Recommended
More Related Content
What's hot
What's hot (20)
Similar to Code Factory avec GitLab CI et Rancher
Similar to Code Factory avec GitLab CI et Rancher (20)
More from SUSE
More from SUSE (20)
Recently uploaded
Recently uploaded (20)
Code Factory avec GitLab CI et Rancher
- 1. Copyright © SUSE 2021 Code Factory 1 A V R I L 2 02 2 Benoît Loriot Brice Dekany Julien Niedergang Code Factory Run
- 2. Copyright © SUSE 2021 Agenda 1. SUSE / Rancher 2. Intégration Continue 3. Démo Synchronisation des montres: Rancher Rodéo n°8 Vendredi 13 Mai 9h30 à 12h00
- 3. Copyright © SUSE 2021 Portfolio SUSE Hybrid Cloud Infrastructure Dev Datacenter Branch Cloud Edge Support & Services Catalog Security Storage Governance The platform for managing all Kubernetes distributions Datacenter Edge Block Storage Linux SLE Desktop / POS SLE Server SLESfor SAP Applications SLESfor HPC SLE Micro SLE Extensions SUSE Manager SUSE Linux Enterprise Compliance Security Availability Management The only adaptable Linux operating system Other Linux Cloud-native HCI Security
- 4. Copyright © SUSE 2021 Copyright © SUSE 2021 Définition et Architecture Intégration Continue
- 5. Copyright © SUSE 2021 Objectif de l’intégration continue Suis-je en mode aléatoire? Aussitôt que le code est poussé… il est intégré pour validation Intégration Continue Scénario Hmm… Pas mal cette modif… Evaluation Code
- 6. Copyright © SUSE 2021 Glossaire de l’intégration continue Cycle de vie applicatif Installation des applications et de leur dépendance. Cycle de vie des applications et de leurs composants. Helm Kustomize Dépôt de code Outil central pour tous les développeurs Gestion collaborative du code des applications Github Gitlab Intégration Continue Orchestration Registre Stockage et mise à disposition des images de conteneurs Les images contiennent les exécutables pour les applications Harbor Docker registry Nexus Forge Assemblage de l’application et construction d’uneimage de conteneur Résultat stocké dans un registre Gitlab-CI Jenkins Tekton
- 7. Copyright © SUSE 2021 Code Factory and Applications Today's classical customer architecture Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Production Code Forge Container Image Compiler Continuous Integration Gitlab Security Scans Neuvector 2 4 Image Registry Container Image Storage 3 Deployment Kubernetes 1 Evaluate Code Rancher Desktop 5 ²
- 8. Copyright © SUSE 2021 8 SUSE Rancher SLA Coverage & Ready Partners App Management & CI/CD Monitoring & Logging Registry & Image Scanning Container Security & Secrets Networking & Service Mesh Platforms & Orchestration Persistent Storage Container Engine Operating Systems Infrastructure SUSE Rancher SLA SUSE Rancher Ready Partners Authentication & Authorization GK E AK S * * * * * Requires separate subscription
- 9. Copyright © SUSE 2021 Copyright © SUSE 2021 Choix d'architecture Architecture
- 10. Copyright © SUSE 2021 Architecture – Code Factory Services Repos - Packages packages for OS Registry Harbor NTP Repos - Code Gitlab Load Balancer 2 VIPs Shared Storage Type/version du stockage DNS 1 x FQDN Mgmt 1 x FQDN (wildcard?)vers workers Accès Liste des ouvertures réseau nécessaire Proxy Container Network Infrastructure Calico, Canal… Hyperviseur (VMs) LAN Network Rancher Server (Management) 4 vCPU 8GB RAM 1 x 50GB vDisk 1 x vNic Rancher Mgmt (VM) 3 x Code repository Continuous Integration 2 vCPU 4GB RAM 1 x 100GB vDisk 1 x vNic Gitlab (VM) 1 x Forge (Image build) 2 vCPU 4GB RAM 1 x 100GB vDisk 1 x vNic GitlabRunner (VM) 1 x Downstream Cluster (Applications) 8 x vCPUs 16GB RAM 1 x 100GB vDisk 1 x vNic 1 x vNic Storage K8S Worker (VM) 3 x 4 x vCPUs 8GB RAM 1 x 50GB vDisk 1 x vNic K8S Master (VM) 3 x (Container) (Container) Application 1 (Container) Application 2 (Container)
- 11. Copyright © SUSE 2021 Copyright © SUSE 2021 Démo Code Assembly Pipeline
- 12. Copyright © SUSE 2021 Commit Code Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Application source code: - Application: > Web server with Ruby Sinatra > Ruby based application - The Base Container Image to be used needs Ruby binaries - Git repository in a Git Lab server > Git Lab CE 14.3.1 > Living Code with multiple branches > Bugs and revisions are stored here > Gitlab defines the pipeline
