Secure application deployments with Jenkins, Kubernetes, and the Google Cloud Platform

In a previous series of blogs, we covered how to use Docker with Jenkins to achieve true continuous delivery and improve existing pipelines in Jenkins.

Docker can be used in conjunction with Jenkins to provide customized build and runtime environments for testing or production, trigger application builds, automate application packaging/releases and deploy traceable containers. The new Jenkins Workflow plugin can also programmatically orchestrate these CD pipelines, while the CloudBees Jenkins Platform further builds on the above to give Jenkins masters shareable Docker build resources. All together, these features allow a Jenkins administrator or user to easily set up a CD pipeline and ensure that build/test environments are fungible, and therefore highly scalable.

The CloudBees team and the open-source community have enhanced this existing Docker story by adding Kubernetes and Google Container Registry support to Jenkins, giving Jenkins administrators the ability to leverage both Google’s container management tool and cloud container platform to run a highly-scalable and managed runtime for Jenkins.

Cookie-cutter environments and application packaging

The versatility and usability of Docker has made it a popular choice among DevOps-driven organizations. It has also made Docker an ideal choice for creating the standardized and repeatable environments that an organization needs for both creating identical testing and production environments as well as for packaging portable applications.

If an application is packaged in a Docker image, testing and deploying is a matter of creating a container from that image and running tests against the application inside. If the application passes the tests, then they should be stored in a registry and eventually deployed to production.

Leveraging the Google Container Registry
The Jenkins community has now added support for releasing applications as Docker images to the Google Container Registry, a free service offered by Google, and using Google’s own services to securely deploy applications across their multi-region datacenters.  

The Google Container Registry encrypts all Docker images and allows administrators to restrict push/pull access with ACLs on projects and storage buckets. Authentication is performed with their Cloud Platform OAuth over SSL, and Jenkins now supports this via the Google Container Registry Auth plugin developed by Google.

The CloudBees Docker Build and Publish Plugin adds a new build step to Jenkins jobs for building and packaging applications into Docker containers, then publishing them as Docker images to your registry of choice with the Google OAuth credentials mentioned above.

Securely deploying with the Google Cloud Platform

The Docker Build and Publish plugin doesn’t require the Kubernetes plugin to integrate with the Google Container Registry. However, installing both unlocks the option of using the Google Cloud Platform and its underlying Kubernetes cluster to securely deploy Docker images as containers.

The Google Cloud Platform supports directly deploying Docker images from their Container Registry to their Container Engine. Deployments can be to particular regions and clusters, and they happen on a configured schedule. Once deployed, the application can  then be run as a highly-available cluster. Kubernetes will perform regular health-checks on the application instances, restarting them as necessary.

Source: http://googlecloudplatform.blogspot.com/2015_01_01_archive.html

 

Where do I start?

  1. The CloudBees Docker Build and Publish plugin is an open-source plugin, so it is available for download from the open-source update center or packaged as part of the CloudBees Jenkins Platform.
  2. The Google Cloud Registry Auth plugin is an open-source plugin developed by Google, so it available to download from the open source update center or packaged as part of the CloudBees Jenkins Platform.
  3. (Optional) The Kubernetes plugin is an open-source plugin, so it is available for download from the open-source update center or packaged as part of the CloudBees Jenkins Platform.
  4. The Google Container Engine offers a free trial.
  5. The Google Container Registry is a free service.
  6. Other plugins complement and enhance the ways Docker can be used with Jenkins. Read more about their uses cases in these blogs:
    • Docker Build and Publish Plugin
    • Docker Slaves with the CloudBees Jenkins Platform
    • Jenkins Docker Workflow DSL
    • Docker Traceability
    • Docker Hub Trigger Plugin
    • Docker Custom Build Environment plugin

 

Tracy Kennedy
Associate Product Manager
CloudBees 

Tracy Kennedy is an associate product manager for CloudBees and is based in Richmond. Read more about Tracy in her Meet the Bees blog post and follow her on Twitter.

 

 

Add new comment