OpenShift Commons Briefing - What's new in OpenShift Pipelines

Transcript

1. 1 OpenShift Pipelines - What’s New Jaafar Chraibi Principal Technical

   Marketing Manager Red Hat Cloud Platforms BU

2. DevOps is the key to meet the insatiable demand for

   delivering quality applications rapidly 2

3. Continuous Integration(CI) & Continuous Delivery (CD) 4 Build Test Security

   Checks Release Deploy Stage Deploy Prod Continuous Integration Continuous Delivery A key DevOps principle for automation, consistency and reliability

4. GENERAL DISTRIBUTION 5 Kubernetes-native on-demand delivery pipelines OpenShift Builds OpenShift

   OpenShift Pipelines OpenShift GitOps Automate building container images using Kubernetes tools A Comprehensive DevOps Platform for Hybrid Cloud Declarative GitOps for multi-cluster continuous delivery

5. 6 OpenShift Pipelines Kubernetes-native delivery pipelines

6. GENERAL DISTRIBUTION Why Cloud-Native CI/CD? 8 Traditional CI/CD Cloud-Native CI/CD

   Designed for Virtual Machines Designed for Containers and Kubernetes Require IT Ops for CI engine maintenance Pipeline as a service with no Ops overhead Plugins shared across CI engine Pipelines fully isolated from each other Plugin dependencies with undefined update cycles Lifecycle managed as container images No interoperability with Kubernetes resources Native Kubernetes resources Admin manages persistence Platform manages persistence Config baked into CI engine container Configured via Kubernetes ConfigMaps OPENSHIFT PIPELINES

7. 9 An open-source project for providing a set of shared

   and standard components for building Kubernetes-style CI/CD systems Governed by the Continuous Delivery Foundation Contributions from Google, Red Hat, Cloudbees, IBM, Pivotal and many more OPENSHIFT PIPELINES

8. GENERAL DISTRIBUTION 10 OpenShift Pipelines Cloud-native pipelines taking advantage of

   Kubernetes execution and , operational model and concepts Pipelines run and scale on-demand in isolated containers, with repeatable and predictable outcomes Granular control over pipeline execution details on Kubernetes, to support your exact requirements Built for Kubernetes Scale on-demand Flexible and powerful Secure pipeline execution Kubernetes RBAC and security model ensures security consistently across pipelines and workloads OPENSHIFT PIPELINES Powered by

9. 11 OpenShift Pipelines • Based on Tekton Pipelines • Kubernetes-native

   declarative CI/CD • Pipelines run on-demand in isolated containers • No central server to maintain! No plugin conflicts! • Task library and integration with Tekton Hub • Secure pipelines aligned with Kubernetes RBAC • Visual and IDE-based pipeline authoring • Pipeline templates when importing apps • Automated install and upgrades via OperatorHub • CLI, Web, VS Code and IntelliJ plugins OPENSHIFT PIPELINES

10. 12 Task step step Task step Task step step Task

    step step Pipeline OPENSHIFT PIPELINES Tekton Concepts step

11. Tekton Concepts: Pipeline 13 OPENSHIFT PIPELINES kind: Pipeline metadata: name:

    deploy-dev spec: params: - name: IMAGE_TAG tasks: - name: git taskRef: name: git-clone params: [...] - name: build taskRef: name: maven params: [...] runAfter: ["git"] - name: deploy taskRef: name: knative-deploy params: [...] runAfter: ["build"] • A graph of Tasks: concurrent & sequential • Tasks run on different nodes • Task execution logic ◦ Conditional ◦ Retries • Share data between tasks git build deploy

12. Tekton Concepts: Task 14 OPENSHIFT PIPELINES kind: Task metadata: name:

    buildah spec: params: - name: IMAGE steps: - name: build image: quay.io/buildah/stable:latest command: ["buildah"] args: ["bud", ".", "-t", "$(params.IMAGE)"] - name: push image: quay.io/buildah/stable:latest script: | buildah push $(params.IMAGE) docker://$(params.IMAGE) • Performs a specific task • List of steps • Steps run sequentially • Reusable

13. Tekton Concepts: step 15 • Run command or script in

    a container • Kubernetes container spec ◦ Env vars ◦ Volumes ◦ Config maps ◦ Secrets - name: build image: maven:3.6.0-jdk-8-slim command: [“mvn”] args: [“install”] - name: parse-yaml image: python3 script:|- #!/usr/bin/env python3 ... OPENSHIFT PIPELINES

14. • Share data during execution between pipeline tasks, such as

    source code, app binaries, etc. • Workspaces use PVCs to store data • You can mount specific subpaths in a workspace to organize data apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: maven-build spec: workspaces: - name: filedrop persistentvolumeclaim: claimName: source-pvc steps: - name: build image: maven:3.6.0-jdk-8-slim command: - /usr/bin/mvn args: - install OPENSHIFT PIPELINES Tekton Concepts: workspace Task Task Shared Workspace

15. 17 Tekton Hub Search, discover and install Tekton Tasks

16. 18 Tekton CLI, Visual Studio Code, and IntelliJ

17. What's new in OpenShift 4.8 • OpenShift Pipelines 1.5 GA

    on OCP 4.8 • Auto-pruning PipelineRuns and TaskRuns • Pipeline as code with GitHub (Dev Preview) ◦ Event filtering ◦ Task resolution ◦ Trigger on approved users and groups ◦ Pull-request commands ◦ GitHub Checks API ◦ GitHub and GitHub Enterprise • Ability to customize default ClusterTasks and Pipeline templates • Numerous enhancements in Dev Console OpenShift Pipelines - new in OpenShift 4.8 PM: Siamak Sadeghianfar

18. What's new in OpenShift 4.8 Git Repository .tekton folder containing

    pipeline definition Instantiates and runs the defined pipeline on OpenShift Pull request (or other events) Pipelines as code (PAC) pipeline-as-code

19. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Red Hat is the world’s leading

    provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you 21