├── .gitignore ├── CONTRIBUTING.md ├── README.md ├── README_BAMBOO.md ├── README_HYBRID.md ├── docker_images ├── docker-in-docker │ └── Dockerfile ├── docker │ └── Dockerfile ├── gradle │ └── Dockerfile ├── jenkins-slave-utils │ ├── Dockerfile │ └── README.md ├── nodejs-alpine │ └── Dockerfile ├── nodejs │ └── Dockerfile ├── openjdk │ └── Dockerfile └── podman-jenkins-slave │ └── Dockerfile ├── docs └── podman.md ├── jenkins ├── README.md ├── cluster_image_policy.yaml ├── ibm_cloud_container_service │ └── pvc.yaml └── jobs │ ├── auth │ ├── config.xml │ └── jobs │ │ ├── auth-build │ │ └── config.xml │ │ ├── auth-deploy │ │ └── config.xml │ │ ├── auth-end-to-end │ │ └── config.xml │ │ └── auth-update-image │ │ └── config.xml │ ├── catalog │ ├── config.xml │ └── jobs │ │ ├── catalog-build │ │ └── config.xml │ │ ├── catalog-deploy │ │ └── config.xml │ │ ├── catalog-end-to-end │ │ └── config.xml │ │ └── catalog-update-image │ │ └── config.xml │ ├── customer │ ├── config.xml │ └── jobs │ │ ├── customer-build │ │ └── config.xml │ │ ├── customer-deploy │ │ └── config.xml │ │ ├── customer-end-to-end │ │ └── config.xml │ │ └── customer-update-image │ │ └── config.xml │ ├── inventory │ ├── config.xml │ └── jobs │ │ ├── inventory-build │ │ └── config.xml │ │ ├── inventory-deploy │ │ └── config.xml │ │ ├── inventory-end-to-end │ │ └── config.xml │ │ └── inventory-update-image │ │ └── config.xml │ ├── orders │ ├── config.xml │ └── jobs │ │ ├── orders-build │ │ └── config.xml │ │ ├── orders-deploy │ │ └── config.xml │ │ ├── orders-end-to-end │ │ └── config.xml │ │ └── orders-update-image │ │ └── config.xml │ └── web │ ├── config.xml │ └── jobs │ ├── web-build │ └── config.xml │ ├── web-deploy │ └── config.xml │ ├── web-end-to-end │ └── config.xml │ └── web-update-image │ └── config.xml ├── scripts ├── install_cli.sh ├── k8s_create_service_account.sh └── k8s_delete_service_account.sh └── static ├── diagrams ├── atlassian.xml ├── jenkins-hybrid.xml └── jenkins.xml └── imgs ├── 1_create_job.png ├── 2_select_pipeline_type.png ├── 3_setup_pipeline.png ├── 4_launch_build.png ├── 5_open_console_output.png ├── 6_see_console_output.png ├── architecture.png ├── atlassian └── atlassian.png ├── certificate.png ├── icp_4.png ├── jenkins-hybrid.png ├── jenkins_cloud.png ├── jenkins_dashboard.png ├── jenkins_login.png ├── jenkins_pod_template.png ├── kubernetes.png ├── p_1_create_pipeline.png ├── p_2_parameters.png ├── p_2_parameters_2.png ├── p_3_script.png ├── rp_1_run_pipeline.png ├── rp_2_progress.png ├── rp_3_success.png └── rp_4_deploy.png /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .AppleDouble 3 | .LSOverride 4 | 5 | # Icon must end with two \r 6 | Icon 7 | 8 | 9 | # Thumbnails 10 | ._* 11 | 12 | # Files that might appear in the root of a volume 13 | .DocumentRevisions-V100 14 | .fseventsd 15 | .Spotlight-V100 16 | .TemporaryItems 17 | .Trashes 18 | .VolumeIcon.icns 19 | .com.apple.timemachine.donotpresent 20 | 21 | # Directories potentially created on remote AFP share 22 | .AppleDB 23 | .AppleDesktop 24 | Network Trash Folder 25 | Temporary Items 26 | .apdisk 27 | 28 | jenkins/*.tgz 29 | jenkins/*.bak 30 | 31 | *.html 32 | 33 | # Ignore CLIs 34 | docker_images/jenkins-slave-utils/cloudctl 35 | docker_images/jenkins-slave-utils/mcmctl -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ## Contributing to IBM Cloud Architecture reference applications 2 | Anyone can contribute to IBM Cloud Architecture reference applications and their associated projects, whether you are an IBMer or not. 3 | We welcome your collaboration & contributions happily, as our reference applications are meant to reflect your real world scenarios. 4 | There are multiple ways to contribute: report bugs and improvement suggestions, improve documentation, and contribute code. 5 | 6 | 7 | ## Bug reports, documentation changes, and feature requests 8 | 9 | If you would like to contribute your experience with an IBM Cloud Architecture project back to the project in the form of encountered bug reports, necessary documentation changes, or new feature requests, this can be done through the use of the repository's [**Issues**](#) list. 10 | 11 | Before opening a new issue, please reference the existing list to make sure a similar or duplicate item does not already exist. Otherwise, please be as explicit as possible when creating the new item and be sure to include the following: 12 | 13 | - **Bug reports** 14 | - Specific Project Version 15 | - Deployment environment 16 | - A minimal, but complete, setup of steps to recreate the problem 17 | - **Documentation changes** 18 | - URL to existing incorrect or incomplete documentation (either in the project's GitHub repo or external product documentation) 19 | - Updates required to correct current inconsistency 20 | - If possible, a link to a project fork, sample, or workflow to expose the gap in documentation. 21 | - **Feature requests** 22 | - Complete description of project feature request, including but not limited to, components of the existing project that are impacted, as well as additional components that may need to be created. 23 | - A minimal, but complete, setup of steps to recreate environment necessary to identify the new feature's current gap. 24 | 25 | The more explicit and thorough you are in opening GitHub Issues, the more efficient your interaction with the maintainers will be. When creating the GitHub Issue for your bug report, documentation change, or feature request, be sure to add as many relevant labels as necessary (that are defined for that specific project). These will vary by project, but will be helpful to the maintainers in quickly triaging your new GitHub issues. 26 | 27 | ## Code contributions 28 | 29 | We really value contributions, and to maximize the impact of code contributions, we request that any contributions follow the guidelines below. If you are new to open source contribution and would like some more pointers or guidance, you may want to check out [**Your First PR**](http://yourfirstpr.github.io/) and [**First Timers Only**](https://www.firsttimersonly.com/). These are a few projects that help on-board new contributors to the overall process. 30 | 31 | ### Coding and Pull Requests best practices 32 | - Please ensure you follow the coding standard and code formatting used throughout the existing code base. 33 | - This may vary project by project, but any specific diversion from normal language standards will be explicitly noted. 34 | - One feature / bug fix / documentation update per pull request 35 | - Always pull the latest changes from upstream and rebase before creating any pull request. 36 | - New pull requests should be created against the `integration` branch of the repository, if available. 37 | - This ensures new code is included in full-stack integration tests before being merged into the `master` branch 38 | - All new features must be accompanied by associated tests. 39 | - Make sure all tests pass locally before submitting a pull request. 40 | - Include tests with every feature enhancement, improve tests with every bug fix 41 | 42 | ### Github and git flow 43 | 44 | The internet is littered with guides and information on how to use and understand git. 45 | However, here's a compact guide that follows the suggested workflow 46 | 47 | ![Github flow](https://ibm-cloud-architecture.github.io/assets/img/github_flow.png) 48 | 49 | 1. Fork the desired repo in github. 50 | 51 | 2. Clone your repo to your local computer. 52 | 53 | 3. Add the upstream repository 54 | 55 | Note: Guide for step 1-3 here: [forking a repo](https://help.github.com/articles/fork-a-repo/) 56 | 57 | 4. Create new development branch off the targeted upstream branch. This will often be `master`. 58 | 59 | ``` 60 | git checkout -b master 61 | ``` 62 | 63 | 5. Do your work: 64 | - Write your code 65 | - Write your tests 66 | - Pass your tests locally 67 | - Commit your intermediate changes as you go and as appropriate 68 | - Repeat until satisfied 69 | 70 | 6. Fetch latest upstream changes (in case other changes had been delivered upstream while you were developing your new feature). 71 | 72 | ``` 73 | git fetch upstream 74 | ``` 75 | 7. Rebase to the latest upstream changes, resolving any conflicts. This will 'replay' your local commits, one by one, after the changes delivered upstream while you were locally developing, letting you manually resolve any conflict. 76 | 77 | ``` 78 | git branch --set-upstream-to=upstream/master 79 | git rebase 80 | ``` 81 | Instructions on how to manually resolve a conflict and commit the new change or skip your local replayed commit will be presented on screen by the git CLI. 82 | 83 | 8. Push the changes to your repository 84 | 85 | ``` 86 | git push origin 87 | ``` 88 | 89 | 9. Create a pull request against the same targeted upstream branch. 90 | 91 | [Creating a pull request](https://help.github.com/articles/creating-a-pull-request/) 92 | 93 | Once the pull request has been reviewed, accepted and merged into the main github repository, you should synchronise your remote and local forked github repository `master` branch with the upstream master branch. To do so: 94 | 95 | 10. Pull to your local forked repository the latest changes upstream (that is, the pull request). 96 | 97 | ``` 98 | git pull upstream master 99 | ``` 100 | 101 | 11. Push those latest upstream changes pulled locally to your remote forked repository. 102 | 103 | ``` 104 | git push origin master 105 | ``` 106 | 107 | ### What happens next? 108 | - All pull requests will be automatically built and unit tested by travis-ci, when implemented by that specific project. 109 | - You can determine if a given project is enabled for travis-ci unit tests by the existence of a `.travis.yml` file in the root of the repository or branch. 110 | - When in use, all travis-ci unit tests must pass completely before any further review or discussion takes place. 111 | - The repository maintainer will then inspect the commit and, if accepted, will pull the code into the upstream branch. 112 | - Should a maintainer or reviewer ask for changes to be made to the pull request, these can be made locally and pushed to your forked repository and branch. 113 | - Commits passing this stage will make it into the next release cycle for the given project. 114 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DevOps for Cloud Native Reference Application 2 | 3 | *This project is part of the 'IBM Cloud Native Reference Architecture' suite, available at 4 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes/tree/spring* 5 | 6 | ## Table of Contents 7 | - [DevOps for Cloud Native Reference Application](#devops-for-cloud-native-reference-application) 8 | * [Table of Contents](#table-of-contents) 9 | * [Introduction](#introduction) 10 | * [Architecture & CI/CD Workflow](#architecture--cicd-workflow) 11 | * [Pre-Requisites](#pre-requisites) 12 | + [Download required CLIs](#download-required-clis) 13 | + [Create a Kubernetes Cluster](#create-a-kubernetes-cluster) 14 | + [Install Bluecompute Reference Architecture Chart](#install-bluecompute-reference-architecture-chart) 15 | * [Deploy Jenkins to Kubernetes Cluster](#deploy-jenkins-to-kubernetes-cluster) 16 | + [Pre-Requisites:](#pre-requisites) 17 | - [IBM Cloud Private: Image Policy](#ibm-cloud-private-image-policy) 18 | - [Optional: IBM Cloud Kubernetes Service - Create a Persistent Volume Claim](#optional-ibm-cloud-kubernetes-service---create-a-persistent-volume-claim) 19 | - [Optional: IBM Cloud Private - Dynamic Provisioning](#optional-ibm-cloud-private---dynamic-provisioning) 20 | + [1. Initialize `helm` in your cluster:](#1-initialize-helm-in-your-cluster) 21 | - [IBM Cloud Kubernetes Service](#ibm-cloud-kubernetes-service) 22 | - [IBM Cloud Private](#ibm-cloud-private) 23 | + [2. Install Jenkins Chart:](#2-install-jenkins-chart) 24 | - [Install the Jenkins Chart and Provision a PVC dynamically](#install-the-jenkins-chart-and-provision-a-pvc-dynamically) 25 | - [Install the Jenkins Chart and Pass an Existing PVC](#install-the-jenkins-chart-and-pass-an-existing-pvc) 26 | - [Install the Jenkins Chart without a PVC](#install-the-jenkins-chart-without-a-pvc) 27 | + [3. Validate Jenkins Deployment](#3-validate-jenkins-deployment) 28 | - [1. Obtain Jenkins `admin` password:](#1-obtain-jenkins-admin-password) 29 | - [2. Obtain Jenkins URL:](#2-obtain-jenkins-url) 30 | * [2.a. Minikube Deployment](#2a-minikube-deployment) 31 | * [2.b. IBM Cloud Kubernetes Service](#2b-ibm-cloud-kubernetes-service) 32 | * [2.c. IBM Cloud Private](#2c-ibm-cloud-private) 33 | - [3. Login to Jenkins URL](#3-login-to-jenkins-url) 34 | - [4. Increase Container Cap Count](#4-increase-container-cap-count) 35 | + [Delete Jenkins Deployment](#delete-jenkins-deployment) 36 | * [Setup Docker Registry](#setup-docker-registry) 37 | + [Step 1: Create Docker Secret](#step-1-create-docker-secret) 38 | - [DockerHub](#dockerhub) 39 | - [IBM Cloud Kubernetes Service](#ibm-cloud-kubernetes-service-1) 40 | * [1. Create a Registry Namespace](#1-create-a-registry-namespace) 41 | * [2. Create Docker Registry Token](#2-create-docker-registry-token) 42 | * [3. Create Docker Secret](#3-create-docker-secret) 43 | - [IBM Cloud Private](#ibm-cloud-private-1) 44 | + [Step 2: Patch Jenkins Service Account](#step-2-patch-jenkins-service-account) 45 | + [Step 3: Save Docker Credentials in Jenkins](#step-3-save-docker-credentials-in-jenkins) 46 | * [Create and Run a Sample CI/CD Pipeline](#create-and-run-a-sample-cicd-pipeline) 47 | + [Step 1: Create a Sample Job](#step-1-create-a-sample-job) 48 | + [Step 2: Select Pipeline Type](#step-2-select-pipeline-type) 49 | + [Step 3: Setup Sample Pipeline](#step-3-setup-sample-pipeline) 50 | + [Step 4: Launch Pipeline Build](#step-4-launch-pipeline-build) 51 | + [Step 5: Open Pipeline Console Output](#step-5-open-pipeline-console-output) 52 | + [Step 6: Monitor Console Output](#step-6-monitor-console-output) 53 | * [Conclusion](#conclusion) 54 | * [Further Reading: Hybrid Cloud Setup](#further-reading-hybrid-cloud-setup) 55 | * [Further Reading: Using Podman as the CI/CD Container Engine](#further-reading-using-podman-as-the-cicd-container-engine) 56 | 57 | ## Introduction 58 | DevOps, specifically automated Continuous Integration and Continuous Deployment (CI/CD), is important for Cloud Native Microservice style application. This project is developed to demonstrate how to use tools and services available on IBM Cloud to implement the CI/CD for the BlueCompute reference application. 59 | 60 | The project uses the [Jenkins Helm Chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins) to install a Jenkins Master pod with the [Kubernetes Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+Plugin) in a Kubernetes Cluster. [**Helm**](https://github.com/kubernetes/helm) is Kubernetes's package manager, which facilitates deployment of prepackaged Kubernetes resources that are reusable. This setup allows Jenkins to spin up ephemeral pods to run Jenkins jobs and pipelines without the need of Always-On dedicated Jenkins slave/worker servers, which reduces Jenkins's infrastructural costs. 61 | 62 | Let's get started. 63 | 64 | ## Architecture & CI/CD Workflow 65 | Here is the High Level DevOps Architecture Diagram for the Jenkins setup on Kubernetes, along with a typical CI/CD workflow: 66 | 67 | ![DevOps Toolchain](static/imgs/architecture.png?raw=true) 68 | 69 | This guide will install the following resources: 70 | * 1 x 8GB [Persistent Volume Claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) (PVC) to Store Jenkins data and builds' information. 71 | * Be sure that your Kubernetes Cluster can support PVCs size of 8GB 72 | * 1 x Jenkins Master Kubernetes Pod with Kubernetes Plugin Installed. 73 | * 1 x Kubernetes Service for above Jenkins Master Pod with port 8080 exposed to a LoadBalancer. 74 | * All using Kubernetes Resources. 75 | 76 | ## Pre-Requisites 77 | ### Download required CLIs 78 | 79 | To deploy the application, you require the following tools: 80 | * [kubectl](https://kubernetes.io/docs/user-guide/kubectl-overview/) (Kubernetes CLI) - Follow the instructions [here](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to install it on your platform. 81 | * [helm](https://github.com/kubernetes/helm) (Kubernetes package manager) - Follow the instructions [here](https://github.com/kubernetes/helm/blob/master/docs/install.md) to install it on your platform. 82 | + If using `IBM Cloud Private`, we recommend you follow these [instructions](https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0.3/app_center/create_helm_cli.html) to install `helm`. 