Cloud-Native Devops Best Practices(1) - Continuous Integration (CI) + OpenKruise Image Pre-download

    • Continuous Integration(CI) is a hands-on way to bring integration forward to the early stages of the development cycle, allowing builds, tests and integration of code to happen more often and repeatedly.
    • is provided by OpenKruise to pull application images to specific Node nodes in advance of application deployment, which in turn can greatly improve the efficiency of application deployment.

    Architecture

    ci+image predownload

    • Long-term pre-download common sidecar images, base images, such as: istio envoy, log collection containers.
    • In large-scale scenarios, pre-download business app images to a specific K8s Node to reduce the pressure on the image repository during deployment, mainly for Deployment, StatefulSet and other k8s native resources.
    • OpenKruise CloneSet & Advanced StatefulSet InPlace Update with built-in image pre-download capability, refer to CloneSet documentation.

    Note: The OpenKruise image pre-download capability is only available for regular kubelet nodes, and not for virtual kubelet.

    Requirements

    • Install Kubernetes Cluster, Since v1.0.0 (alpha/beta), OpenKruise requires Kubernetes version >= 1.16.
    • Install Tekton, Reference 。 Tekton is a Google open source Kubernetes native framework for creating continuous integration and continuous deployment/delivery (CI/CD) systems.
    • Helm installation of OpenKruise, Since v0.9.0, Reference Install OpenKruise

    1. Git Repo: This article provides a helloworld http service demo, It contains Code, Dockerfile, and Unit Test, as follows:

    Image Pre-download

    Kruise CloneSet & Advanced StatefulSet InPlace Update Built-in Image Pre-download

    Note: This scenario no longer requires to deploy ImagePullJob CRD

    If you have enabled the feature-gate during , CloneSet & Advanced StatefulSet controller will automatically pre-download the image you want to update to the nodes of all old Pods. It is quite useful to accelerate the progress of applications upgrade.

    1. # Firstly add openkruise charts repository if you haven't do this.
    2. $ helm repo add openkruise https://openkruise.github.io/charts/
    4. # [Optional]
    5. $ helm repo update
    7. # Install the latest version.
    8. $ helm install kruise openkruise/kruise --set featureGates="PreDownloadImageForInPlaceUpdate=true"
    10. # Those that have been installed need to be upgraded
    11. $ helm upgrade kruise openkruise/kruise --set featureGates="PreDownloadImageForInPlaceUpdate=true"

    The parallelism of each new image pre-downloading by CloneSet & Advanced StatefulSet is 1, which means the image is downloaded on nodes one by one. You can change the parallelism using the annotation on CloneSet according to the capability of image registry, for registries with more bandwidth and P2P image downloading ability, a larger parallelism can speed up the pre-download process.

    Kubernetes Native Workload, e.g. Deployment, StatefulSet, DaemonSet, Job etc.

    1. Configure ImagePullJob CRD in k8s configmap, as follows:

    1. apiVersion: v1
    2. kind: ConfigMap
    3.   name: imagePullJob
    4. data:
    5.   imagepulljob.yaml: |
    6.     apiVersion: apps.kruise.io/v1alpha1
    7.     kind: ImagePullJob
    8.     metadata:
    9.       name: APP_NAME
    10.     spec:
    11.       # pre-download image
    12.       image: APP_IMAGE
    13.       parallelism: 10
    14.       # You can write the names or label selector in the selector field to assign Nodes (only one of them can be set).
    15.       # If no selector is set, the image will be pulled on all Nodes in the cluster.
    17.         names:
    18.         - node-1
    19.         - node-2
    20.         matchLabels:
    21.           node-type: xxx
    22.       completionPolicy:
    23.         type: Always
    24.         activeDeadlineSeconds: 1200
    25.         ttlSecondsAfterFinished: 300
    26.       pullPolicy:
    27.         backoffLimit: 3
    28.         timeoutSeconds: 300

    1. configure tekton pileline, first executing the Build-Test-DockerPush Task, and second Image Pre-download Task, as follows:

    1. apiVersion: tekton.dev/v1beta1
    2. kind: Pipeline
    3. metadata:
    4.   name: helloworld-pipeline
    5. spec:
    6.   params:
    7.   - name: gitrepositoryurl
    8.     type: string
    9.     type: string
    10.   - name: short_sha
    11.     type: string
    12.   - name: docker_repo
    13.     type: string
    14.   - name: app_name
    15.     type: string
    17.   - name: helloworld-build-push
    18.     taskRef:
    19.       name: helloworld-build-push
    20.     params:
    21.     - name: gitrepositoryurl
    22.       value: $(params.gitrepositoryurl)
    23.     - name: short_sha
    24.       value: $(params.short_sha)
    25.     - name: branch
    26.       value: $(params.branch)
    27.     - name: docker_repo
    28.       value: $(params.docker_repo)
    29.     - name: app_name
    30.       value: $(params.app_name)
    31.   - name: helloworld-image-predownload
    32.   taskRef:
    33.     name: helloworld-image-predownload
    34.     params:
    35.     - name: short_sha
    36.       value: $(params.short_sha)
    37.     - name: branch
    38.       value: $(params.branch)
    39.     - name: docker_repo
    40.       value: $(params.docker_repo)
    41.     - name: app_name
    42.       value: $(params.app_name)
    43.     - helloworld-build-push

    2. Configure PipelineRun CRD, and kubectl apply -f in k8s cluster to run Pipeline, as follows:

    3. The execution results can be viewed via the tekton command line tool tkn, as follows:

    tekton pipeline