Platform Engineers

Kubernetes Development Workflows: CI/CD Pipelines with Kubernetes

Platform Engineers's photo
Platform Engineers
·

5 min read

Kubernetes has become a cornerstone in modern software development, particularly in the context of container orchestration. The integration of Continuous Integration/Continuous Deployment (CI/CD) pipelines with Kubernetes enhances the efficiency and reliability of software delivery processes. This blog will delve into the technical aspects of setting up and managing CI/CD pipelines with Kubernetes, focusing on the key components, tools, and best practices.

Key Components of a Kubernetes CI/CD Pipeline

A Kubernetes CI/CD pipeline involves several critical components that work together to automate the software delivery process.

Containers

Containers, such as Docker, encapsulate application components and enable consistent behavior across different environments. Dockerfiles are used to define the build process for container images.

FROM python:3.9-slim

# Set the working directory in the container
WORKDIR /app

# Copy the requirements file
COPY requirements.txt .

# Install any needed packages specified in requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Copy the application code
COPY . .

# Make port 80 available to the world outside this container
EXPOSE 80

# Define environment variable
ENV NAME World

# Run app.py when the container launches
CMD ["python", "app.py"]

Operating Clusters

Kubernetes clusters deploy and manage the containers. The cluster setup involves defining the infrastructure and configuring the nodes.

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    ports:
    - containerPort: 80

Configuration Management

Configuration management tools like Ansible or Terraform store and manage the infrastructure setup details. These tools ensure that any changes to the infrastructure are tracked and versioned.

---
- name: Deploy Kubernetes cluster
  hosts: kubernetes-master
  become: yes
  tasks:
  - name: Install Docker
    apt:
      name: docker.io
      state: present

Version Control System (VCS)

A VCS like Git maintains the source code repository. Changes to the code trigger the CI/CD pipeline.

git init
git add .
git commit -m "Initial commit"
git push origin main

Image Registries

Image registries like Docker Hub store the container images. These images are used to deploy the application in the Kubernetes cluster.

docker tag my-image:latest <your-docker-hub-username>/my-image:latest
docker push <your-docker-hub-username>/my-image:latest

Security Testing and Audits

Security testing tools like OWASP ZAP ensure that the application is free from security vulnerabilities.

docker run -t owasp/zap2docker-weekly zap-baseline-scan --target http://my-app.com --report-file /zap-report.html

Continuous Monitoring and Observability

Monitoring tools like Prometheus and Grafana provide insights into the application's performance and health.

apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
  name: my-prometheus
spec:
  replicas: 1
  serviceAccountName: my-prometheus

Tools for Kubernetes CI/CD Pipelines

Several tools are available to manage CI/CD pipelines with Kubernetes. Here are some of the most commonly used tools:

All-in-One CI/CD Tools

GitLab CI/CD

GitLab CI/CD is a popular choice for managing the entire software delivery lifecycle. It integrates well with Kubernetes and provides a comprehensive set of features for CI/CD.

stages:
  - build
  - test
  - deploy

variables:
  KUBECONFIG: $KUBECONFIG

build:
  stage: build
  script:
    - docker build -t my-image .
    - docker tag my-image:latest <your-docker-hub-username>/my-image:latest
    - docker push <your-docker-hub-username>/my-image:latest

test:
  stage: test
  script:
    - docker run -t owasp/zap2docker-weekly zap-baseline-scan --target http://my-app.com --report-file /zap-report.html

deploy:
  stage: deploy
  script:
    - kubectl apply -f deployment.yaml

GitHub Actions

GitHub Actions is another powerful tool for automating CI/CD workflows. It integrates well with Kubernetes and provides a flexible way to manage pipelines.

name: Kubernetes CI/CD

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build and push Docker image
        run: |
          docker build -t my-image .
          docker tag my-image:latest <your-docker-hub-username>/my-image:latest
          docker push <your-docker-hub-username>/my-image:latest

      - name: Deploy to Kubernetes
        uses: kubernetes/deploy-action@v1
        with:
          kubeconfig: ${{ secrets.KUBECONFIG }}
          deployment: deployment.yaml

CI Tools

Circle CI

Circle CI is a cloud-based CI tool that focuses on testing and building applications. It integrates well with Kubernetes and provides features like caching and resource classes.

version: 2.1

jobs:
  build-and-test:
    docker:
      - image: circleci/python:3.9

    steps:
      - checkout

      - run: |
          docker build -t my-image .
          docker run -t owasp/zap2docker-weekly zap-baseline-scan --target http://my-app.com --report-file /zap-report.html

workflows:
  build-and-deploy:
    jobs:
      - build-and-test

CD Tools

Spinnaker

Spinnaker is a continuous delivery tool that integrates with multiple cloud providers. It does not rely on a GitOps model and stores config files in the cloud provider’s storage.

applications:
  - name: my-app
    cloudProviders:
      - name: my-cloud-provider

pipelines:
  - name: deploy-to-kubernetes
    stages:
      - name: deploy
        type: deploy
        cloudProvider: my-cloud-provider
        account: my-account
        deployment: my-deployment

Best Practices for Kubernetes CI/CD Pipelines

GitOps

GitOps is a practice that keeps infrastructure configuration as files in the source control repository. This ensures that all essential resources are versioned and can be referenced within pipelines.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: my-image
        ports:
        - containerPort: 80

Security

Ensure that the CI/CD platform only exposes cluster connections to authorized projects and users. Use push-based workflows with caution, as they require privileged Kubernetes credentials to be stored on the source control server.

kubectl create secret generic my-secret --from-literal=key=value

Monitoring and Observability

Use monitoring tools to gain insights into the application's performance and health. This helps in identifying issues early and ensuring the application meets the required standards.

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: my-service-monitor
spec:
  selector:
    matchLabels:
      app: my-app
  endpoints:
  - port: http
    path: /metrics

Conclusion

Integrating CI/CD pipelines with Kubernetes is a powerful approach to streamline software delivery processes. By using the right tools and following best practices, developers can ensure that their applications are deployed reliably and efficiently. Platform engineering teams can benefit from this integration by automating key tasks and ensuring that the application meets the required standards.