class="p">;</span> access_log /var/log/nginx/go-api_access.log<span class="p">;</span> <span class="o">}</span> </code></pre> </div> <p>Create a symbolic link to enable the site:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/go-api /etc/nginx/sites-enabled/ </code></pre> </div> <p>Test the configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>nginx <span class="nt">-t</span> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf <span class="nb">test </span>is successful </code></pre> </div> <p>If the test is successful, restart Nginx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <p>Now, you can access your Go API using:</p> <ul> <li>Localhost (if running locally) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://localhost ____ _ _ ____ _ ____ ___ / ___| <span class="o">(</span>_<span class="o">)</span> _ __ ___ _ __ | | ___ / ___| ___ / <span class="se">\ </span> | _ <span class="se">\ </span> |_ _| <span class="se">\_</span>__ <span class="se">\ </span> | | | <span class="s1">'_ ` _ \ | '</span>_ <span class="se">\ </span> | | / _ <span class="se">\ </span> | | _ / _ <span class="se">\ </span> / _ <span class="se">\ </span> | |_<span class="o">)</span> | | | ___<span class="o">)</span> | | | | | | | | | | |_<span class="o">)</span> | | | | __/ | |_| | | <span class="o">(</span>_<span class="o">)</span> | / ___ <span class="se">\ </span> | __/ | | |____/ |_| |_| |_| |_| | .__/ |_| <span class="se">\_</span>__| <span class="se">\_</span>___| <span class="se">\_</span>__/ /_/ <span class="se">\_\ </span>|_| |___| |_| </code></pre> </div> <ul> <li>Server’s Public IP (if running on a VPS or remote server) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl http://YOUR_SERVER_IP </code></pre> </div> <blockquote> <p>Note: If you want to access your Go API using a custom domain instead of an IP address, you need to purchase a domain, configure its DNS to point to your server’s IP, and update your Nginx configuration accordingly. For better security, it's recommended to set up HTTPS using Let's Encrypt.</p> </blockquote> <h3> Conclusion </h3> <p>In this guide, we deployed a simple Go API using Supervisor to manage the process ensuring automatic restarts and efficient request handling also Nginx as a reverse proxy. Thank you for reading, and good luck with your deployment! 🚀</p> go linux tutorial Daniel Pepuho Sat, 01 Feb 2025 14:21:01 +0000 https://dev.to/danielcristho/kubernetes-105-create-kubernetes-cluster-oha https://dev.to/danielcristho/kubernetes-105-create-kubernetes-cluster-oha <p>Let's start again. Now we will do some practices.</p> <p>In this part of the Kubernetes series, we will explore how to create a Kubernetes cluster in different environments. Whether you're running Kubernetes locally or in the cloud, understanding how to set up a cluster is fundamental to deploying and managing containerized applications efficiently.</p> <p>We will cover three different ways to create a Kubernetes cluster:</p> <ul> <li><p>Kind (Kubernetes in Docker) - A lightweight way to run Kubernetes clusters locally for testing and development.</p></li> <li><p>K3D (K3S in Docker) - A more lightweight Kubernetes distribution, optimized for local development and CI/CD workflows.</p></li> <li><p>EKS (Amazon Elastic Kubernetes Service) - A managed Kubernetes service provided by AWS for running Kubernetes workloads in the cloud.</p></li> </ul> <p>Each approach has its own use cases, advantages, and trade-offs. Let's dive into each one and see how to set up a cluster.</p> <h2> Setting Up a Kubernetes Cluster with Kind </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7x44sjqpd4v0ikbgpu2f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7x44sjqpd4v0ikbgpu2f.png" alt="Kind Logo" width="800" height="534"></a></p> <p>Kind (Kubernetes in Docker) is one of the simplest ways to spin up a Kubernetes cluster for local development and testing. It runs Kubernetes clusters inside Docker containers and is widely used for CI/CD and development workflows.