83 | * [IBM Cloud CLI](https://console.bluemix.net/docs/cli/reference/bluemix_cli/get_started.html) 84 | + Only if you are using an IBM Cloud Kubernetes Service cluster. 85 | 86 | ### Create a Kubernetes Cluster 87 | The following clusters have been tested with this sample application: 88 | * [minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/) - Create a single node virtual cluster on your workstation 89 | * [IBM Cloud Kubernetes Service](https://www.ibm.com/cloud/container-service) - Create a Kubernetes cluster in IBM Cloud. The application runs in the Lite cluster, which is free of charge. Follow the instructions [here](https://console.bluemix.net/docs/containers/container_index.html). 90 | * [IBM Cloud Private](https://www.ibm.com/cloud/private) - Create a Kubernetes cluster in an on-premise datacenter. The community edition (IBM Cloud private-ce) is free of charge. Follow the instructions [here](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.3/installing/installing.html) to install IBM Cloud Private CE. 91 | 92 | ### Install Bluecompute Reference Architecture Chart 93 | This document assumes that you have installed the `bluecompute-ce` chart in the `default` namespace of your cluster. To install `bluecompute-ce` chart, follow these instructions based on your environment: 94 | 95 | * **Minikube:** Use these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#deploy-to-kubernetes-cluster). 96 | * **IBM Cloud Kubernetes Service:** Use these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#deploy-bluecompute-to-ibm-cloud-container-service). 97 | * **IBM Cloud Private:** Use these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#deploy-bluecompute-to-ibm-cloud-private). 98 | 99 | ## Deploy Jenkins to Kubernetes Cluster 100 | As mentioned in the [**Introduction Section**](#introduction), we will be using a [Jenkins Helm Chart](#https://github.com/kubernetes/charts/tree/master/stable/jenkins) to deploy Jenkins into a Kubernetes Cluster. Before you do so, make sure that you installed all the required CLIs as indicated in the [**Pre-Requisites**](#pre-requisites). 101 | 102 | ### Pre-Requisites: 103 | #### IBM Cloud Private: Image Policy 104 | Starting with version 3.1.0 for IBM Cloud Private, you are REQUIRED to create an [`Image Policy`](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.2.0/manage_images/image_security.html) in order to whitelist container images that come from registries other than the built-in Private Docker Registry. We created a simple `Cluster Image Policy` located at [jenkins/cluster_image_policy.yaml](jenkins/cluster_image_policy.yaml) that lets you deploy not only the Jenkins images but also some images that we built to run the CI/CD environment for this demo. 105 | 106 | To create the `Cluster Image Policy`, run the following command: 107 | ```bash 108 | kubectl apply -f jenkins/cluster_image_policy.yaml 109 | ``` 110 | 111 | #### Optional: IBM Cloud Kubernetes Service - Create a Persistent Volume Claim 112 | If you would like Jenkins to use a PVC, you must provision a PVC from IBM Cloud and pass it to the `helm install` command once you get to the [Install the Jenkins Chart and Pass an Existing PVC](#install-the-jenkins-chart-and-pass-an-existing-pvc) step. 113 | 114 | To create a Persistent Volume Claim (PVC), use the commands below: 115 | ```bash 116 | kubectl apply -f jenkins/ibm_cloud_container_service/pvc.yaml 117 | ``` 118 | 119 | **Note:** that the minimum PVC size for IBM Cloud Kubernetes Service is `20GB`. 120 | 121 | Before you are able to use your PVC, it needs to be `Bound` to the cluster. To watch for changes in its provisioning status, use the following command: 122 | ```bash 123 | kubectl get pvc jenkins-home -o wide -w 124 | NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE 125 | jenkins-home Pending ibmc-file-silver 3s 126 | jenkins-home Bound pvc-f62fdc8a-797c-11e8-896e-02c97f163c96 20Gi RWO ibmc-file-silver 3m 127 | ``` 128 | 129 | Once see a new entry for `jenkins-home` with a status of `Bound`, it means that the PVC is ready to be used to install the Jenkins Chart. 130 | 131 | #### Optional: IBM Cloud Private - Dynamic Provisioning 132 | Though not necessary to install Jenkins chart, we highly recommend that you setup [Dynamic Provisioning](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.3/manage_cluster/cluster_storage.html) in your ICP cluster so that you can save your Jenkins Data. 133 | 134 | ### 1. Initialize `helm` in your cluster: 135 | ```bash 136 | helm init 137 | ``` 138 | 139 | This initializes the `helm` client as well as the server side component called `tiller`. 140 | 141 | #### IBM Cloud Kubernetes Service 142 | For IKS, you need to download your cluster configuration first, setup `KUBECONFIG`, and then you can proceed with `helm init` as follows: 143 | ```bash 144 | # Download cluster configuration to your workstation 145 | # Make sure to run the "export KUBECONFIG=" command it spits out in the end 146 | ibmcloud ks cluster-config ${CLUSTER_NAME} 147 | 148 | # Init helm in your cluster 149 | helm init 150 | ``` 151 | 152 | #### IBM Cloud Private 153 | If using `IBM Cloud Private`, we recommend you follow these [instructions](https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0.3/app_center/create_helm_cli.html) to install and setup `helm`. 154 | 155 | ### 2. Install Jenkins Chart: 156 | Each of the following `helm install` options downloads the Jenkins chart from Kubernetes Stable Charts [Repository](https://github.com/kubernetes/charts/tree/master/stable) (which comes by default with helm) and installs it on your cluster. 157 | 158 | **IMPORTANT:** 159 | * The Jenkins Master itself takes a few minutes to initialize even after showing installation success. The output of the `helm install` command will provide instructions on how to access the newly installed Jenkins Pod. For more information on the additional options for the chart, see this [document](https://github.com/kubernetes/charts/tree/master/stable/jenkins#configuration). 160 | * For Jenkins to work properly, the chart also installs these [plugins](https://github.com/helm/charts/blob/master/stable/jenkins/values.yaml#L92). 161 | + Because Jenkins and these plugins get updated regularly, you might be required to update these plugins before you start creating pipelines. To update the plugins, please follow these intructions from the official Jenkins documentation after installing the Jenkins chart. 162 | - https://jenkins.io/doc/book/managing/plugins/#from-the-web-ui 163 | + If the Jenkins version that you installed is very outdated, the latest plugin versions might not work at all. This means that you might have to install a chart with the latest supported version of Jenkins before you upgrade the plugins. 164 | 165 | #### Install the Jenkins Chart and Provision a PVC dynamically 166 | The following command assumes you have [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) enabled, which will not only install jenkins, but also provision a [Persistent Volume Claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) where Jenkins can store its build data: 167 | ```bash 168 | helm upgrade --install jenkins --namespace default \ 169 | --set master.serviceType=NodePort \ 170 | --set rbac.create=true \ 171 | stable/jenkins # If ICP, add the --tls flag 172 | ``` 173 | 174 | #### Install the Jenkins Chart and Pass an Existing PVC 175 | To Install the Jenkins Chart and Pass an Existing PVC, use the following command: 176 | ```bash 177 | helm upgrade --install jenkins --namespace default \ 178 | --set master.serviceType=NodePort \ 179 | --set rbac.create=true \ 180 | --set persistence.existingClaim=${EXISTING_PVC} \ 181 | stable/jenkins # If ICP, add the --tls flag 182 | ``` 183 | 184 | Where `${EXISTING_PVC}` is the name of an existing PVC, which is usually named `jenkins-home`. 185 | 186 | #### Install the Jenkins Chart without a PVC 187 | To Install the Jenkins Chart without a PVC, use the following command: 188 | ```bash 189 | helm upgrade --install jenkins --namespace default \ 190 | --set master.serviceType=ClusterIP \ 191 | --set master.ingress.enabled=true \ 192 | --set rbac.create=true \ 193 | --set persistence.enabled=false \ 194 | stable/jenkins # If ICP, add the --tls flag 195 | ``` 196 | 197 | Though the above command won't require you have `Dynamic Volume Provisioning` enabled nor have an existing PVC, if Jenkins pod dies/restarts for whatever reason, you will lose your Jenkins data. 198 | 199 | ### 3. Validate Jenkins Deployment 200 | To validate Jenkins, you must obtain the Jenkins `admin` password, and the Jenkins URL. 201 | 202 | #### 1. Obtain Jenkins `admin` password: 203 | After you install the chart, you will see a command to receive the password that looks like follows. Note that this command might look different based on which namespace you installed it in and the chart version: 204 | ```bash 205 | printf $(kubectl get secret --namespace default jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo 206 | ``` 207 | 208 | Save that password as you will need it to login into Jenkins UI 209 | 210 | #### 2. Obtain Jenkins URL: 211 | After you install the chart, you will see a few commands to obtain the Jenkins URL that look like follows: 212 | ```bash 213 | export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services jenkins) 214 | export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}") 215 | echo http://$NODE_IP:$NODE_PORT/login 216 | ``` 217 | 218 | **Note:** The `$NODE_IP` you get might or might not be accessible depending on your Kubernetes environment. 219 | 220 | ##### 2.a. Minikube Deployment 221 | If using `minikube`, the URL commands above might not work. To open a browser to the Jenkins web portal, use the following command: 222 | ```bash 223 | minikube service jenkins 224 | ``` 225 | 226 | ##### 2.b. IBM Cloud Kubernetes Service 227 | If using IKS, then you must use the following command to obtain the public IPs of your worker nodes as the default Jenkins install output will return the worker nodes' private IPs, which are not publicly accessible: 228 | ```bash 229 | ibmcloud ks workers ${CLUSTER_NAME} 230 | ``` 231 | 232 | Where `${CLUSTER_NAME}` is the cluster name assigned to your cluster. 233 | 234 | The output of the above command will look something like this: 235 | ```bash 236 | OK 237 | ID Public IP Private IP Machine Type State Status Zone Version 238 | kube-dal13-somerandomid-w1 111.22.333.441 10.11.22.31 u2c.2x4.encrypted normal Ready dal13 1.10.3_1513 239 | kube-dal13-somerandomid-w2 111.22.333.442 10.11.22.32 u2c.2x4.encrypted normal Ready dal13 1.10.1_1508* 240 | kube-dal13-somerandomid-w3 111.22.333.443 10.11.33.33 u2c.2x4.encrypted normal Ready dal13 1.10.1_1508* 241 | ``` 242 | 243 | Just pick the Public IP of any worker node and use it as the `NODE_IP`. Note that the output above is showing sample values. 244 | 245 | ##### 2.c. IBM Cloud Private 246 | For ICP, the `NODE_IP` will vary on your setup, but technically the IP address of any of the worker nodes or the proxy nodes should work. 247 | 248 | #### 3. Login to Jenkins URL 249 | Open a new browser window and paste the URL obtained in Step 2. Then make sure you see a page that looks as follows: 250 | 251 | ![Jenkins Login](static/imgs/jenkins_login.png?raw=true) 252 | 253 | Use the following test credentials to login: 254 | * **Username:** admin 255 | * **Password:** Password obtained in Step 2 256 | 257 | If login is successful, you should see a page that looks like this 258 | 259 | ![Jenkins Login](static/imgs/jenkins_dashboard.png?raw=true) 260 | 261 | Congratulations, you have successfully installed a Jenkins instance in your Kubernetes cluster! 262 | 263 | #### 4. Increase Container Cap Count 264 | Jenkins creates pods from containers in order to run jobs, sometimes creating multiple containers until one is able to run successfully. The default container cap is set to `10`, which can cause errors if multiple containers fail to create. Increase it to `1000` as follows: 265 | 266 | ![4. Increase Container Cap](static/imgs/icp_4.png?raw=true) 267 | 268 | ### Delete Jenkins Deployment 269 | To delete the Jenkins chart from your cluster, run the following: 270 | ```bash 271 | helm delete jenkins --purge # add --tls flag if using IBM Cloud Private 272 | ``` 273 | 274 | ## Setup Docker Registry 275 | In order to be able to build and push new images to a Docker Registry (Docker Hub or private), you will need the following information: 276 | * **Registry Location** Docker Hub or a privately hosted Repository. 277 | * **Registry Username**. 278 | + If using Docker Hub, then it is your `Docker ID`. 279 | * **Registry Password**. 280 | * **Registry Namespace:** An isolated location inside the registry in which to push new images 281 | + If using Docker Hub, then it is the same as your `Docker ID` 282 | 283 | ### Step 1: Create Docker Secret 284 | #### DockerHub 285 | If you don't already have a `Docker ID`, create one at https://hub.docker.com/ 286 | 287 | This information will go in a `docker-registry secret`, which you can create using the following: 288 | ```bash 289 | kubectl create secret docker-registry registry-creds --docker-server=https://index.docker.io/v1/ --docker-username=${DOCKER_USERNAME} --docker-password=${DOCKER_PASSWORD} --docker-email=${EMAIL} 290 | ``` 291 | 292 | Where: 293 | * `registry-creds` is the name of the secret. 294 | * `https://index.docker.io/v1/` is Docker Hub's Fully Qualified Domain Name. 295 | * `${DOCKER_USERNAME}` is your `Docker ID` or username. 296 | * `${DOCKER_PASSWORD}` is your Docker Hub password. 297 | * `${EMAIL}` is your Docker Hub email. 298 | 299 | #### IBM Cloud Kubernetes Service 300 | For this guide, we are going to use the `IBM Cloud Container Registry` service to host our docker images. With an IBM Cloud account, you have access to a generous FREE tier. To do the initial setup, we recommend you follow their [Registry Quick Start](https://console.bluemix.net/containers-kubernetes/registry/start) guide, in which you will setup the required CLI components and push your first image to the registry! 301 | 302 | Now that your registry is setup we can proceed to creating a `Registry Token`, which will be used by the Jenkins pipeline to push and pull images from the registry. This token can be made non-expiring, which is ideal for CI/CD servers that run 24/7. Also, this token is not tied to a user account, so no need to constanly enter username and passwords manually to login into docker registry. 303 | 304 | ##### 1. Create a Registry Namespace 305 | In order to push Docker images to the IBM Cloud Container Registry, you will first need to create a globally unique namespace: 306 | ```bash 307 | bx cr namespace-add ${NAMESPACE} 308 | ``` 309 | 310 | Where `${NAMESPACE}` is the globally unique name for your namespace. 311 | 312 | ##### 2. Create Docker Registry Token 313 | To create a Registry Token on IBM Cloud Container Registry, run the following command: 314 | ```bash 315 | bx cr token-add --non-expiring --readwrite --description "For Science" 316 | ``` 317 | 318 | ##### 3. Create Docker Secret 319 | ```bash 320 | # Create docker registry secret 321 | kubectl create secret docker-registry registry-creds --docker-server=registry.ng.bluemix.net --docker-username=token --docker-password=${TOKEN} --docker-email=test@test.com 322 | ``` 323 | 324 | Where: 325 | * `registry-creds` is the name of the secret. 326 | * `registry.ng.bluemix.net` is the registry domain address. 327 | * `token` is the username associated with the registry token. 328 | * `${TOKEN}` is the actual token obtained in the previous step. 329 | * `test@test.com` is just a sample email to associate with the token. 330 | 331 | #### IBM Cloud Private 332 | This information will go in a `docker-registry secret`, which you can create using the following: 333 | ```bash 334 | kubectl create secret docker-registry registry-creds --docker-server=mycluster.icp:8500 --docker-username=${DOCKER_USERNAME} --docker-password=${DOCKER_PASSWORD} --docker-email=test@test.com 335 | ``` 336 | 337 | Where: 338 | * `bluemix-registry` is the name of the secret. 339 | * `registry.ng.bluemix.net` is the registry domain address. 340 | * `${DOCKER_USERNAME}` is the username associated with the registry token. 341 | * `${DOCKER_PASSWORD}` is the actual token obtained in the previous step. 342 | * `test@test.com` is just a sample email to associate with the token. 