The need to deliver applications faster and with better quality is widespread across all industries and keeps increasing every year (CNCF Cloud Native Survey 2020). OpenShift, as the enterprise Kubernetes platform for developers, is sharply focused on enabling organizations to automate application delivery through DevOps practices such as continuous integration and continuous delivery (CI/CD).
We are excited to announce the general availability of OpenShift Pipelines and OpenShift GitOps as the foundation of cloud-native CI/CD and GitOps on Red Hat OpenShift Container Platform. OpenShift Pipelines provides a cloud-native continuous integration solution based on Tekton, a Continuous Delivery Foundation (CDF) project. OpenShift GitOps enables GitOps workflows for application deployments and configuration of applications and Kubernetes clusters through Argo CD, a Cloud Native Computing Foundation (CNCF) project.
OpenShift Pipelines: Cloud-Native Continuous Integration
Tekton is the core of OpenShift Pipelines and provides a Kubernetes-native framework for creating pipelines that automate the delivery of applications and run native as pods on the cluster. Tekton is built on top of Kubernetes concepts, an operational model that significantly reduces the operational overhead of continuous integration infrastructure for organizations when combined with the serverless execution model. Running pipelines in isolated pods on OpenShift with no central shared server allows teams to own their delivery pipelines without risking conflict or undesired dependencies among teams.
Building on Tekton, OpenShift Pipelines assists developers by providing pipeline blueprints that are automatically created when importing applications to the OpenShift platform. These blueprints are created by admins based on their organization’s unique business and security requirements and delivered to development teams through the OpenShift Console. In addition, developers can use the pipeline builder to compose advanced CI workflows for their applications. OpenShift Pipelines provide a curated list of Tekton ClusterTasks for use when authoring pipelines manually or through the graphical pipeline builder for common CI tasks such as performing Git commands, building container images from application source, and pushing image registries, to name a few.
Using pipelines in OpenShift has never been easier with the native integration with the OpenShift Console allowing developers to configure webhooks, execute pipelines on code changes, and view results and logs directly alongside their applications. Additionally, the pipeline logs are made available in OpenShift Logging and are aggregated with the platform logs for audit and other purposes.
Developers using command line and IDEs can take advantage of Tekton CLI, the Tekton extension for Visual Studio Code and Tekton plug-in for IntelliJ, to interact with pipelines without leaving their environment and create, start, view, and perform actions on the cluster directly from the command line. Tekton Hub provides a central hub for finding reusable Tekton Tasks when authoring pipelines. Developers can use Tekton CLI, Tekton extension for Visual Studio Code, and Tekton plug-in for IntelliJ to search for Tasks in Tekton Hub directly from the command line or IDE and install the tasks on the cluster for use within their pipelines.
OpenShift Pipelines now includes the following new capabilities:
- Pipeline log aggregation in the OpenShift Logging central log management
- Automatic proxy configuration on TaskRuns
- Enabling TLS for EventListeners pods
- ClusterTriggerBindings for BitBucket and GitLab
- Jenkins-to-Tekton migration guide
- Log aggregation in the OpenShift Logging central log management
- Authentication integration guidance with Red Hat SSO and OpenShift
- Dynamic generation of Argo CD Applications with ApplicationSets (Tech Preview)
- Collection of Argo CD metrics through the OpenShift monitoring stack Prometheus
- OutOfSync alerts in OpenShift monitoring stack AlertManager
OpenShift GitOps: Continuous Delivery With GitOps
Git has been at the center of software development for a long time, and many teams have adopted the Git pull-request workflow for developing code. GitOps is an approach to continuous delivery (CD) and treats Git as the single source of truth for everything, including infrastructure, platform, and application configurations. Teams can then take advantage of Git workflows to drive cluster operations and application delivery to enable predictable, more secure, and repeatable changes to clusters. At the same time, observability and visibility of the actual state are increased, and possible configuration drifts can be detected easily and immediately through the GitOps workflow. GitOps allows for maintaining full transparency through Git audit capabilities and provides a straightforward mechanism to roll back to any desired version across multiple OpenShift and Kubernetes clusters.
OpenShift GitOps is built around Argo CD as the declarative GitOps engine that enables GitOps workflows across multicluster OpenShift and Kubernetes infrastructure. Using Argo CD, teams can sync the state of OpenShift and Kubernetes clusters and applications with the content of the Git repositories manually or automatically. Argo CD continuously compares the state of the clusters and the Git repositories to identify any drift and can automatically bring the cluster back to the desired state if any change is detected on the Git repository or the cluster. The auto-healing capabilities in Argo CD increase the security of the CD workflow by preventing undesired, unauthorized, or unvetted changes that might be performed directly on the cluster unintentionally or through security breaches.
Once OpenShift GitOps is enabled on the cluster through the OperatorHub, the default Argo CD dashboard can be accessed through the application launcher in OpenShift Console. The default Argo CD instance is configured with sufficient privileges to drive cluster configuration management such as installing operators from OperatorHub and configuring cluster and OperatorHub operators, user roles and access (RBAC), storage, and more.
As organizations adopt DevOps values and culture, many opt for sharing application delivery responsibilities with development teams and enable them to own the delivery of their applications. OpenShift GitOps enables these organizations to deploy namespace-scoped instances of Argo CD through the Developer Catalog and transfer the ownership of these instances to the development teams. Namespace-scoped Argo CD instances are configured by default to restrict deployments and configuration of resources only within the namespaces accessible to the particular development team and prohibits changes to the cluster configurations or other namespaces. Additional privileges may be granted to each Argo CD instance if desired by the cluster admins.
Furthermore, Argo CD’s flexible deployment topology adapts to the organization’s GitOps process and can act as a central hub for pushing changes from Git repositories to remote OpenShift and Kubernetes clusters on public cloud (EKS, AKS, and GCP) as well as pulling changes into the cluster that it is running on. This eliminates the need for a central layer to be aware of the cluster fleet within the organization.
In addition to Argo CD, OpenShift GitOps provides an opinionated GitOps workflow based on Tekton (provided through OpenShift Pipelines), Argo CD, and Kustomize, which is bootstrapped by the GitOps Application Manager CLI and is included as a Tech Preview feature. GitOps Application Manager CLI populates a configuration Git repository with the Kubernetes manifests for the application across its environments and uses the Git workflows for promoting the application throughout its life cycle to the next environment.
Organizations that want to expand their GitOps workflow to cluster life-cycle management, policy and compliance can take advantage of Red Hat Advanced Cluster Manager for Kubernetes, which uses OpenShift GitOps to support GitOps workflows for cluster management operations.
OpenShift GitOps now includes the following capabilities:
- Log aggregation in the OpenShift Logging central log management
- Authentication integration guidance with Red Hat SSO and OpenShift
- Dynamic generation of Argo CD Applications with ApplicationSets (Tech Preview)
- Collection of Argo CD metrics through the OpenShift monitoring stack Prometheus
- OutOfSync alerts in OpenShift monitoring stack AlertManager
Tekton and Argo CD Communities
At Red Hat, we believe in creating better technology through the open source model and the innovation that is driven out of the open source communities. Red Hat continues to be an active participant in the Tekton and Argo CD communities and collaborates with other contributors to drive these projects forward as core technologies that power the cloud-native continuous integration and continuous delivery on OpenShift.
To try out OpenShift Pipelines and OpenShift GitOps, try http://learn.openshift.com/gitops.
原创文章,作者:奋斗,如若转载,请注明出处:https://blog.ytso.com/303608.html