</p> <h3> Prerequisites </h3> <ul> <li>Docker installed on your machine. (<a href="https://docs.docker.com/engine/install" rel="noopener noreferrer">installation guide</a>)</li> <li>KIND CLI installed. (<a href="https://kind.sigs.k8s.io/docs/user/quick-start/#installation" rel="noopener noreferrer">installation guide</a>)</li> <li>Kubectl CLI installed. (<a href="https://kubernetes.io/docs/tasks/tools" rel="noopener noreferrer">installation guide</a>)</li> </ul> <h3> Create a Cluster with Kind </h3> <ul> <li>Create a new Kind cluster: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> kind create cluster <span class="nt">--name</span> kind-cluster Creating cluster <span class="s2">"kind-cluster"</span> ... ✓ Ensuring node image <span class="o">(</span>kindest/node:v1.31.0<span class="o">)</span> 🖼 ✓ Preparing nodes 📦 ✓ Writing configuration 📜 ✓ Starting control-plane 🕹 ✓ Installing CNI 🔌 ✓ Installing StorageClass 💾 Set kubectl context to <span class="s2">"kind-kind-cluster"</span> You can now use your cluster with: kubectl cluster-info <span class="nt">--context</span> kind-kind-cluster Thanks <span class="k">for </span>using kind! 😊 </code></pre> </div> <ul> <li>Check the cluster: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> kubectl cluster-info <span class="nt">--context</span> kind-kind-cluster Kubernetes control plane is running at https://127.0.0.1:43417 CoreDNS is running at https://127.0.0.1:43417/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> </code></pre> </div> <ul> <li>List available nodes: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get nodes NAME STATUS ROLES AGE VERSION kind-cluster-control-plane Ready control-plane 75s v1.31.0 </code></pre> </div> <h3> Create Simple Deployment </h3> <ul> <li>Use the <code>kubectl create deployment</code> command to define and start a deployment: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> kubectl create deployment nginx <span class="nt">--image</span><span class="o">=</span>nginx deployment.apps/nginx created </code></pre> </div> <ul> <li>Check deployment status using <code>kubectl get deployment</code> command: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE nginx 0/1 1 0 29s </code></pre> </div> <ul> <li>Expose the deployment: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl expose deployment nginx <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--type</span><span class="o">=</span>LoadBalancer service/nginx exposed </code></pre> </div> <ul> <li>Verify the Pod status and then try to access Nginx using your browser: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE nginx-676b6c5bbc-wd87x 1/1 Running 0 12m </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxtltv33114mzja34rr1g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxtltv33114mzja34rr1g.png" alt="Access Nginx" width="800" height="228"></a></p> <ul> <li>Delete the cluster when no longer needed </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kind delete cluster <span class="nt">--name</span> kind-cluster Deleting cluster <span class="s2">"kind-cluster"</span> ... Deleted nodes: <span class="o">[</span><span class="s2">"kind-cluster-control-plane"</span><span class="o">]</span> </code></pre> </div> <h2> Setting Up a Kubernetes Cluster with K3D </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fad1hu2a7xvrvme945nla.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fad1hu2a7xvrvme945nla.png" alt="K3D Logo" width="800" height="534"></a></p> <p>K3D is a tool that allows you to run lightweight Kubernetes clusters using K3S inside Docker. It is a great choice for fast, local Kubernetes development.</p> <h3> Prerequisites </h3> <ul> <li>Docker installed on your machine. (<a href="https://docs.docker.com/engine/install" rel="noopener noreferrer">installation guide</a>)</li> <li>K3D CLI installed. (<a href="https://k3d.io/stable/#installation" rel="noopener noreferrer">installation guide</a>)</li> <li>Kubectl CLI installed. (<a href="https://kubernetes.io/docs/tasks/tools" rel="noopener noreferrer">installation guide</a>)</li> </ul> <h3> Create a Cluster with K3D </h3> <ul> <li>Create a new K3D cluster: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>k3d cluster create my-k3d-cluster INFO[0000] Prep: Network INFO[0000] Created network <span class="s1">'k3d-my-k3d-cluster'</span> INFO[0000] Created image volume k3d-my-k3d-cluster-images INFO[0000] Starting new tools node... INFO[0000] Starting node <span class="s1">'k3d-my-k3d-cluster-tools'</span> INFO[0001] Creating node <span class="s1">'k3d-my-k3d-cluster-server-0'</span> INFO[0001] Creating LoadBalancer <span class="s1">'k3d-my-k3d-cluster-serverlb'</span> INFO[0001] Using the k3d-tools