343 | 344 | 345 | ### Step 2: Patch Jenkins Service Account 346 | When you installed the Jenkins helm chart, you also created a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) with it, which is called `jenkins`. This is done with the `--set rbac.create=true` parameter. A service account is like a regular Kubernetes user account (i.e. admin) but for procceses rather than humans. With the service account we can interact with the Kubernetes API from running pods to do things like create, get, and delete pods, deployments, etc. 347 | 348 | In our case, we are going to use the service account to update existing deployments with a Docker image from our private registry. Since the repository is private, the service account needs acccess to the Docker Secret (which we created in Step 1) to authenticate against Docker Hub and pull down the image into our deployment. In service account terms, this kind of secret is known as an `imagePullSecret`. To patch the service account, run the following command: 349 | ```bash 350 | kubectl patch serviceaccount jenkins -p '{"imagePullSecrets": [{"name": "registry-creds"}]}' 351 | ``` 352 | 353 | **NOTE:** This step is not necessary if the Docker images are public. However, it is a best practice to secure your Docker registry with authentication. 354 | 355 | ### Step 3: Save Docker Credentials in Jenkins 356 | For Jenkins to be able to safely use the Docker Registry Credentials in the pipelines (mostly in the `docker push` command), we must create a `Username with password` credentials in Jenkins. To do so, open a browser window and do the following: 357 | * Enter the URL to your Jenkins instance and go to `Jenkins->Credentials->System->Global credentials (unrestricted)` 358 | + Or you can use the following URL: 359 | + `http://JENKINS_IP:PORT/credentials/store/system/domain/_/` 360 | * Click on `Add Credentials` 361 | + Or you can use the following URL: 362 | + `http://JENKINS_IP:PORT/credentials/store/system/domain/_/newCredentials` 363 | * Create `Username with password` credentials for the token: 364 | + Select `Username with password` as the kind. 365 | + Make sure the `Scope` stays as `Global`. 366 | + Enter your registry username as the `Username`. 367 | + Enter registry password as the `Password`. 368 | + Enter `registry-credentials-id` as the `ID`. 369 | + Optional: Enter a description for the credentials. 370 | + Press the `OK` button. 371 | + If successful, you should see the `username/******` credentials entry listed. 372 | 373 | ## Create and Run a Sample CI/CD Pipeline 374 | Now that we have a fully configured Jenkins setup. Let's create a sample CI/CD [Jenkins Pipeline](https://jenkins.io/doc/book/pipeline/) using our sample [Bluecompute Web Service](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/tree/spring) from BlueCompute. 375 | 376 | **NOTE:** Make sure you already installed the `bluecompute-ce` chart in the `default` namespace. To do so, follow the instructions in the [Install Bluecompute Reference Architecture Chart](#install-bluecompute-reference-architecture-chart) section. 377 | 378 | Since the pipeline will create a Kubernetes Deployment, we will be using the [Kubernetes Plugin Pipeline Convention](https://github.com/jenkinsci/kubernetes-plugin#pipeline-support). This will allow us to define the Docker images (i.e. Node.js) to be used in the Jenkins Slave Pods to run the pipelines and also the configurations (ConfigMaps, Secrets, or Environment variables) to do so, if needed. 379 | 380 | Click [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/blob/spring/Jenkinsfile) to see the sample Pipeline we will be using. 381 | 382 | ### Step 1: Create a Sample Job 383 | ![Create a Sample Job](static/imgs/1_create_job.png?raw=true) 384 | 385 | ### Step 2: Select Pipeline Type 386 | ![Select Pipeline Type](static/imgs/2_select_pipeline_type.png?raw=true) 387 | 388 | ### Step 3: Setup Sample Pipeline 389 | The next step is to create the pipeline parameters. You will need the following parameters with their respective default values: 390 | * **CLOUD**: `kubernetes`. 391 | * **NAMESPACE**: `default`. 392 | + Only needed if using IBM Cloud Private's Docker Registry. 393 | * **REGISTRY**: `docker.io` if using Docker Hub or `mycluster.icp:8500` (or whatever the cluster name is) for IBM Cloud Private's Docker Registry. 394 | * **IMAGE_NAME**: If using Docker Hub, then use `${DOCKER_USERNAME}/bluecompute-web`. 395 | + If using IBM Cloud Private's Docker Registry, then just use `bluecompute-web`. 396 | * **SERVICE_ACCOUNT**: `jenkins`. 397 | * **REGISTRY_CREDENTIALS**: `registry-credentials-id`. 398 | + Where `registry-credentials-id` is the Jenkins credentials that you created for the registry in [Step 3: Save Docker Credentials in Jenkins](#step-3-save-docker-credentials-in-jenkins). 399 | 400 | To create a parameter in Jenkins, just follow the instructions below: 401 | ![Create Pipeline](static/imgs/p_2_parameters.png?raw=true) 402 | 403 | Once you create a parameter, then fill in the details as shown below: 404 | ![Create Pipeline](static/imgs/p_2_parameters_2.png?raw=true) 405 | 406 | Do the above for all 5 parameters. 407 | 408 | Now scroll down to `Pipeline` section and enter the following for git repository details: 409 | * **Repository URL:** `https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web` 410 | * **Branch:** `spring` 411 | * **Script Path**: `Jenkinsfile` 412 | 413 | ![Create Pipeline](static/imgs/3_setup_pipeline.png?raw=true) 414 | 415 | Once you do the above, press the `Save` button. You have successfully setup your Build pipeline. 416 | 417 | ### Step 4: Launch Pipeline Build 418 | ![Launch Pipeline Build](static/imgs/4_launch_build.png?raw=true) 419 | 420 | ### Step 5: Open Pipeline Console Output 421 | ![Open Pipeline Console Output](static/imgs/5_open_console_output.png?raw=true) 422 | 423 | ### Step 6: Monitor Console Output 424 | ![Monitor Console Output](static/imgs/6_see_console_output.png?raw=true) 425 | 426 | That's it! You now have setup and ran a Jenkins CI/CD pipeline for Kubernetes deployments. 427 | 428 | ## Conclusion 429 | Congratulations on getting to the end of this document! The journey to fully automated CI/CD for Kubernetes is a bit tedious but it is worth it in the end. Here is an overview of what you have done so far: 430 | * Provisioned 1 Kubernetes cluster. 431 | * Installed Jenkins Chart on Kubernetes Cluster. 432 | * Setup your Private Docker Registry. 433 | * Setup a CI/CD pipeline, which runs from Kubernetes using Kubernetes Plugin. 434 | * Ran the CI/CD pipeline. 435 | 436 | With this knowledge, you will be able to setup your own fully automated Kubernetes CICD pipelines. 437 | 438 | All that remains is to use this knowledge to put together your own pipelines and create webhooks that will trigger the pipelines via the `git push` command. There are plenty of tutorials online that explain how to setup GitHub (or any other source control) to trigger Jenkins pipelines via webhooks. We recommend that you checkout our [Microclimate guide](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-microclimate), specifically the [Create GitHub Web Hook](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-microclimate#create-github-web-hook), if you are interested in setting this up. 439 | 440 | ## Further Reading: Hybrid Cloud Setup 441 | Most companies already have a standalone Jenkins deployment and would like to integrate new technologies (i.e. Kubernetes) with it. Also, a standalone Jenkis is usually used to deploy to multiple environments (i.e. Public Cloud for Dev and On-Premise for Prod). 442 | 443 | To learn about this use case, we encourage you to read our `Hybrid Cloud DevOps` guideline [here](README_HYBRID.md). 444 | 445 | ## Further Reading: Using Podman as the CI/CD Container Engine 446 | To learn more about how [podman](https://podman.io/) is a much better suited container engine for CI/CD when compared to Docker, checkout this document: 447 | 448 | * [docs/podman.md](docs/podman.md) -------------------------------------------------------------------------------- /README_HYBRID.md: -------------------------------------------------------------------------------- 1 | # Hybrid Cloud DevOps 2 | Use hosted Jenkins to build and deploy containers to multiple clouds. 3 | 4 | ## Table of Contents 5 | * [Overview](#overview) 6 | * [Requirements:](#requirements) 7 | * [Installing bluecompute-ce charts](#installing-bluecompute-ce-charts) 8 | * [Docker Registry Setup](#docker-registry-setup) 9 | + [Create a Registry Namespace](#create-a-registry-namespace) 10 | + [Create Docker Registry Token](#create-docker-registry-token) 11 | + [Upload the Docker Token to Jenkins](#upload-the-docker-token-to-jenkins) 12 | + [Create Docker Registry Secret](#create-docker-registry-secret) 13 | * [Setup Service Accounts](#setup-service-accounts) 14 | * [Setting Up IKS & ICP Cluster Access in Jenkins](#setting-up-iks--icp-cluster-access-in-jenkins) 15 | + [Setting up IKS Cluster Access in Jenkins](#setting-up-iks-cluster-access-in-jenkins) 16 | - [Get the IKS CA Certificate and the Token](#get-the-iks-ca-certificate-and-the-token) 17 | - [Upload the IKS CA Certificate to Jenkins](#upload-the-iks-ca-certificate-to-jenkins) 18 | - [Upload the IKS Token to Jenkins](#upload-the-iks-token-to-jenkins) 19 | + [Setting up ICP Cluster Access in Jenkins](#setting-up-icp-cluster-access-in-jenkins) 20 | - [Get the ICP CA Certificate and the Token](#get-the-icp-ca-certificate-and-the-token) 21 | - [Upload the ICP CA Certificate and the Token to Jenkins](#upload-the-icp-ca-certificate-and-the-token-to-jenkins) 22 | * [Setting up the Pipelines](#setting-up-the-pipelines) 23 | + [Setup the Build Pipeline](#setup-the-build-pipeline) 24 | + [Setup the IKS Deploy Pipeline](#setup-the-iks-deploy-pipeline) 25 | + [Setup the ICP Deploy Pipeline](#setup-the-icp-deploy-pipeline) 26 | * [Run the pipelines](#run-the-pipelines) 27 | + [Run the Build Pipeline](#run-the-build-pipeline) 28 | + [Run the IKS Deploy Pipeline](#run-the-iks-deploy-pipeline) 29 | + [Run the ICP Deploy Pipeline](#run-the-icp-deploy-pipeline) 30 | * [Conclusion](#conclusion) 31 | 32 | ## Overview 33 | When adopting new technologies, like Kubernetes, most companies want to be able to integrate them with their existing toolchain. For example, most companies who use their own hosted Jenkins as their CI/CD server also expect to be able to use it for CI/CD on Kubernetes. 34 | 35 | Given the many Jenkins and Application environment configurations (on-premise, public, hybrid, etc) there is a need for a streamlined approach for CI/CD that works in any configuration. Fortunately, Kubernetes and the many projects that support it (docker, helm, etc) provide a standard approach that, though it can change implementation-wise, can work across the different environment configurations. 36 | 37 | In this document, we will explain how you can you use a self-hosted `Jenkins` instance and a `Docker` repository to put together and run CI/CD pipelines to deploy updates to applications that are deployed across 2 separate Kubernetes clusters. More specifically, we are going to deploy to an [`IBM Cloud Kubernetes Service`](https://www.ibm.com/cloud/container-service)(IKS) cluster and to a [`IBM Cloud Private`](https://www.ibm.com/cloud/private)(ICP) cluster. 38 | 39 | A common use case is to use the public IKS cluster as a Development environment, whereas the ICP cluster would serve as the Production cluster behind a firewall. 40 | 41 | ![Diagram](static/imgs/jenkins-hybrid.png?raw=true) 42 | 43 | **NOTE:** It is a best practice to separate build and deploy by using separate clusters. So the ideal architecture would be something like the following: 44 | * 1 Jenkins deployment. 45 | + Will trigger build pipelines on the ICP build cluster. 46 | + Will trigger deploy pipelines on the ICP production cluster. 47 | + Will run deploy pipelines locally and deploy to IKS. 48 | * 1 ICP cluster to run the build pipelines. 49 | * 1 ICP cluster to run ICP deploy pipelines and Production workloads. 50 | * 1 IKS cluster to run dev workloads. 51 | 52 | ## Requirements: 53 | * Install the following CLI's on your laptop/workstation: 54 | + [`ibmcloud`](https://console.bluemix.net/docs/cli/reference/bluemix_cli/get_started.html#getting-started) 55 | + [`docker`](https://docs.docker.com/install/) 56 | + [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) 57 | + [`helm`](https://docs.helm.sh/using_helm/#installing-helm) 58 | * A running Jenkins instance. 59 | + Use these download [instructions](https://jenkins.io/download/) 60 | * Install the following Jenkins plugins: 61 | + [Kubernetes Plugin](https://plugins.jenkins.io/kubernetes): 62 | - kubernetes:1.8.2 63 | + [Pipeline](https://plugins.jenkins.io/workflow-aggregator) 64 | - workflow-aggregator:2.5 65 | + [Pipeline: Job](https://plugins.jenkins.io/workflow-job) 66 | - workflow-job:2.21 67 | + [Credentials Binding Plugin](https://plugins.jenkins.io/credentials-binding) 68 | - credentials-binding:1.16 69 | + [Git Plugin](https://plugins.jenkins.io/git) 70 | - git:3.9.1 71 | + [Rebuilder](https://plugins.jenkins.io/rebuild) 72 | - rebuilder:1.28 73 | + **NOTE:** 74 | - The above are the plugin versions at the time of this writing. 75 | - Please note that you may be required to update the plugin versions so that everything works properly. 76 | * Install the [`kubectl CLI`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your Jenkis host. 77 | * An [IBM Cloud Account](https://console.bluemix.net/registration/). 78 | + Needed for the IKS cluster and the Containter Registry Service. 79 | * An [IBM Cloud Kubernetes Service Cluster](https://console.bluemix.net/containers-kubernetes/catalog/cluster/create). 80 | + There is an option for a FREE cluster. 81 | * An [IBM Cloud Private Cluster](https://github.com/IBM/deploy-ibm-cloud-private). 82 | + For more install options, check out this [document](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.2/installing/install_containers_CE.html). 83 | 84 | ## Installing bluecompute-ce charts 85 | This document assumes you have already installed the `helm` charts for our microservices reference architecture app, which is known as `bluecompute-ce`. To learn about the app's architecture, checkout it's repo [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#introduction). 86 | 87 | * To install the chart on IKS, checkout the instructions [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#deploy-bluecompute-to-ibm-cloud-container-service). 88 | + To access the `bluecompute-web` front end, follow these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#access-and-validate-the-application). 89 | * To install the chart on ICP, checkout the instructions [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#deploy-bluecompute-to-ibm-cloud-private). 90 | + To access the `bluecompute-web` front end, follow these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#access-and-validate-the-application-1). 91 | 92 | If you want to checkout the umbrella chart for `bluecompute-ce`, check it out [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes/tree/master/bluecompute-ce). 93 | 94 | Lastly, if you want to checkout the individual project's code and charts, checkout this link [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#project-repositories). 95 | 96 | ## Docker Registry Setup 97 | For this guide, we are going to use the `IBM Cloud Container Registry` service to host our docker images. With an IBM Cloud account, you have access to a generous FREE tier. To do the initial setup, we recommend you follow their [Registry Quick Start](https://console.bluemix.net/containers-kubernetes/registry/start) guide, in which you will setup the required CLI components and push your first image to the registry! 98 | 99 | Now that your registry is setup we can proceed to creating a `Registry Token`, which will be used by the Jenkins pipeline to push and pull images from the registry. This token can be made non-expiring, which is ideal for CI/CD servers that run 24/7. Also, this token is not tied to a user account, so no need to constantly enter username and passwords manually to login into docker registry. 100 | 101 | ### Create a Registry Namespace 102 | In order to push Docker images to the IBM Cloud Container Registry, you will first need to create a globally unique namespace: 103 | ```bash 104 | bx cr namespace-add ${NAMESPACE} 105 | ``` 106 | 107 | Where `${NAMESPACE}` is the globally unique name for your namespace. 