Start with CICD using the Cloud Native Toolkit from the IBM Garage

Today’s blog post is about the awesome IBM Garage Cloud Native Toolkit to support continuous integration and continuous delivery (CICD).

I want to provide a basic overview from my perspective, which I structured in following sections:

  • Motivation
  • Basic Overview
  • Try it out
  • Open-Source Tools/Technologies
  • What are the major tasks inside a OOTB Tekton pipeline?
  • Summary

Motivation

I love to see how tools can support different kinds of software development processes fully or partly, especially in today’s agile world. With my background of using Rational Tools for a long time, I always like to see, how is it possible to make life easier for the different roles in the Software Development LifecycleContinuous integration and continuous delivery are two big important parts of an effective implementation of a Software Development Lifecycle in a company to speed up the development and innovation. So, the IBM Garage Cloud Native Toolkit exactly does address these two critical important topics. The toolkit does address it with a concrete initial configuration.

Basic Overview

The Cloud Native Toolkit utilizes the Tekton Operator to create an awesome starting point with a preconfiguration for continuous integration and continuous delivery in your Red Hat OpenShift cluster using Open-Source tools.

Try it out

I wanted to try out the Cloud Native Toolkit with an own simple project and I used one of my very basic Node.js server implementations in my private GitHub repository. My objective was only to try out the basic Out-Of-The-Box configuration. I followed the given guides in the getting started documentation of the Cloud Native Toolkit for setup the toolkit and then I used it.
The documentation worked fine for me for the entire setup and the usage for my example application.

Open-Source Tools/Technologies

The Cloud Native Toolkit highlights in an impressive way, how Open-Source technologies/tools can be used together to support continuous integration and continuous delivery for containerized applications in Red Hat OpenShift. So, I want to give you a basic overview of the used Open-Source tools/technologies in the Out-Of-The-Box default configuration for a Tekton pipeline, provided by the Cloud Native Toolkit.

These are the used Open-Source tools/technologies in the pipeline with a very short explanation what they do address in context of the Cloud Native Toolkit:

Open-Source Technology/ToolAddresses following topic
TektonContinuous integration is realized with Tekton. The following image shows some of the predefined tasks in the Tekton pipeline and how pipeline appear in Red Hat OpenShift.

Tekton OperatorThe IBM Garage team is using the Tekton Operator provided by Red Hat to setup the Cloud Native Toolkit inside Red Hat OpenShift.

 
ArgoCDContinuous delivery is implemented with ArgoCD, related to GitOps.

 
SonarQubeWhite box testing/scanning is realized with SonarQube. Thats related to the implementation of the scanning for the well known top 10 security risks identified by the OWASP project, which is well known in the application security area.

 
ArtifactorySaving binary assets like tgz files containing the Helm chart configurations within Artifactory

Helm chartsDefining the deployment of the containerized applications with Helm charts. “Helm is the best way to find, share, and use software built for Kubernetes.”
Mocha and supertestIn the Tekton Task Test, I used for my unit tests of my Node.js server Mocha in combination with Supertest

What are the major tasks inside a OOTB Tekton pipeline?

The IBM Garage team did a lot of bash programming and yaml preconfigration for the Tekton tasks and steps to reflect for example different quality gates you can customize to stop the execution of your pipeline. For sure it also includes a lot of experience of a huge number of different customers projects.

The image contains a brief inside of a task implementation.

In the image you see a screen shot of the default configuration for a pipeline.

Here is a short and very simplified overview of the preconfigured Tekton pipeline tasks, which are defined for the Out-Of-The-Box configuration I used.

TaskMajor stepsContent
Setupgit-clone
Testgit-clonebuildtestsonar-scanExecuting unit tests and security scanning for the application.
Buildgit-clonebuildBuilding a container image based on the Dockerfile
Deploygit-clonedeployDeploying the application using a helm chart.
Healthhealth-checkVerifying  health endpoint for your application.
Tag-releasegit-clonegit-tagDoing an automated tagging of your deployed releases in your GitHub project.
Img-releaseimage-tagTag the container image in your container registry.
Img-scanyourregisty-pullyourregistry-scanSecurity scan of the container using container registry capabilities.
Helm-releasegit-clonepackage-helmHelm chart for this deployment will be saved in a repository.
GitopsgitopsUsing the Helm chart to deploy container into other projects with ArgoCD.
These projects can reflect for example deferent environments like teststage or production and save this GitOps configuration in a GitHub Project.

Summary

The IBM Cloud Garage team invested for us time and shares their experience with us, to provide us a great professional starting point with preconfigurations and guided setups containing different Open-Source tools/projects to get started with a setup and using continuous integration and continuous delivery in a professional way. The Cloud Native Toolkit also provides various templates for different technologies.

Ok, we have to dig in a lot of different areas on tooling and methods, but setting up continuous integration and continuous delivery isn’t easy and that’s only the tooling and not the topic: “How to integrate this in your development life cycle process?” To understand Cloud Native Toolkit in a broader context, it makes sense to take a look into the IBM Garage Method to get more insides, what are their best practices.

Surely that’s not a one size fits all solution and must be configured to your needs. But the Cloud Native Toolkit can reduce your effort with the implementation of the tooling for continuous integration and continuous delivery, if it’s not already in place.


I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

#cicd, #gitops, #argocd, #sonarqube, #tekton, #OpenShift, #cloudnativetookit, #helmchart, #Artifactory, #IBMGarage

One thought on “Start with CICD using the Cloud Native Toolkit from the IBM Garage

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.