DevOps

Continuously deliver your app to Kubernetes with Bluemix

Share this post:

Bluemix Continuous Delivery toolchains now offer native support for deploying apps to a Kubernetes cluster available on IBM Bluemix Container Service. This example only requires a free “lite” cluster from IBM Bluemix Container Service.

You should always be practicing DevOps when building apps for the Cloud. You want an automated process managing your production application updates, with proper testing, security checks enforcement and many more. Bluemix has it all already and natively for you. Click the button below to create a Bluemix toolchain demonstrating how to start with DevOps practices for Kubernetes:

This toolchain demonstrates version control with a Git repo hosted in Bluemix, online editing with Eclipse Orion Web IDE (optional, you can always develop directly against your Git repo), automatic build of a container image, and security scanning using Vulnerability Advisor before deploying into a Kubernetes cluster that you’ll have previously created.

After you create the toolchain, subsequent changes to your app source code will be automatically built, scanned and deployed to your Kubernetes cluster using the pre-configured Delivery Pipeline. This pipeline can be further customized, in particular it could manage environment promotions or deploy to Kubernetes clusters in other Bluemix regions, or even outside Bluemix.

Check out the predefined pipeline build script to understand how the generic Docker image name gets substituted automatically with the actual container image built and published into the private IBM container registry.

sed -i "s~^\([[:blank:]]*\)image:.*$~\1image: ${FULL_REPOSITORY_NAME}~" deployment.yml

You can also edit all pipeline scripts at your convenience. These are using standard docker and kubectl commands.
You’ll find the URL of your deployed app at the bottom of the pipeline log (e.g. VIEW THE APPLICATION AT: http://184.172.247.94:32125).

Using the kubectl proxy command, you can review the output of your toolchain: a deployment with 2 replicas of the HelloWorld app, and a NodePort service. With a standard cluster, you would want to use a LoadBalancer or a route managed by an Ingress controller.

With Docker and Kubernetes, you normally develop and test locally using Minikube, then rely on your toolchain to take your Git commits to production, once properly built, tested, scanned, etc. The toolchain can then manage promotions across environments, and many more practices.

Vulnerability Advisor

This toolchain leverages Vulnerability Advisor to help developers design a secure app with very little effort. If you pay more attention to the Dockerfile used in this example, you’ll notice it is purging the libgcrypt20 package. The reason for that is that at the time of writing this article, the current node image at Dockerhub (8.1.2) contained some security vulnerabilities. You can see by committing this change to your Git repo.

Such a vulnerability can go unnoticed when developing locally. However, the toolchain will spot it as soon as the change gets delivered to the Git repo and processed by the Delivery Pipeline running Vulnerability Advisor. As you can see below, the pipeline will block this change before it reaches the production environment.

In the log of the failing Vulnerability Advisor scan job, you’ll find more details on the offending package. This exact vulnerability is officially documented by Debian.

	376 packages scanned
1 vulnerable packages
libgcrypt20 : current: 1.6.3-2+deb8u3 fixed: 1.6.3-2+deb8u4

Summary

With the new deployment job for Kubernetes, your Bluemix toolchain makes it easy to continuously deliver an app to a Kubernetes cluster, leveraging DevOps best practices such as version control, automatic build and deployment using image vulnerability scans.

 

Useful links

Distinguished Engineer, Bluemix DevOps Continuous Delivery

More DevOps stories
April 25, 2019

Develop in Public Cloud, Deploy Anywhere with IBM Cloud DevOps

In this article, we explore how to deploy multicloud apps developed with IBM Cloud Continuous Delivery to a network-accessible IBM Cloud Private installation.

Continue reading

March 27, 2019

Versioned Base Images for Continuous Delivery

Developers know that everything—including the tools they use to build applications, the libraries and packages their applications depend on, and even the environments where the applications run—is always changing. The Continuous Delivery Pipeline Versioned Base Image support was created to help deal with competing pressures of currency and consistency when developing applications for IBM Cloud.

Continue reading

March 27, 2019

What’s Included in the IBM Cloud Developer Tools Version 2.1.17

We are pleased to announce the latest version of IBM Cloud Developer Tools CLI Version 2.1.17.

Continue reading