Skip to main contentIBM Garage Vaccine Delivery at Scale

DevOps with GitOps and Tekton

Development flow

1

GitOps

Our Continuous Integration (CI) approach is one of “zero-infrastructure overhead”, as such Cloud Pak for application and the garage team have adopted GitOps where a specific git repository contains declarative descriptions of the infrastructure currently desired environments (dev, staging, production), combined with Appsody deploy commands and Tekton to automate the devops pipeline.

Each application repository includes deployment manifests (app-deploy.yaml) to configure the application at deployment time.

The gitops-dev repository contains all deployment manifests of the currently desired infrastructure of an deployment environment.

We are using a pull-based deployments, where the build pipeline is triggered by a pull requests or a commit on the application repository, and an operator, running in the solution namespace, is continuously comparing the desired state in the environment repository with the actual state in the deployed infrastructure.

Tekton Pipeline

Tekton is an open source project that provides a framework to create cloud-native CI/CD pipelines quickly. As a Kubernetes-native framework, Tekton makes it easier to deploy across multiple cloud providers or hybrid environments.

Pre-requisites

Install Tekton pipeline

See the instructions here which can be summarized by the following steps:

# create dedicated pipeline project
oc new-project tekton-pipelines
# Give access to current user and to the appsody service account.
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
# install tekton
oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml
# Verify pods are started
oc get pods --namespace tekton-pipelines --watch

For a given solution including multiple components deployed as pods, in the same namespace it is recommended to create a service account like the following manifest.

apiVersion: v1
kind: ServiceAccount
metadata:
name: vaccine-solution-sa
secrets:
- name: dockerhub-secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding

One of such file is in the gitops-ev project.

oc apply -f tekton/appsody-tekton.yaml

Application deployment

Each application is built with Appsody and deployed via Appsody operator. Defined in the tekton directory of the gitops-dev project, we have a simple pipeline that will utilize the appsody deploy command to deploy the generated AppsodyApplication CRD YAML to the target environment.

Tekton Pipelines run on the same cluster (and often in the same namespace!) as your running application code, thus allowing for more programmatic control over the deployment, management, operations, and existence of your application components. The key artifact that enables Tekton to deploy any Appsody-based microservice is the generated app-deploy.yaml file.

We need to define a pipeline which may look the same for each project. Still for clear separation of concern, each java projet includes a src/main/tekton folder with the needed pipeline, resources and task manifests. Here is an example of pipeline:

apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: appsody-build-pipeline
spec:
resources:
- name: git-source
type: git
- name: docker-image

and pipeline resources that define the target docker image name and the URL of the source repository, those resources are per project. See an example here

The pipeline is executing a Tekton task named appsody-build-push-deploy-task and example can be found here.

When appsody build is executed the deployment manifest for the application (app-deploy.yaml file) is created or updated, the deployment will use this file for the oc apply command.

The image url must match the definition of the Docker image resource that you created for the pipeline.

To run the pipeline manually use the pipeline-run manifest. For example for the reefer monitorign service the manifest is under the scripts folder:

oc apply -f scripts/reefer-monitoring-pipeline-run.yaml
# verify the pipeline run
tkn pipelinerun list
NAME STARTED DURATION STATUS
reefer-monitoring-pipeline-run-task 31 seconds ago --- Running

Once the appsody deploy command is succesful, the Appsody Operator and Kubernetes takes care of the rest and reconciles the necessary underlying Kubernetes artifacts that are required to fulfill the requirements of serving up the application code in real-time!