Authors: Sameer Jandial / Ramakrishna Pandian
The aim of this project is to come up with a CI/CD pipeline for B2Bi products within OCP platform. Since the B2Bi products are OCP certified products, this blog helps them in building a CI/CD pipeline for automating the deployment of their test and production environments.Pipeline stages
In Phase I, we wanted to automate the continuous deployment of the CI/CD model using OCP pipelines. The Pipeline will have the below stages.
OCP Environment setup
- Pulling B2Bi image from the Entitlement Registry
- Extend the image (like changing default user, updating Db drivers, etc...)
- Tag and Push the image to the OCP internal Registry
- Pull the latest helm charts for a given release from IBM public Helm repository
- Configure the Helm charts for the Test environment
- Configure the pre-requisites including Volumes/Secrets
- Deploy the Helm charts
- Run functional automation
- Run security scans
- Deploy the image on the production environments using Helm charts
Before we start developing the pipelines, we need to setup the OCP environment with the below pre-requisites.Deploying Jenkins server
We will be automating few of the deployment modules as a job in Jenkins server and these jobs will be triggered from the OCP pipelines. So, we need to deploy a Jenkins server on the OCP cluster environment.
To deploy the Jenkins server, we can either deploy it through the OCP UI or OCP (OC) command line client. From the OCP platform UI, Go to Add and Click on ‘From catalog’ the below screen will appear. Select Jenkins and click instantiate template
This will spin up a Jenkins server on the OCP environment. The same thing can be done through command line using the below command,oc new-app -e OPENSHIFT_ENABLE_OAUTH=true -e VOLUME_CAPACITY=10Gi jenkins-persistent
Creating an Internal OCP container image registry
We need an internal container image registry inside OCP environment to store the images which we are deploying. We can create registry under Builds – Image StreamsCreating Secrets
We must create secrets which the pipeline will be used to authenticate to the Jenkins server. To create secrets, go to Workloads → Secrets. Here we have created Source Secret with Authentication type as Basic authentication and provided the username and API token used to authenticate to Jenkins server.
The Secrets can be created using YAML as well.
We are using the below OCP inbuilt tasks to automate the pipeline.Skopeo copy task
This task is used to copy the image from the Entitlement registry to the OCP internal registry.
This task takes the following input parameterssrcImageURL
– URL of the source image registrydestImageURL
– URL of the destination image registrysrcTLSverify
– Verify TLS on the source registrydestTLSverify
– Verify TLS on the destination registry
Create two secrets one for image pull and other for image push and update the ‘default’ service account with the secret details.Trigger Jenkins job task
Most of the deployment modules are written as script in Jenkins server as a job. This task in the pipeline is used to trigger the corresponding Jenkins job.
This task takes the following input parametersJENKINS_HOST_URL
– The URL where Jenkins server is hostedJOB_NAME
– The Name of the Jenkins Job which the pipeline task will triggerJENKINS_SECRETS
– The secrets used to authenticate to the Jenkins serverJOB_PARAMS
– The extra parameters passed to the Jenkins job
This task is used to run any of the OC CLI command as part of the pipeline.
This task takes the following input parametersSCRIPT
– The OpenShift CLI command to runARGS
– The arguments to be passed as part of the above command
Current Pipeline Design
Using the above tasks, we have designed our pipeline which has tasks performing functions such as
- Pulling image from ER to OCP registry
- Pulling helm charts from production github location
- Configure client VM
- Setup pre-requisites
- Helm Install B2Bi
Here the ‘pull-image’ is a ‘skopeo copy’ task used to move the image from the B2Bi Entitlement Registry to the OCP internal registry. The remaining tasks are ‘trigger jenkins job’ which calls corresponding Jenkins job which performs tasks like pulling helm charts from production location to local client node, setting up the local client node, setting up pre-requisites and finally do a helm install.
Once the successful execution of this pipeline, B2Bi SI and SFG will be deployed on the OCP cluster environment and we can access the dashboard using the URLs under ‘Routes’
To summarize, OCP CI/CD pipeline is a steppingstone for many B2Bi customers who want to move to cloud. They can take a reference from this blog that can help them to setup pipeline in a TEST environment before moving to production. Having a CI/CD pipeline in a cloud environment will save a lot of time as it can do multiple things with just a single click – depicted in the pipeline above.
The subsequent version of this blog will have more additions to the pipeline. The plan is to extend it to a stage where post helm installs, the pipeline is capable enough to extend a B2Bi image (adapters/BP), running automation suites, security scans. Based on the results, the same image can be pushed to production environment.