Working within a heavily regulated environment brings a special set of challenges, including increased difficulty in application scaling. In this session you will learn how you can enhance your Kubernetes CI/CD pipelines with GitLab and other open source projects. We will demonstrate practices for deployments using newer GitLab features like the Web Application Firewall for Kubernetes Ingress, and managing serverless functions with Knative. The techniques covered in this session will give you new options to streamline your Kubernetes pipelines reliably and consistently.
2. 2#GitLabCommit
Nico Meisenzahl
Senior Cloud & DevOps Consultant at white duck
GitLab Hero & Docker Community Leader
Loves Kubernetes, DevOps and Cloud
@nmeisenzahl
https://meisenzahl.org
https://whiteduck.de
nico.meisenzahl@whiteduck.de
3. 3#GitLabCommit
How Gitlab and Open Source Can Help You Streamline Your Kubernetes CI/CD Pipelines
● move your pipeline workload into your cluster
● run container builds within your cluster
● secure your application ingress
● enhance your application deployments
● only care about your code
Agenda
5. 5#GitLabCommit
● allows you to
○ containerize your pipeline workload
○ share your compute and scale your pipelines
● runs inside your cluster
○ automatable Helm deployment
● runs a pod per job
○ prepare → creates pod with build and service containers
○ pre-build → clones repo, restore cache, download artifacts
○ build → user build steps
○ post-build → creates caches and upload artifacts
Kubernetes executor
8. 8#GitLabCommit
● image builds without the need of any privileges or dependencies
● disadvantages of Docker-in-Docker
○ exposing Docker socket
○ mounting /var/lib/docker
○ privileged mode
● based on http://gcr.io/kaniko-project/executor
● use caching to speed up your pipeline
Image builds with Kaniko
14. 14#GitLabCommit
● do we need the advantages of Helm in a CI/CD application deployment?
○ packaging and sharing?
○ rollbacks?
○ templates?
● “Kustomize lets you customize raw, template-free YAML files for multiple purposes,
leaving the original YAML untouched and usable as is”
○ no template overhead
○ no additional CLI needed
○ reduces complexity
○ just YAML
● kustomize vs kubectl apply -k
Kustomize
16. 16#GitLabCommit
Demo: How Kustomize works
● pipeline configuration with Kustomize
● Kustomize in action!
● https://gitlab.com/gitlab-commit-demo/enhanced-appdeploy-sample
18. 18#GitLabCommit
● only care about your code
● Function-as-a-Service (FaaS) powered by GitLab and open source
○ based on Knative, Kaniko and Istio
○ alpha feature
● supports Go, NodeJS & Ruby
○ C#, PHP, Python via OpenFaaS integration
○ any other language via containerized serverless application
● multi-cloud support
● auto-scaling with scale to zero
Only care on your business logic