node to gather environment information INFO[0001] HostIP: using network gateway 172.20.0.1 address INFO[0001] Starting cluster <span class="s1">'my-k3d-cluster'</span> INFO[0001] Starting servers... INFO[0001] Starting node <span class="s1">'k3d-my-k3d-cluster-server-0'</span> INFO[0008] All agents already running. INFO[0008] Starting helpers... INFO[0008] Starting node <span class="s1">'k3d-my-k3d-cluster-serverlb'</span> INFO[0016] Injecting records <span class="k">for </span>hostAliases <span class="o">(</span>incl. host.k3d.internal<span class="o">)</span> and <span class="k">for </span>2 network members into CoreDNS configma p... INFO[0018] Cluster <span class="s1">'my-k3d-cluster'</span> created successfully! INFO[0018] You can now use it like this: kubectl cluster-info </code></pre> </div> <ul> <li>Check the cluster status: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl cluster-info Kubernetes control plane is running at https://0.0.0.0:46503 CoreDNS is running at https://0.0.0.0:46503/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://0.0.0.0:46503/api/v1/namespaces/kube-system/services/https:metrics-server:https/p roxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> </code></pre> </div> <ul> <li>List available nodes: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get nodes NAME STATUS ROLES AGE VERSION k3d-my-k3d-cluster-server-0 Ready control-plane,master 2m33s v1.30.4+k3s1 </code></pre> </div> <h3> Create Simple Deployment </h3> <ul> <li>Use the <code>kubectl create deployment</code> command to define and start a deployment: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl create deployment httpd <span class="nt">--image</span><span class="o">=</span>httpd </code></pre> </div> <ul> <li>Check deployment status using <code>kubectl get deployment</code> command: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE httpd 0/1 1 0 45s </code></pre> </div> <ul> <li>Verify the Pod status: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> kubectl get pods NAME READY STATUS RESTARTS AGE httpd-56f946b8c8-84ww8 1/1 Running 0 9m11s </code></pre> </div> <ul> <li>Expose the deployment: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl expose deployment httpd <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--type</span><span class="o">=</span>LoadBalancer </code></pre> </div> <ul> <li>Try to access using browser:</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhcz2h6s89xmovj5zxpv5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhcz2h6s89xmovj5zxpv5.png" alt="Access HTTPD" width="794" height="257"></a></p> <ul> <li>Delete the cluster when no longer needed: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>k3d cluster delete my-k3d-cluster INFO[0000] Deleting cluster <span class="s1">'my-k3d-cluster'</span> INFO[0001] Deleting cluster network <span class="s1">'k3d-my-k3d-cluster'</span> INFO[0001] Deleting 1 attached volumes... INFO[0001] Removing cluster details from default kubeconfig... INFO[0001] Removing standalone kubeconfig file <span class="o">(</span><span class="k">if </span>there is one<span class="o">)</span>... INFO[0001] Successfully deleted cluster my-k3d-cluster! </code></pre> </div> <h2> Setting Up a Kubernetes Cluster on AWS EKS </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8stn3qycpy7381a03rj4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8stn3qycpy7381a03rj4.png" alt="AWS EKS Logo" width="800" height="546"></a></p> <p>Amazon Elastic Kubernetes Service (EKS) is a fully managed Kubernetes service on AWS, designed for running production workloads.</p> <h3> Prerequisites </h3> <ul> <li>AWS CLI installed and configured. (<a href="https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" rel="noopener noreferrer">installation guide</a>)</li> <li>EKSCTL CLI installed. (<a href="https://eksctl.io/installation" rel="noopener noreferrer">installation guide</a>)</li> <li>Kubectl CLI installed. (<a href="https://kubernetes.io/docs/tasks/tools" rel="noopener noreferrer">installation guide</a>)</li> </ul> <h3> Create a cluster on EKS </h3> <p>To create a Kubernetes cluster in AWS, you can use the AWS Console (dashboard) or the eksctl CLI. For this guide, we will use <code>eksctl</code>.