Editor’s Note: This blog post was written by guest author Xiao Gao, VMware senior technical marketing manager, and CloudBees’ Christopher Saleski, CloudBees senior technical alliance marketing manager.
Digital disruption is fueling new business models and modern apps are powering a digital transformation across industries. Whether you’re in retail, manufacturing, finance or healthcare, your goal is to connect with your customers through technology by offering faster time-to-value, better reliability and operational efficiency. Modern DevOps and a robust framework for continuous integration and continuous delivery (CI/CD) establish a foundation for reliably delivering innovative applications with automation.
An end-to-end CI/CD automation engine enables you to integrate diverse software portfolios that may consist not only of traditional applications but also of modern applications using a microservices architecture with containers. With the effective use of CI/CD, you can increase productivity by minimizing app downtime, manual intervention, do-it-yourself scripting and troubleshooting. A microservices application is often built by multiple development teams, and the continuous delivery platform needs to scale to meet the needs of various development teams without increasing the administrative burden.
This blog showcases how you can leverage VMware Enterprise PKS and CloudBees Core to offer continuous delivery as a service, accelerating app delivery for your line of business.
Setting the stage with a quick overview of VMware Enterprise PKS
VMware Enterprise PKS is a turnkey solution that enables you to offer Kubernetes as a service with high availability, cluster scaling, health checks, self-healing and rolling upgrades.
VMware Enterprise PKS integrates with VMware NSX-T to provide advanced container networking, including micro-segmentation, ingress control, load balancing and security policies. Through an integrated open-source private registry called Harbor, VMware Enterprise PKS secures container images with vulnerability scanning, image signing and auditing. VMware Enterprise PKS also integrates with Wavefront by VMware and VMware vRealize solutions for application and infrastructure monitoring.
Providing CI/CD with CloudBees Core
CloudBees Core provides a shared, centrally-managed CI/CD service with a self-service experience for engineering teams. It can be deployed on-premises or hosted on a cloud service provider. CloudBees Core on modern cloud platforms is a cloud-native CI/CD solution that runs on Kubernetes and includes an elegant user experience for rapid onboarding and configuration. You benefit from the ability to run pipeline workloads for a range of application types on a scalable and highly available CloudBees Core cluster. Integration with VMware Enterprise PKS allows IT operations teams to follow standard protocols to deploy and manage CloudBees Core like any other business-critical application. An IT operations team can provision a CloudBees Core cluster in seconds and configure tight access controls to conform to IT security standards.
CloudBees Core has recently completed the VMware PKS partner validation program and is available on the VMware solution exchange as a VMware PKS Partner Ready solution.
Key use cases
Using CloudBees Core with VMware Enterprise PKS empowers you to address the following use cases:
Pipeline for continuous delivery using infrastructure as code – You can deliver streamlined workflows for cloud-native apps on Kubernetes through infrastructure as code. You can leverage GitOps or environments stored as code in a repository to automatically promote versioned artifacts through pull requests across different Kubernetes clusters running on VMware Enterprise PKS.
Continuous delivery as a service (CDaaS) – You can propagate best practices and reduce administrative burden through CDaaS. When offering CDaaS with VMware Enterprise PKS, you can leverage Wavefront by VMware to gain full visibility of your infrastructure and application performance. Visibility enables you to scale your infrastructure resources up and down on demand.
- You can integrate both VMware Enterprise PKS and CloudBees Core with your enterprise identity provider to ensure credentials and resources are not misused. For enhanced availability, you can leverage pod health checks to identify failing pods and spin-up replacements as needed. Delivering CDaaS can help you reduce risks to software delivery while ensuring compliance, all without hindering agility.
Continuous integration and delivery for an air-gapped Kubernetes environment – You can build and maintain secure and stable development, staging, and production Kubernetes environments with tightly controlled access to external resources. VMware Enterprise PKS supports Kubernetes environments with little or no internet access. Together with CloudBees Core Proxy artifact repository, you can control which internet-based plugins are permitted in your development and integration environment.
