Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source


Published on

Working within a heavily regulated environment brings a special set of challenges, including increased difficulty in application scaling. In this session you will learn how you can enhance your Kubernetes CI/CD pipelines with GitLab and other open source projects. We will demonstrate practices for deployments using newer GitLab features like the Web Application Firewall for Kubernetes Ingress, and managing serverless functions with Knative. The techniques covered in this session will give you new options to streamline your Kubernetes pipelines reliably and consistently.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source

  1. 1. 1#GitLabCommit Enhance Your Kubernetes CI/CD Pipelines with GitLab & Open Source
  2. 2. 2#GitLabCommit Nico Meisenzahl Senior Cloud & DevOps Consultant at white duck GitLab Hero & Docker Community Leader Loves Kubernetes, DevOps and Cloud @nmeisenzahl
  3. 3. 3#GitLabCommit How Gitlab and Open Source Can Help You Streamline Your Kubernetes CI/CD Pipelines ● move your pipeline workload into your cluster ● run container builds within your cluster ● secure your application ingress ● enhance your application deployments ● only care about your code Agenda
  4. 4. 4#GitLabCommit Gitlab Runner Kubernetes executor Move your pipeline workload into your cluster
  5. 5. 5#GitLabCommit ● allows you to ○ containerize your pipeline workload ○ share your compute and scale your pipelines ● runs inside your cluster ○ automatable Helm deployment ● runs a pod per job ○ prepare → creates pod with build and service containers ○ pre-build → clones repo, restore cache, download artifacts ○ build → user build steps ○ post-build → creates caches and upload artifacts Kubernetes executor
  6. 6. 6#GitLabCommit ● containerized pipeline configuration ● Kubernetes executor in action! ● Demo: Pipeline configuration
  7. 7. 7#GitLabCommit Kaniko Run container builds within your cluster
  8. 8. 8#GitLabCommit ● image builds without the need of any privileges or dependencies ● disadvantages of Docker-in-Docker ○ exposing Docker socket ○ mounting /var/lib/docker ○ privileged mode ● based on ● use caching to speed up your pipeline Image builds with Kaniko
  9. 9. 9#GitLabCommit ● image build pipeline configuration ● containerized job container image ● Kaniko in action! ● Demo: Image builds pipeline
  10. 10. 10#GitLabCommit GitLab Web Application Firewall Secure your application ingress
  11. 11. 11#GitLabCommit ● GitLab Web Application Firewall finds and tracks ○ SQL injection ○ cross-site scripting ● is based on Kubernetes Nginx Ingress with enabled modsecurity module ○ OWASP (Open Web Application Security Project) ModSecurity Core Ruleset ○ managed & customized by GitLab ○ defaults to detection-only mode Secure your application
  12. 12. 12#GitLabCommit ● GitLab Web Application Firewall in action! ● Demo: Secure your application ingress
  13. 13. 13#GitLabCommit Kustomize Enhance your application deployments
  14. 14. 14#GitLabCommit ● do we need the advantages of Helm in a CI/CD application deployment? ○ packaging and sharing? ○ rollbacks? ○ templates? ● “Kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is” ○ no template overhead ○ no additional CLI needed ○ reduces complexity ○ just YAML ● kustomize vs kubectl apply -k Kustomize
  15. 15. 15#GitLabCommit What Kustomize can do
  16. 16. 16#GitLabCommit Demo: How Kustomize works ● pipeline configuration with Kustomize ● Kustomize in action! ●
  17. 17. 17#GitLabCommit GitLab Serverless Only care about your code
  18. 18. 18#GitLabCommit ● only care about your code ● Function-as-a-Service (FaaS) powered by GitLab and open source ○ based on Knative, Kaniko and Istio ○ alpha feature ● supports Go, NodeJS & Ruby ○ C#, PHP, Python via OpenFaaS integration ○ any other language via containerized serverless application ● multi-cloud support ● auto-scaling with scale to zero Only care on your business logic
  19. 19. 19#GitLabCommit ● configuration details ● GitLab Serverless in action! ● Demo: Only care about your code
  20. 20. 20#GitLabCommit Questions? @nmeisenzahl Slides → Demos → related articles/blogs: ● ●