Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to isolate CI pipeline per-branch environments in Kubernetes?

Tags:

namespaces

docker

networking

kubernetes

We are developing a CI/CD pipeline leveraging Docker/Kubernetes in AWS. This topic is touched in Kubernetes CI/CD pipeline.

We want to create (and destroy) a new environment for each SCM branch, since a Git pull request until merge.

We will have a Kubernetes cluster available for that.

During prototyping by the dev team, we came up to Kubernetes namespaces. It looks quite suitable: For each branch, we create a namespace ns-<issue-id>.

But that idea was dismissed by dev-ops prototyper, without much explanation, just stating that "we are not doing that because it's complicated due to RBAC". And it's quite hard to get some detailed reasons.

However, for the CI/CD purposes, we need no RBAC - all can run with unlimited privileges and no quotas, we just need a separated network for each environment.

Is using namespaces for such purposes a good idea? I am still not sure after reading Kubernetes docs on namespaces.

If not, is there a better way? Ideally, we would like to avoid using Helm as it a level of complexity we probably don't need.

like image 425
Ondra Žižka Avatar asked Nov 07 '22 09:11

Ondra Žižka

1 Answers

We're working on an open source project called Jenkins X which is a proposed sub project of the Jenkins foundation aimed at automating CI/CD on Kubernetes using Jenkins and GitOps for promotion.

When you submit a Pull Request we automatically create a Preview Environment which is exactly what you describe - a temporary environment which is used to deploy the pull request for validation, testing & approval before the pull request is approved.

We now use Preview Environments all the time for many reasons and are big fans of them! Each Preview Environment is in a separate namespace so you get all the usual RBAC features from Kubernetes with them.

If you're interested here's a demo of how to automate CI/CD with multiple environments on Kubernetes using GitOps for promotion between environments and Preview Environments on Pull Requests - using Spring Boot and nodejs apps (but we support many languages + frameworks).

like image 166
James Strachan Avatar answered Nov 15 '22 07:11

James Strachan
Sign in to Comment

Related questions

Get intellisense in editor from compiled code in docker containers
docker-compose exit code 141
Running RStudio Server on Openshift Online
Loop/Iterate in Dockerfile
Dealing with large binary file (3 GB) in docker and Jenkins
How multiple docker containers can be used on Heroku?
Docker scripts update files whitout build again
Access node modules in typescript while using docker & docker compose
Docker Kerberos WebHDFS AuthenticationException: Unauthorized
Mapping volume related with WORKDIR
How to set container id when I run docker-compose up?
Docker build fails on `add-apt-repository: not found`
Docker: How to copy a file from one folder in a container to another?
docker-compose replays past output on container reboot
How to enable outbound connections for a Docker container?
How to automate Multi-Arch-Docker Image builds
asp.net core docker issue
Cant remove docker images on azure, gives "Error: No such image"
Comparing HA-cluster platforms for my usecase
docker RUN append to /etc/hosts in Dockerfile not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!