Overview

Skill Level: Beginner

Learn how to "Develop a Kubernetes app with Helm" to a Kubernetes cluster using a Helm Chart with automated Continuous Integration & Continuous Delivery across DevOps lifecycle.

Ingredients

Have good understanding on IBM Cloud, docker and Kubernetes concepts. Followed the steps given in https://developer.ibm.com/recipes/tutorials/deploying-ibm-containers-in-kebernetes-on-ibm-bluemix/#r_overview.

Step-by-step

  1. Table of contents

     
    1)   DevOps Problem Statement
                            I.        Problem statement
                           II.        Solution in brief
     
    2)   Develop a Kubernetes app with Helm using template with Open toolchain
                            I.        What is an Open toolchain?
                           II.        Prerequisite & limitations
                         III.         Understanding the using of template option of IBM Cloud DevOps Service
                                       a)    GitHub Integration
                                       b)   Eclipse Orion Web based IDE
                                       c)    Continuous Delivery Pipeline Service
                         IV.        How it works: Understanding Architectural Diagram and communication Process
     
    3)   Method to build automation stages with implementations of Build, test & Deploy scripts
     
                            I.        Build Scripts
                                      a)    Pre-build check
                                      b)   Build Docker image
                                      c)    Environment properties

                           II.        Test Scripts
                                     a)    Vulnerability Advisor
                                     b)   Environment properties

                         III.        Deploy Scripts
                                    a)    Pre-deploy check
                                    b)   Deploy Helm chart
                                    c)    Environment properties
     
    4)   Run results at Pipeline with different stages
     
                            I.        Build Scripts results
                           II.        Test Scripts results
                         III.        Deploy Scripts results
     
    5)    How to run application in Kubernetes environment
     
                            I.        Get Public IP and Port of Kubernetes cluster
                           II.        Invoke the Browser
     
    6)   Resources

  2. DevOps Problem Statement

    In the context of Seamless and Automated Continuous Integration & Continuous Delivery across DevOps lifecycle and in order to have automation from code commit to production, squads need to deliver several levels of updates with proper testing, security checks enforcement and many more.  

          I.        Problem statement
     
    To take the pain out of these updates with in-place upgrades and custom hooks & to ensure the quality of what is being delivered and application is production ready ,IBM¬ģ Cloud DevOps promote key DevOps practices for Agile teams to accelerate software delivery in the cloud through development and deployment of an application securely into a Kubernetes cluster managed by the IBM Cloud Kubernetes Service.
     
        II.        Solution in brief
     
    The problem was solved using template available at IBM¬ģ Cloud Continuous Delivery service via toolchain which helps us to Develop a Kubernetes app with Helm where application uses Docker and Kubernetes Helm in a DevOps toolchain preconfigured for continuous delivery to a Kubernetes cluster.

  3. Develop a Kubernetes app with Helm using template with Open toolchain

    Using template toolchain option, you can dockized your application and its Helm chart together in your source code repository/structure and have it built and deployed automatically to a Kubernetes cluster. The toolchain performs sanity checks prior to building or deploying and ensures privacy by using a private container registry and namespaces for the container registry and the Kubernetes cluster. This toolchain is also leveraging Vulnerability Advisor, to ensure only secure images get deployed.
     
           I.        What is an Open toolchain?
     
    A toolchain is collection of integrated tools for development, deployment, monitoring (operational tasks), and more. The collective power of a toolchain is greater than the sum of its individual tool integrations so after you create a toolchain, you can add more tool integrations to it as needed.
     
         II.        Prerequisite & limitations
     
    Prerequisite
     
    This is mandatory to have Kubernetes cluster environment ready and it should be up and running healthy. The major portion of this tutorial can be accomplished with a Free cluster.
    It is recommended for end user to create a Kubernetes cluster from the link IBM¬ģ Cloud catalog before proceeding with other steps given below.
     
    Limitations
     
    Open toolchains are available in the IBM Public and Dedicated environments.
     
        III.        Understanding the using of template option of IBM Cloud DevOps Service
     
    There are two options to create a toolchain. 1) use a template to create a toolchain 2) create a toolchain from an app. Here we are exploring how to create a toolchain from a template using IBM Public cloud. For both Cloud deployment environments (i.e. Public and Dedicated) you have to get an access to login into the environment. Following is the steps which describes how you can create toolchain using template option.
     
    ·     If you use IBM Cloud Public, log in to IBM Cloud
    ·     From the menu on the IBM Cloud menu bar, click DevOps.
    ·     On the DevOps dashboard, on the Toolchains page, click Create a Toolchain.
    ·     On the Create a Toolchain page, click a toolchain template.
    ·     Use “Develop a Kubernetes app with Helm “

    Template_1-1Review the below tool integration diagram of the toolchain that you are about to create. Also note A few of the tool integrations do not require configuration like in this case Eclipse IDE is considered.

