Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Continuous Delivery to Kubernetes with Jenkins and Helm


Published on

Presentation given at Index San Francisco on 22 February 2018 covering deployment of Jenkins on Kubernetes with Helm and deployment from Jenkins to Kubernetes with Helm.

Published in: Technology

Continuous Delivery to Kubernetes with Jenkins and Helm

  1. 1. Discover. Collaborate. Deploy. Continuous Delivery to Kubernetes with Jenkins and Helm David Currie | @dcurrie
  2. 2. Why run Jenkins on Kubernetes? • Containerize components • Isolated Jenkins masters • Isolated agents and jobs • Enforce memory and CPU limits • Container orchestration • Highly available Jenkins master • Leverage pluggable persistent storage • Dynamically scale number of agents across nodes • Remove reliance on Jenkins plugins /* Discover. Collaborate. Deploy. */ 2
  3. 3. Prereqs • A Kubernetes cluster: • IBM Cloud Containers • IBM Cloud Private • Docker for Mac/Windows (Edge) • minikube • … • kubectl • Helm client > brew cask install minikube > minikube start > minikube addons enable ingress > minikube addons enable registry > brew install kubectl > brew install kubernetes-helm /* Discover. Collaborate. Deploy. */ 3
  4. 4. Getting started with Helm • ‘Package manager’ for Kubernetes • Packages called charts stored in one or more repositories • Charts contain templatized Kubernetes configuration • Setup client configuration and install server-side tiller > helm init • Check tiller is available > kubectl rollout status deployment -n kube-system tiller-deploy /* Discover. Collaborate. Deploy. */ 4
  5. 5. Deploying Jenkins with Helm • Find the Jenkins Helm chart • Search or > helm search jenkins • Install the chart > helm install --name cd stable/jenkins • Creates deployment, services, secret, config maps and persistent volume claim • Follow the instructions to retrieve the Jenkins admin password • Access the Jenkins UI > minikube service cd-jenkins /* Discover. Collaborate. Deploy. */ 5
  6. 6. Kubernetes plugin for Jenkins • Developed by Carlos Sanchez @ CloudBees • Spins up Jenkins slave as Kubernetes pod on demand • Pod template defines containers that should exist in pod • JNLP agent is always one of them • Enables re-use of existing Docker images e.g. maven, golang or docker • Template can define other configuration for the pod/containers • Environment variables • Mount from secret, config map or volume /* Discover. Collaborate. Deploy. */ 6
  7. 7. Kubernetes plugin and Jenkins pipelines • Pod templates can be defined in Jenkins configuration or declaratively as part of a Jenkins pipeline either in the job definition or in version control as a Jenkinsfile podTemplate(label: 'mypod', inheritFrom: 'default', containers: [ containerTemplate(name: 'maven', image: 'maven', ttyEnabled: true, command: 'cat') ]) { node('mypod') { stage ('Extract') { checkout scm } stage ('Build') { container ('maven') { mvn package } } } } /* Discover. Collaborate. Deploy. */ 7
  8. 8. Creating your own Helm charts >helm create test test/ Chart.yaml values.yaml charts/ templates/ NOTES.txt _helpers.tpl deployment.yaml ingress.yaml service.yaml /* Discover. Collaborate. Deploy. */ 8
  9. 9. Example variables and template usage • values.yaml image: repository: nginx tag: stable pullPolicy: IfNotPresent • deployment.yaml spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{.Values.image.pullPolicy }} /* Discover. Collaborate. Deploy. */ 9
  10. 10. Overriding chart values • Variables can be overridden at install time • As command line parameters: > helm install test --set image.tag=1.13 • And/or via a file: > helm install test --values overrides.yaml /* Discover. Collaborate. Deploy. */ 10
  11. 11. Installing charts in a pipeline • Charts can be kept in a separate repository or stored alongside the application source code • Create a Docker image containing the Helm client • Deploy tiller independently and use > helm init --client-only • Kubernetes configuration automatically available in pod • To perform an install or upgrade, use: > helm upgrade --install ... • Use overrides to define image to deploy • The --wait option can be used to wait for pods to start /* Discover. Collaborate. Deploy. */ 11
  12. 12. More advanced Helm • Ensure Helm chart is well formed: > helm lint --strict ... • Verify successful deployment > helm test ... • Executes and tests exit code for pods annotated with "": test-success or test-failure • Specify sub-charts in charts directory or requirements.yaml • E.g. to satisfy a database dependency • Hooks for lifecycle events e.g. pre/post install /* Discover. Collaborate. Deploy. */ 12
  13. 13. Jenkins Helm chart customization • Chart values allow customization of almost everything! • Master.InstallPlugins – list of Jenkins plugins to install • Master/Agent.image – Docker image for master/slave • Master.InitScripts – list of Jenkins init scripts • Master.Jobs – Jenkins XML job configs • Agent.Cpu/Memory – resource constraints for agent • Master.CustomConfigMap – allows a parent chart to override the entire Jenkins config via override_config_map template • … /* Discover. Collaborate. Deploy. */ 13
  14. 14. Things to watch out for • Poor Jenkins performance with network storage • Jenkins slave pods may get re-used if long-lived • Lack of access control for Helm • Enable SSL and deploy tiller per namespace with RBAC • Don’t use latest tag with images • If the config doesn’t change, Kubernetes won’t see it as an update • Use AlwaysPullImages admission controller • helm --wait only requires minimum pod count to be satisfied • For replicas=1 and maxUnavailable=1 that is zero! /* Discover. Collaborate. Deploy. */ 14
  15. 15. Microservice Builder and Microclimate • Microservice Builder provides a dev-ops pipeline based on the community Jenkins chart and adding: • Opinionated Jenkins library • Docker images pre-built with plugins and adding Power support • GitHub org and oauth plugins • Microclimate provides a containerized development environment capable of running locally or on Kubernetes • Generates starter templates for Java (Spring or MicroProfile), Node.js and Swift containing application source, Dockerfile, Helm chart, … • Rapid iterative build/run/test in a containerized environment • Option to use a web based or local IDE /* Discover. Collaborate. Deploy. */ 15
  16. 16. Other IBM Helm Charts /* Discover. Collaborate. Deploy. */ 16
  17. 17. Notices and disclaimers • © 2018 International Business Machines Corporation. No part of this document may be reproduced or transmitted in any form without written permission from IBM. • U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. • Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event, shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted per the terms and conditions of the agreements under which they are provided. • IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” • Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. • Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those • customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. • References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. • Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. • It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer follows any law. 17/* Discover. Collaborate. Deploy. */
  18. 18. Notices and disclaimers continued • Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products about this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a purpose. • The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. • IBM, the IBM logo, and [names of other referenced IBM products and services used in the presentation] are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: 18/* Discover. Collaborate. Deploy. */
  19. 19. Discover. Collaborate. Deploy. Continuous Delivery to Kubernetes with Jenkins and Helm David Currie | @dcurrie