IBM Sterling B2B Integrator and IBM Sterling File Gateway Developers

B2Bi – OCP CI/CD Pipeline

By Sameer Jandial posted Mon August 02, 2021 09:42 AM

Authors: Sameer Jandial / Ramakrishna Pandian


The aim of this project is to come up with a CI/CD pipeline for B2Bi products within OCP platform. Since the B2Bi products are OCP certified products, this blog helps them in building a CI/CD pipeline for automating the deployment of their test and production environments.

Pipeline stages

In Phase I, we wanted to automate the continuous deployment of the CI/CD model using OCP pipelines. The Pipeline will have the below stages.
  • Pulling B2Bi image from the Entitlement Registry
  • Extend the image (like changing default user, updating Db drivers, etc...)
  • Tag and Push the image to the OCP internal Registry
  • Pull the latest helm charts for a given release from IBM public Helm repository
  • Configure the Helm charts for the Test environment
  • Configure the pre-requisites including Volumes/Secrets
  • Deploy the Helm charts
  • Run functional automation
  • Run security scans
  • Deploy the image on the production environments using Helm charts

OCP Environment setup

Before we start developing the pipelines, we need to setup the OCP environment with the below pre-requisites.

Deploying Jenkins server

We will be automating few of the deployment modules as a job in Jenkins server and these jobs will be triggered from the OCP pipelines. So, we need to deploy a Jenkins server on the OCP cluster environment.

To deploy the Jenkins server, we can either deploy it through the OCP UI or OCP (OC) command line client. From the OCP platform UI, Go to Add and Click on ‘From catalog’ the below screen will appear. Select Jenkins and click instantiate template

This will spin up a Jenkins server on the OCP environment. The same thing can be done through command line using the below command,

oc new-app -e OPENSHIFT_ENABLE_OAUTH=true -e VOLUME_CAPACITY=10Gi jenkins-persistent

Creating an Internal OCP container image registry

We need an internal container image registry inside OCP environment to store the images which we are deploying. We can create registry under Builds – Image Streams

Creating Secrets

We must create secrets which the pipeline will be used to authenticate to the Jenkins server. To create secrets, go to Workloads → Secrets. Here we have created Source Secret with Authentication type as Basic authentication and provided the username and API token used to authenticate to Jenkins server.

The Secrets can be created using YAML as well.

Pipeline Tasks

We are using the below OCP inbuilt tasks to automate the pipeline.

Skopeo copy task

This task is used to copy the image from the Entitlement registry to the OCP internal registry.

This task takes the following input parameters

srcImageURL – URL of the source image registry
destImageURL – URL of the destination image registry
srcTLSverify – Verify TLS on the source registry
destTLSverify – Verify TLS on the destination registry

Create two secrets one for image pull and other for image push and update the ‘default’ service account with the secret details.

Trigger Jenkins job task

Most of the deployment modules are written as script in Jenkins server as a job. This task in the pipeline is used to trigger the corresponding Jenkins job.

This task takes the following input parameters

JENKINS_HOST_URL – The URL where Jenkins server is hosted
JOB_NAME – The Name of the Jenkins Job which the pipeline task will trigger
JENKINS_SECRETS – The secrets used to authenticate to the Jenkins server
JOB_PARAMS – The extra parameters passed to the Jenkins job

OpenShift-Client Task

This task is used to run any of the OC CLI command as part of the pipeline.

This task takes the following input parameters

SCRIPT – The OpenShift CLI command to run
ARGS – The arguments to be passed as part of the above command

Current Pipeline Design

Using the above tasks, we have designed our pipeline which has tasks performing functions such as

  1. Pulling image from ER to OCP registry
  2. Pulling helm charts from production github location
  3. Configure client VM
  4. Setup pre-requisites
  5. Helm Install B2Bi

Here the ‘pull-image’ is a ‘skopeo copy’ task used to move the image from the B2Bi Entitlement Registry to the OCP internal registry. The remaining tasks are ‘trigger jenkins job’ which calls corresponding Jenkins job which performs tasks like pulling helm charts from production location to local client node, setting up the local client node, setting up pre-requisites and finally do a helm install.
Once the successful execution of this pipeline, B2Bi SI and SFG will be deployed on the OCP cluster environment and we can access the dashboard using the URLs under ‘Routes’

To summarize, OCP CI/CD pipeline is a steppingstone for many B2Bi customers who want to move to cloud. They can take a reference from this blog that can help them to setup pipeline in a TEST environment before moving to production. Having a CI/CD pipeline in a cloud environment will save a lot of time as it can do multiple things with just a single click – depicted in the pipeline above.

The subsequent version of this blog will have more additions to the pipeline. The plan is to extend it to a stage where post helm installs, the pipeline is capable enough to extend a B2Bi image (adapters/BP), running automation suites, security scans. Based on the results, the same image can be pushed to production environment.