    Tools_Integration_2  
    a)    GitHub Integration
     
    Manage your source code and track work with Git repositories and issue tracking hosted by IBM and built on GitLab Community Edition. Instead of using default GitRepo from gitlab community edition you can also use IBM enterprise edition of GitHub like ‚ÄúGitHub Enterprise Whitewater‚ÄĚ which can be easily added as tool from toolchain.
     
    b)   Eclipse Orion Web based IDE
     
    You can choose to use the integrated web-based environment built on Eclipse Orion. Create, edit, run, debug, and complete source control tasks, and seamlessly move from editing your code to deploying it to production. It also enables ‚ÄúTrack and Plan‚ÄĚ where you can see your commit changes and push it to master repository with comments .Here is the typical source code structure of dockerized application which is being deployed on Kubernetes cluster environment at IBM Cloud through Helm chart.

    Git_reps_structure_3

    c)   Continuous Delivery Pipeline Service
     
    With IBM¬ģ Cloud Continuous Delivery service you can Automate builds, unit tests, deployments, and more. Build, test, and deploy in a repeatable way with minimal human intervention so that you are always Be ready to release into production at any time.
     
    As it is already stated at prerequisite section that Kubernetes cluster environment should be created and it should be healthy running. In this below diagram it is clear that toolchain is always associated with a specific resource group or organization (org). For more details about this access issue, see Managing access to toolchains in resource groups.Once API Key is created then based on container registry region all other options should be filled properly before clicking on ‚Äúcreate‚ÄĚ button.

    Delivery-services_creation_4

    After clicking on “Create” button after a few moments, your new toolchain’s Overview page opens.

    Toolchain_look-and-feel_5Note:It is always important to check double before filling the information about the region to create the toolchain in. If you want to use a different region, select it from the list of available regions.

           IV.         How it works: Understanding Architectural Diagram and Process communication

    IBM¬ģ Cloud DevOps Service install, integrate, and manage a set of tools for you.¬† Options is available for multi-tenant or single tenant, hosted deployment.¬† Tools vary depending on deployment model.

    Architecture_communication_6

    Figure 1*: Architecture Diagram

    Process communication:The communication between these processes is shown in the diagram (Figure 2) below.

    Communication_7

    Figure 2: Process communication

    * reference link:  https://console.bluemix.net/docs/tutorials/continuous-deployment-to-kubernetes.html#continuous-deployment-to-kubernetes

  4. Method to build automation stages with implementations of Build, test & Deploy scripts

    Implementing the steps above at 2.III.c , you will get the automated Pipeline with Build, Test and Deploy stages with having all built-in scripts. These scripts have its own functionality to achieve with each stage which is broadly covered at Figure 2(See at step 2.IV). Below Figure 3 gives you a glimpse of look and feel of automated stages using template option of open toolchain.

    staging_8

    Figure 3: Automated Delivery Pipeline
     
    Fundamental concept of delivery pipeline says that Input from the stage is passed to its jobs, and each job runs in a clean Linux container. The jobs in a stage can’t pass artifacts to each other
     
          I.        Build scripts

    To accelerate your automated deployment, you need to run application locally and push it to a Git repository or you may use to change the code and commit this change to ‚ÄúMaster‚ÄĚ repository using Eclipse orion web IDE. Build stage Input job look like this if you are using Gitlab community version of repo. The build scripts also record a few environment variables into a build.properties file.

    Build_1_input_9 a)   Pre-Build check

    As a Build job in an IBM Cloud DevOps Services pipeline the selection of Build configuration and Builder type is very important.  The Pre-build check job checks for mandatory files (the Dockerfile and Helm chart), lints the files, and creates the image registry namespace.  Region, cluster, and container registry namespace lists are populated only if the API Key is valid. Following is the snippet of scripts used at this stage.

    Pre_buildchk_10

    b) Build Docker image
     
    All Region, cluster, and container registry & namespace should be as same as used at before stage.This stage job creates the Docker image by using the IBM Cloud Container Registry build service through the bx cr build CLI script. The script stores the output image into the private IBM Cloud Container Registry and copies the Helm chart and other app scripts with the build results into the ARCHIVE_DIR folder. Following is the snippet of scripts used at this stage.

    Build_docker-image_11

    c)   Environment properties

    ENV_BUILD_12II.        Test Scripts
     
    a)   Vulnerability Advisor
     
    The test scripts can run as unit tests against your image which is as part of your continuous delivery process. This toolchain prevents you from deploying unsafe Docker images using IBM Cloud Vulnerability Advisor. This is performed by the pipeline job Vulnerability Advisor which runs the container registry command bx cr va ${PIPELINE_IMAGE_URL}. You need to select ‚Äútest‚ÄĚ job and Test configuration should have tester type as ‚ÄúVulnerability Advisor‚ÄĚ with other By-default setings for other parameters.

