Working within a heavily regulated environment brings a special set of challenges, including increased difficulty in application scaling. In this session you will learn how you can enhance your Kubernetes CI/CD pipelines with GitLab and other open source projects. We will demonstrate practices for deployments using newer GitLab features like the Web Application Firewall for Kubernetes Ingress, and managing serverless functions with Knative. The techniques covered in this session will give you new options to streamline your Kubernetes pipelines reliably and consistently.

1. 1#GitLabCommit
Enhance Your Kubernetes CI/CD Pipelines with
GitLab & Open Source

2. 2#GitLabCommit
Nico Meisenzahl
Senior Cloud & DevOps Consultant at white duck
GitLab Hero & Docker Community Leader
Loves Kubernetes, DevOps and Cloud
@nmeisenzahl
https://meisenzahl.org
https://whiteduck.de
nico.meisenzahl@whiteduck.de

3. 3#GitLabCommit
How Gitlab and Open Source Can Help You Streamline Your Kubernetes CI/CD Pipelines
● move your pipeline workload into your cluster
● run container builds within your cluster
● secure your application ingress
● enhance your application deployments
● only care about your code
Agenda

4. 4#GitLabCommit
Gitlab Runner Kubernetes executor
Move your pipeline workload into your cluster

5. 5#GitLabCommit
● allows you to
○ containerize your pipeline workload
○ share your compute and scale your pipelines
● runs inside your cluster
○ automatable Helm deployment
● runs a pod per job
○ prepare → creates pod with build and service containers
○ pre-build → clones repo, restore cache, download artifacts
○ build → user build steps
○ post-build → creates caches and upload artifacts
Kubernetes executor

6. 6#GitLabCommit
● containerized pipeline configuration
● Kubernetes executor in action!
● https://gitlab.com/gitlab-commit-demo/containerized-appdeploy-sample
Demo: Pipeline configuration

7. 7#GitLabCommit
Kaniko
Run container builds within your cluster

8. 8#GitLabCommit
● image builds without the need of any privileges or dependencies
● disadvantages of Docker-in-Docker
○ exposing Docker socket
○ mounting /var/lib/docker
○ privileged mode
● based on http://gcr.io/kaniko-project/executor
● use caching to speed up your pipeline
Image builds with Kaniko

9. 9#GitLabCommit
● image build pipeline configuration
● containerized job container image
● Kaniko in action!
● https://gitlab.com/gitlab-commit-demo/containerized-jobimage-sample
Demo: Image builds pipeline

10. 10#GitLabCommit
GitLab Web Application Firewall
Secure your application ingress

11. 11#GitLabCommit
● GitLab Web Application Firewall finds and tracks
○ SQL injection
○ cross-site scripting
● is based on Kubernetes Nginx Ingress with enabled modsecurity module
○ OWASP (Open Web Application Security Project) ModSecurity Core Ruleset
○ managed & customized by GitLab
○ defaults to detection-only mode
Secure your application

12. 12#GitLabCommit
● GitLab Web Application Firewall in action!
● https://gitlab.com/gitlab-commit-demo/secure-ingress-sample
Demo: Secure your application ingress

13. 13#GitLabCommit
Kustomize
Enhance your application deployments

14. 14#GitLabCommit
● do we need the advantages of Helm in a CI/CD application deployment?
○ packaging and sharing?
○ rollbacks?
○ templates?
● “Kustomize lets you customize raw, template-free YAML files for multiple purposes,
leaving the original YAML untouched and usable as is”
○ no template overhead
○ no additional CLI needed
○ reduces complexity
○ just YAML
● kustomize vs kubectl apply -k
Kustomize

15. 15#GitLabCommit
What Kustomize can do

16. 16#GitLabCommit
Demo: How Kustomize works
● pipeline configuration with Kustomize
● Kustomize in action!
● https://gitlab.com/gitlab-commit-demo/enhanced-appdeploy-sample

17. 17#GitLabCommit
GitLab Serverless
Only care about your code

18. 18#GitLabCommit
● only care about your code
● Function-as-a-Service (FaaS) powered by GitLab and open source
○ based on Knative, Kaniko and Istio
○ alpha feature
● supports Go, NodeJS & Ruby
○ C#, PHP, Python via OpenFaaS integration
○ any other language via containerized serverless application
● multi-cloud support
● auto-scaling with scale to zero
Only care on your business logic

19. 19#GitLabCommit
● configuration details
● GitLab Serverless in action!
● https://gitlab.com/gitlab-commit-demo/serverless-sample
Demo: Only care about your code

20. 20#GitLabCommit
Questions?
@nmeisenzahl
https://meisenzahl.org
https://whiteduck.de
nico.meisenzahl@whiteduck.de
Slides → https://www.slideshare.net/nmeisenzahl
Demos → https://gitlab.com/gitlab-commit-demo
related articles/blogs:
● https://thenewstack.io/author/nico-meisenzahl/
● https://medium.com/@nicomeisenzahl