Download as PDF, PPTX
Uploaded byNico Meisenzahl
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & Open Source
The document discusses enhancing Kubernetes CI/CD pipelines using GitLab and open-source solutions, covering aspects like containerized pipeline workloads, image builds with Kaniko, securing application ingress with a web application firewall, and function-as-a-service via GitLab. It provides demos for various implementations and emphasizes observability through monitoring and logging tools such as Prometheus and ELK. Practical configurations and demos are linked for further exploration.
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & Open Source
- 1. Enhance Your KubernetesCI/CD Pipelines with GitLab & Open Source GitLab Remote Meetup, April 2020
- 2. Nico Meisenzahl • SeniorCloud & DevOps Consultant at white duck • GitLab Hero, Microsoft MVP & Docker Community Leader • loves Kubernetes, DevOps and Cloud © white duck GmbH 2020 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
- 3. Agenda • move yourpipeline workload into your cluster • run container builds within your cluster • secure your application ingress • only care about your code • easy day-2 application operations © white duck GmbH 2020
- 4. GITLAB RUNNER KUBERNETES EXECUTOR Moveyour pipeline workload into your cluster © white duck GmbH 2020
- 5. Kubernetes executor • allowsyou to • containerize your pipeline workload • share your compute and scale your pipelines • needs to be deployed in your Kubernetes Cluster • automatable Helm deployment • runs a pod per job • prepare → creates pod with build and service containers • pre-build → clones repo, restore cache, download artifacts • build → user build steps • post-build → creates caches and upload artifacts © white duck GmbH 2020
- 6. Demo: Pipeline configuration •containerized pipeline configuration • Kubernetes executor in action! • https://gitlab.com/gitlab-commit-demo/containerized-appdeploy-sample © white duck GmbH 2020
- 7. KANIKO Run container buildswithin your cluster © white duck GmbH 2020
- 8. Image builds onKubernetes with Kaniko • image builds without the need of any privileges or dependencies • disadvantages of Docker-in-Docker • exposing Docker socket • mounting /var/lib/docker • privileged mode • runs as container • http://gcr.io/kaniko-project/executor • use build caching to speed up your pipeline • layer caching (layers get pushed to a registry) • base image caching (local mount point) © white duck GmbH 2020
- 9. Demo: Image buildpipeline • image build pipeline configuration • containerized job container image • Kaniko in action! • https://gitlab.com/gitlab-commit-demo/containerized-jobimage-sample © white duck GmbH 2020
- 10. GITLAB WEB APPLICATIONFIREWALL Secure your application ingress © white duck GmbH 2020
- 11. Secure your applications •GitLab Web Application Firewall finds and tracks • SQL/code injection • cross-site scripting • local/remote file inclusion • … • threat monitoring dashboard within your project • is based on Kubernetes Nginx Ingress and modsecurity module • OWASP (Open Web Application Security Project) Core Rule Set • blocking or detection-only mode © white duck GmbH 2020
- 12. Demo: Secure yourapplication ingress • GitLab Web Application Firewall in action! • https://gitlab.com/gitlab-commit-demo/secure-ingress-sample © white duck GmbH 2020
- 13. GITLAB SERVERLESS Only careabout your code © white duck GmbH 2020
- 14. Only care aboutyour business logic • only care about your code • Function-as-a-Service (FaaS) powered by GitLab and open source • based on Knative, Kaniko and Istio • supports Go, NodeJS & Ruby • C#, PHP, Python via OpenFaaS integration • any other language via containerized serverless application • multi-cloud support • auto-scaling with scale to zero © white duck GmbH 2020
- 15. Demo: Only careabout your code • configuration details • GitLab Serverless in action! • https://gitlab.com/gitlab-commit-demo/serverless-sample © white duck GmbH 2020
- 16. MONITORING & LOGGING& TRACING Easy Day-2 Application Operations © white duck GmbH 2020
- 17. Day-2 Operations • observabilityis key! • access all needed metrics and logs within your project • application metrics collected by Prometheus • application logs collected by ELK • distributed tracing with Jaeger • error tracking with Sentry • Prometheus and ELK are fully managed within GitLab © white duck GmbH 2020
- 18. Demo: Monitoring &Tracing • Environment Deployment overview • Elasticsearch integration • Prometheus integration • https://gitlab.com/gitlab-commit-demo/ops-sample © white duck GmbH 2020
- 19. Questions? Slides: https://www.slideshare.net/nmeisenzahl Demos: https://gitlab.com/gitlab-commit-demo NicoMeisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2020