108 | 109 | ### Create Docker Registry Token 110 | To create a Registry Token on IBM Cloud Container Registry, run the following command: 111 | ```bash 112 | bx cr token-add --non-expiring --readwrite --description "For Hybrid Deployment" 113 | ``` 114 | 115 | ### Upload the Docker Token to Jenkins 116 | For Jenkins to be able to use the Docker Registry Token, we must create a `Username with password` credentials in Jenkins. To do so, open a browser window and do the following: 117 | * Enter the URL to your Jenkins instance and go to `Jenkins->Credentials->System->Global credentials (unrestricted)` 118 | + Or you can use the following URL: 119 | + `http://JENKINS_IP:PORT/credentials/store/system/domain/_/` 120 | * Click on `Add Credentials` 121 | + Or you can use the following URL: 122 | + `http://JENKINS_IP:PORT/credentials/store/system/domain/_/newCredentials` 123 | * Create `Username with password` credentials for the token: 124 | + Select `Username with password` as the kind. 125 | + Make sure the `Scope` stays as `Global`. 126 | + Enter `token` as the `Username`. 127 | + When doing `docker login`, this is the username associated with the token. 128 | + Enter the token that you obtained in the previous step as the `Password`. 129 | + Enter `registry-credentials` as the `ID`. 130 | + Optional: Enter a description for the credentials. 131 | + Press the `OK` button. 132 | + If successful, you should see the `token/******` credentials entry listed. 133 | 134 | ### Create Docker Registry Secret 135 | On both IKS and ICP clusters, create the following Docker Config secret using the token from previous step: 136 | ```bash 137 | # Create jenkins namespace 138 | kubectl create ns jenkins 139 | 140 | # Create docker registry secret 141 | kubectl --namespace jenkins create secret docker-registry bluemix-registry --docker-server=registry.ng.bluemix.net --docker-username=token --docker-password=${TOKEN} --docker-email=test@test.com 142 | ``` 143 | 144 | Where: 145 | * `jenkins` is the namespace in which we are going to store this secret. 146 | * `bluemix-registry` is the name of the secret. 147 | * `registry.ng.bluemix.net` is the registry domain address. 148 | * `token` is the username associated with the registry token. 149 | * `${TOKEN}` is the actual token obtained in the previous step. 150 | * `test@test.com` is just a sample email to associate with the token. 151 | 152 | **NOTE:** Please do this on both IKS and ICP clusters as they BOTH need this secret. 153 | 154 | Now our docker registry is ready to be used by the clusters and the pipelines. 155 | 156 | ## Setup Service Accounts 157 | In order for clusters to be able to deploy pods from our registry, we need to create a [Service Account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) on each cluster and associate the docker registry secret, known as a [Pull Down Secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) to it. This is so that the service account is able to pull down images from the registry and deploy pods with them. To do so, run the following commands in BOTH IKS and ICP clusters: 158 | ```bash 159 | # Create service account 160 | kubectl create serviceaccount jenkins --namespace jenkins 161 | 162 | # Assign admin cluster role to service account so it can get/create/update/delete pods 163 | # NOTE: In production it is a best practice to assign a non-admin role with less priviledges 164 | kubectl create clusterrolebinding jenkins-admin --clusterrole=admin --serviceaccount=jenkins:jenkins 165 | 166 | # Patch the service account with the registry secret 167 | kubectl --namespace jenkins patch serviceaccount jenkins -p '{"imagePullSecrets": [{"name": "bluemix-registry"}]}' 168 | ``` 169 | 170 | **NOTE:** Please run the above commands in BOTH IKS and ICP clusters. 171 | 172 | Now both clusters have access to the docker registry and its docker images to deploy pods with them. 173 | 174 | ## Setting Up IKS & ICP Cluster Access in Jenkins 175 | Ok, now we are getting to an interesting point in this guide. There are many ways in which we can configure access to Jenkins to access the clusters. There are also many network access variables to take into account. To simplify things while still showing different networking scenarios, we are going to assume the folloging: 176 | * Jenkins host is running behind a VPN with NAT (internet) access. 177 | + Jenkins has direct networking access to ICP cluster. 178 | + Jenkins has direct networking access to IKS cluster, but not the other way around. 179 | * ICP cluster is running behind the same VPN with NAT access. 180 | + ICP cluster has direct networking access to Jenkins host. 181 | * IKS cluster is running in the public cloud. 182 | + IKS cluster has no direct access to Jenkins host. 183 | 184 | Perhaps these relationships are better shown by revisiting the architecture diagram: 185 | 186 | ![Diagram](static/imgs/jenkins-hybrid.png?raw=true) 187 | 188 | The above network configuration influences the way in which we configure both cluster access and the way we run pipelines. For example: 189 | 190 | * In the Jenkins-ICP scenario, we can leverage the [`Kubernetes Plugin`](https://github.com/jenkinsci/kubernetes-plugin) to run pipelines in Jenkins slave pods that run directly on ICP and report job status back to Jenkins. The bidirectional network access allows for this scenario to be possible. 191 | * In the Jenkins-IKS scenario, since there is only a one-way direct network access between Jenkins and IKS, we cannot leverage the `Kubernetes Plugin` to deploy and run pipelines. However, we can still leverage the ['Pipeline Plugin'](https://plugins.jenkins.io/workflow-aggregator) to run pipelines that deploy updates to IKS cluster directly from the Jenkins host. 192 | 193 | Both approaches require the same configuration (setting up cluster access on `kubectl`) with a slightly different implementation that depends on the Jenkins plugin we use. 194 | 195 | ### Setting up IKS Cluster Access in Jenkins 196 | First let's setup access to the IKS cluster in Jenkins. To do so, we are going to do the following: 197 | * Get the service account Certificate of Authority. 198 | * Save the Certificate as a Jenkins secret file. 199 | * Get the service account token. 200 | * Save the token as a Jenkins secret text. 201 | 202 | #### Get the IKS CA Certificate and the Token 203 | Here is how to get CA certificate and the token 204 | ```bash 205 | # Get secret name for jenkins service account certificate and token 206 | kubectl --namespace jenkins get serviceaccount jenkins -o=jsonpath='{.secrets[0].name}' 207 | 208 | # Get certificate of authority from secret jenkins-token-t8fkk 209 | kubectl --namespace jenkins get secret ${SECRET_NAME} -o=jsonpath='{.data.ca\.crt}' | base64 --decode > iks-ca.crt 210 | 211 | # Get token from secret 212 | kubectl --namespace jenkins get secret ${SECRET_NAME} -o=jsonpath='{.data.token}' | base64 --decode > iks-token 213 | ``` 214 | Where `${SECRET_NAME}` is the secret name, which is the result for the first command. 215 | 216 | #### Upload the IKS CA Certificate to Jenkins 217 | Now open a browser windows and do the following: 218 | * Enter the URL to your Jenkins instance and go to `Jenkins->Credentials->System->Global credentials (unrestricted)` 219 | + Or you can use the following URL: 220 | + `http://JENKINS_IP:PORT/credentials/store/system/domain/_/` 221 | * Click on `Add Credentials` 222 | + Or you can use the following URL 223 | + `http://JENKINS_IP:PORT/credentials/store/system/domain/_/newCredentials` 224 | * Create a Secret File for the CA certificate: 225 | + Select `Secret file` as the kind. 226 | + Make sure the `Scope` stays as `Global`. 227 | + Click the `Choose File` button and select the `iks-ca.crt` file you created earlier and upload it. 228 | + Enter `iks-ca` as the `ID`. 229 | + Optional: Enter a description for the secret file 230 | + Press the `OK` button. 231 | + If successful, you should see the `iks-ca.crt` Secret file entry listed. 232 | 233 | #### Upload the IKS Token to Jenkins 234 | Now let's upload the token as a `Secret text` as follows: 235 | * On your browser, go to `http://JENKINS_IP:PORT/credentials/store/system/domain/_/newCredentials` 236 | * Create Secret Text for the Service Token: 237 | + Select `Secret text` as the kind. 238 | + Make sure the `Scope` stays as `Global`. 239 | + In `Secret` enter the contents of the `iks-token` file you created earlier. 240 | + Enter `iks-token` as the `ID`. 241 | + Optional: Enter a description for the secret text 242 | + Press the `OK` button. 243 | + If successful, you should see the `iks-token` Secret text entry listed. 244 | 245 | Now Jenkins has all it needs to access the IKS cluster. 246 | 247 | ### Setting up ICP Cluster Access in Jenkins 248 | Now let's do the same, but for the ICP cluster. Again, since we will be using the `Kubernetes Plugin` to run the Pipelines on ICP pods, the steps for connecting to the cluster will vary slightly. But essentially we are doing the same thing, which is to get the ICP CA certificate and the service account token and storing it in Jenkins. 249 | 250 | #### Get the ICP CA Certificate and the Token 251 | For this step, you can follow the same instructions in [Get the IKS CA Certificate and the Token](#get-the-iks-ca-certificate-and-the-token), but make sure to name the CA certificate as `icp-ca.crt` and the token file as `icp-token`. 252 | 253 | #### Upload the ICP CA Certificate and the Token to Jenkins 254 | For ICP we are going to have to do this in `Kubernetes` section of the Jenkins Configuration page. Open a web browser tab and go to `http://JENKINS_IP:PORT/configure`. Assuming you properly installed the `Kubernetes Plugin`, you should now have a `Cloud` section on this page. If you don't, then click on the `Add a new cloud` button that's at the bottom and select the `Kubernetes` option. 255 | 256 | The best way to enter the required information is in 2 parts: 257 | * Fill out the `Cloud` section. 258 | + Basically, the ICP URL and access credentials (CA Certificate and Service Account Token). 259 | * Fill out the `Kubernetes Pod Template` section. 260 | + This defines the base Jenkins slave pod that will run in ICP and execute the pipelines. 261 | + It also specifies how the slave pod communicates back to the Jenkins host. 262 | 263 | Now, let's show you some pictures to make this easier. The follwing picture explains how to fill out the `Cloud` section. Once you are done, click the `Test Connection` button (as shown below) to make sure that everything was setup properly and that Jenkins can talk to the ICP cluster. 264 | ![Application Architecture](static/imgs/jenkins_cloud.png?raw=true) 265 | 266 | The following picture shows you how to fill out the `Kubernetes Pod Template` section, which is at the bottom of the `Cloud` section. If you don't see one listed, then you have to click the `Add Pod Template` button and select the `Kubernetes Pod Template` option. Also, if you don't see the `Container Template` section inside the `Kubernetes Pod Template`, click on the `Add Container` button and select `Container Template` option. Lastly, if you don't see the `Enviroment Variable` section in the `Container Template` section, then click on the `Add Environment Variable` button and select `Environment Variable` option. 267 | 268 | ![Application Architecture](static/imgs/jenkins_pod_template.png?raw=true) 269 | 270 | Once you are done, make sure to click the blue `Save` buttom at the bottom of the page. 271 | 272 | Now your Jenkins host is ready to run pipelines! 273 | 274 | ## Setting up the Pipelines 275 | Now that our Jenkins host is setup with access to both IKS and ICP clusters, it's time to setup the pipelines that it will run. In this guide, we are going to setup 3 separate pipelines: 276 | * 1 build pipeline. 277 | * 1 deploy to IKS pipeline. 278 | * 1 deploy to ICP pipeline. 279 | 280 | For this particular case, we are going to run pipelines that will update the [`bluecompute-web`](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/tree/master) frontend web app microservice of the reference architecture app. 281 | 282 | ### Setup the Build Pipeline 283 | To setup this pipeline, click the `New Item` button on your Jenkin's home page or go to this URL: `http://JENKINS_IP:PORT/view/all/newJob`. 284 | 285 | Now create a new Pipeline job as shown below: 286 | 287 | ![Create Pipeline](static/imgs/p_1_create_pipeline.png?raw=true) 288 | 289 | The next step is to create the pipeline parameters. You will need the following parameters with their respective default values: 290 | * `CLOUD`: `kubernetes`. 291 | * `NAMESPACE`: `Jenkins`. 292 | * `REGISTRY`: `registry.ng.bluemix.net/REGISTRY_NAMESPACE`. 293 | + Where `REGISTRY_NAMESPACE` is the registry namespace you created in the [Create a Registry Namespace](#create-a-registry-namespace) step. 294 | + **NOTE:** This is not the same `Jenkins` Kubernetes namespace mentioned just above. 295 | * `SERVICE_ACCOUNT`: `jenkins`. 296 | * `REGISTRY_CREDENTIALS`: `registry-credentials`. 297 | + Where `registry-credentials` is the Jenkins credentials that you created for the registry in [Upload the Docker Token to Jenkins](#upload-the-docker-token-to-jenkins). 298 | 299 | To create a parameter in Jenkins, just follow the instructions below: 300 | ![Create Pipeline](static/imgs/p_2_parameters.png?raw=true) 301 | 302 | Once you create a parameter, then fill in the details as shown below: 303 | ![Create Pipeline](static/imgs/p_2_parameters_2.png?raw=true) 304 | 305 | Do the above for all 5 parameters. 306 | 307 | Now scroll down to the **Pipeline** section and do the following: 308 | * In the `Definition` field, select `Pipeline script from SCM`. 309 | * In the `SCM` field, select `Git`. 310 | * In the `Repository ULR` field, enter `https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web.git` 311 | * In the `Branches to build` field, enter `*/master`. 312 | * In the `Script Path`, enter `JenkinsfileBuildPush`. 313 | 314 | Here is a visual guide: 315 | ![Create Pipeline](static/imgs/p_3_script.png?raw=true) 316 | 317 | Once you do the above, press the `Save` button. You have successfully setup your Build pipeline. 318 | 319 | ### Setup the IKS Deploy Pipeline 320 | Again, the pipeline setup is similar to the Build pipeline with some minor adjustments. First, create a new Pipeline job and name it `deploy_iks`, then enter the following parameters: 321 | * `CERT_AUTH_ID`: `iks-ca`. 322 | * `IMAGE_PULL_SECRET`: `bluemix-registry`. 323 | * `NAMESPACE`: `jenkins`. 324 | * `REGISTRY`: `registry.ng.bluemix.net/${REGISTRY_NAMESPACE}`. 325 | + Where `${REGISTRY_NAMESPACE}` is the registry namespace you created in the [Create a Registry Namespace](#create-a-registry-namespace) step. 326 | + **NOTE:** This is not the same `Jenkins` Kubernetes namespace mentioned just above. 327 | * `SERVER_URL`: `${IKS_URL}`. 328 | + Where `${IKS_URL}` is the Kubernetes API server URL that you obtain after downloading the cluster context on your workstation as shown in the `Configuring the CLI to run kubectl` section on this [page](https://console.bluemix.net/docs/containers/cs_cli_install.html#cs_cli_install). 329 | + To obtain the server url directly from `kubectl`, run this command: 330 | ```bash 331 | kubectl config view | grep server 332 | ``` 333 | + Another option is to open the config file directly, run this command: 334 | ```bash 335 | # Open the config file directly 336 | cat ~/.bluemix/plugins/container-service/clusters/${CLUSTER_NAME}/kube-config-${CLUSTER_NAME}.yml | grep server 337 | # Using environment variable 338 | cat ${KUBECONFIG} | grep server 339 | ``` 340 | * `SERVICE_ACCOUNT`: `jenkins`. 341 | * `TOKEN_ID`: `iks-token`. 342 | * `IMAGE_TAG`: `latest`. 343 | 344 | The repo setup is the same the previous step with the following change: 345 | * In the `Script Path`, enter `JenkinsfileDeployLocal`. 346 | 347 | Once you do the above, press the `Save` button. You have successfully setup your IKS deploy pipeline. 348 | 349 | ### Setup the ICP Deploy Pipeline 350 | Again, the pipeline setup is similar to the Build pipeline with some minor adjustments. First, create a new Pipeline job and name it `deploy_icp`, then enter the following parameters: 351 | * `CLOUD`: `kubernetes`. 352 | * `IMAGE_PULL_SECRET`: `bluemix-registry`. 353 | * `NAMESPACE`: `jenkins`. 354 | * `REGISTRY`: `registry.ng.bluemix.net/${REGISTRY_NAMESPACE}`. 355 | + Where `${REGISTRY_NAMESPACE}` is the registry namespace you created in the [Create a Registry Namespace](#create-a-registry-namespace) step. 356 | + **NOTE:** This is not the same `Jenkins` Kubernetes namespace mentioned just above. 357 | * `SERVICE_ACCOUNT`: `jenkins`. 358 | * `IMAGE_TAG`: `latest`. 359 | 360 | The repo setup is the same the previous step with the following change: 361 | * In the `Script Path`, enter `JenkinsfileDeploy`. 362 | 363 | Once you do the above, press the `Save` button. You have successfully setup your ICP deploy pipeline. 364 | 365 | ## Run the pipelines 366 | Finally! Now comes the part where we run the pipelines. Assuming everything was setup properly, running the pipelines should be done in the following order: 367 | * Run the Build Pipeline. 368 | * Run the IKS Deploy Pipeline with the image tag (i.e. build number) produced by the Build Pipeline. 369 | * Run the ICP Deploy Pipeline with the image tag (i.e. build number) produced by the Build Pipeline. 370 | 371 | ### Run the Build Pipeline 372 | This pipeline will run 2 steps: 373 | 1. Build the docker image. 374 | 2. Push the docker image to the Docker registry in IBM Cloud. 375 | 376 | This pipeline will take advantage of the `Kubernetes Plugin` and run as a pod inside of the ICP cluster. For more details on the pipeline itself, checkout the code [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/blob/master/JenkinsfileBuildPush). 377 | 378 | To run the pipeline, open the `build_pipeline` and start it as follows: 379 | ![Run Pipeline](static/imgs/rp_1_run_pipeline.png?raw=true) 380 | 381 | To check build progress, open the the build console output as follows: 382 | ![Pipeline Output](static/imgs/rp_2_progress.png?raw=true) 383 | 384 | Notice the output of the individual pipelines, mostl the `docker build` and `docker push` logs. 385 | 386 | To check if the pipeline finished successfully, check for the `Finished: SUCCESS` log at the end: 387 | ![Pipeline Success](static/imgs/rp_3_success.png?raw=true) 388 | 389 | The resulting image tag will be the build number as shown above. This image tag will be used by the Deploy pipelines to update the deployments. 390 | 391 | ### Run the IKS Deploy Pipeline 392 | This pipeline just runs one stage, which is to update the container image from the pod in the existing `bluecompute-web` deployment. 393 | 394 | Since this pipeline won't be leveraging the `Kubernetes Plugin`, it will run the pipeline from the local Jenkins slaves. For more details on the pipeline itself, checkout the code [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/blob/master/JenkinsfileDeployLocal). 395 | 396 | To run the pipeline, just open the `deploy_iks` pipeline job and click on the `Build with Parameters` button. Then, on the `IMAGE_TAG` field enter the Build Pipeline's last successful build number. i.e. if the last build number was `#13`, then just enter `13`. 397 | 398 | Follow the same procedure to get the job's console output as explained in the previous step. 399 | ![Deploy Success](static/imgs/rp_4_deploy.png?raw=true) 400 | 401 | To verify that the pipeline indeed updated the docker image, run the following command: 402 | ```bash 403 | kubectl --namespace jenkins get deployments bluecompute-web -o=jsonpath='{.spec.template.spec.containers[0].image}'; echo 404 | ``` 405 | 406 | If successful, you should see the docker image printed as follows: 407 | ```bash 408 | registry.ng.bluemix.net/jenkins-fabio/jenkins/bluecompute-ce-web:${IMAGE_TAG} 409 | ``` 410 | 411 | Where `${IMAGE_TAG}` is the image tag that you entered right before running the deploy pipeline. 412 | 413 | Lastly, verify that you can access the web front end by following these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#access-and-validate-the-application) 414 | 415 | If you can access the web app, then you have successfully ran the deploy pipeline! 416 | 417 | ### Run the ICP Deploy Pipeline 418 | This pipeline just runs one stage, which is to update the container image from the pod in the existing `bluecompute-web` deployment. 419 | 420 | This pipeline will take advantage of the `Kubernetes Plugin` and run as a pod inside of the ICP cluster. For more details on the pipeline itself, checkout the code [here](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/blob/master/JenkinsfileDeploy). 421 | 422 | To run the pipeline, just open the `deploy_icp` pipeline job and click on the `Build with Parameters` button. Then, on the `IMAGE_TAG` field enter the Build Pipeline's last successful build number. i.e. if the last build number was `#13`, then just enter `13`. 423 | 424 | Follow the same procedure to get the job's console output as explained in the previous step. 425 | ![Deploy Success](static/imgs/rp_4_deploy.png?raw=true) 426 | 427 | To verify that the pipeline indeed updated the docker image, run the following command: 428 | ```bash 429 | kubectl --namespace jenkins get deployments bluecompute-web -o=jsonpath='{.spec.template.spec.containers[0].image}'; echo 430 | ``` 431 | 432 | If successful, you should see the docker image printed as follows: 433 | ```bash 434 | registry.ng.bluemix.net/jenkins-fabio/jenkins/bluecompute-ce-web:${IMAGE_TAG} 435 | ``` 436 | 437 | Where `${IMAGE_TAG}` is the image tag that you entered right before running the deploy pipeline. 438 | 439 | Lastly, verify that you can access the web front end by following these [instructions](https://github.com/ibm-cloud-architecture/refarch-cloudnative-kubernetes#access-and-validate-the-application-1) 440 | 441 | If you can access the web app, then you have successfully ran the deploy pipeline! 442 | 443 | ## Conclusion 444 | Congratulations on getting to the end of this document! The journey to fully automated CI/CD for Kubernetes is a bit tedious but it is worth it in the end. Here is an overview of what you have done so far: 445 | * Provisioned 1 IKS and 1 ICP cluster. 446 | * Setup your Docker Registry on IBM Cloud. 447 | * Created service accounts on both clusters, which will be used by Jenkins pipelines. 448 | * Setup kubectl access on a deployment for both IKS and ICP clusters. 449 | * Setup build pipeline to run on ICP using Kubernetes Plugin. 450 | * Setup IKS pipeline, which runs from Jenkins deployment. 451 | * Setup ICP pipeline, which runs from ICP using Kubernetes Plugin. 452 | * Ran build pipeline. 453 | * Ran IKS and ICP deploy pipelines by specifying the image tag to deploy. 454 | 455 | With this knowledge, you will be able to setup your own fully automated Kubernetes CICD pipelines. 456 | 457 | All that remains is to use this knowledge to put together your own pipelines and create webhooks that will trigger the pipelines via the `git push` command. There are plenty of tutorials online that explain how to setup GitHub (or any other source control) to trigger Jenkins pipelines via webhooks. We recommend that you checkout our [Microclimate guide](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-microclimate), specifically the [Create GitHub Web Hook](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-microclimate#create-github-web-hook), if you are interested in setting this up. -------------------------------------------------------------------------------- /docker_images/docker-in-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker:18.09-dind 2 | RUN apk --no-cache update \ 3 | && apk add --update bash jq ca-certificates curl openssl \ 4 | && update-ca-certificates -------------------------------------------------------------------------------- /docker_images/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker:18.09 2 | RUN apk --no-cache update \ 3 | && apk add --update bash jq ca-certificates curl openssl \ 4 | && update-ca-certificates -------------------------------------------------------------------------------- /docker_images/gradle/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gradle:5.0.0-jdk-alpine 2 | RUN apk --no-cache update \ 3 | && apk add --update bash jq ca-certificates curl \ 4 | && update-ca-certificates -------------------------------------------------------------------------------- /docker_images/jenkins-slave-utils/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | 3 | # bash 4 | RUN apk add --update bash jq curl ca-certificates openssl 5 | 6 | # kubectl 7 | # From https://github.com/lachie83/k8s-kubectl/blob/master/Dockerfile 8 | ENV KUBE_LATEST_VERSION="v1.12.4" 9 | 10 | RUN apk add --update ca-certificates \ 11 | && apk add --update -t deps \ 12 | && curl -L https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \ 13 | && chmod +x /usr/local/bin/kubectl \ 14 | && apk del --purge deps 15 | 16 | # helm 17 | # From https://github.com/alpine-docker/helm/blob/master/Dockerfile 18 | ARG VERSION=2.9.1 19 | 20 | ENV BASE_URL="https://storage.googleapis.com/kubernetes-helm" 21 | ENV TAR_FILE="helm-v${VERSION}-linux-amd64.tar.gz" 22 | 23 | RUN apk add --update --no-cache && \ 24 | curl -L ${BASE_URL}/${TAR_FILE} |tar xvz && \ 25 | mv linux-amd64/helm /usr/local/bin/helm && \ 26 | chmod +x /usr/local/bin/helm && \ 27 | rm -rf linux-amd64 && \ 28 | rm /var/cache/apk/* 29 | 30 | # cloudctl 31 | # From https://www.ibm.com/support/knowledgecenter/SSBS6K_3.1.2/manage_cluster/install_cli.html 32 | ADD cloudctl /usr/local/bin/cloudctl 33 | RUN chmod +x /usr/local/bin/cloudctl 34 | 35 | # mcmctl 36 | # From https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.1.2/mcm/installing/install.html#install_cli 37 | ADD mcmctl /usr/local/bin/mcmctl 38 | RUN chmod +x /usr/local/bin/mcmctl -------------------------------------------------------------------------------- /docker_images/jenkins-slave-utils/README.md: -------------------------------------------------------------------------------- 1 | # Jenkins Slave Utils Image 2 | This image is used in the Jenkinsfiles of all the bluecompute-ce pipelines. In order to fully build this image, you will need to download the following CLIs into the `jenkins-slave-utils` folder. 3 | 4 | **cloudctl:** 5 | * https://www.ibm.com/support/knowledgecenter/SSBS6K_3.1.0/manage_cluster/install_cli.html 6 | 7 | **mcmctl:** 8 | * https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.1.0/mcm/installing/install.html#install_cli -------------------------------------------------------------------------------- /docker_images/nodejs-alpine/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:6-alpine 2 | RUN apk --no-cache update \ 3 | && apk add --update bash jq ca-certificates curl openssl \ 4 | && update-ca-certificates 5 | RUN npm -g install jshint -------------------------------------------------------------------------------- /docker_images/nodejs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:6 2 | ADD https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 /usr/local/bin/jq 3 | RUN chmod +x /usr/local/bin/jq 4 | RUN npm -g install jshint -------------------------------------------------------------------------------- /docker_images/openjdk/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM openjdk:8-jdk-alpine 2 | RUN apk --no-cache update \ 3 | && apk add --update bash jq ca-certificates curl openssl \ 4 | && update-ca-certificates -------------------------------------------------------------------------------- /docker_images/podman-jenkins-slave/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | RUN apt-get update -qq \ 4 | && apt-get install -qq -y software-properties-common uidmap \ 5 | && add-apt-repository -y ppa:projectatomic/ppa \ 6 | && apt-get update -qq \ 7 | && apt-get -qq -y install podman \ 8 | && apt-get install -y iptables 9 | 10 | # Setup Rootless mode 11 | #RUN adduser 12 | 13 | #$ sudo usermod --add-subuids 10000-75535 podman 14 | #$ sudo usermod --add-subgids 10000-75535 podman 15 | 16 | # Change default storage driver to vfs 17 | RUN sed -i "s/overlay/vfs/g" /etc/containers/storage.conf 18 | 19 | # Add docker.io as a search registry 20 | RUN sed -i '0,/\[\]/s/\[\]/["docker.io"]/' /etc/containers/registries.conf -------------------------------------------------------------------------------- /docs/podman.md: -------------------------------------------------------------------------------- 1 | # Using Podman as the CI/CD Container Engine 2 | 3 | ## Table of Contents 4 | * [Introduction](#introduction) 5 | * [Using the Docker-outside-of-Docker (DooD) Approach](#using-the-docker-outside-of-docker-dood-approach) 6 | * [Using the Docker-in-Docker (DinD) Approach](#using-the-docker-in-docker-dind-approach) 7 | * [The podman Approach](#the-podman-approach) 8 | + [Creating a podman Dockerfile](#creating-a-podman-dockerfile) 9 | + [Building and Testing the podman Container Image](#building-and-testing-the-podman-container-image) 10 | + [Creating a Jenkins Pipeline with podman Container Image](#creating-a-jenkins-pipeline-with-podman-container-image) 11 | * [Conclusion](#conclusion) 12 | 13 | ## Introduction 14 | Podman, as explained in [podman.io](https://podman.io), is a `daemonless container engine for developing, managing, and running OCI Containers on your Linux System`. It's daemonless and self-contained nature already presents a great advantage over the client server approach of Docker, especially on containerized CI/CD pipelines. On top of that, the podman CLI commands are basically the same as Docker. So, adopting podman can be as easy as adding this alias to your shell's RC file: 15 | ```bash 16 | alias docker=podman 17 | ``` 18 | 19 | Before diving deep into CI/CD pipelines that use podman, let's dive into how Docker is currently used in containerized CI/CD pipelines today. Docker is the most common container engine to use in a containerized CI/CD pipeline on a Jenkins instance that's deployed in a Kubernetes cluster. There are currently 2 common approaches to using Docker on this scenario. Let's start with the first one. 20 | 21 | ## Using the Docker-outside-of-Docker (DooD) Approach 22 | This approach describes the use of a `Docker Client` that uses the Kubernetes worker node's Docker socket to build and push images to a registry and also to start test containers. This is the easiest and most common way to use Docker inside of a pipeline because you can leverage the hosts's Docker daemon and avoid having to deploy your own. 23 | 24 | The DooD approach presents its challenges because the containers that are created are not managed by Kubernetes, which can result in orphaned containers that can overload the host. 25 | 26 | To learn more about the advantages and disadvantages of using the DooD approach, check out the following articles: 27 | * https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ 28 | * https://applatix.com/case-docker-docker-kubernetes-part/ 29 | 30 | ## Using the Docker-in-Docker (DinD) Approach 31 | This approach, though similar to the one above, is different as it encourages you to deploy your own containerized Docker daemon, which is completely separate from the Kubernetes host's Docker Daemon. Optionally, you can deploy a separate Docker Client container that interfaces with the above Docker Daemon directly. 32 | 33 | The advantage with this approach is that any container that gets deployed through this Docker daemon gets managed by the same Kubernetes Pod that the Docker Daemon is in. This means that if the pipeline crashes for whatever reason, both the Docker Daemon and the container deployed by the daemon will get killed, thus preventing orphaned containers. 34 | 35 | The DinD approach is great for running containers on CI/CD pipelines that are isolated form the rest of the Kubernetes cluster. 36 | 37 | Though the DinD approach works great when using Docker Hub as your Docker Registry, the moment you start using a privately hosted registry, you have to do a lot more work to configure the containerized Docker Daemon. For example, you have to setup separate ConfigMaps and Secrets for the registry name and certificates and mount those to the Docker Daemon pod in the Jenkins pipeline, which can result in file system errors with the Jenkinsfile. 38 | 39 | To learn more about the advantages and disadvantages of using the DinD approach, check out the following articles: 40 | * https://applatix.com/case-docker-docker-kubernetes-part-2/ 41 | 42 | ## The podman Approach 43 | Using podman in containerized Jenkins pipelines is not that much different than using either the DooD or the DinD approaches. However, here are a couple of advantages over either the DooD or the DinD: 44 | * podman is daemonless, which means that it has a smaller footprint compared to Docker's client-and-server footprint. 45 | * No need to have separate files (i.e. `/etc/docker/daemon.json`) to authorize private registries as it can be done through the podman CLI, which makes the pipeline more portable. 46 | 47 | Now let's look at how we can create a simple Dockerfile for podman that we can use in containerized CI/CD pipelines. 