</p> <p>We will provisions an EKS cluster with two <code>t4g.small</code> nodes in the <code>us-east-1</code> region, making it ready for running Kubernetes workloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>eksctl create cluster <span class="se">\</span> <span class="nt">--name</span> cluster-1 <span class="se">\</span> <span class="nt">--region</span> us-east-1 <span class="se">\</span> <span class="nt">--node-type</span> t4g.small <span class="se">\</span> <span class="nt">--nodes</span> 2 <span class="se">\</span> <span class="nt">--nodegroup-name</span> node-group-1 2025-02-01 19:52:35 <span class="o">[</span>ℹ] eksctl version 0.202.0 2025-02-01 19:52:35 <span class="o">[</span>ℹ] using region us-east-1 2025-02-01 19:52:37 <span class="o">[</span>ℹ] setting availability zones to <span class="o">[</span>us-east-1c us-east-1f] ... 2025-02-01 20:02:04 <span class="o">[</span>ℹ] creating addon 2025-02-01 20:02:04 <span class="o">[</span>ℹ] successfully created addon 2025-02-01 20:02:05 <span class="o">[</span>ℹ] creating addon 2025-02-01 20:02:06 <span class="o">[</span>ℹ] successfully created addon 2025-02-01 20:02:07 <span class="o">[</span>ℹ] creating addon 2025-02-01 20:02:07 <span class="o">[</span>ℹ] successfully created addon <span class="s2">"us-east-1"</span> region is ready </code></pre> </div> <ul> <li>Access AWS console, navigate to the EKS service and you can see the cluster is successfully created.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu6fea9eyql10rn2kvp9f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu6fea9eyql10rn2kvp9f.png" alt="After cluster creation" width="800" height="90"></a></p> <ul> <li>List available nodes: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get nodes NAME STATUS ROLES AGE VERSION ip-192-168-xx-yy.ec2.internal Ready &lt;none&gt; 17m v1.30.8-eks-aeac579 ip-192-168-xx-yy.ec2.internal Ready &lt;none&gt; 17m v1.30.8-eks-aeac57 </code></pre> </div> <h3> Create Simple Deployment </h3> <ul> <li>Use the <code>kubectl create deployment</code> command to define and start a deployment: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl create deployment nginx <span class="nt">--image</span><span class="o">=</span>nginx deployment.apps/nginx create </code></pre> </div> <ul> <li>Check deployment status using <code>kubectl get deployment</code> command: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE nginx 1/1 1 1 23s </code></pre> </div> <ul> <li>Verify the Pod status: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE nginx-bf5d5cf98-9dld5 1/1 Running 0 43s </code></pre> </div> <ul> <li>Expose the service: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl expose deployment nginx <span class="nt">--type</span><span class="o">=</span>LoadBalancer <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--name</span><span class="o">=</span>nginx-service </code></pre> </div> <ul> <li>Try to access using the browser:</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs3c2ul7c18ntg8x5tq4r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs3c2ul7c18ntg8x5tq4r.png" alt="Access the service" width="800" height="281"></a></p> <ul> <li>Delete the cluster when no longer needed: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span> eksctl delete cluster <span class="nt">--name</span> cluster-1 <span class="nt">--region</span> us-east-1 2025-02-01 20:51:59 <span class="o">[</span>ℹ] deleting EKS cluster <span class="s2">"cluster-1"</span> 2025-02-01 20:52:02 <span class="o">[</span>ℹ] will drain 0 unmanaged nodegroup<span class="o">(</span>s<span class="o">)</span> <span class="k">in </span>cluster <span class="s2">"cluster-1"</span> 2025-02-01 20:52:02 <span class="o">[</span>ℹ] starting parallel draining, max <span class="k">in</span><span class="nt">-flight</span> of 1 2025-02-01 20:52:04 <span class="o">[</span>ℹ] deleted 0 Fargate profile<span class="o">(</span>s<span class="o">)</span> 2025-02-01 20:52:13 <span class="o">[</span>✔] kubeconfig has been updated 2025-02-01 20:52:13 <span class="o">[</span>ℹ] cleaning up AWS load balancers created by Kubernetes objects of Kind Service or Ingress 2025-02-01 20:52:56 <span class="o">[</span>ℹ] ... 