KubeCI - Cloud Native Continuous Delivery

Transcript

1. KubeCI Cloud Native Continuous Delivery Matthias Loibl - @metalmatze Loodse

2. Drone

3. Drone • Continuous Delivery • Automates your testing and releases

   • Open Source • Written in Go • Built on Docker ◦ Each step is a new container

4. Version Control Support

5. Declarative Configuration pipeline: frontend: image: node commands: - npm install

   - npm test backend: image: golang commands: - go test -v - go install services: database: image: mysql

6. Plugins

7. Languages Everything that can be executed in a Container

8. Installation • docker-compose.yml • Uses SQLite by default ◦ MySQL

   & Postgres are easy to enable server: image: drone/drone:0.8 ports: - 80:8000 - 9000 volumes: - /var/lib/drone:/var/lib/drone/ restart: always environment: - DRONE_OPEN=true - DRONE_HOST=${DRONE_HOST} - DRONE_GITHUB=true - DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT} - DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET} - DRONE_SECRET=${DRONE_SECRET} agent: image: drone/agent:0.8 command: agent restart: always depends_on: - drone-server volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - DRONE_SERVER=drone-server:9000 - DRONE_SECRET=${DRONE_SECRET}

9. Installation • Can be deployed to Kubernetes • Helm chart

   available $ helm install stable/drone Still uses the Docker socket...

10. Demo

11. What’s next?

12. Multi Machine Pipelines • Chain together multiple pipelines • Multi-machine

    fan-in and fan-out • Multi-operating system and multi-architecture builds • Replaces matrix builds

13. Multi Machine Pipelines --- pipeline: name: backend steps: - name:

    build image: golang commands: - go build - go test ... --- depends_on: [ backend, frontend ] pipeline: name: notify steps: - name: slack image: plugins/slack --- pipeline: name: frontend steps: - name: build image: node commands: - npm install - npm test ... What does it look like?

14. • Generate config data (YAML) • For really big pipelines

    • Share config across projects with imports Jsonnet { pipeline: { local go = 'golang:1.10.3', 'test': drone.step.new(go, group='build', commands=[ 'cd api', 'make test', ]), 'build': drone.step.new(go, group='build', commands=[ 'cd api', 'make build', ]), ... } } pipeline: test: image: golang:1.10.3 group: go commands: - cd api - make test build: image: golang:1.10.3 group: go commands: - cd api - make build ... $ drone jsonnet .drone.jsonnet .drone.yml

15. Kubernetes Runtime • Needs Kubernetes 1.10+ • Implements the same

    interface as the Docker runtime • Takes a kubeconfig to connect to Kubernetes • Talks to the Kubernetes apiserver • Schedules ◦ Services ◦ Pods ◦ Persistent Volumes (local volume) DRONE_KUBERNETES=true DRONE_KUBERNETES_KUBECONFIG=/home/user/.kube/config DRONE_KUBERNETES_NAMESPACE=drone

16. Kubernetes Runtime Improvements • At the moment we pick a

    random machine ◦ Use NodeAffinity • Building Docker containers on Kubernetes ◦ Needs privileges • No way to reference secrets • No way to reference configmaps Expect a lot of fixes and improvements!

17. Demo

18. KubeCI Cloud Native Continuous Delivery

19. KubeCI • We created a Drone Kubernetes Runtime • We

    have a lot more ideas

20. • Wraps kubectl • Decodes base64 secrets • Some basic

    templating ◦ {{ .DroneCommit }} ◦ {{ .DroneBranch }} pipeline: kubectl: image: kubeciio/kubectl secrets: [ kubeconfig ] kubectl: apply files: - /path/to/folder/foo.yaml - /path/to/folder/bar.yaml - /path/to/folder/baz.yaml Plugins - kubectl

21. • Wraps helm • Decodes base64 secrets • Sets tiller

    namespace • Iterates over charts array • Fetches specific helm version pipeline: helm: image: kubeciio/helm secrets: [ kubeconfig ] helm: upgrade --install tiller_namespace: helm charts: - name: prometheus path: monitoring/prometheues/ namespace: monitoring - name: nginx path: ingress/nginx/ namespace: ingress-nginx - name: cert-manager path: cert-manager/ namespace: cert-manager Plugins - helm

22. • Uses genuinetools/img ◦ daemon-less ◦ unprivileged Dockerfile ◦ OCI

    compatible • Drop-in replacement for Drone’s Docker plugin ◦ Interesting for Kubernetes Plugins - img pipelines: img: image: kubeciio/img repo: prom/prometheus secrets: [ docker_username, docker_password ] tag: [ latest, 0.3, 0.3.1 ] when: event: tag WIP

23. What are your needs? What CI/CD challenges for Kubernetes do

    you have? Tell us! Plugins

24. How we scale DroneCI on demand - Patrick Jahns &

    Thomas Boerger Stage 3 - (MS Bleichen) Understanding GitLab CI - Kamil Trzcinksi Stage 3 - (MS Bleichen) Upcoming talk

25. Brad Rydzewski - @bradrydzewski Creator of Drone Chris Bargmann -

    @chrisbargmann Support on KubeCI plugins Stefan Schimanski - @the_sttts Brainstorming at FOSDEM Jason Murray - @chaosaffe Initial hacking sessions Acknowledgements

26. Thank you Matthias Loibl - @metalmatze Loodse