Jenkins X Explained Part 1 – an integrated CI/CD solution for Kubernetes

2018/04/17

—-
Jenkins X Explained Part 1 – an integrated CI/CD solution for Kubernetes
// Jenkins Blog

Jenkins X is an opinionated platform for providing CI / CD on top of Kubernetes. We’ve chosen a set of core applications that we install and wire together so things work out-of-the-box, providing a turn key experience. This blog aims to build on previous introductions to Jenkins X and provide a deeper insight to what you get when you install Jenkins X.

key

So what happens? After downloading the jx CLI you will now be able to create clusters with public cloud providers or install onto an existing Kubernetes cluster.

cloud Providers

This command will create a cluster on your cloud provider of choice.

> jx create cluster

Alternatively you can bring your own Kubernetes cluster and install Jenkins X on it:

> jx install

That said, we’ve found that creating a new cluster on a public cloud such as GKE is a lot way easier to start as we can be sure of the state of the cluster. For example we know that storage, networking and loadbalancers will be working as expected. Creating a cluster on GKE takes only a few minutes so it’s a great way to try things out as well as run your enterprise workloads.

For now lets assume we are using GKE. When jx create cluster has finished you will see some output in the terminal that also includes the default admin password to use when logging into the core applications below. There is a flag —-default-admin-password you can use to set this password yourself.

Accessing applications

We automatically install an Nginx ingress controller running with an external loadbalancer pointing at it’s Kubernetes service. We also generate all the Kubernetes Ingress rules using a golang library called “exposecontroller“. This runs as a Kubernetes Job triggered by a Helm hook once any application is installed to the cluster.

Using “exposecontroller” means we can control all the ingress rules for an environment using a single set of configurations, rather than each application needing to know how to expose the kubernetes service to the outside world. This also means we can easily switch between HTTP and HTTPS plus support intregration with projects like cert-manager for auto generation of signed TLS certificates.

Environments

One important point to make is Jenkins X aims to use terminology that developers are familiar with. That’s not to say we are changing Kubernetes fundamentals, it’s more that if you don’t know Kubernetes concepts then we aim to help you still adopt the cloud technology and pull back the curtain as you gain confidence and experience. To that point, a core part of Jenkins X are “environments”. An environment can have one or more applications running in it. In Kubernetes term an “environment” maps to the concept of a “namespace” in code.

The installation by default created three environments, this is customisable but by default we have a “dev”, a “staging” and a “production environment”. To list, select, or switch between these environments run:

> jx env

Jenkins X core applications

In the “dev” environment we have installed a number of core applications we believe are required at a minimum to start folks off with CI/CD on Kubernetes. We can easily add to these core apps using Jenkins X addons but for now lets focus on the core apps. Jenkins X comes with configuration that wires these services together, meaning everything works together straight away. This dramatically reduces the time to get started with Kubernetes as all the passwords, environment variables and config files are all setup up to work with each other.

  1. Jenkins — provides both CI and CD automation. There is an effort to decompose Jenkins over time to become more cloud native and make use of Kubernetes concepts around CRDs, storage and scaling for example.
  2. Nexus — acts as a dependency cache for Nodejs and Java applications to dramatically improve build times. After an initial build of a SpringBoot application the build time is reduced from 12 mins to 4. We have not yet but intend to demonstrate swapping this with Artifactory soon.
  3. Docker Registry — an in cluster docker registry where our pipelines push application images, we will soon switch to using native cloud provider registries such as Google Container Registry, Azure Container Registry or Amazon Elastic Container Registry (ECR) for example.
  4. Chartmuseum — a registry for publishing Helm charts
  5. Monocular — a UI used for discovering and running Helm charts

Helm

We learned a lot in our early days with fabric8 on Kubernetes and there were some projects from the ecosystem that either weren’t around or (at the time) didn’t work with OpenShift, therefore we were restricted when making some design decisions. A couple of years on and now with Jenkins X we were able to look at other OSS projects that have been flourishing, so I was very happy to start looking at Helm. Helm is a package manager for Kubernetes and allows easy installation and upgrades of applications.

It was pretty clear that for Jenkins to evolve and include deployments to the cloud we should embrace Helm and provide an opinionated experience that helps teams and developers. The core applications mentioned above means Jenkins X provides an out of the box integrated CI/CD solution for Helm.

We know that helm has limitations but with the work on Helm 3, the focus of the Kubernetes sig-apps group, the Kubernetes community and investment we see from key organisations such as Microsoft, we feel Helm is currently the best way to install and upgrade applications on Kubernetes.

