More Related Content Similar to Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Your CI/CD (20) More from Nico Meisenzahl (6) Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Your CI/CD2. Nico Meisenzahl
• Senior Cloud & DevOps Consultant at white duck
• GitLab Hero, Microsoft MVP & Docker Community
Leader
• loves Kubernetes, DevOps and Cloud
© white duck GmbH 2020
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org
3. Agenda
• GitLab and Kubernetes
• containerized pipeline – why?
• pipeline workload on Kubernetes with GitLab CI/CD
• container image builds on Kubernetes with Kaniko
© white duck GmbH 2020
4. GitLab & Kubernetes
A perfect fit!
• Gitlab hosted on Kubernetes
• containerized pipelines
• monitoring & tracing stack
• functions and serverless apps
• Review Apps
• Auto DevOps
© white duck GmbH 2020
5. Containerized Pipelines – Why?
• for the same reasons why you should use containers
• isolation
• dependencies
• scalability
• immutability
• example: your new project needs version X all others still require Y
• you can include any kind of build / deploy dependency
• NodeJS, .NET Core, Go, Terraform, Ansible… you name it
© white duck GmbH 2020
6. docker run
• running Docker on build hosts is a familiar pattern
• but: docker run pipeline jobs have some issues
• containers are immutable
• you will end up managing caching and artifacts on your own
• (and we're not even talking about building containers)
© white duck GmbH 2020
7. GitLab Runner Kubernetes executor
• a Gitlab Runner that is aware of Kubernetes
• integrates your CI/CD with Kubernetes
• runs itself within your Kubernetes Cluster (as pod)
• schedules pipeline jobs as pods
• allows you to share your compute and scale your pipelines
• easy deployment
• one-click
• production ready Helm deployment
• via CI/CD (alpha)
© white duck GmbH 2020
8. Cloning, Caching and Artifacts
• GitLab Runner Kubernetes executor runs service containers within
the pipeline job pod to handle cloning, caching and artifacts
• every pipeline job contains out of these stages
• prepare → creates pod with build and service containers
• pre-build → clones repo, restore cache, download artifacts
• build → user build steps
• post-build → creates caches and upload artifacts
© white duck GmbH 2020
9. Advanced topics
• supports advanced configurations like
• resource limits for build jobs
• CI services for build dependencies
• node selectors for runners
• …
© white duck GmbH 2020
10. Demo: GitLab Runner Kubernetes executor
• GitLab Kubernetes Integration
• GitLab Runner Kubernetes executor deployment
© white duck GmbH 2020
11. Pipeline job image
• contains everything a single pipeline job needs
• binaries, libraries, tools, ...
• provide all external dependencies
• use a pipeline to build/rebuild it periodically (security fixes!)
• you should define fix versions for your dependencies
• use caching to speed up your builds
© white duck GmbH 2020
14. Container Image builds on Kubernetes
• you may used Docker-in-Docker to build containers in containers
• DinD has some issues
• exposing Docker socket
• mounting /var/lib/docker
• privileged mode
• those might be acceptable on a build host but not in a Kubernetes
cluster
© white duck GmbH 2020
15. Image builds with Kaniko
• image builds without the need of any privileges or dependencies
• runs in a container (gcr.io/kaniko-project/executor)
• easy to use
• you should think about caching to speed up your pipeline
• layer caching (layers get pushed pushed to a registry)
• base image caching (GitLab cache)
© white duck GmbH 2020
17. Demo
• containerized image builds on Kubernetes with Kaniko
• https://gitlab.com/gitlab-commit-demo/containerized-jobimage-sample
© white duck GmbH 2020