Deploying CloudBees Core on VMware Enterprise PKS
CloudBees Core runs natively inside a VMware Enterprise PKS cluster namespace. You can install CloudBees Core using HELM charts or Kubernetes YAML files. Regardless of how you deploy CloudBees, components such as CloudBees Jenkins Operations Center and managed masters and agents can be dynamically scaled and are resilient to failures.
Once you deploy CloudBees Core, there are some essential steps to setting up your environment for a modern DevOps practice. They are:
1) Define your team from the CloudBees Jenkins Operations Center. The Operations Center’s simple user interface will guide you through the process. CloudBees Core will create and maintain a dedicated team master for each team. For instructions, see Administering CloudBees Core.
2) Create your CI/CD pipeline by using your Git repo and associated Git token or credentials. By default, the pipeline system expects a Jenkinsfile at the root directory of the repository; you will need to customize the pipeline job to point to a file that is located in a subdirectory. See the best practices guide.
3) Set up security and authentication. You will want your developers to have a single sign-on experience and use role-based access control (RBAC) to assign the right permissions. The RBAC plugin gives Jenkins administrators the ability to define various security roles and assign them to groups of users. The assignment of roles can take place at the global level, or it can be limited to specific objects. Additionally, the Jenkins administrator can delegate the management of groups for specific objects to specific users. The RBAC plugin guide covers concepts and definitions and will help you set it up.
4) Set up a monitoring environment for DevOps productivity metrics and core infrastructure. CloudBees DevOptics gives you visibility into key metrics, such as deployment frequency, the mean lead time to deliver a feature, the mean time to recovery and the change failure rate.
5) Evaluate the right plug-ins for the other tools in your environment. Begin by defining a plugin catalog in the JSON file format. Once you have defined your plugin catalog, you can add it to your CloudBees Jenkins Operations Center instance using the Jenkins CLI tool, and validate the catalog’s suitability for a client master. We recommend this guide to get started.
Triggering jobs by committing code
Once you have integrated your Git Repo, defined your software development lifecycle pipeline, and on-boarded your team members, any code commit will trigger a Jenkins job to fetch the app and test code from your Git Repo.
Based on the pipeline definition, Jenkins will run automated unit tests for style and security, build the container image, and push the image to Harbor for vulnerability scanning and signing. If the container image passes the vulnerability scan, CloudBees Core can proceed with deploying the image to a dev environment for additional automated end-to-end validation. Container images that fail Harbor’s vulnerability scan will not be allowed to be pulled from the Harbor registry.
The dev environment can be another namespace in the same VMware Enterprise PKS cluster or a new cluster dedicated to dev workloads. With VMware Enterprise PKS, the dev cluster can be created on-demand and mirror the production environment.
Getting a view of your world
All your infrastructure logs and metrics can be centrally managed using VMware Log Insight and Wavefront, enabling developers and DevOps teams to get a complete, real-time view of their Kubernetes environment and application runtime performance and logs. The Wavefront dashboards show Kubernetes performance metrics from VMware Enterprise PKS at any level, including nodes, pods, cluster, and individual containers.
With Wavefront, you can easily leverage your application knowledge to scale your underlying Kubernetes infrastructure. With Log Insight, you can aggregate and filter VMware Enterprise PKS logs at any level in real-time across thousands of endpoints. The ability to view and filter applications metrics and logs in real-time across a set of dynamic Kubernetes resources is vital to triaging and resolving infrastructure and application issues quickly.
This diagram illustrates the combination of CloudBees Core and VMware Enterprise PKS:
Running CloudBees Core on VMware Enterprise PKS is the cornerstone of building a modern DevOps practice. The joint solution comes with out-of-box integration for end-to-end security, monitoring and logging. Continuous delivery as a service lets you address critical initiatives and embrace cross-team collaboration. Here are some resources to help you take the next step in your DevOps journey:
· Attend one of the remaining CloudBees Days events to take part in workshops
· Read this guide to DevOps Culture and Process to help you do DevOps right
· Take a look at the VMware PKS Partner Application Program
· See our joint webinar