2025-02-01 21:02:00 <span class="o">[</span>ℹ] waiting <span class="k">for </span>CloudFormation stack <span class="s2">"eksctl-cluster-1-nodegroup-node-group-1"</span> 2025-02-01 21:02:01 <span class="o">[</span>ℹ] will delete stack <span class="s2">"eksctl-cluster-1-cluster"</span> 2025-02-01 21:02:04 <span class="o">[</span>✔] all cluster resources were deleted </code></pre> </div> <h2> Conclusion </h2> <p>Setting up a Kubernetes cluster is the first step in running containerized applications at scale. In this guide, we've explored three different ways to create a Kubernetes cluster and do a simple deployment: using Kind and K3D for local development and using EKS for cloud-based deployments. Each method has its own advantages depending on your use case.</p> <p>Thanks for reading this post. Stay tuned!</p> <p>References:</p> <ul> <li><p>KUBERNETES UNTUK PEMULA. <a href="https://github.com/ngoprek-kubernetes/buku-kubernetes-pemula" rel="noopener noreferrer">https://github.com/ngoprek-kubernetes/buku-kubernetes-pemula</a>.</p></li> <li><p>How do I install AWS EKS CLI (eksctl)?. <a href="https://learn.arm.com/install-guides/eksctl" rel="noopener noreferrer">https://learn.arm.com/install-guides/eksctl</a></p></li> </ul> kubernetes devops beginners aws Daniel Pepuho Wed, 22 Jan 2025 09:13:36 +0000 https://dev.to/danielcristho/kubernetes-104-controller-2bna https://dev.to/danielcristho/kubernetes-104-controller-2bna <p>Let's start again. Now I'm going to talk about Controllers in Kubernetes. In Kubernetes, a Controller is like a cluster's brain, constantly working to ensure the system maintains its desired state. By monitoring objects such as Pods, Deployments, or DaemonSets, Controllers automate tasks and handle changes dynamically. Understanding Controllers is key to grasping how Kubernetes orchestrates and manages workloads seamlessly.</p> <h2> Common Kubernetes Controllers </h2> <p>Here are some of the most commonly used Controllers in Kubernetes:</p> <h2> 1. Deployment </h2> <p>Deployments <strong>manage updates to Pods and ReplicaSets declaratively by transitioning the current state to the desired state step-by-step.</strong> They can create new ReplicaSets, adopt existing resources, or remove old Deployments.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frqs2kfd890pb086t69fj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frqs2kfd890pb086t69fj.png" alt="Deployment Diagram" width="682" height="450"></a></p> <p>Common uses for Deployments include:</p> <p>a. Releasing a ReplicaSet and monitoring its status.<br> b. Updating Pod specifications to declare a new desired state.<br> c. Scaling up to handle increased load.<br> d. Rolling back to a previous version if the current state is unstable.<br> e. Cleaning up unused ReplicaSets.</p> <h2> 2. ReplicaSet </h2> <p><strong>ReplicaSets (RS) function as controllers in Kubernetes, responsible for maintaining a consistent number of running Pods for a specific workload</strong>. Acting as the mechanism behind the scenes, the ReplicaSet controller continuously monitors the state of the Pods and ensures the desired replica count is maintained. If a Pod crashes, is evicted, or fails for any reason, the ReplicaSet controller swiftly creates new Pods to restore the desired state, ensuring resilience and uninterrupted service.</p> <p>In practical use, ReplicaSets are not typically managed directly by users. Instead, they are controlled through Deployments, which leverage the ReplicaSet controller while providing additional features such as rolling updates, rollbacks, and declarative workload management. This abstraction allows users to benefit from the reliability and scalability of ReplicaSet controllers without dealing with their complexities directly.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6kzhidqggm8mlepb6uwu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6kzhidqggm8mlepb6uwu.png" alt="ReplicaSet Diagram" width="678" height="715"></a></p> <h2> 3. DaemonSet </h2> <p><strong>DaemonSet (DS) ensures that every or specific nodes in a cluster run a copy of a particular Pod</strong>. When a new node is added, DaemonSet automatically creates a Pod on that node. Conversely, when a node is removed, the associated Pod is deleted by the <code>garbage collector</code>. Deleting the DaemonSet removes all Pods it created.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F03t2uvmtrhse6lovati2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F03t2uvmtrhse6lovati2.png" alt="DaemonSet Diagram" width="678" height="453"></a></p> <p>Common uses of DaemonSet:</p> <ol> <li><p>Running storage daemons across nodes, such as Glusterd or Ceph.