Kubernetes CI/CD Pipelines at Scale
This blog was originally published by Kamesh Pemmaraju on the Platform9 Blog.
Kubernetes orchestrates containers reliably at scale while abstracting the underlying infrastructure. Unlike Virtual Machines, this helps developers separate the workloads from the complexities of the infrastructure. Kubernetes is ideal for CI/CD automation because it offers many built-in capabilities that makes application deployment standardized and reusable, improves developer productivity, and speeds up the adoption of cloud-native apps.
The following chart shows common Kubernetes use cases according to Platform9’s recent survey at KubeCon Barcelona:
The top 3 use cases are 1) DevOps CI/CD Automation, 2) modernizing legacy applications, and 3) automated app operations. These use cases focus on helping developers build and deliver applications faster, scale them up or down on-demand, and run them reliably in production.
However, running Kubernetes (k8s) in production environments with fully-automated and repeatable CI/CD pipelines and continuous security checking brings new challenges including integration complexity, constant production updates/rollbacks, Day 2 operations, life-cycle management, and talent acquisition/retention.
Solving these challenges is easier than you think. Here’s how you can quickly achieve CI/CD automation on Kubernetes and roll it out across your organization.
Managed Kubernetes Service Eliminates Operational Complexity
If the primary business problem you are solving has to do with improving developer productivity, delivering software faster to market, and running reliable applications in production — then is it worth your time dealing with hassles and complexity of operating Kubernetes? Do you have the people and skills to staff and operate large-scale Kubernetes clusters?
Operating your own large-scale Kubernetes infrastructure is daunting. The consequences of making the wrong choices are long-lasting and can impact application availability, performance, and agility. While building a solution in-house may be cheaper in the short term, your design might be of lesser quality or have flaws that are realized once you’re in production. Moreover, end up costing you a lot more.
While installing and managing Kubernetes doesn’t move the business forward, quickly deploying new applications and versions to customers does. To developers – Kubernetes’ end-users – platform availability is the key. They don’t care who builds it or how it gets there: they just want to get their hands on it, and for it to work well.
Although developers don’t care about the implementation details of a cluster or its operational state, someone still has to do the operational work to make sure the cluster is up-to-date, healthy, and secure. Platform9 manages your Kubernetes environment providing you with fully automated Day 2 operations and a 99.9% SLA on bare metal, VMware, public clouds, or at the edge. This frees up your DevOps teams to focus on what’s important: Respond to your customer needs by building better applications faster.
To get a feel for a fully-managed experience and try out the core Kubernetes features for free, check out the platform9 sandbox.
Helm Charts Automate CI/CD Tool Deployments
Once you have your Kubernetes infrastructure up and running, Kubernetes Helm enables you to quickly and reliably provision container applications through easy install, update, and removal. It provides a vehicle for developers to package their applications and share them with the Kubernetes community. It allows software vendors to offer their containerized applications at a push of a button. Through a single command or a few mouse clicks, users can install Kubernetes apps for dev-test or production environments. Most of the popular CI/CD toolsets are available as Helm charts.
The Platform9 App Catalog provides easy access and push-button deployments for Helm charts. You can use a App Catalog UI to select and deploy your favorite CI/CD pipeline tools (e.g., Jenkins, Spinnaker, Artifactory, JFrog Xray etc.) You can search for it, one-click deploy it, or configure it.
Artifactory and Xray Secure and Automate Software Delivery
Artifactory is a universal repository manager that serves all CI/CD needs, regardless of where microservices are running in your organization. Providing full Docker compatibility, it enables developers to deploy containerized microservices to the Kubernetes cluster. Once you push your App package to an Artifactory repository, you can proceed to validate and promote your container through the development, test, and release stages, and finally, deploy to production clusters in Kubernetes. Artifactory provides full auditability and traceability of all your App packages.
JFrog Xray performs deep recursive scans of your Docker images and identifies security vulnerabilities in all layers and dependencies. It also checks to ensure that all licensed software components comply with your organization’s policies. This helps block vulnerable and non-compliant software from being placed into production, and continuous scanning can ensure continued safety as new issues are discovered or policies change.
5-Step Kubernetes CI/CD Process Using Artifactory and Helm
Artifactory can serve as the Docker registry (or registries) for your microservices, in a way that is deeply integral to your CI/CD process that builds them. Using Artifactory as your Helm chart repository further enables this central repository manager to provide Platform9 with all the natively integrated resources it needs to deploy containers to k8s clusters.
When you also use Artifactory to proxy remote repositories such as npm, Maven, and Gradle, Artifactory acts as your secure Kubernetes registry, enabling you to trace the content, dependencies, and relationships with other Docker images in an end-to-end system.
Step 1. Develop your microservice using dependencies from registries that are proxied in Artifactory. The resulting App package can be a .war or .jar file.
Step 2. Create a Docker Framework using Tomcat and Java-8 on Ubuntu as a base image. Push this image to a Docker registry in Artifactory, where it is also scanned by Xray to assure security and license compliance.
Step 3. Create the Docker image for the microservice by adding the .war/.jar file to the Docker Framework, and push the image to a Docker registry in Artifactory, where it is scanned by Xray.
Step 4. Create a Helm chart for the microservice, and push it to a Helm repository in Artifactory.
Step 5. Deploy the microservice from the secure Docker registry to the Kubernetes cluster using the Helm Chart.
Managed Prometheus Monitors Your Applications
Platform9 Managed Prometheus provides Dev and Ops teams with easy deployment and configuration of the Prometheus stack and the Alert Manager as a multi-tenant service. The service is HA-ready, with SLA all handled automatically, with no need for Admin intervention. Developers have 100% self-service option to deploy any number of Prometheus instances and configure the monitoring rules and capacity usage. Currently, the service is in Beta and will be generally available soon. Please contact us for more details.