KubeCI - Cloud Native Continuous Delivery

KubeCI - Cloud Native Continuous Delivery

Getting CI/CD pipelines to work on Kubernetes is a tricky endeavor, especially if you are looking for a Cloud Native CI/CD solution. KubeCI is an open source Continuous Delivery system built on Drone for Kubernetes. A simple YAML configuration file is used to the define and execute pipelines inside Kubernetes Pods. We will talk about why CI/CD pipelines are painful today. We will do some live coding, and show you how KubeCI can make a CI/CD deployment on Kubernetes simple. The audience will get insights about why we build KubeCI and how we want to extend it in the future.

915d80f0d9b6678fad4d1ab36dfc8960?s=128

Matthias Loibl

June 19, 2018
Tweet

Transcript

  1. KubeCI Cloud Native Continuous Delivery Matthias Loibl - @metalmatze Loodse

  2. Drone

  3. Drone • Continuous Delivery • Automates your testing and releases

    • Open Source • Written in Go • Built on Docker ◦ Each step is a new container
  4. Version Control Support

  5. Declarative Configuration pipeline: frontend: image: node commands: - npm install

    - npm test backend: image: golang commands: - go test -v - go install services: database: image: mysql
  6. Plugins

  7. Languages Everything that can be executed in a Container

  8. Installation • docker-compose.yml • Uses SQLite by default ◦ MySQL

    & Postgres are easy to enable server: image: drone/drone:0.8 ports: - 80:8000 - 9000 volumes: - /var/lib/drone:/var/lib/drone/ restart: always environment: - DRONE_OPEN=true - DRONE_HOST=${DRONE_HOST} - DRONE_GITHUB=true - DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT} - DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET} - DRONE_SECRET=${DRONE_SECRET} agent: image: drone/agent:0.8 command: agent restart: always depends_on: - drone-server volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - DRONE_SERVER=drone-server:9000 - DRONE_SECRET=${DRONE_SECRET}
  9. Installation • Can be deployed to Kubernetes • Helm chart

    available $ helm install stable/drone Still uses the Docker socket...
  10. Demo

  11. What’s next?

  12. Multi Machine Pipelines • Chain together multiple pipelines • Multi-machine

    fan-in and fan-out • Multi-operating system and multi-architecture builds • Replaces matrix builds
  13. Multi Machine Pipelines --- pipeline: name: backend steps: - name:

    build image: golang commands: - go build - go test ... --- depends_on: [ backend, frontend ] pipeline: name: notify steps: - name: slack image: plugins/slack --- pipeline: name: frontend steps: - name: build image: node commands: - npm install - npm test ... What does it look like?
  14. • Generate config data (YAML) • For really big pipelines

    • Share config across projects with imports Jsonnet { pipeline: { local go = 'golang:1.10.3', 'test': drone.step.new(go, group='build', commands=[ 'cd api', 'make test', ]), 'build': drone.step.new(go, group='build', commands=[ 'cd api', 'make build', ]), ... } } pipeline: test: image: golang:1.10.3 group: go commands: - cd api - make test build: image: golang:1.10.3 group: go commands: - cd api - make build ... $ drone jsonnet .drone.jsonnet .drone.yml
  15. Kubernetes Runtime • Needs Kubernetes 1.10+ • Implements the same

    interface as the Docker runtime • Takes a kubeconfig to connect to Kubernetes • Talks to the Kubernetes apiserver • Schedules ◦ Services ◦ Pods ◦ Persistent Volumes (local volume) DRONE_KUBERNETES=true DRONE_KUBERNETES_KUBECONFIG=/home/user/.kube/config DRONE_KUBERNETES_NAMESPACE=drone
  16. Kubernetes Runtime Improvements • At the moment we pick a

    random machine ◦ Use NodeAffinity • Building Docker containers on Kubernetes ◦ Needs privileges • No way to reference secrets • No way to reference configmaps Expect a lot of fixes and improvements!
  17. Demo

  18. KubeCI Cloud Native Continuous Delivery

  19. KubeCI • We created a Drone Kubernetes Runtime • We

    have a lot more ideas
  20. • Wraps kubectl • Decodes base64 secrets • Some basic

    templating ◦ {{ .DroneCommit }} ◦ {{ .DroneBranch }} pipeline: kubectl: image: kubeciio/kubectl secrets: [ kubeconfig ] kubectl: apply files: - /path/to/folder/foo.yaml - /path/to/folder/bar.yaml - /path/to/folder/baz.yaml Plugins - kubectl
  21. • Wraps helm • Decodes base64 secrets • Sets tiller

    namespace • Iterates over charts array • Fetches specific helm version pipeline: helm: image: kubeciio/helm secrets: [ kubeconfig ] helm: upgrade --install tiller_namespace: helm charts: - name: prometheus path: monitoring/prometheues/ namespace: monitoring - name: nginx path: ingress/nginx/ namespace: ingress-nginx - name: cert-manager path: cert-manager/ namespace: cert-manager Plugins - helm
  22. • Uses genuinetools/img ◦ daemon-less ◦ unprivileged Dockerfile ◦ OCI

    compatible • Drop-in replacement for Drone’s Docker plugin ◦ Interesting for Kubernetes Plugins - img pipelines: img: image: kubeciio/img repo: prom/prometheus secrets: [ docker_username, docker_password ] tag: [ latest, 0.3, 0.3.1 ] when: event: tag WIP
  23. What are your needs? What CI/CD challenges for Kubernetes do

    you have? Tell us! Plugins
  24. How we scale DroneCI on demand - Patrick Jahns &

    Thomas Boerger Stage 3 - (MS Bleichen) Understanding GitLab CI - Kamil Trzcinksi Stage 3 - (MS Bleichen) Upcoming talk
  25. Brad Rydzewski - @bradrydzewski Creator of Drone Chris Bargmann -

    @chrisbargmann Support on KubeCI plugins Stefan Schimanski - @the_sttts Brainstorming at FOSDEM Jason Murray - @chaosaffe Initial hacking sessions Acknowledgements
  26. Thank you Matthias Loibl - @metalmatze Loodse