December 18, 2020 By Henrik Loeser 4 min read

Deploy the tutorial app using Schematics, Terraform, and a Tekton-based pipeline.

If you read the blog “IBM Cloud Solution Tutorials: 2020 in Review,” you will have noticed that the IBM Cloud Solution Tutorials can now also be found in a new tutorials library in the IBM Cloud documentation portal. One of these tutorials from the Security category is discussing how to apply end to end security to a cloud application. In June, I blogged how it had been extended by a discussion on how to share development resources.

The discussed app and its resources can be deployed by following the steps in the tutorial itself or by utilizing an automated toolchain with scripting. I’m happy to share with you that we switched from a classic toolchain that rolls out both the required resources, builds the app, and deploys it to a more granular approach. It is based on utilizing IBM Cloud Schematics for managing resource deployment based on Terraform and a Tekton-based pipeline in the Continuous Delivery service to build and deploy the app.

In the following, I am going to discuss some of the details:

Solution diagram: An app with end-to-end security to share files.

IBM Cloud Schematics and Terraform

Terraform is an open source solution for Infrastructure as Code. The desired state is described in one or more files written in a configuration language. As user or administrator, you would typically plan, apply, or destroy the configuration. That is, by generating a plan, seeing the expected changes to your resources, then applying those changes or destroying (i.e., deleting the resources again). It works well with a local machine, with a single cloud provider, or in a hybrid/multicloud environment.

IBM Cloud Schematics features Terraform-as-a-Service. It manages workspaces that hold a Terraform configuration and execution environment. Similar to running Terraform on your own, you can plan, apply, or destroy a Terraform-based deployment of resources. You can interact with Schematics in the IBM Cloud UI in its dashboard, use the command line, or work with its REST API.

To set up the required resources for the solution tutorial, you would click the “deploy link” found in the source code repository on GitHub. Next, you would set the (Terraform) variables when not going with the defaults (see screenshot below). Then, everything is ready for Apply plan. Once the resources are deployed, the you can set up the toolchain and deploy the app:

Configure the Terraform-based resource deployment in your Schematics workspace.

Tekton pipelines

The Continuous Delivery service on IBM Cloud (CD service) allows for the automation of building and deploying applications. It offers open toolchains to set up CI/CD (Continuous Integration/Continuous Delivery) pipelines, thereby supporting a DevOps or DevSecOps approach for app development and operation. The CD service supports its own (“classic”) or Tekton delivery pipelines. Tekton pipelines provide a deep integration into the Kubernetes ecosystem and either run on shared Kubernetes workers provided by the CD service or your own (private) workers for more security.

To deploy the app, create a toolchain by clicking the Create toolchain link in the source code repository on GitHub. Then, you configure the GitHub integration and few environment settings. All other properties are read from Schematics workspace, which manages most metadata. Once the toolchain is created, you may notice that toolchain has two code integrations with GitHub (and a single Delivery Pipeline):

  • One is for the tutorial source code and provides the app code.
  • The second is to the Tekton Catalog, which offers readily available pipeline tasks for reuse. We integrate two such tasks.

Toolchain with two GitHub integrations and one delivery pipeline.

Our pipeline to build and deploy the app reuses the icr-containerize task to build the app and the icr-va-check-scan task to scan the new image for vulnerabilities and check the result. Both tasks make use of the IBM Cloud Container Registry to manage the Docker image. As you can see in the screenshot below, the container with the updated app will only be deployed if the scans do not find any security issues.

Once the last pipeline task has completed, you can click the link for the log output to access the deployed app.

Tekton pipeline: The image is built, the security check succeeded, deployment is ongoing.

Conclusions

Separating the task of resource (infrastructure) rollout from app deployment allows you to utilize different tools for each task (IBM Cloud Schematics with Terraform-as-a-Service, Continuous Delivery with Tekton pipeline). The pipeline tasks to build the Docker image, and you can scan it for vulnerabilities from an open source library (Tekton Catalog). Switching from the previous classic toolchain to the new setup required some work, but now everything is based on open source technologies, configuration-based, and easy to extend.

If you want to try it, head over to the GitHub repository with the source code and read the tutorial on how to apply end-to-end security to a cloud application for background information.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Was this article helpful?
YesNo

More from Cloud

Serverless vs. microservices: Which architecture is best for your business?

7 min read - When enterprises need to build an application, one of the most important decisions their leaders must make is what kind of software development to use. While there are many software architectures to choose from, serverless and microservices architectures are increasingly popular due to their scalability, flexibility and performance. Also, with spending on cloud services expected to double in the next four years, both serverless and microservices instances should grow rapidly since they are widely used in cloud computing environments. While…

Serverless use cases: How enterprises are using the technology to let developers innovate

6 min read - Serverless, or serverless computing, is an approach to software development that empowers developers to build and run application code without having to worry about maintenance tasks like installing software updates, security, monitoring and more. With the rise of cloud computing, serverless has become a popular tool for organizations looking to give developers more time to write and deploy code. Despite its name, a serverless framework doesn’t mean computing without servers. In a serverless architecture, a cloud service provider (CSP) handles…

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a fictional US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters