Takeaways from DevOps World 2018 — Part I

Continuous deployment using Jenkins and Kubernetes

I was in San Francisco last week to attend DevOps World 2018 (also known as Jenkins World). This conference is about all things DevOps with a focus on Jenkins and Kubernetes. At KPN, we are in the process of moving all our Jenkins instances into Kubernetes (we deliver a managed Jenkins as a Service to development teams) so it is great to hear stories of other companies that are in the same process and share ideas and solutions.

On Monday I followed a workshop titled Continuously Deploying Application to a Kubernetes Cluster by Viktor Farcic. We were guided through the process of bringing a simple application to production on Kubernetes. 99% of the session took place on the command line, following the principle that UIs are evil and the fact that everything done on the command line can easily be automated.

“When used by engineers, UIs are evil. They sidetrack us from repeatability and automation”
 — Viktor Farcic

Each step of the process was executed and verified on the command line first hand then put together in the pipeline. The great benefit of this approach is that we have a great understanding of each step in the process and saves us from a lot of trial-and-error within Jenkins.

A bunch of takeaways from this workshop:

  • Although it is possible to build Docker images on Kubernetes, it is not secure. It requires a container to have access to the docker socket on the host, which gives control over everything else that runs on that node. Instead it is still preferred to use something like a (ephemeral) VM to execute your Docker commands. There is a project from Google called Kaniko that allows you to build Docker images without Docker, which might be a good alternative as it matures.
  • Put reusable and complex groovy scripts that are in your pipeline in a shared library. I will elaborate more on this in another blog post.
  • Use multi-stage Docker builds to test, compile and package your application with a single Docker file.

I also learned a few new tricks:

  • You can modify ‘currentBuild.displayName’ to manipulate the way your build is displayed in the UI.
  • In “Manage Jenkins” → “Configure Global Security”, select “Enable security”. Next to Markup Formatter, select “PegDown” from the drop down list. The requires the “pegdown-formatter” plugin and will give you nicer markup when reading the Jenkins Pipeline Syntax pages.

You can find the presentation of Viktor on his Github page.