- 13. Copyright © SUSE 2021 Build Image 1/3 Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Creating a file to describe our container image: - File "Dockerfile" - Ruby based image is being used for the app to run successfully - Create a folder "app" to host the application - Copying the "Gemfile" from the repo in the image > Gemfile contains the needed Ruby dependencies for the app - Install app & dependencies using the "bundle install" command - Copy the full repository content in the "app" folder - Define the executable command when the container is started > Using "bundle exec" to execute the application > Rackup is used to start a web server on port 80 listening on any interface
- 14. Copyright © SUSE 2021 Build Image 2/3 Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Define the ".gitlab-ci.yml" > Describes the pipeline's stages > Orchestrates the code assembly > Steps are triggered on commit > Uses variables defined in the project (described later on) Defining the private registry to use with an internal certificate "Podman" is used to build the container image > podman logs in the private registry > The container image is built > The resulting image is pushed in the private registry
- 15. Copyright © SUSE 2021 Build Image 3/3 Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Define the variables needed for your pipeline > In your gitlab project > "Settings" tab, "CI/CD" menu > Declare the needed variables
- 16. Copyright © SUSE 2021 Push to Registry Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Harbor 2.1.1 > Installed on a K8S cluster deployed with Rancher > SUSE Helm Chart was used > Chart repo: https://kubernetes-charts.suse.com Parameters: Project and namespace are declared (public access) > Project: se-apps > Namespace: hero-demo (created during the first "push") > Utilisateur: ci01 + define password > Adding ci01 to "se-apps" project: role "user"
- 17. Copyright © SUSE 2021 Scan Image Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... NeuVector is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.
- 18. Copyright © SUSE 2021 Deploy Application 1/3 Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... A user needs to be created within Rancher for cluster control > "pipeline-dev1" is created as a standard global user > "pipeline-dev1" is added as a member to the K8S cluster(s) to be used in the pipeline
- 19. Copyright © SUSE 2021 Deploy Application 2/3 Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Defining our K8S Cluster to be used by Gitlab > In the defined Gitproject, under the "Infrastructure" tab, select "Kubernetes clusters" > At least one target K8S cluster needs to be defined > Add your cluster using "Connect cluster with certificate" > Use the tab "Connect existing cluster" Get your cluster "API URL" and "Service Token" > In the Rancher UI, select your desired cluster to be used > On the upper right, click on the button "Download KubeConfig" For the selected cluster, note: > "server" field > "token" field The cluster can now be added.
- 20. Copyright © SUSE 2021 Deploy Application 3/3 Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... Select a container embedding K8S client tools > Kubectl binary is needed for our operations Check Helm Chart syntax > The folder "chart" is read for syntax errors Using helm to deploy the application in the folder "chart" > Define the image to be used (from the private registry) > Set a unique image tag based on the deployment > Define the ingress rules > Define the namespace to be used
- 21. Copyright © SUSE 2021 Test, qualify, produce… Commit code Build image Push to registry Scan image Deploy application Test and Qualify Produce 1 2 3 4 5 … rolling ... The application is ready to be tested > The pipeline will be automatically initiated when a code commit happens > Under yourproject, the CI/CD tab, select "Pipelines" > You can review each launched pipeline > When a pipeline is successful you can connect to the application using the defined ingress address for review
- 22. Copyright © SUSE 2021 © 2020 SUSE LLC. All Rights Reserved. SUSE and the SUSE logo are registered trademarks of SUSE LLC in the United States and other countries. All third-party trademarks are the property of their respective owners. For more information, contact SUSE at: +1 800 796 3700 (U.S./Canada) +49 (0)911-740 53-0 (Worldwide) Maxfeldstrasse 5 90409 Nuremberg www.suse.com Thank you