</p></li> <li><p>Running log collection daemons across nodes, such as Fluentd or LogStash.</p></li> <li><p>Running node monitoring daemons, such as Prometheus Node Exporter, Flowmill, or New Relic Agent.</p></li> </ol> <p>DaemonSet is ideal for tasks that require processes to run on every node, such as log collection, monitoring, or providing local volumes.</p> <h2> 4. StatefulSet </h2> <p><strong>A StatefulSet is a Kubernetes controller used for managing stateful applications. Unlike Deployments, which focus on stateless workloads, StatefulSet is designed for applications that require persistent identity and stable storage</strong>. It ensures that each Pod it manages has a unique, stable network identity and maintains a strict order during creation, scaling, or deletion.</p> <p>Key Features of StatefulSet:</p> <ol> <li><p>Stable Network Identity: Each Pod gets a unique and persistent DNS name (e.g., <code>pod-0</code>, <code>pod-1</code>), which remains consistent even after rescheduling.</p></li> <li><p>Ordered Pod Deployment and Scaling: Pods are created and scaled in a sequential order. For example, <code>pod-0</code> must be created before <code>pod-1</code>, and the same applies during deletion.</p></li> <li><p>Persistent Storage: StatefulSet works closely with PersistentVolumeClaim (PVC). Each Pod gets a dedicated PersistentVolume that remains intact even after the Pod is deleted or rescheduled.</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxc9ekn6rrwkg1akmw7a6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxc9ekn6rrwkg1akmw7a6.png" alt="StatefulSet Diagram" width="679" height="453"></a></p> <p>Common Use Cases:</p> <ol> <li><p>Databases like MySQL, PostgreSQL, and MongoDB, where stable storage and network identity are critical.</p></li> <li><p>Distributed Systems like Cassandra, Kafka, or ZooKeeper, where maintaining order and state is essential.</p></li> <li><p>Caching Systems like Redis, requiring predictable storage and replication across nodes.</p></li> </ol> <h2> 5. Job </h2> <p><strong>A Job is a Kubernetes controller designed to manage tasks that run to completion</strong>. Unlike Deployments or StatefulSets, which manage long-running or stateful applications, Jobs are used for short-lived workloads that need to be executed only once or a specific number of times.</p> <p>Key Features of a Job:</p> <ol> <li><p>Ensures Completion: A Job creates one or more Pods to perform a task and ensures that the task is completed successfully. If a Pod fails, the Job controller automatically creates a replacement until the task succeeds.</p></li> <li><p>Parallelism: Jobs support parallel execution, allowing multiple Pods to run concurrently, controlled by the parallelism and completions parameters.</p></li> <li><p>Retries: Jobs retry failed Pods until the task is successful or a specified backoff limit is reached.</p></li> </ol> <p>Common Use Cases:</p> <ul> <li><p>Batch Processing: Data transformation, ETL pipelines, or video encoding.</p></li> <li><p>Database Operations: Running migrations, backups, or clean-up scripts.</p></li> <li><p>One-Time Tasks: Performing diagnostics, generating reports, or initializing configurations.</p></li> </ul> <p>Thank you for reading this post.😀</p> <p>References:</p> <ul> <li><p>KUBERNETES UNTUK PEMULA. <a href="https://github.com/ngoprek-kubernetes/buku-kubernetes-pemula" rel="noopener noreferrer">https://github.com/ngoprek-kubernetes/buku-kubernetes-pemula</a>.</p></li> <li><p>Kubernetes Documentation: Jobs. <a href="https://kubernetes.io/docs/concepts/workloads/controllers/job" rel="noopener noreferrer">https://kubernetes.io/docs/concepts/workloads/controllers/job</a>.</p></li> <li><p>Kubernetes Controllers. <a href="https://www.uffizzi.com/kubernetes-multi-tenancy/kubernetes-controllers" rel="noopener noreferrer">https://www.uffizzi.com/kubernetes-multi-tenancy/kubernetes-controllers</a>.</p></li> <li><p>Kubernetes: DaemonSet. <a href="https://opstree.com/blog/2021/12/07/kubernetes-daemonset" rel="noopener noreferrer">https://opstree.com/blog/2021/12/07/kubernetes-daemonset</a>.</p></li> <li><p>Kubernetes StatefulSet vs Kubernetes Deployment. <a href="https://devtron.ai/blog/deployment-vs-statefulset" rel="noopener noreferrer">https://devtron.ai/blog/deployment-vs-statefulset</a>.</p></li> </ul> beginners devops kubernetes