GitOps

We mentioned earlier that we setup three environments by default. What this means is for the staging and production environments we created:

  1. Kubernetes namespace
  2. An environment resource (CustomResourceDefinition) in the dev environment which includes details of how applications are promoted to it and includes various team settings.
  3. A git repository that we store what applications and their versions should be present in that environment. These are stored in a Helm requirements.yaml file
  4. A Jenkins Pipeline job: explained in more detail below

CI/CD for Environments

Having a Jenkins Pipeline Job for each environment means that Pull Requests to the git repo trigger a CI job. For now that job performs basic validation but in the future will include ‘gates’ to ensure a change to that environment has passed expected checks such as QA tasks, gain enough approvals from the correct people, etc – YES CI for environments!!

Once CI checks have passed the new application or version change can be merged. Only users that have karma can merge the Pull Request and therefore we get RBAC plus traceability for our environment deployments.

This means every application manifest, their version and configuration including storage requirements, resource needs and secrets for your environments are stored in Git repositories. Given a disaster recovery scenario this is exactly what you want.

Did I just say secrets in Git? Yes! We will be providing a nicer experience to helps folks get set up but we ourselves encrypt our secrets and store them in Git, then decrypt them when we come to install and upgrade.

Here’s our Git repo https://github.com/jenkins-x/cloud-environments/blob/a1edcc6/env-jx-infra/secrets.yaml.

We do all this with the help of a Helm wrapper called helm secrets. I’m working on a followup blog post with examples, better explanations and how to guides + add better integration with JX in the coming weeks.

Advertisements

choco

2018/04/16

—-
choco
// Passion is like genius; a miracle.

윈도우용 유니버셜 인스톨러.

https://chocolatey.org/

예를들어 ssh 도 이렇게 설치 가능하다.

C:\> choco install openssh 

—-

Read in my feedly

나의 iPhone에서 보냄

알아두면 쓸모있는 신박한 생활꿀팁 5

2018/04/16

—-
알아두면 쓸모있는 신박한 생활꿀팁 5
// 생활건강정보

알아두면 쓸모있는 신박한 생활꿀팁 5

99A65B455AD3B64433FBCF

일상생활 속에서 심각하게 불편하지 않더라도, 사소한 것들에 느끼는 불편함들이 더 크게 다가올 때가 있죠. 오늘은 사소한 것 같지만 성가시고 불편했던, 그래서 그 불편함을 한방에 해결해줄 알면 알수록 신박한 생활 속 초간단 꿀팁을 알려드릴게요^^

1. 칼 없이 마늘 다지기

제가 요리에 자주 사용하는 절임마늘이에요.

그냥 마늘을 넣을 때보다

간도 잘 맞고 감칠맛이 나서 좋아하거든요~

993204355AD3B2B7342222

그런데 마늘을 다질 때

칼을 사용하지 않고 쉽게 다지는 방법은 없을까요?

당연히 있죠!!!

포크만 있으면 쉽고 빠르게 다질 수 있어요.

99563E335AD3B2CB34FCE8

포크로 마늘을 꾹- 눌러주기만 하면 되는데요.

마늘 뿐만 아니라 생강도 가능해요.

소량의 마늘을 다질 때는

칼보다 포크가 안전하게 쉽게 다질 수 있어요^^

996E013B5AD3B41533EF67

2. 병뚜껑 쉽게 열기

병뚜껑을 열 때

아무리 힘을 줘도 열리지 않는다면…

9983A03D5AD3B49E018FC8

열리지 않는 병뚜껑을 열어줄 가장 간단한 방법은

고무장갑을 끼고 뚜껑을 여는 거예요.

99B6823E5AD3B4B5341B3A

만약 고무장갑이 없다면

숟가락으로 뚜껑의 테두리 부분을 돌아가며

톡톡 두드리는 방법도 있어요.

맘에 드는 방법을 골라서 사용해도 되겠네요~

99B70C3E5AD3B4C734C2D3

3. 자꾸 풀리는 운동화끈 고정시키기

운동화끈은 아무리 꽉 묶어도

걸어 다니다 보면 풀어져 있을 때가 많아요.

9966223D5AD3B4E135EAC0

운동화끈이 풀어지면

끈에 밟혀서 넘어질 수도 있고,

끈이 바닥에 쓸려서 더러워지죠.

99C32E3E5AD3B4F0339D9D

이때 헤어스프레이만 있으면

자꾸 풀리는 운동화끈을 쉽게 고정시킬 수 있어요.

99F463335AD3B5020449FE

운동화끈을 묶고 헤어스프레이를 뿌려주면 끝!

운동화끈을 잡아당기면 다시 풀어지기 때문에

망가질 걱정도 없어요~

99B9223E5AD3B51733B9ED

4. 캔음료에서 자꾸 탈출하는 빨대 고정시키기

캔음료를 마실 때

캔음료 입구에 빨대를 꽂으면

자꾸만 밖으로 탈출을 해서 불편하시죠~

995B81335AD3B532379A30

이때 캔음료를 따는 손잡이를 활용해보세요.