48 | 49 | ### Creating a podman Dockerfile 50 | Creating a podman Dockerfile is a very simple process. First create a file called `Dockerfile`, then enter the following content, and then save it. 51 | 52 | ```Dockerfile 53 | FROM ubuntu:16.04 54 | 55 | RUN apt-get update -qq \ 56 | && apt-get install -qq -y software-properties-common uidmap \ 57 | && add-apt-repository -y ppa:projectatomic/ppa \ 58 | && apt-get update -qq \ 59 | && apt-get -qq -y install podman \ 60 | && apt-get install -y iptables 61 | 62 | # Change default storage driver to vfs 63 | RUN sed -i "s/overlay/vfs/g" /etc/containers/storage.conf 64 | 65 | # Add docker.io as a search registry 66 | RUN sed -i '0,/\[\]/s/\[\]/["docker.io"]/' /etc/containers/registries.conf 67 | ``` 68 | 69 | Where: 70 | * `ubuntu:16.04` is the base container image. 71 | + One improvement that can be made here is to use `Alpine Linux` as the base image to obtain an even lighter overall image. 72 | * The first `RUN` statement installs some dependencies, followed by `podman` itself. 73 | * The second `RUN` statement changes the default storage driver to VFS as keeping the default `overlay` will prevent podman from starting inside of a container. 74 | * The last `RUN` statement ads `docker.io` as a search registry. 75 | + Though optional, this step is useful so that podman searches `docker.io` (or Docker Hub) when using short image names. 76 | + For example, with the above setup, the `podman pull ubuntu:16.04` command will pull the `docker.io/library/ubuntu:16.04` image. 77 | 78 | That's all it takes to create a simple podman Dockerfile. Now let's learn how we can build it and test it. 79 | 80 | ### Building and Testing the podman Container Image 81 | If you have Docker installed on your workstation, you can try building and running the podman image as follows: 82 | 83 | ```bash 84 | # CD into the folder containing the Dockerfile 85 | cd /path/to/Dockerfile 86 | 87 | # Build the image 88 | docker build -t podman:latest . 89 | 90 | # Start the podman container 91 | docker run -it podman:latest bash 92 | ``` 93 | 94 | The above commands build the podman container image, starts a podman container and start a new bash shell to it. Now run the following command to see if you can pull image from Dockerhub directly: 95 | 96 | ```bash 97 | podman pull ubuntu:16.04 98 | ``` 99 | 100 | If pull is successful, the command above should present you with an output similar to the following: 101 | 102 | ```bash 103 | Trying to pull docker.io/library/ubuntu:16.04...Getting image source signatures 104 | Copying blob 0c175077525d done 105 | Copying blob 35b42117c431 done 106 | Copying blob ad9c569a8d98 done 107 | Copying blob 293b44f45162 done 108 | Copying config 13c9f12850 done 109 | Writing manifest to image destination 110 | Storing signatures 111 | 13c9f1285025c03cfd56a2809973bfec93a6468953c4d0ed70afb1f492f50489 112 | ``` 113 | 114 | Now you are ready to put this into an actual pipeline. 115 | 116 | ### Creating a Jenkins Pipeline with podman Container Image 117 | First things first, you have to push this image to a Docker Registry that the pipeline can pull the image from. To do so, run the following commands: 118 | 119 | ```bash 120 | # Tag the podman image to add the registry name namespace 121 | docker tag podman:latest ${REGISTRY}/${NAMESPACE}/podman:latest 122 | 123 | # Push the podman image to the registry 124 | docker push ${REGISTRY}/${NAMESPACE}/podman:latest 125 | ``` 126 | 127 | Where `${REGISTRY}` is the registry name/location and `${NAMESPACE}` is the location inside the registry where you are going to place the image. 128 | 129 | Now that we have a podman container image, let's examine a simple build-only Jenkinsfile that uses podman to build and push to a registry: 130 | 131 | ```groovy 132 | // Pod Template 133 | def podLabel = "web" 134 | def cloud = env.CLOUD ?: "kubernetes" 135 | def registryCredsID = env.REGISTRY_CREDENTIALS ?: "registry-credentials-id" 136 | def serviceAccount = env.SERVICE_ACCOUNT ?: "jenkins" 137 | 138 | // Pod Environment Variables 139 | def namespace = env.NAMESPACE ?: "default" 140 | def registry = env.REGISTRY ?: "docker.io" 141 | def imageName = env.IMAGE_NAME ?: "ibmcase/bluecompute-web" 142 | 143 | /* 144 | Optional Pod Environment Variables 145 | */ 146 | def helmHome = env.HELM_HOME ?: env.JENKINS_HOME + "/.helm" 147 | 148 | podTemplate(label: podLabel, cloud: cloud, serviceAccount: serviceAccount, envVars: [ 149 | envVar(key: 'NAMESPACE', value: namespace), 150 | envVar(key: 'REGISTRY', value: registry), 151 | envVar(key: 'IMAGE_NAME', value: imageName) 152 | ], 153 | containers: [ 154 | containerTemplate(name: 'podman', image: 'ibmcase/podman:ubuntu-16.04', ttyEnabled: true, command: 'cat', privileged: true) 155 | ]) { 156 | 157 | node(podLabel) { 158 | checkout scm 159 | 160 | // Docker 161 | container(name:'podman', shell:'/bin/bash') { 162 | stage('Docker - Build Image') { 163 | sh """ 164 | #!/bin/bash 165 | 166 | # Construct Image Name 167 | IMAGE=${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${env.BUILD_NUMBER} 168 | 169 | podman build -t \${IMAGE} . 170 | """ 171 | } 172 | 173 | stage('Docker - Push Image to Registry') { 174 | withCredentials([usernamePassword(credentialsId: registryCredsID, 175 | usernameVariable: 'USERNAME', 176 | passwordVariable: 'PASSWORD')]) { 177 | sh """ 178 | #!/bin/bash 179 | 180 | # Construct Image Name 181 | IMAGE=${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${env.BUILD_NUMBER} 182 | 183 | podman login -u ${USERNAME} -p ${PASSWORD} ${REGISTRY} --tls-verify=false 184 | 185 | podman push \${IMAGE} --tls-verify=false 186 | """ 187 | } 188 | } 189 | } 190 | } 191 | } 192 | ``` 193 | 194 | Notice above in the `containers` section that we are using the `podman` image that we made publicly available on Docker Hub and called that container `podman`. In the pipeline stages below we are using the `podman` container to run the `podman build`, `podman login`, and `podman push` commands to build and push images to an authenticated Docker registry. 195 | 196 | To learn how to setup a simple pipeline using the above Jenkinsfile, feel free to follow the instructions in the link below: 197 | * https://github.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes#create-and-run-a-sample-cicd-pipeline 198 | 199 | Make sure that you use the [`jenkins/Jenkinsfile-podman-build.groovy`](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/blob/spring/jenkins/Jenkinsfile-podman-build.groovy) Jenkinsfile in the [`refarch-cloudnative-bluecompute-web`](https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web/tree/spring) git repo. 200 | 201 | ## Conclusion 202 | Replacing a container engine with another one can seem like a daunting task, but `podman` makes this easier by making its CLI practically identical to that of Docker, making adoption much easier. Also, not having to manage a separate container daemon and the required configuration files makes managing `podman` a breeze when compare to either the DooD or DinD approaches. 203 | 204 | Now that you know how to build CI/CD pipelines with `podman` as the container engine, I encourage you to try and build your own pipelines! -------------------------------------------------------------------------------- /jenkins/README.md: -------------------------------------------------------------------------------- 1 | # Load Jenkins with existing job configurations 2 | To avoid manually creating and configuring Jenkins jobs for each project, you can copy the contents of the `jobs` folder into the `jobs` folder inside the `JENKINS_HOME` folder. To do so, use the command below: 3 | 4 | ```bash 5 | kubectl cp jobs ${NAMESPACE}/${JENKINS_POD_NAME}:/var/jenkins_home 6 | ``` 7 | 8 | Where: 9 | * `${JENKINS_POD_NAME}` is the name of the Jenkins Pod. 10 | * `${NAMESPACE}` is the namespace where the Jenkins pod is deployed. 11 | * `/var/jenkins_home` is the default path to the Jenkins Home folder. 12 | 13 | To see the jobs you can restart Jenkins or click `Manage Jenkins -> Reload Configuration from Disk`. 14 | 15 | If using NFS as the Persistent Volume, you could also simply copy and paste the `jobs` folder to the NFS volume before deploying the Jenkins chart. -------------------------------------------------------------------------------- /jenkins/cluster_image_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1 2 | kind: ClusterImagePolicy 3 | metadata: 4 | name: jenkins 5 | spec: 6 | repositories: 7 | - name: 'docker.io/ibmcase/docker' 8 | policy: 9 | va: 10 | enabled: false 11 | - name: 'docker.io/ibmcase/nodejs' 12 | policy: 13 | va: 14 | enabled: false 15 | - name: 'docker.io/ibmcase/openjdk-bash' 16 | policy: 17 | va: 18 | enabled: false 19 | - name: 'docker.io/ibmcase/jenkins-slave-utils' 20 | policy: 21 | va: 22 | enabled: false 23 | - name: 'docker.io/ibmcase/podman' 24 | policy: 25 | va: 26 | enabled: false 27 | - name: 'docker.io/jenkins/jenkins' 28 | policy: 29 | va: 30 | enabled: false 31 | - name: 'docker.io/jenkins/jnlp-slave' 32 | policy: 33 | va: 34 | enabled: false -------------------------------------------------------------------------------- /jenkins/ibm_cloud_container_service/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: jenkins-home 5 | annotations: 6 | volume.beta.kubernetes.io/storage-class: "ibmc-file-silver" 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 20Gi -------------------------------------------------------------------------------- /jenkins/jobs/auth/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | All 9 | false 10 | false 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | false 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jenkins/jobs/auth/jobs/auth-build/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-auth 31 | false 32 | 33 | 34 | HS256_KEY 35 | 36 | {AQAAABAAAAGQ6m4w5AxZqYwj4sNB7XWTJEh9aUI8mLSgAEfKYVqgGhLdO0mN0Jr0gv97I5YJ55TgMLegMCJj+k77LY1Y1FbyRLKKhrS19ENNhgnwAuMJAZTBvFtUuOvivmAqZULgyG+I7jwrQhRu7EsApbv2xR69gD5M1k4WWFUng3jtd4aZX681tP0Xa/TERXEonuc7XIDNdcqekqI6IoDOcknNZmHFBgzY92kk6QYInf5EKk3aeBaPtWqdVD76uA/Xxpdacv9Iogk+5P+IsBTShAygrJu8tog9krkqUEfkwbtxaMDBzue6uKvgcwGAsp2tMjAcqcV09ZawGgXonB+wE0REa26z0190nnq/EJxUtNX6iMkTMs+bnxZLWlQmIX4X4jD98QFhr1KlON4tAnwMACBCmaNPVRXUrQBlf+GluhgQC89c9Mtabh9VUG7QgTM8VxvGhsUYPAiLz/Hl19nVwZUmiAL2hOtklAdYGEWM3uxBHAWXLGTlmGyntY//7bxbaqGGn/NbPVHp24PldULmKYF9j089RWFfKL3QDihEAiF1Di7bWgI=} 37 | 38 | 39 | CUSTOMER_URL 40 | 41 | http://CUSTOMER_HOST:CUSTOMER_PORT 42 | false 43 | 44 | 45 | DEPLOY_NEW_VERSION 46 | 47 | false 48 | false 49 | 50 | 51 | 52 | 53 | 54 | 55 | 2 56 | 57 | 58 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-auth 59 | 60 | 61 | 62 | 63 | */spring 64 | 65 | 66 | false 67 | 68 | 69 | 70 | jenkins/Jenkinsfile-build.groovy 71 | true 72 | 73 | 74 | false 75 | 76 | -------------------------------------------------------------------------------- /jenkins/jobs/auth/jobs/auth-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-auth 31 | false 32 | 33 | 34 | IMAGE_TAG 35 | 36 | latest 37 | false 38 | 39 | 40 | HS256_KEY 41 | 42 | {AQAAABAAAAGQtYvPQespoWlm1CuQny7iBskVe1gHivI7raq+CKSI+xrycRzM+0AXY6h95X2dDyYLs5O9iDlsf1hqZ7IazsOEY5DkheOxHL8vMt1G/bCn3UDiBmEdfS/6TV+RAckvxy9j/JvHjzyqn0/zetUnwU2jzeWF5381I5CEzUTwRJrC5jo9jLjznFIVh2USS0VywGAH4E3ZRzlUqysSN0jn6HmM5tFL82LEKDW7ZC5k5+N/LoZegWAW0nuN4pyYxy0alSftRD+dAwi8trhmtRnJ4IN5Qkui6GXkE/TmAtsPmsAUgsESnUaal0BUIdi+mM96Z4nWazJ2zewnEiVuPE6PbbuJazpXvc995jFtnCqlikAmIumwIsBHy6xZa1HZTuiGYvZQi7IqJFSPUhYw1uywUPYAeviSuKnVpXHRff0WuDG9/b22jvA2FS/lFj/FevyfNZwdX7zZbBm+UB5eO0Q6UnznjdFh6tZNXn6sR7qhGNHVdgw9CiwIwqptiTewZuzz01SdoZjWWk2ekP4RE/PtrV1DRJ80X4+gpEbApEBtj0lRAVo=} 43 | 44 | 45 | CUSTOMER_URL 46 | 47 | http://CUSTOMER_HOST:CUSTOMER_PORT 48 | false 49 | 50 | 51 | DEPLOY_NEW_VERSION 52 | 53 | false 54 | false 55 | 56 | 57 | 58 | 59 | 60 | 61 | 2 62 | 63 | 64 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-auth 65 | 66 | 67 | 68 | 69 | */spring 70 | 71 | 72 | false 73 | 74 | 75 | 76 | jenkins/Jenkinsfile-icp-deploy.groovy 77 | true 78 | 79 | 80 | false 81 | 82 | -------------------------------------------------------------------------------- /jenkins/jobs/auth/jobs/auth-end-to-end/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-auth 31 | false 32 | 33 | 34 | HS256_KEY 35 | 36 | {AQAAABAAAAGQAiYAB86F90DWiaIXSnLkBQdEiGzFCcS+xnV04PLwluwdCkV45sSc6C5JFuNX/GeHb3MCRm6lJK/tQIV2g3wsEY1rvmUrs1wOPKPX2i71//SacfGIJxAOdT+DEBG6Wr6haveyALxYl/w+PePOKdhSsJP2WEWaZsv0tUOGc9wa6E5QZiKqYTKiUREKvcMlFYRM1z1ajaQN22qlJ618n7+aLrW0vYD3E178Lb8pKHI1wOJWh2YiEEd6CBP8IU/bX9UP37IA/o7OCV8MPIm+qCovVshaOiXEljVrCT10lEGeaXF0kb9leMIdQRBOwYYJ7WyBoQkWSfo1ZUlF7nP1eRkLxWTUU9FeJ+bGSkiWLuuEeKkK1X8ovBuJplfD5FUKUAzvq8qzrWXaS5ki9vbDmj+ek5My1z3rd7nIu3jJstj78fXW18dkuAQ7hEifpHO+Lsc/3X90yjb9p4jnB60igRv0xX9OpSIvhxUhVqaiF9ZJTt1ZarZFgmbR1lSGaY81gJ/IKgt6/2+kL0rP/q5wSC7VuseJM4LkyRipOPPCP5gHqAA=} 37 | 38 | 39 | CUSTOMER_URL 40 | 41 | http://CUSTOMER_HOST:CUSTOMER_PORT 42 | false 43 | 44 | 45 | DEPLOY_NEW_VERSION 46 | 47 | false 48 | false 49 | 50 | 51 | 52 | 53 | 54 | 55 | 2 56 | 57 | 58 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-auth 59 | 60 | 61 | 62 | 63 | */spring 64 | 65 | 66 | false 67 | 68 | 69 | 70 | jenkins/Jenkinsfile-icp-end-to-end.groovy 71 | true 72 | 73 | 74 | false 75 | 76 | -------------------------------------------------------------------------------- /jenkins/jobs/auth/jobs/auth-update-image/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-auth 31 | false 32 | 33 | 34 | HS256_KEY 35 | 36 | {AQAAABAAAAGQJmTtdYzNAjN9NHO32EEfJrcSIcrAr7MPewYkewgEUEtHv6rglGKXrMAMA2A8hDL3g3HaL7Oi7d3qgq49XT+606jj6Y6xHFFK03wRwV90nNER3PWKY06Bp/Di9ad0jDTNu46qTFMGaqSb0PSE0Vgpg39XBhjO/iorM7AY49zGn7q1nEhvK0NtNnyk3HFf+pDy0nZYPo9XCCrxROxWr8LvtNCbgHJRLe9J/reDKe+BaN61lat7wpvNQJDSOcswPbrgAT1x7mkGBayY5O0bWE+q6yG1SrJ6AhLpDyjzy8RY1ImJjOPASvZHJzKzPD8CEclTvnwVapy/LbfGCKcQKwlNvcJEtbh96/YwJ+Jma5x8kj+/eFuYiutXWLZfBUhtutiTmD8aDZVp3Bl2q14NB9BKYkjSrA8Ug8vU/jau8qGg4K75VgAqG8It05IYcrvJa+ut2o+0p4roj319LoUyX/JKYoZIPJeRke+e4SxaYUyA79I+JZRX9WLzBiH1EO+caA7Li/NTeyQs2YcacgqLC/PrwcYhk+9yrxjWHzCYORKpT8k=} 37 | 38 | 39 | CUSTOMER_URL 40 | 41 | http://CUSTOMER_HOST:CUSTOMER_PORT 42 | false 43 | 44 | 45 | DEPLOY_NEW_VERSION 46 | 47 | false 48 | false 49 | 50 | 51 | 52 | 53 | 54 | 55 | 2 56 | 57 | 58 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-auth 59 | 60 | 61 | 62 | 63 | */spring 64 | 65 | 66 | false 67 | 68 | 69 | 70 | jenkins/Jenkinsfile-update-image.groovy 71 | true 72 | 73 | 74 | false 75 | 76 | -------------------------------------------------------------------------------- /jenkins/jobs/catalog/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | All 9 | false 10 | false 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | false 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jenkins/jobs/catalog/jobs/catalog-build/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-catalog 31 | false 32 | 33 | 34 | ES_HOST 35 | 36 | 37 | false 38 | 39 | 40 | ES_PORT 41 | 42 | 43 | false 44 | 45 | 46 | ES_USER 47 | 48 | 49 | false 50 | 51 | 52 | ES_PASSWORD 53 | 54 | 55 | 56 | 57 | INVENTORY_URL 58 | 59 | http://INVENTORY_HOST:INVENTORY_PORT 60 | false 61 | 62 | 63 | DEPLOY_NEW_VERSION 64 | 65 | false 66 | false 67 | 68 | 69 | 70 | 71 | 72 | 73 | 2 74 | 75 | 76 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-catalog 77 | 78 | 79 | 80 | 81 | */spring 82 | 83 | 84 | false 85 | 86 | 87 | 88 | jenkins/Jenkinsfile-build.groovy 89 | true 90 | 91 | 92 | false 93 | 94 | -------------------------------------------------------------------------------- /jenkins/jobs/catalog/jobs/catalog-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-catalog 31 | false 32 | 33 | 34 | IMAGE_TAG 35 | 36 | latest 37 | false 38 | 39 | 40 | ES_HOST 41 | 42 | 43 | false 44 | 45 | 46 | ES_PORT 47 | 48 | 49 | false 50 | 51 | 52 | ES_USER 53 | 54 | 55 | false 56 | 57 | 58 | ES_PASSWORD 59 | 60 | 61 | 62 | 63 | INVENTORY_URL 64 | 65 | http://INVENTORY_HOST:INVENTORY_PORT 66 | false 67 | 68 | 69 | DEPLOY_NEW_VERSION 70 | 71 | false 72 | false 73 | 74 | 75 | 76 | 77 | 78 | 79 | 2 80 | 81 | 82 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-catalog 83 | 84 | 85 | 86 | 87 | */spring 88 | 89 | 90 | false 91 | 92 | 93 | 94 | jenkins/Jenkinsfile-icp-deploy.groovy 95 | true 96 | 97 | 98 | false 99 | 100 | -------------------------------------------------------------------------------- /jenkins/jobs/catalog/jobs/catalog-end-to-end/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-catalog 31 | false 32 | 33 | 34 | ES_HOST 35 | 36 | 37 | false 38 | 39 | 40 | ES_PORT 41 | 42 | 43 | false 44 | 45 | 