     

    Validate_test_13

    b)   Environment properties

    Validate_test_env_1Following is the snippet of scripts used at this stage.

    Validate_test_script

    III. Deploy Scripts
     
    A properly configured deploy job deploys your app to your target whenever the job is run. To manually run a deploy job, click the Run Stage icon of the stage that the job is in. In this toolchain template scenario it Uses an explicit namespace in the cluster to insulate each deployment.
     
    a)   Pre-deploy check
     
    The “Pre-deploy check” job checks for cluster readiness and namespace existence, configures the cluster namespace, grants access to the private image registry, configures tiller, and checks the Helm releases in the namespace. Following is the snippet of scripts used at this stage.

    Deploy_script1Deploy_script1  

    b)   Deploy Helm chart
     
    The “Deploy Helm chart” job sets environment variables and deploys the Helm chart into the Kubernetes cluster. Following is the snippet of scripts used at this stage.

    Helm_deploy_1

    Helm_deploy_2

    c)   Environment properties

    Prod_envNote:For above job stages deployer type should be selected ‚Äúkubernetes‚ÄĚ and cluster name should have cluster name which is available at IBM Cloud and running healthy always.

  5. Run results at Pipeline with different stages

    Every time stages runs at pipeline, it will log the history of Job’s run. In this section we will be talking about the results of each stages.

    I.        Build Scripts results
     
    On the BUILD stage, click View logs and history. Notice that the stage is building the container and copying the Kubernetes deploy manifest file into build artifacts. The following results has association with ‚Äúpre-build checkUp‚ÄĚ build stage.

    Build_results_1-1

    The following results has association with ‚ÄúBuild Docker image‚ÄĚ stage.

    Build_results_2-1

    II.        Test Scripts results
     
    On the Test(i.e Validate) stage, click View logs and history. At this stage scanning is done for the security concern of docker images which is pushed to IBM Kubernetes cluster environment. The following results has association with ‚Äúvalidate‚ÄĚ stage.

    Test_result-1

    III. Deploy Scripts results

    On the PROD stage, click View logs and history. Here we will be analyzing the results of Pre-deploy check and Deploy Helm chart job results. The following results has come from ‚ÄúPre-deploy check‚ÄĚ job at this stage.

    Deploy_results

    The following results has come from ‚ÄúDeploy Helm chart‚ÄĚ job at this stage.You should see ==> v1/Service. Remember the Nodeport which is a 5-digit port number(e.g., 31532) under PORT(S). ¬†For the public IP of worker node, run the below command.

    bx cs workers <PIPELINE_CLUSTER NAME>

    Deploy_results_1-1

  6. How to run application in Kubernetes environment

    This job deploys the app into the Kubernetes cluster. At the end of the log file, find the link to http://Public_IP:PORT.
     
    I.   Get Public IP and Port of Kubernetes cluster
     
    Please refer above log results from ‚ÄúDeploy Helm chart‚ÄĚ job. Please note down the Public IP and Port from above snapshot which is marked in ‚ÄúBracket‚ÄĚ.¬†

    II.  Invoke the results from Browser

    rESULTS_K8S_Broswe-1

  7. Resources

    Learn
     
        Learn more about IBM Cloud and Continous Delivery.
    ¬†¬†¬† Read the IBM Cloud DevOps ‚ÄúBuild and Deploy‚ÄĚ concept.
        For product documentation, visit theTutorial
     
    Visit
     
    1)   https://www.ibm.com/blogs/bluemix/2018/06/deploy-scalable-web-application-kubernetes-using-helm/
     
    2)   https://cloud.ibm.com/docs/tutorials?topic=solution-tutorials-continuous-deployment-to-kubernetes#continuous-deployment-to-kubernetes?cm_sp=Cloud-CloudDevSvc-_-OnPageNavLink6-IBMCloudPlatform_IBMContainers-_-PDP
     
    Discuss
     
    Get involved in the stack-overflow flow Community. Connect with other  users while you explore developer-driven blogs, forums, groups, and wikis like developer recipes tutorial.

4 comments on"Leveraging IBM¬ģ Cloud Continuous Delivery Practice in deploying apps to a Kubernetes cluster"

  1. Useful article Abhishek. Well written.

  2. DTJ1_Reji_Aravindakshan March 04, 2019

    Thank you Abhishek for the tutorial . I found it very useful . By the way, did you try “build your own tool chain ” template to build a customized pipeline ?

    • Thank you reji for your appreciation. Bring Your Own Tool Chain(BYOtC) leverage open APIs from Cloud Foundary, Docker, and Softlayer (VMs) to customise your process using typical tools like: GIT, Artifactory, Jenkins, ‚Ķ

Join The Discussion