캔음료 손잡이를 입구 쪽으로 돌려서

그 안으로 빨대를 통과시키면

빨대가 밖으로 빠지지 않게 고정돼요.

9999F9335AD3B54701F6DA

이 방법은 아이들이 캔음료를 마실 때나

이동하면서 마실 때 편리하답니다!

99ABEE3D5AD3B55A01C6D4

5. 밀가루 잔뜩 묻은 손으로 휴대폰 만질 때

요리를 할 때, 특히 밀가루를 사용하면

손에 밀가루가 덕지덕지 묻는데요.

문제는 다른 물건을 만질 수 없다는 거예요.

특히 휴대폰이요.

996003355AD3B56F02F176

요리는 해야 하고, 전화벨은 울리고

이때 어떻게 해야 할까요?

방법은 간단해요.

휴대폰을 투명랩으로 감싸는 거예요!

990A873A5AD3B58333AB06

휴대폰을 투명랩으로 감싸주면

밀가루가 잔뜩 묻은 손으로 만져도 걱정이 없어요.

휴대폰도 더러워져도

요리가 끝나고 투명랩만 벗겨내면 되거든요^^

99D1A53C5AD3B592357437

알아두면 신박한 생활 속 꿀팁들 어떠셨어요?!

별거 아닐 수도 있지만

작은 꿀팁으로 편리함을 얻을 수 있답니다.

실제 생활 속에서 도움이 되시길 바랄게요^^

유선 무선 와이파이(wifi ) 랜카드(Lan) 네트워크 우선순위 설정 변경

2018/04/16

—-
유선 무선 와이파이(wifi ) 랜카드(Lan) 네트워크 우선순위 설정 변경
// 세상과 만나는 프로그램 이야기

제가 사용하는 컴퓨터는 대부분이 노트북 입니다. 그래서 항상 유선 무선 와이파이(wifi ) 랜카드(Lan) 네트워크가 같이 존재 합니다. 데스크탑 사용자들도 요즘은 무선 와이파이 구성을 많이 하기 때문에 무선 랜카드를 다는 경우가 많죠. 거의 대부분은 둘중 하나의 네트워크만 사용 할것입니다. 하나만 해도 잘 돼는데 굳이 유선, 무선, 와이파이(wifi ), 랜카드(Lan) 네트워크를 같이 연결 하여 사용할 필요는 없죠. 둘다 연결하고 사용해도 인터..

—-

Read in my feedly

나의 iPhone에서 보냄

The Journey to Continuous Delivery

2018/04/12

The Journey to Continuous Delivery

https://www.infoq.com/presentations/cd-business-agility

Security updates for Jenkins core

2018/04/12

—-
Security updates for Jenkins core
// Jenkins Blog

We just released security updates to Jenkins, versions 2.116 and 2.107.2, that fix two security vulnerabilities.

For an overview of what was fixed, see the security advisory.

Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.

—-

Read in my feedly

나의 iPhone에서 보냄

SpringOne 2017 Keynote 2

2018/04/11

SpringOne 2017 Keynote 2

https://www.infoq.com/presentations/springone-2017-keynote-2

https://blog.hasura.io/draft-vs-gitkube-vs-helm-vs-ksonnet-vs-metaparticle-vs-skaffold-f5aa9561f948

2018/04/10

https://blog.hasura.io/draft-vs-gitkube-vs-helm-vs-ksonnet-vs-metaparticle-vs-skaffold-f5aa9561f948

https://t.co/2LoMSdejwU?amp=1

글로벌 칼럼 | 마이크로서비스 아키텍처로 전환하면서 저 지르는 3가지 실수

2018/04/10

—-
글로벌 칼럼 | 마이크로서비스 아키텍처로 전환하면서 저지르는 3가지 실수
// ITWorld Korea

필자가 CTO로 있는 회사 서클CI(CircleCI)는 비난 없는 사후 분석, 즉 프로젝트에 대해 논의할 때 감정을 걷어내면 진정한 배움의 경험을 얻게 된다는 신념을 충실히 따르는 기업이다. 마이크로서비스 아키텍처로 마이그레이션한 이후 서클CI는 잘 한 것과 잘못한 것, 다음 번에는 다르게 해보고 싶은 부분에 대해 서로 비난하지 않는 사후 분석을 실시할 좋…
—-

Read in my feedly

나의 iPhone에서 보냄

10 bad habits DevOps admins must break – TechRepublic

2018/04/09

10 bad habits DevOps admins must break – TechRepublic

https://www.techrepublic.com/article/10-bad-habits-devops-admins-must-break/