Over a million developers have joined DZone.

Creating a Kubernetes Workflow Plugin

The author looks at the blockers that Jenkins' Workflow plugin couldn't help him with, and how a Kubernetes workflow plugin can solve those problems.

· DevOps Zone

The DevOps zone is brought to you in partnership with Sonatype Nexus. The Nexus suite helps scale your DevOps delivery with continuous component intelligence integrated into development tools, including Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and more. Schedule a demo today

The last couple of months I've been experimenting with Jenkins and how to best integrate it with Docker and Kubernetes. A couple of months ago I even blogged about possible setups that involve the use of the Docker Workflow Plugin inside Kubernetes (you can find the post here).

While the  Docker Workflow Plugin is really great, it still doesn't cover some special needs that a Kubernetes user might have, such as secrets.  A typical workflow is more than likely to need to access remote repositories, either to checkout code, push artifacts etc. and using secrets in Kubernetes is the cleanest and more secure way to share credentials for those resources. 

Not being able to use secrets was pretty much a blocker for us and we desperately needed it for Fabric8 DevOps. So, we though that we should migrate the concept of running builds inside containers, to running builds inside pods, which lead to implementation of the Kubernetes Workflow Plugin.

The Kubernetes Workflow Plugin

Here is small snippet that demonstrates how you can use Kubernetes Workflow Plugin in order to create a pod in order to perform a maven build:

kubernetes.pod('buildpod').withImage('maven').withSecret('gpg-key','/home/jenkins/.gnupg').inside {      
    git 'https://github.com/fabric8io/kubernetes-workflow.git'
    sh 'mvn clean install'

The beauty of it is that you can just use the standard Maven image and run your build inside it (as one would do with the Docker Workflow Plugin). On top of that it allows you to mount your gpg keys using a secrets volume.

A detailed list of the plugins features:

  • Running Builds inside Pods
    • Environment variables
    • Privileged containers
    • Volumes
      • Secrets
      • Host Path Mounts
      • Empty Dir Mounts
  • Manipulating Docker Images
    • Building
    • Tagging
    • Pushing

Building, Tagging, and Pushing Docker Images

The plugin also allows you to build, tag and push images to a docker registry. Here's a snippet that demonstrates how to do it:

node {
    git 'https://github.com/rawlingsj/node-example.git'
    if (!fileExists ('Dockerfile')) {
      writeFile file: 'Dockerfile', text: 'FROM node:5.3-onbuild'

The example is cloning a NodeJS project, creating a simple Dockerfile for it and then triggering a build. Finally, it tags the built image and pushes it to a Docker Registry. In this example "default" is the project name and "" is the address of the registry. The example was written against Openshift and the plugin is smart enough to handle authenticating to the Openshift. Of course, it also supports reading auth configuration from "${user.home}/.docker/config.json" and also specifying it as part of the DSL.

Note: The building and pushing of Docker images could be handled by the Docker Workflow Plugin too, if the Docker binaries were available on the node.  Why? Because the plugin actually calls the golang Docker client via shell.  If the step is run on master, the master needs the binaries, if the step is executed on the slave the slave need the binaries, if the step is executed inside the pod, then the pod needs the binaries (which is not ideal). To gain in flexibility the Kubernetes Workflow Plugin uses Java to talk to Docker instead.

Stay tuned!

The DevOps zone is brought to you in partnership with Sonatype Nexus. Use the Nexus Suite to automate your software supply chain and ensure you're using the highest quality open source components at every step of the development lifecycle. Get Nexus today


Published at DZone with permission of Ioannis Canellos, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}