New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let's customize Activiti Cloud Jenkins-X pipelines to build Docker images with DinD #2224

Closed
igdianov opened this Issue Nov 30, 2018 · 4 comments

Comments

3 participants
@igdianov
Copy link
Member

igdianov commented Nov 30, 2018

sidecar container so, that

  • Docker daemon on VM host is fully secured and isolated from Jenkins X builder pods.
  • Concurrent Jenkins X pipeline Docker builds and CI tests are fully isolated from each other.
  • CI Docker containers are deleted by Kubernetes when Pod is deleted
  • CI Docker containers are accessible by CI tests via http://localhost:port inside Maven builder container.
  • Docker graph storage space is reclaimed by Kubernetes when Pod is deleted
  • Skaffold will build images using sidecar Dind daemon and push images to public docker.io registry
  • Dind daemon will use Google gcr.io as registry mirror for pulling cached images.

We will setup DinD sidecar container by customizing Jenkinsfile agent with additional pod spec to override and map DOCKER_HOST in Maven builder container to use Docker daemon in DinD container:

image

More details to follow....

@salaboy salaboy added this to Open in Activiti 7.x via automation Dec 3, 2018

@salaboy salaboy added this to the Beta5 milestone Dec 3, 2018

@salaboy

This comment has been minimized.

Copy link
Member

salaboy commented Dec 3, 2018

@igdianov do you roughly know what are the changes in the pipelines?

@igdianov

This comment has been minimized.

Copy link
Member

igdianov commented Dec 4, 2018

@salaboy These are going to be the changes in pipelines. @almerico already has a pending PR to integrate DinD into micro-services pipelines to use Skaffold to build Docker images: jx-build-bot/environment-terrierdawn-staging#37

Jenkinsfile:

agent {
//   label "jenkins-maven"
    kubernetes {
       // Change the name of jenkins-maven label to be able to use yaml configuration snippet
       label "maven-dind"
       // Inherit from Jx Maven pod template
       inheritFrom "maven"
       // Add pod configuration to Jenkins builder pod template
       yamlFile "maven-dind.yaml"
    } 
}

add maven-dind.yaml:

spec:
  volumes:
  - name: docker-daemon
    emptyDir: {}
  - name: jenkins-docker-cfg-volume
    secret:
      secretName: jenkins-docker-cfg
  containers:
  # Override Docker config in Maven to use DinD 
  - name: maven
    env:
    - name: DOCKER_HOST
      value: tcp://localhost:2375
    volumeMounts:
    - mountPath: /var/lib/docker  
      name: docker-daemon
  # Create sidecar container with DinD to build docker images
  - name: dind
    image: docker:18.06.1-dind
    imagePullPolicy: IfNotPresent
    args:
    - --registry-mirror=https://mirror.gcr.io
    workingDir: /home/jenkins
    securityContext:
      privileged: true
    tty: true
    env:
    - name: DOCKER_CONFIG
      value: /home/jenkins/.docker/ 
    - name: DOCKER_HOST
      value: tcp://localhost:2375
    - name: DOCKER_REGISTRY
      valueFrom:
        configMapKeyRef:
          name: jenkins-x-docker-registry
          key: docker.registry
    resources:
      requests:
        cpu: 512m
        memory: 1024Mi
      limits:
        cpu: 1
        memory: 2048Mi
    volumeMounts:
    - mountPath: /home/jenkins
      name: workspace-volume
    - mountPath: /var/lib/docker  
      name: docker-daemon
    - mountPath: /home/jenkins/.docker
      name: jenkins-docker-cfg-volume
      readOnly: true  
@salaboy

This comment has been minimized.

Copy link
Member

salaboy commented Dec 14, 2018

@igdianov @almerico can we close this? I assumed that this was part of the example repos pipelines. If we can close it, please close.

@almerico

This comment has been minimized.

Copy link
Member

almerico commented Dec 14, 2018

this is done in example repos which produce docker images

@almerico almerico closed this Dec 14, 2018

Activiti 7.x automation moved this from Open to Closed Dec 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment