DevOps

Continuously deliver your app to Kubernetes with Bluemix

Share this post:

Bluemix Continuous Delivery toolchains now offer native support for deploying apps to a Kubernetes cluster available on IBM Bluemix Container Service. This example only requires a free “lite” cluster from IBM Bluemix Container Service.

You should always be practicing DevOps when building apps for the Cloud. You want an automated process managing your production application updates, with proper testing, security checks enforcement and many more. Bluemix has it all already and natively for you. Click the button below to create a Bluemix toolchain demonstrating how to start with DevOps practices for Kubernetes:

This toolchain demonstrates version control with a Git repo hosted in Bluemix, online editing with Eclipse Orion Web IDE (optional, you can always develop directly against your Git repo), automatic build of a container image, and security scanning using Vulnerability Advisor before deploying into a Kubernetes cluster that you’ll have previously created.

After you create the toolchain, subsequent changes to your app source code will be automatically built, scanned and deployed to your Kubernetes cluster using the pre-configured Delivery Pipeline. This pipeline can be further customized, in particular it could manage environment promotions or deploy to Kubernetes clusters in other Bluemix regions, or even outside Bluemix.

Check out the predefined pipeline build script to understand how the generic Docker image name gets substituted automatically with the actual container image built and published into the private IBM container registry.

sed -i "s~^\([[:blank:]]*\)image:.*$~\1image: ${FULL_REPOSITORY_NAME}~" deployment.yml

You can also edit all pipeline scripts at your convenience. These are using standard docker and kubectl commands.
You’ll find the URL of your deployed app at the bottom of the pipeline log (e.g. VIEW THE APPLICATION AT: http://184.172.247.94:32125).

Using the kubectl proxy command, you can review the output of your toolchain: a deployment with 2 replicas of the HelloWorld app, and a NodePort service. With a standard cluster, you would want to use a LoadBalancer or a route managed by an Ingress controller.

With Docker and Kubernetes, you normally develop and test locally using Minikube, then rely on your toolchain to take your Git commits to production, once properly built, tested, scanned, etc. The toolchain can then manage promotions across environments, and many more practices.

Vulnerability Advisor

This toolchain leverages Vulnerability Advisor to help developers design a secure app with very little effort. If you pay more attention to the Dockerfile used in this example, you’ll notice it is purging the libgcrypt20 package. The reason for that is that at the time of writing this article, the current node image at Dockerhub (8.1.2) contained some security vulnerabilities. You can see by committing this change to your Git repo.

Such a vulnerability can go unnoticed when developing locally. However, the toolchain will spot it as soon as the change gets delivered to the Git repo and processed by the Delivery Pipeline running Vulnerability Advisor. As you can see below, the pipeline will block this change before it reaches the production environment.

In the log of the failing Vulnerability Advisor scan job, you’ll find more details on the offending package. This exact vulnerability is officially documented by Debian.

	376 packages scanned
1 vulnerable packages
libgcrypt20 : current: 1.6.3-2+deb8u3 fixed: 1.6.3-2+deb8u4

Summary

With the new deployment job for Kubernetes, your Bluemix toolchain makes it easy to continuously deliver an app to a Kubernetes cluster, leveraging DevOps best practices such as version control, automatic build and deployment using image vulnerability scans.

 

Useful links

Distinguished Engineer, Bluemix DevOps Continuous Delivery

More DevOps stories
May 1, 2019

Two Tutorials: Plan, Create, and Update Deployment Environments with Terraform

Multiple environments are pretty common in a project when building a solution. They support the different phases of the development cycle and the slight differences between the environments, like capacity, networking, credentials, and log verbosity. These two tutorials will show you how to manage the environments with Terraform.

Continue reading

April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 29, 2019

Transforming Customer Experiences with AI Services (Part 1)

This is an experience from a recent customer engagement on transcribing customer conversations using IBM Watson AI services.

Continue reading