Skip to content
/ binary-authorization-demo Public

Complete Demonstration of CloudBees Core or Jenkins with Binary Authorization on Google Cloud

8 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

beedemo/binary-authorization-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
k8s
k8s
 
 
scripts
scripts
 
 
setup
setup
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

CloudBees Core Integration with Binary Authorization

This application demonstrates how to use Google Cloud's Binary Authorization to validate and approve container images before deploying them to Google Kubernetes Engine (GKE) with CloudBees Core.

The demonstration used the Spring Petclinic application as a sample application but the same methodology would apply to any application that is being deploying on Kubernetes.

Goals

Choices were made in the Jenknisfile Pipeline for this application to highlight several features but are not the only way to accomplish this integration.

  • Provide an extensible integration that can be used for different combinations of CloudBees Core and GCP. E.g. Multiple Projects, Multiple Namespaces.
  • Provide compartmentalized steps that can be used independently in different Jenkins Pipelines. E.g. Kaniko build, Attestation Signing.
  • Demonstrate conditional flow control of Jenknis Declarative Pipeline using environment and when based on presence of git tags.

Prerequisites

These items must be available to run this demonstration.

Cloud Environment

  • Google Cloud Platform (GCP) Project - This demonstration was built to run on GCP specifically. Substitutions for any component will require changes to the demonstration.
    • Google Kubernetes Engine - At least one Kubernetes cluster must be available to deploy application and for running pipeline.
    • Google Container Registry - The application container image will be uploaded to GCR for verification and deployed from GCR.
  • CloudBees Core - This demonstration was built using CloudBees Core running on GKE. You can quickly install CloudBees Core on GKE using the GCP Marketplace.
  • GitHub or Bitbucket account - It is highly recommended to use GitHub, Bitbucket or Gitea support for this demonstration because they have support for Tags. For Gitea you will need to make sure it is available on the internet.

Local Tools

  • Linux or OS-X (for setup) - The setup scripts provided will only work on Linux or OS-X
  • gcloud
  • kubectl
  • gpg2

Running the Demo

Simple Installation

All of the setps needed to set up this demonstration are provided in the setup directory. This setup assumes that you have a GCP project available for testing that can be cleaned up easily and not affect other workloads. The setup process will create several items in your GCP project including: container analysis note,attestor and a service account.

Steps:

  1. Fork and clone this repository
  2. Edit setup/configuration
  3. Run setup/setup.sh - this script will make several changes to your GCP Project and create a Jenkinsfile for you.
  4. Commit and Push changes back to your repository
  5. Create a Multibranch Pipeline in Jenkins for your repository and enable Tag Discovery

Setup scripts

The setup.sh script runs multiple scripts to set up a particular part of the demonstration. Each of these scripts can also be run independently if you want to have more control of the installation or skip different steps.

Watch Video Walkthrough

Video Walkthrough

About

Complete Demonstration of CloudBees Core or Jenkins with Binary Authorization on Google Cloud

Resources

Readme
Activity
Custom properties

Stars

8 stars

Watchers

11 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages