A Growing CI/CD Ecosystem Showcased at KubeCon
CI/CD workflow, tools, and security testing are critical components of DevOps programs. Here are some insights from KubeCon 2018.
However, the topic of testing and continuous integration came up prior to this track. In the first keynote of the event, by Executive Director of the Cloud Native Computing Foundation Dan Kohn, a strong call for improving test coverage and CI tooling for Kubernetes was made. He held up SQLite as an example of an open source project that has incredible test coverage, and even went as far as to say "Our software is not as good as SQLite." We learned that SQLite has 100% branch test coverage, millions of test cases, and about 1,000 times as much test code as production code. Even with all these incredible stats, the relatively new American Fuzzy Lop (AFL) security tool still found bugs, though they were quickly fixed and AFL-powered tests were adopted into their CI pipeline.
He then put up a slide listing orchestration, containerization, and microservices and asked the audience what the most important part of the cloud native architecture was. It was obviously a trick question because his conclusion was that CI is actually the most important thing. He wrapped up by explaining that enterprises should also be focusing on CI, but as a second step after containerizing their applications.
This was a great segue into the CI/CD talks which lasted the rest of the day. Confirming the strength of CI/CD topics and the hunger for CI/CD related knowledge, the room for this track was one of the larger ones, and the presenters spoke to a packed room all day. A couple of themes emerged from these talks, the first of which was the heavy use of "GitOps" where CI/CD pipelines are triggered by changes pushed to the Git repository. During my time working as a systems engineer on the OpenStack project, we were running all the OpenStack code through a system that worked in this way, so I was thrilled to opportunity to talk with the first speaker, Tanmai Gopal of Hasura, later in the week about the rise of GitOps and how companies and projects are rallying around this model.
Another trend was the commoditization of open source CI/CD tooling. Almost every presenter that day either had an open source project that reflected their tooling, or were working with and evaluating open source projects. Tanmai had Gitkube, a project he demoed which is used to "Build and deploy docker images to Kubernetes using git push." In a talk from Simon Cochrane and Suneeta Mall of the Australian company Nearmap, in they shared CVManager, "a custom Kubernetes controller to achieve a declarative configuration approach to continuous deployment."
In a talk by Matt Rickard of Google, there was a call for separating image creation from other things Docker does, like publishing and running. To this end, he compared various open source tools designed to build Docker (and sometimes OCI) images, including Buildah, img, and Kaniko. Going from tech to retail, Mikkel Larsen of Zalando took to the stage to talk about how they're using the Kubernetes e2e tests to help continuously deploy the Kubernetes platform itself, and shared the source for the Docker image they're using to do this.
Gard Rimestad and Øyvind Ingebrigtsen Øvergaard from Schibsted media group came to talk about their Spinnaker implementation that they launched a year ago. Notably, Spinnaker is an evolution in commoditizing CI/CD itself. Originally developed at Netflix it has been quickly adopted across the industry, and is now one of the tooling options available in the DC/OS Service Catalog. Finally, perhaps the most commoditized CI/CD system presented that day came at the end, with James Strachan of CloudBees introducing us to Jenkins X, which was just announced in March. With Jenkins X you have a full Kubernetes-based GitOps-driven pipeline that simplifies all the pieces, allowing a team to quickly start running tests on their projects using Jenkins and a Kubernetes cluster by only providing a small amount of information about the project. I've been excited to see such a turnkey solution finally be developed, since the prospect of a CI/CD pipeline is daunting for most organizations due to the number of new technologies involved and the "moving parts" required to make a pipeline work reliably.
It will be interesting to see what the next couple of years holds for the maturing of the open source CI/CD ecosystem. With so many organizations open sourcing their work and events like OpenDev CI/CD, where I'll be giving a keynote about CI/CD of Microservices with Containers, on May 22nd in Vancouver, it's a great time to be involved with the testing side of software development.