46 | ES_USER 47 | 48 | 49 | false 50 | 51 | 52 | ES_PASSWORD 53 | 54 | 55 | 56 | 57 | INVENTORY_URL 58 | 59 | http://:32380 60 | false 61 | 62 | 63 | DEPLOY_NEW_VERSION 64 | 65 | false 66 | false 67 | 68 | 69 | 70 | 71 | 72 | 73 | 2 74 | 75 | 76 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-catalog 77 | 78 | 79 | 80 | 81 | */spring 82 | 83 | 84 | false 85 | 86 | 87 | 88 | jenkins/Jenkinsfile-icp-end-to-end.groovy 89 | true 90 | 91 | 92 | false 93 | 94 | -------------------------------------------------------------------------------- /jenkins/jobs/catalog/jobs/catalog-update-image/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-catalog 31 | false 32 | 33 | 34 | ES_HOST 35 | 36 | 37 | false 38 | 39 | 40 | ES_PORT 41 | 42 | 43 | false 44 | 45 | 46 | ES_USER 47 | 48 | 49 | false 50 | 51 | 52 | ES_PASSWORD 53 | 54 | 55 | 56 | 57 | INVENTORY_URL 58 | 59 | http://INVENTORY_HOST:INVENTORY_PORT 60 | false 61 | 62 | 63 | DEPLOY_NEW_VERSION 64 | 65 | false 66 | false 67 | 68 | 69 | 70 | 71 | 72 | 73 | 2 74 | 75 | 76 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-catalog 77 | 78 | 79 | 80 | 81 | */spring 82 | 83 | 84 | false 85 | 86 | 87 | 88 | jenkins/Jenkinsfile-update-image.groovy 89 | true 90 | 91 | 92 | false 93 | 94 | -------------------------------------------------------------------------------- /jenkins/jobs/customer/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | All 9 | false 10 | false 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | false 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jenkins/jobs/customer/jobs/customer-build/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-customer 31 | false 32 | 33 | 34 | COUCHDB_HOST 35 | 36 | 37 | false 38 | 39 | 40 | COUCHDB_PORT 41 | 42 | 43 | false 44 | 45 | 46 | COUCHDB_USER 47 | 48 | 49 | false 50 | 51 | 52 | COUCHDB_PASSWORD 53 | 54 | 55 | 56 | 57 | HS256_KEY 58 | 59 | {AQAAABAAAAGQhSVUV1JimWTu3zPSjes14N79F4RVHunp/P7r7xIw5VPi0aOMeEObsR28K+HiNyb0SVG7+zpuyeTqsv1psEbfD0Oulb3j2gxCU+sMJ999VMU2H0Wsdw6lojgU8ykvCRsUtiGUufzTKIi/zZg7jhgjCaoB3hvXBhvLNak3NnoSDGUlELSBv4J/kjEeY/1BbGCVVYdtuIpxQFjNRmFOah9wdhLppb7EV7vIOYJmXAaQzk5jf6bPJ1qiov2IV5JPYP2Ie78PGtcZ1i8lWI3zAUWrYyD7NiaK7MpXDTmNPcuyEfkVe/KYqyw0QwrEt2swNiBzHmCXJ5krq48jvVyh1uDNNyIZxlrGYR9J5KxncrFnyCuRxCcMQc08NEOyJKT68MFkqryWXOBuv0TX/eLA8NNUXJGmeTdICTTGad2JKi+2xBsraZvDWY0h0E7FaW5tknTfZSdv+FRIUadz3a7T1zcub4wivI1XEylFbPksu/btjdi2um8whKNl3fJbdsiXc8mQ+rc6/nIrgmSMriv5naNYXjHCLDrKYKOOpSFsYJsIPsk=} 60 | 61 | 62 | DEPLOY_NEW_VERSION 63 | 64 | false 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | 2 73 | 74 | 75 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-customer 76 | 77 | 78 | 79 | 80 | */spring 81 | 82 | 83 | false 84 | 85 | 86 | 87 | jenkins/Jenkinsfile-build.groovy 88 | true 89 | 90 | 91 | false 92 | 93 | -------------------------------------------------------------------------------- /jenkins/jobs/customer/jobs/customer-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-customer 31 | false 32 | 33 | 34 | IMAGE_TAG 35 | 36 | latest 37 | false 38 | 39 | 40 | COUCHDB_HOST 41 | 42 | 43 | false 44 | 45 | 46 | COUCHDB_PORT 47 | 48 | 49 | false 50 | 51 | 52 | COUCHDB_USER 53 | 54 | 55 | false 56 | 57 | 58 | COUCHDB_PASSWORD 59 | 60 | 61 | 62 | 63 | HS256_KEY 64 | 65 | {AQAAABAAAAGQxtZMIG72cEc01ryYDX7v4ON9g9U00uejr57AQQjGsfTeN4/BbvTECd/ZyUNSkizmv8L49I3k4Sw7eokaciIh4fI51Mqou+sAKWICmk0mUsmoe9xpsXWA0ckRc8tjdIJcberQeHTAPJGLyMGyDQ7ZTiUuX3ruAAbwevE2SktWOC8FN7aLwF9hrw9jAPWUYipydA3gtkllviPXzY2lIQWfOufVoyU18SIjCUJwGH+iMvPxcXpMErDYI9yEBpfBZneIyz73DVWSROTETVRGrQoHRxmj5v6Glx8FQIa05legSJO+Fwhcjf4QN1/5sK1M1EXnZTNhgj5xlAV+VU4wgIn/TRcbybJSFPA95WJU/cmPg+b03fYGpSUZ9i3j2EfiDB7VKwFQj6KGxFQ5Z7ypS35Yj0FckSf9gQXVo/6znkt1eI1jxrsIgzfiriRGTcw6m8SkOKsDbRFuo8DsnRy01LgCK0/CKIiniLCjgoIv4vVzbevvV9X1f1ce+jSA+F28UAYZnqhkMY0hRjXof7BL/Ce5tJwOrotgAKy7m07vyufwY4A=} 66 | 67 | 68 | DEPLOY_NEW_VERSION 69 | 70 | false 71 | false 72 | 73 | 74 | 75 | 76 | 77 | 78 | 2 79 | 80 | 81 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-customer 82 | 83 | 84 | 85 | 86 | */spring 87 | 88 | 89 | false 90 | 91 | 92 | 93 | jenkins/Jenkinsfile-icp-deploy.groovy 94 | true 95 | 96 | 97 | false 98 | 99 | -------------------------------------------------------------------------------- /jenkins/jobs/customer/jobs/customer-end-to-end/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-customer 31 | false 32 | 33 | 34 | COUCHDB_HOST 35 | 36 | 37 | false 38 | 39 | 40 | COUCHDB_PORT 41 | 42 | 43 | false 44 | 45 | 46 | COUCHDB_USER 47 | 48 | 49 | false 50 | 51 | 52 | COUCHDB_PASSWORD 53 | 54 | 55 | 56 | 57 | HS256_KEY 58 | 59 | {AQAAABAAAAGQjILk6yIF95A1IVwTEUIUHpVCYGJOy5lLqxeWfYxTw1BGXoubX/EoDPFjlnsOp9dHFyluVc+2g1hfQ9yDh4QKlEQyhJXlTbeM3y9LzBcAeD8GYM01psUc61nQ8BGsNrimauNdzpVsiTG84UlHFZpo1t5olA9ORzqdSDVzgx1/om2CufH9Bk/rXaaekcBiGn8EZEOHTX5Ktcwvz1Ci9rVCvIK+8LNLnCqCdwjhjfHi1rhTi7LGc+h6yIOEzjHk++dr5QDVINGUHnfdzHGXXTbbDQ8j7o/ow1e1FxlsGfY98fxV+imsfR4mrCXZOZ4VazE8Gz0LJl9P8bzb66gLEml74er6JOkrNTKizKobu3ZHqq5EvfTqOQ6fmLAp3NxiT9uqz+k5aSkPQqEHBvBcGkqexlCHyNNtJLEi7th2i0ujkkkMhw9iKs44y0uMc31aCWwYsnAWDp+jU7NWI1nt90rWtKmq/ByGMtNPkXmY66mHDV8FzSyMWf5IPHPXs6nKSSiqMVNs/1LEYumXfRbOiQQICL/EUnCweDpEP3VyzB4VTK4=} 60 | 61 | 62 | DEPLOY_NEW_VERSION 63 | 64 | false 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | 2 73 | 74 | 75 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-customer 76 | 77 | 78 | 79 | 80 | */spring 81 | 82 | 83 | false 84 | 85 | 86 | 87 | jenkins/Jenkinsfile-icp-end-to-end.groovy 88 | true 89 | 90 | 91 | false 92 | 93 | -------------------------------------------------------------------------------- /jenkins/jobs/customer/jobs/customer-update-image/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-customer 31 | false 32 | 33 | 34 | COUCHDB_HOST 35 | 36 | 37 | false 38 | 39 | 40 | COUCHDB_PORT 41 | 42 | 43 | false 44 | 45 | 46 | COUCHDB_USER 47 | 48 | 49 | false 50 | 51 | 52 | COUCHDB_PASSWORD 53 | 54 | 55 | 56 | 57 | HS256_KEY 58 | 59 | {AQAAABAAAAGQgKRv8RC7ZZ8DTE/mvbncioLo/6C2RuqCufyyM2DngLRBTYCNEKl3V9TX7T4UK7kuDesN0P/tjwegTijeK9LV3kdVV8HasBYuwqYMCaSQKS7rscqFASMpk27znM4zMgwxat8yBLyGB9IWxTQ+ttud6mcrzTw3t8fu4P84UT58G59Z0xfkN1DkC6vUhD2FbZiCgWX/ozoXohCNPHu8f0TSyZ3d6TicQX6Ekdl/NDXJ8PfgYgEjiYg2vU8LlpQJUpc8WkSnV6DzuunPlq/i66Tnsa1jghd/Gfgq/wdVLNy2XLEdpezCtxpdrgZ4xRLynUGnSIaVNeA+D+nlR2kQsdyBRyce9dcW8bMtUwLzd7WpcMKXSWailMIzSzgeT3sD/qOhMIQM60Qa8UuXWyg/DCpf3pgtiaQ/5YU9MXSKMl3aAaqAzELakIHoWIc5FxXGzYDs/MXkXS1nI7Nj3owoIkAj+rv5F25ylhlTNiS+KxtLE0wXp96ZDrb4nUcgaNexbpbnEFvXy8VVjbwiHaldhN3qFDRc3WoQROYeOAMKq8Z0mUU=} 60 | 61 | 62 | DEPLOY_NEW_VERSION 63 | 64 | false 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | 2 73 | 74 | 75 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-customer 76 | 77 | 78 | 79 | 80 | */spring 81 | 82 | 83 | false 84 | 85 | 86 | 87 | jenkins/Jenkinsfile-update-image.groovy 88 | true 89 | 90 | 91 | false 92 | 93 | -------------------------------------------------------------------------------- /jenkins/jobs/inventory/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | All 9 | false 10 | false 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | false 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jenkins/jobs/inventory/jobs/inventory-build/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-inventory 31 | false 32 | 33 | 34 | MYSQL_HOST 35 | 36 | 37 | false 38 | 39 | 40 | MYSQL_PORT 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_USER 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_PASSWORD 53 | 54 | 55 | 56 | 57 | DEPLOY_NEW_VERSION 58 | 59 | false 60 | false 61 | 62 | 63 | 64 | 65 | 66 | 67 | 2 68 | 69 | 70 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-inventory 71 | 72 | 73 | 74 | 75 | */spring 76 | 77 | 78 | false 79 | 80 | 81 | 82 | jenkins/Jenkinsfile-build.groovy 83 | true 84 | 85 | 86 | false 87 | 88 | -------------------------------------------------------------------------------- /jenkins/jobs/inventory/jobs/inventory-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-inventory 31 | false 32 | 33 | 34 | IMAGE_TAG 35 | 36 | latest 37 | false 38 | 39 | 40 | MYSQL_HOST 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_PORT 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_USER 53 | 54 | 55 | false 56 | 57 | 58 | MYSQL_PASSWORD 59 | 60 | 61 | 62 | 63 | DEPLOY_NEW_VERSION 64 | 65 | false 66 | false 67 | 68 | 69 | 70 | 71 | 72 | 73 | 2 74 | 75 | 76 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-inventory 77 | 78 | 79 | 80 | 81 | */spring 82 | 83 | 84 | false 85 | 86 | 87 | 88 | jenkins/Jenkinsfile-icp-deploy.groovy 89 | true 90 | 91 | 92 | false 93 | 94 | -------------------------------------------------------------------------------- /jenkins/jobs/inventory/jobs/inventory-end-to-end/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-inventory 31 | false 32 | 33 | 34 | MYSQL_HOST 35 | 36 | 37 | false 38 | 39 | 40 | MYSQL_PORT 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_USER 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_PASSWORD 53 | 54 | 55 | 56 | 57 | DEPLOY_NEW_VERSION 58 | 59 | false 60 | false 61 | 62 | 63 | 64 | 65 | 66 | 67 | 2 68 | 69 | 70 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-inventory 71 | 72 | 73 | 74 | 75 | */spring 76 | 77 | 78 | false 79 | 80 | 81 | 82 | jenkins/Jenkinsfile-icp-end-to-end.groovy 83 | true 84 | 85 | 86 | false 87 | 88 | -------------------------------------------------------------------------------- /jenkins/jobs/inventory/jobs/inventory-update-image/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-inventory 31 | false 32 | 33 | 34 | MYSQL_HOST 35 | 36 | 37 | false 38 | 39 | 40 | MYSQL_PORT 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_USER 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_PASSWORD 53 | 54 | 55 | 56 | 57 | DEPLOY_NEW_VERSION 58 | 59 | false 60 | false 61 | 62 | 63 | 64 | 65 | 66 | 67 | 2 68 | 69 | 70 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-inventory 71 | 72 | 73 | 74 | 75 | */spring 76 | 77 | 78 | false 79 | 80 | 81 | 82 | jenkins/Jenkinsfile-update-image.groovy 83 | true 84 | 85 | 86 | false 87 | 88 | -------------------------------------------------------------------------------- /jenkins/jobs/orders/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | All 9 | false 10 | false 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | false 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jenkins/jobs/orders/jobs/orders-build/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-orders 31 | false 32 | 33 | 34 | MYSQL_HOST 35 | 36 | 37 | false 38 | 39 | 40 | MYSQL_PORT 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_USER 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_PASSWORD 53 | 54 | 55 | 56 | 57 | HS256_KEY 58 | 59 | {AQAAABAAAAGQvmi5MDJlMPTwKv029gN/CJf9Hw99wzvyKbuiYH9j4cLij34K072yBRYPzMwdzCuAAO8idzeAzUpuUfKVCx2jtiWvnp38AT0/rBW2JlGUroHxmxKhMDu72PJsV6ak+Ry+D2kC1z4feRcXF9cJZwkqdu/3MNhIg1g1++BhjKJNolKax6/Dk8j7kDTWlrdP5nZYvutPNt9eO21z6YbWoucTcmdPICOOkCMZV/0Bw8t5ssfLEmA/vCJtcmdp6lNUQkTGKxA+CpUjT1WTajGj2Cxk4DRyHfF0l8JWageHyueFWFE0rO0Xg76yCR8pIvBMUXkoATw7vbiF9bUwYce8+IbOK1hYzfh3otlJCfmrG/4B0fTe52CnNIOAgFY3L9DHXKntD9s+uwsQa9xK3YzAyaNvMPyrYMDkjYkOG5UzeMI2lrfCZMNbznVtb8m8lslp7/mu35G5xQRU6539Po8X3yu1xwg+wq9OSZklzrqg7YsrayxSo+LV7UlMk/z5HezgF3dyzfRA8pOzIrXW8IpmDIpKm/P4xCFxwl1J40eBcdQeehU=} 60 | 61 | 62 | DEPLOY_NEW_VERSION 63 | 64 | false 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | 2 73 | 74 | 75 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-orders 76 | 77 | 78 | 79 | 80 | */spring 81 | 82 | 83 | false 84 | 85 | 86 | 87 | jenkins/Jenkinsfile-build.groovy 88 | true 89 | 90 | 91 | false 92 | 93 | -------------------------------------------------------------------------------- /jenkins/jobs/orders/jobs/orders-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-orders 31 | false 32 | 33 | 34 | IMAGE_TAG 35 | 36 | latest 37 | false 38 | 39 | 40 | MYSQL_HOST 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_PORT 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_USER 53 | 54 | 55 | false 56 | 57 | 58 | MYSQL_PASSWORD 59 | 60 | 61 | 62 | 63 | HS256_KEY 64 | 65 | {AQAAABAAAAGQvQ7DrqdX6Gjw44+IE5PHNYZ69AZT4GShQ9F1ZAxb4nzVm95B8Riu/GIfUzvvM2TyVTvOoPw4GppRwGVy6/szEYxykvMF9z3hlMtzLnFXo65rC4DtmaAa+lObIlZTAqdicHa0MzCEQLk3ARo8N15hYnQMPtV6b7HOckW/alAH1/zdvAmWZ/N2q2gxYNTyrtWjjPLcyF1oOe1qnJuIKqq0j5UfzldihMnWHk3pFBx1bVtguMOcJLmcdvdtV/gfvqIg5GXHvm+gScSsDkEl9JXiaazlvEUSVvtDmfBJA66j2Iu7nUcocpM5KnM81+RFrLFf9uxPrMBrz7YV3+/nm54Xrknxxk6a3/qz9sZglgdkUwSGjFvZzIQ9PDgOj+u7TcS0dskSCjgZUbpeE12qYrviQQJlKVlMDfLbVo8QpBdALcgq+RIM0RUaMXmhXEWp9UMXc2OzZ4ifHHNpgd4/3WDMzyLdJnEH3ujucYYaUViFTIbmeTCgoP774d8M9FGDIhBnH6Ir4IgVfxEPNquYXZd4k+BJH3BKl+qY4oVHT4DTEgM=} 66 | 67 | 68 | DEPLOY_NEW_VERSION 69 | 70 | false 71 | false 72 | 73 | 74 | 75 | 76 | 77 | 78 | 2 79 | 80 | 81 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-orders 82 | 83 | 84 | 85 | 86 | */spring 87 | 88 | 89 | false 90 | 91 | 92 | 93 | jenkins/Jenkinsfile-icp-deploy.groovy 94 | true 95 | 96 | 97 | false 98 | 99 | -------------------------------------------------------------------------------- /jenkins/jobs/orders/jobs/orders-end-to-end/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-orders 31 | false 32 | 33 | 34 | MYSQL_HOST 35 | 36 | 37 | false 38 | 39 | 40 | MYSQL_PORT 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_USER 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_PASSWORD 53 | 54 | 55 | 56 | 57 | HS256_KEY 58 | 59 | {AQAAABAAAAGQhwgAoPG6TYGqHxMi5qIX0aQsCIpJGnuXoF7XePcLovRMg464tTAcwh2a1n3v9Wt8Jd8pAC87EEvj0pQXDbQQHKVyTpWwQWFIt96AZ33Vwy66g1SlofkpJD8ORpchrGlrz7pvcQZY7DuF3OjtOgyLNwsWrUDcYvZ9Gd/mXusckiXH/79/H4DVeppbOHR7sOFjlxdnQIdnWSyzA1eM3mIuuLWosJ6H8rJkgGhbXrTYTY7Q+Eq8wM+r7alpjLUxoKUW1Q7FQwRG7APGM7ddldo818zqqXtnH6uX/3z6a7UmptOb6gNllvyJpl0wt4LGUSQxjoNX/HSauK0nDrloywx1ot1TPNiOuYlrbq/+NgIyNn9DGDtZ6r0IBox4Sjg04Wje92dlZLKZjXMNBj3qbprrrQKOEhFoCnOCRyXMQpC1qUbmoR1B4QPpNorK/RquIPrbmUbHW3+WLmSXsPBpHdV5ztuF59vW/F2kbgGzYSbhvoxmLjrKIRh0KyX34m696l2wVLOWoDYk1n0XMiZT+2oF4UkecepaCODbxJQRxiqFC38=} 60 | 61 | 62 | DEPLOY_NEW_VERSION 63 | 64 | false 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | 2 73 | 74 | 75 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-orders 76 | 77 | 78 | 79 | 80 | */spring 81 | 82 | 83 | false 84 | 85 | 86 | 87 | jenkins/Jenkinsfile-icp-end-to-end.groovy 88 | true 89 | 90 | 91 | false 92 | 93 | -------------------------------------------------------------------------------- /jenkins/jobs/orders/jobs/orders-update-image/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-orders 31 | false 32 | 33 | 34 | MYSQL_HOST 35 | 36 | 37 | false 38 | 39 | 40 | MYSQL_PORT 41 | 42 | 43 | false 44 | 45 | 46 | MYSQL_USER 47 | 48 | 49 | false 50 | 51 | 52 | MYSQL_PASSWORD 53 | 54 | 55 | 56 | 57 | HS256_KEY 58 | 59 | {AQAAABAAAAGQtMv5qfxOduQX+ZodTv5IlBR/idx9lUP7R9L2ViHLW/MuR1xYs/4A3+NlWN14KsuKj+vQIvkTnJYbyFSOhHR1Le7GyWAckCKuvTxCQxtkKsnLRrfNwWFc4DmsB/ZdOg2FaIoV1xgaL9gomOCqFKkRb6dR2D54XENvskC9mmfyjuRx5YqOoX1ZHxRtzl62BvAKxboNh4uER1j8XB3EQ93Bh9XNIUMPgBCa2t5vv8HbCE6e1aeHfEwCkMMBwxOEYCETG9o+MetOliMmL9YI0yG5XlTTFHVKhVwGhmlAmBuH5rJTG8tpp222L9AhFHIXkZq7HwhYnGOgmdXGBfovr9rQwYW5wRAb5a4jVIs45guSzSJumBJi6UnaU2p1VS+EY6tgmEkLhdqs2khiCcwnUjcXUsItYuvKUtYZj3qqKFtzSYU2vj3cBcPHEl8E6lge/AoiqnDuxjcQhVsYUqEzI/o7uGtVAOVxNF8xiwoQBC0JZhQJoCzYlwFo4c4w90c+efBOH5X/ICjn0J8oCbBsLkFSQuYVzOq3UCGcc4vNAc2ugPA=} 60 | 61 | 62 | DEPLOY_NEW_VERSION 63 | 64 | false 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | 2 73 | 74 | 75 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-micro-orders 76 | 77 | 78 | 79 | 80 | */spring 81 | 82 | 83 | false 84 | 85 | 86 | 87 | jenkins/Jenkinsfile-update-image.groovy 88 | true 89 | 90 | 91 | false 92 | 93 | -------------------------------------------------------------------------------- /jenkins/jobs/web/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | All 9 | false 10 | false 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | false 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jenkins/jobs/web/jobs/web-build/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-web 31 | false 32 | 33 | 34 | DEPLOY_NEW_VERSION 35 | 36 | false 37 | false 38 | 39 | 40 | 41 | 42 | 43 | 44 | 2 45 | 46 | 47 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web 48 | 49 | 50 | 51 | 52 | */spring 53 | 54 | 55 | false 56 | 57 | 58 | 59 | jenkins/Jenkinsfile-build.groovy 60 | true 61 | 62 | 63 | false 64 | 65 | -------------------------------------------------------------------------------- /jenkins/jobs/web/jobs/web-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-web 31 | false 32 | 33 | 34 | IMAGE_TAG 35 | 36 | latest 37 | false 38 | 39 | 40 | DEPLOY_NEW_VERSION 41 | 42 | false 43 | false 44 | 45 | 46 | 47 | 48 | 49 | 50 | 2 51 | 52 | 53 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web 54 | 55 | 56 | 57 | 58 | */spring 59 | 60 | 61 | false 62 | 63 | 64 | 65 | jenkins/Jenkinsfile-icp-deploy.groovy 66 | true 67 | 68 | 69 | false 70 | 71 | -------------------------------------------------------------------------------- /jenkins/jobs/web/jobs/web-end-to-end/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-web 31 | false 32 | 33 | 34 | DEPLOY_NEW_VERSION 35 | 36 | false 37 | false 38 | 39 | 40 | 41 | 42 | 43 | 44 | 2 45 | 46 | 47 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web 48 | 49 | 50 | 51 | 52 | */spring 53 | 54 | 55 | false 56 | 57 | 58 | 59 | jenkins/Jenkinsfile-icp-end-to-end.groovy 60 | true 61 | 62 | 63 | false 64 | 65 | -------------------------------------------------------------------------------- /jenkins/jobs/web/jobs/web-update-image/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER_URL 11 | 12 | https://MASTER_NODE_IP:8443 13 | false 14 | 15 | 16 | CLUSTER_ACCOUNT_ID 17 | 18 | 19 | false 20 | 21 | 22 | NAMESPACE 23 | 24 | default 25 | false 26 | 27 | 28 | IMAGE_NAME 29 | 30 | bluecompute-web 31 | false 32 | 33 | 34 | DEPLOY_NEW_VERSION 35 | 36 | false 37 | false 38 | 39 | 40 | 41 | 42 | 43 | 44 | 2 45 | 46 | 47 | https://github.com/ibm-cloud-architecture/refarch-cloudnative-bluecompute-web 48 | 49 | 50 | 51 | 52 | */spring 53 | 54 | 55 | false 56 | 57 | 58 | 59 | jenkins/Jenkinsfile-update-image.groovy 60 | true 61 | 62 | 63 | false 64 | 65 | -------------------------------------------------------------------------------- /scripts/install_cli.sh: -------------------------------------------------------------------------------- 1 | # Checking if bx is installed 2 | grn=$'\e[1;32m' 3 | end=$'\e[0m' 4 | 5 | BX_PATH=$(command -v bx) 6 | 7 | if [[ $? -ne 0 ]]; then 8 | printf "\n\n${grn}Installing Bluemix CLI (bx)...