Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

Effiziente CI/CD-Pipelines – mit den richtigen
Tools klappt das
Continuous Delivery Day, November 2020

Nico Meisenzahl
• Senior Cloud & DevOps Consultant at white duck
• GitLab Hero, Microsoft MVP & Docker Community
Leader
• Container, Kubernetes, Cloud-Native & DevOps
© white duck GmbH 2020
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org

Agenda
• containerized pipeline – why?
• pipeline workload on Kubernetes with GitLab CI/CD
• container image builds on Kubernetes with Kaniko
• cloud-native pipelines with Tekton
• Docker Hub rate-limiting

Containerized Pipelines – Why?
• for the same reasons why you should use containers
• isolation
• dependencies
• scalability
• immutability
• example: your new project needs version X all others still require Y
• you can include any kind of build / deploy dependency
• NodeJS, .NET Core, Go, Terraform, Ansible… you name it

docker run
• running Docker on build hosts is a familiar pattern
• but: docker run pipeline jobs have some issues
• containers are immutable
• you will end up managing caching and artifacts on your own
• (and we're not even talking about building containers)

GitLab Runner Kubernetes executor
• a Gitlab Runner that is aware of Kubernetes
• integrates your CI/CD with Kubernetes
• runs itself within your Kubernetes Cluster (as pod)
• schedules pipeline jobs as pods
• allows you to share your compute and scale your pipelines
• easy deployment
• one-click
• production-ready Helm deployment
• GitLab Operator (OpenShift)

Cloning, Caching and Artifacts
• GitLab Runner Kubernetes executor runs service containers within
the pipeline job pod to handle cloning, caching and artifacts
• every pipeline job contains out of these stages
• prepare → creates pod with build and service containers
• pre-build → clones repo, restore cache, download artifacts
• build → user build steps
• post-build → creates caches and upload artifacts

Advanced topics
• supports advanced configurations like
• resource limits for build jobs
• CI services for build dependencies
• node selectors for runners
• …
• GitLab Kubernetes Agent
• supports GitOps pattern
• not yet available on SaaS
• premium only

Pipeline job image
• contains everything a single pipeline job needs
• binaries, libraries, tools, ...
• provides all external dependencies
• uses a pipeline to build/rebuild it periodically (security fixes!)
• you should define fix versions for your dependencies
• uses caching to speed up your builds

Pipeline job image

Demo
• containerized deploy pipeline
• https://gitlab.com/containerized-cicd/containerized-pipelines

Container Image builds on Kubernetes
• you may use Docker-in-Docker to build containers in containers
• DinD has some issues
• exposing Docker socket
• mounting /var/lib/docker
• privileged mode
• those might be acceptable on a build host but not in a Kubernetes
cluster

Image builds with Kaniko
• image builds without the need of any privileges or dependencies
• needs to run as root most of the time L
• runs in a container (gcr.io/kaniko-project/executor)
• easy to use
• you should think about caching to speed up your pipeline
• layer caching (layers get pushed to a registry)
• base image caching (GitLab cache)

Image builds on Kubernetes with Kaniko

Demo
• containerized image builds on Kubernetes with Kaniko
• https://gitlab.com/containerized-cicd/containerized-jobimage

Cloud-native pipelines with Tekton
• Tekton Pipelines emerged out of the Knative Build project
• founding Continuous Delivery Fundation project
• „CI/CD framework for Kubernetes”
• Jenkins X pipelines are based on Tekton
• contributions by Google, IBM, RedHat, Cloudbees, TriggerMesh, …

Tekton Pipelines are …
• … Cloud Native
• run on Kubernetes
• use containers as their building blocks
• managed with Controllers
• … decoupled
• a pipeline can be reused in multiple clusters
• tasks can be isolated and are reusable
• resources can be swapped between runs

Triggers, CLI & Dashboard
• Tekton Triggers can be used to call a pipeline
• push, issue, webhook, ….
• Tekton also provides a CLI and Dashboard

Demo
• cloud-native pipelines with Tekton Pipelines
• https://gitlab.com/containerized-cicd/tekton-sample

Docker rate-limiting (since Nov 2nd)
• Free plan
• anonymous users: 100 pulls per 6 hours
• authenticated users: 200 pulls per 6 hours
• Pro/Team plan – unlimited
• free opt-in for OSS projects (unlimited pulls)
• was introduced slowly
• starting with 6000 pull per 6 hours
• final limits are active since Nov 18

Solutions
• authenticate or opt-in for Pro/Team
• Docker config, imagePullSecrets, …
• configure a registry mirror
• run your own
• https://docs.docker.com/registry/recipes/mirror/
• use mirror.gcr.io
• https://cloud.google.com/container-registry/docs/pulling-cached-images

GitLab, Kaniko, Tekton
• GitLab CI Runner
• SaaS: is using mirror.gcr.io
• Self-hosted: configure a registry mirror
• Kaniko
• use --registry-mirror to define registry mirror
• Tekton
• configure imagePullSecrets
• configure a registry mirror

Questions?
Slides: https://www.slideshare.net/nmeisenzahl
Demos: https://gitlab.com/containerized-cicd
Nico Meisenzahl (Senior Cloud & DevOps Consultant)
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

More Related Content

What's hot

Similar to Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

More from Nico Meisenzahl

Recently uploaded

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das