${end}\n" 9 | LATEST=$(curl -s https://clis.ng.bluemix.net/info | grep latestVersion | cut -d: -f2 | sed -e 's/"//g' -e 's/,//') 10 | 11 | if [[ $OSTYPE =~ .*darwin.* ]]; then 12 | curl -o Bluemix_CLI.pkg "http://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-cli/Bluemix_CLI_${LATEST}.pkg" 13 | sudo installer -pkg Bluemix_CLI.pkg -target / 14 | rm Bluemix_CLI.pkg 15 | 16 | elif [[ $OSTYPE =~ .*linux.* ]]; then 17 | curl -o Bluemix_CLI.tar.gz "http://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-cli/Bluemix_CLI_${LATEST}_amd64.tar.gz" 18 | tar zxvf Bluemix_CLI.tar.gz 19 | Bluemix_CLI/install_bluemix_cli 20 | rm -f /tmp/Bluemix_CLI.tar.gz 21 | rm -rf /tmp/Bluemix_CLI 22 | fi 23 | fi 24 | 25 | # Check if bx cs is installed 26 | bx cs &> /dev/null 27 | if [[ $? -ne 0 ]]; then 28 | printf "\n\n${grn}Installing Bluemix Container Service (bx cs) plugin...${end}\n" 29 | bx plugin install container-service -r Bluemix 30 | fi 31 | 32 | # Check if bx cr is installed 33 | bx cr &> /dev/null 34 | if [[ $? -ne 0 ]]; then 35 | printf "\n\n${grn}Installing Bluemix Container Registry Service (bx cr) plugin...${end}\n" 36 | bx plugin install container-registry -r Bluemix 37 | fi 38 | 39 | # Checking if kubectl is installed 40 | KUBE_PATH=$(command -v kubectl) 41 | 42 | if [[ $? -ne 0 ]]; then 43 | printf "\n\n${grn}Installing Kubernetes CLI (kubectl)...${end}\n" 44 | 45 | if [[ $OSTYPE =~ .*darwin.* ]]; then 46 | # OS X 47 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl 48 | 49 | elif [[ $OSTYPE =~ .*linux.* ]]; then 50 | # Linux 51 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl 52 | fi 53 | 54 | chmod +x ./kubectl 55 | sudo mv ./kubectl /usr/local/bin/kubectl 56 | fi 57 | 58 | # Checking if helm is installed 59 | KUBE_PATH=$(command -v helm) 60 | 61 | if [[ $? -ne 0 ]]; then 62 | printf "\n\n${grn}Installing Helm CLI (helm)...${end}\n" 63 | 64 | curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh 65 | chmod 700 get_helm.sh 66 | ./get_helm.sh 67 | 68 | rm get_helm.sh 69 | fi 70 | 71 | 72 | # Installing jq 73 | JQ_PATH=$(command -v jq) 74 | 75 | if [[ $? -ne 0 ]]; then 76 | printf "\n\n${grn}Installing jq${end}\n" 77 | 78 | if [[ $OSTYPE =~ .*darwin.* ]]; then 79 | # OS X 80 | curl -Lo jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-osx-amd64 81 | 82 | elif [[ $OSTYPE =~ .*linux.* ]]; then 83 | # Linux 84 | curl -o jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 85 | fi 86 | 87 | chmod +x ./jq 88 | sudo mv ./jq /usr/local/bin/jq 89 | fi 90 | 91 | # Installing yaml 92 | YAML_PATH=$(command -v yaml) 93 | 94 | if [[ $? -ne 0 ]]; then 95 | printf "\n\n${grn}Installing YAML${end}\n" 96 | 97 | if [[ $OSTYPE =~ .*darwin.* ]]; then 98 | # OS X 99 | curl -LO https://github.com/mikefarah/yaml/releases/download/1.10/yaml_darwin_amd64 100 | mv yaml_darwin_amd64 yaml 101 | 102 | elif [[ $OSTYPE =~ .*linux.* ]]; then 103 | # Linux 104 | curl -o yaml https://github.com/mikefarah/yaml/releases/download/1.8/yaml_linux_amd64 105 | fi 106 | 107 | chmod +x ./yaml 108 | sudo mv ./yaml /usr/local/bin/yaml 109 | fi 110 | -------------------------------------------------------------------------------- /scripts/k8s_create_service_account.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #set -e 3 | set -o pipefail 4 | 5 | # Add user to k8s using service account, no RBAC (must create RBAC after this script) 6 | if [[ -z "$1" ]] || [[ -z "$2" ]]; then 7 | echo "usage: $0 " 8 | exit 1 9 | fi 10 | 11 | SERVICE_ACCOUNT_NAME=$1 12 | NAMESPACE="$2" 13 | 14 | if [[ $OSTYPE =~ .*darwin.* ]]; then 15 | TARGET_FOLDER="/Users/${USER}/.kube/config-${NAMESPACE}-${SERVICE_ACCOUNT_NAME}" 16 | elif [[ $OSTYPE =~ .*linux.* ]]; then 17 | TARGET_FOLDER="/home/${USER}/.kube/config-${NAMESPACE}-${SERVICE_ACCOUNT_NAME}" 18 | fi 19 | 20 | KUBECFG_FILE_NAME="k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf.yaml" 21 | KUBECFG_FILE_PATH="${TARGET_FOLDER}/${KUBECFG_FILE_NAME}" 22 | CA_FILE_PATH="${TARGET_FOLDER}/ca.crt" 23 | 24 | create_target_folder() { 25 | echo -n "Creating target directory to hold files in ${TARGET_FOLDER}..." 26 | mkdir -p "${TARGET_FOLDER}" 27 | printf "done" 28 | } 29 | 30 | create_service_account() { 31 | echo -e "\\nCreating a service account: ${SERVICE_ACCOUNT_NAME} on namespace: ${NAMESPACE}" 32 | kubectl create sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" 33 | } 34 | 35 | create_cluster_role_binding() { 36 | echo -e "\\nCreating a cluster role binding for account: ${SERVICE_ACCOUNT_NAME} on namespace: ${NAMESPACE}" 37 | kubectl create clusterrolebinding "${SERVICE_ACCOUNT_NAME}-binding" --clusterrole=admin --serviceaccount="${NAMESPACE}:${SERVICE_ACCOUNT_NAME}" 38 | } 39 | 40 | get_secret_name_from_service_account() { 41 | echo -e "\\nGetting secret of service account ${SERVICE_ACCOUNT_NAME}-${NAMESPACE}" 42 | SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" -o json | jq -r '.secrets[].name') 43 | echo "Secret name: ${SECRET_NAME}" 44 | } 45 | 46 | extract_ca_crt_from_secret() { 47 | echo -e -n "\\nExtracting ca.crt from secret..." 48 | kubectl get secret "${SECRET_NAME}" --namespace "${NAMESPACE}" -o json | jq \ 49 | -r '.data["ca.crt"]' | base64 -D > "${CA_FILE_PATH}" 50 | printf "done" 51 | } 52 | 53 | get_user_token_from_secret() { 54 | echo -e -n "\\nGetting user token from secret..." 55 | USER_TOKEN=$(kubectl get secret "${SECRET_NAME}" \ 56 | --namespace "${NAMESPACE}" -o json | jq -r '.data["token"]' | base64 -D) 57 | printf "done" 58 | } 59 | 60 | set_kube_config_values() { 61 | context=$(kubectl config current-context) 62 | echo -e "\\nSetting current context to: $context" 63 | 64 | CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) 65 | echo "Cluster name: ${CLUSTER_NAME}" 66 | 67 | ENDPOINT=$(kubectl config view \ 68 | -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}") 69 | echo "Endpoint: ${ENDPOINT}" 70 | 71 | # Set up the config 72 | echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" 73 | echo -n "Setting a cluster entry in kubeconfig..." 74 | kubectl config set-cluster "${CLUSTER_NAME}" \ 75 | --kubeconfig="${KUBECFG_FILE_PATH}" \ 76 | --server="${ENDPOINT}" \ 77 | --certificate-authority="${CA_FILE_PATH}" \ 78 | --embed-certs=true 79 | 80 | echo -n "Setting token credentials entry in kubeconfig..." 81 | kubectl config set-credentials \ 82 | "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ 83 | --kubeconfig="${KUBECFG_FILE_PATH}" \ 84 | --token="${USER_TOKEN}" 85 | 86 | echo -n "Setting a context entry in kubeconfig..." 87 | kubectl config set-context \ 88 | "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ 89 | --kubeconfig="${KUBECFG_FILE_PATH}" \ 90 | --cluster="${CLUSTER_NAME}" \ 91 | --user="${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ 92 | --namespace="${NAMESPACE}" 93 | 94 | echo -n "Setting the current-context in the kubeconfig file..." 95 | kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ 96 | --kubeconfig="${KUBECFG_FILE_PATH}" 97 | } 98 | 99 | 100 | create_target_folder 101 | create_service_account 102 | create_cluster_role_binding 103 | get_secret_name_from_service_account 104 | extract_ca_crt_from_secret 105 | get_user_token_from_secret 106 | set_kube_config_values 107 | 108 | echo -e "\\nAll done! Test with:" 109 | echo "export KUBECONFIG=${KUBECFG_FILE_PATH}" 110 | echo "kubectl get pods" 111 | KUBECONFIG=${KUBECFG_FILE_PATH} kubectl get pods -------------------------------------------------------------------------------- /scripts/k8s_delete_service_account.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #set -e 3 | #set -o pipefail 4 | 5 | # Add user to k8s using service account, no RBAC (must create RBAC after this script) 6 | if [[ -z "$1" ]] || [[ -z "$2" ]]; then 7 | echo "usage: $0 " 8 | exit 1 9 | fi 10 | 11 | SERVICE_ACCOUNT_NAME=$1 12 | NAMESPACE="$2" 13 | 14 | kubectl --namespace ${NAMESPACE} delete sa ${SERVICE_ACCOUNT_NAME}; 15 | kubectl --namespace ${NAMESPACE} delete clusterrolebinding ${SERVICE_ACCOUNT_NAME}-binding -------------------------------------------------------------------------------- /static/diagrams/atlassian.xml: -------------------------------------------------------------------------------- 1 | 3Vpbc9o4FP41PPQhjOV7HgO023TamUzTnbZPHYGF0ca2PLIcoL9+j2z5KkPI4qRs8hDQ0cXyuXzfORITax7v/uI43XxhAYkmphHsJtZiYpoIXRvwISX7UuL6ZikIOQ3UoEZwT38TJVTzwpwGJOsMFIxFgqZd4YolCVmJjgxzzrbdYWsWdZ+a4pBogvsVjnTpdxqITSn1HaORfyQ03FRPRobqWeLVQ8hZnqjnTUxrXfyV3TGu1lLjsw0O2LYlst5PrDlnTJTf4t2cRFK3ldrKeR8O9Nb75iQRp0ww3XLGI45yUm252JjYV8ooXofICWhizbYbKsh9ileydwvmB9lGxJHqVssRLsju4J5Q/abgQYTFRPA9DFETKt0o37FVc9sYAhmWEm5aVrArIVbWD+ulGw3AF6WEYYVcoD5co6sQ09A1YpsDCjGRf75CkKcpgAQQLKrJuNiwkCU4et9IZ42KjK46yI6KH1I89R3V/Fk0q9Yd4RT2SLiaCzri+x/tRjP+HyLEXoEHzgUDUbOdz4ylHRvIXR+3ALwky/lKjVKGF5iHRI2yhu3ESYQFfeyuPqTzYuoN53jfGpAymoistfKdFDTmR17P/L7fDeknxiPQdNfe5Q4a69evcpJDlFrohAh6B+27PNvAxxzIQPMYcH7RdQROMvobL4sB0rRKCzDamU2cBUhwRMMEBCswknSHmQwiChh9ozpiGgSFt0V4SaJZjbxzFjFePLfC3iNhqBhE7aQB5o5zeEfj88qYGteOcpfn+UJjvGoIW68zcLd+gD7TRJqFvjP+kAnYGUsmphtJYyw5fAtFrZyWudYsES0tGobrzucDFhAyxGrpZ2mGO5bR4inWYsmEYHFln1ZHbVHNxC0HYbmIaELmNcNLL1nTKGptbF78gTwTnD2QVo/r+2hmQU/IcUBJ8zoJS0hLvKAcVi+3lUjwqBereN+Ukg1OpWriXSjznWlCxFYqdBrhtNTBCDBv98LcHeK9AZR3nBFAHmk+MArItzEe/VE0t3Q0d85E81OVW0FKKxxNCZj3BLJECZhxTCUEfKSZYHLpJ+Pzfw6nx+MA4BSZzgWhKbJeIjjQREt/Lik47FcKDnStBYclg+Mbp2EIfmoas5xC9fbGQuBAJtnKKGzX7vDB1SUlGHoKOKNima8e5MpQQlnIGMItGhd190x9LmgcwpMiuoT/WEQ4yyiG/ORDvdivz+Dh0+wxHKmytNDU6SbHAyzreAMkO0JpifRS8mVJFr02jth/kGSR5pJei2QViBhfSZZHstp66xxrPgUwpmGfSbIVMHndGeNwrv3ysXL0eMGu2v0DiVePIP+1mNjXIsh+1wodiBQcy1qn/N9U/AsGUC2Z+raA9TcWSAcSIbUS5KrI7TLKBdE0cl4mirw+5bx6ULhnBsV/OolzrF6Jrg5aDp3E9cdbxnXPoGeexOnnPI6M2L/TAAuic9yCpBHbx1LVb57/DuQdnRqzG7iXlF/bmmEBdZeMaVY6OaMupo+cTtu9IytkKwppJdNVFdNOpj37fLZyNA19uv16M0bx8YlyPLKirN6VluXpVYdnDijKPF9Rnqao29kXEMwjlktav+P0sUALkOSZDNtRkABIICv5ALWAISJrcfAcOUvxiibht4ItruxxVO+iHmZXVVj7WNUZujwbo+JzX4Z/HdTj3+M3Z83pUpX2vixf++Pz9clloI4Lbnk5VQxTGWqf/B4plomugti3To0HbFFntFAYdg9Jri4pp9WrlNv5XQfH6nrkKwlpJk46Ua9/hyGtF+BsMxSA3VsmdZN08HLryWuxYRTUHKV/+RRnK0ymKwnfU7C3wDQh/Bev3lW7JDMM73rhjoOmXu9u2dF5zB/AUtc6P7L1c+IhI6Yls5dMf9rF5PFQO2CkLC0vJdd0Jz2lTCpuKqnRSjM2QsgfLd3IFzU/bLfbKV3GYLgYWoURr+B7mgtgPpAUs7K6Ky2d+ioiOJD0SKZpMlJO4lp+7yy0/qlHy5qWbenmRP7zEzhoNr9qKsO++emY9f5f -------------------------------------------------------------------------------- /static/imgs/1_create_job.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/1_create_job.png -------------------------------------------------------------------------------- /static/imgs/2_select_pipeline_type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/2_select_pipeline_type.png -------------------------------------------------------------------------------- /static/imgs/3_setup_pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/3_setup_pipeline.png -------------------------------------------------------------------------------- /static/imgs/4_launch_build.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/4_launch_build.png -------------------------------------------------------------------------------- /static/imgs/5_open_console_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/5_open_console_output.png -------------------------------------------------------------------------------- /static/imgs/6_see_console_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/6_see_console_output.png -------------------------------------------------------------------------------- /static/imgs/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/architecture.png -------------------------------------------------------------------------------- /static/imgs/atlassian/atlassian.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/atlassian/atlassian.png -------------------------------------------------------------------------------- /static/imgs/certificate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/certificate.png -------------------------------------------------------------------------------- /static/imgs/icp_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/icp_4.png -------------------------------------------------------------------------------- /static/imgs/jenkins-hybrid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/jenkins-hybrid.png -------------------------------------------------------------------------------- /static/imgs/jenkins_cloud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/jenkins_cloud.png -------------------------------------------------------------------------------- /static/imgs/jenkins_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/jenkins_dashboard.png -------------------------------------------------------------------------------- /static/imgs/jenkins_login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/jenkins_login.png -------------------------------------------------------------------------------- /static/imgs/jenkins_pod_template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/jenkins_pod_template.png -------------------------------------------------------------------------------- /static/imgs/kubernetes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/kubernetes.png -------------------------------------------------------------------------------- /static/imgs/p_1_create_pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/p_1_create_pipeline.png -------------------------------------------------------------------------------- /static/imgs/p_2_parameters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/p_2_parameters.png -------------------------------------------------------------------------------- /static/imgs/p_2_parameters_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/p_2_parameters_2.png -------------------------------------------------------------------------------- /static/imgs/p_3_script.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/p_3_script.png -------------------------------------------------------------------------------- /static/imgs/rp_1_run_pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/rp_1_run_pipeline.png -------------------------------------------------------------------------------- /static/imgs/rp_2_progress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/rp_2_progress.png -------------------------------------------------------------------------------- /static/imgs/rp_3_success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/rp_3_success.png -------------------------------------------------------------------------------- /static/imgs/rp_4_deploy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-cloud-architecture/refarch-cloudnative-devops-kubernetes/d709b4ae97c56bb6856dd06509ff55d90f53870b/static/imgs/rp_4_deploy.png --------------------------------------------------------------------------------