This is a simple app using Spring Boot as part of Red Hat OpenShift Application Runtimes.
git clone
mvn spring-boot:run
The app uses Spring Fox to generate an OpenAPI spec. You can view the spec at /swagger.json or Swagger UI at /swagger-ui.html.
-
SonarQube Scanner Plugin. NOTE: This plugin is a client and needs to connect to a running sonar server.
- Usage:
mvn sonar:sonar
to execute.- Plugin is currently not tied to the standard maven lifecyle.
- To help execute the scan in Jenkins pipelines, the
sonarqubeStaticAnalysis()
function from the pipeline-library will execute the goal in your build process. - SonarQube plugin docs
- Usage:
-
Jacoco Maven Plugin
- Usage:
mvn package
to execute in standard maven lifecyclemvn jacoco:report
to execute the plugin standalone
- Code coverage reports will then be found in
target/site
. - Jacoco plugin docs
- Usage:
-
OWASP Dependency Check
- Usage:
mvn verify
to execute in standard maven lifecyclemvn dependency-check:check
to execute the plugin standalone
- The dependency-check plugin will check dependencies for vulnerabilities against the National Vulnerability Database hosted by NIST and fail should there be any dependency with a CVSS score greater or equal to that specified in the pom file.
- Maven plugin docs
- OWASP Dependency Check docs
- Continuous security and OWASP Dependency Check blog
- Usage:
This demonstrates how to implement a full end-to-end Jenkins Pipeline for a Java application in OpenShift Container Platform. This sample demonstrates the following capabilities:
- Deploying an integrated Jenkins server inside of OpenShift
- Running both custom and oob Jenkins slaves as pods in OpenShift
- "One Click" instantiation of a Jenkins Pipeline using OpenShift's Jenkins Pipeline Strategy feature
- Building a Jenkins pipeline with library functions from our pipeline-library
- Automated rollout using the openshift-appler project.
This quickstart can be deployed quickly using Ansible. Here are the steps.
- Clone this repo
- Run
ansible-galaxy install -r requirements.yml --roles-path=galaxy
- Log into an OpenShift cluster, then run the following command.
$ ansible-playbook -i ./.applier/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
At this point you should have 4 projects created (basic-spring-boot-build
, basic-spring-boot-dev
, basic-spring-boot-stage
, and basic-spring-boot-prod
) with a pipeline in the -build
project, and the Spring Rest demo app deployed to the dev/stage/prod projects.
The following breaks down the architecture of the pipeline deployed, as well as walks through the manual deployment steps
The components of this pipeline are divided into two templates.
The first template, .openshift/templates/build.yml
is what we are calling the "Build" template. It contains:
- A
jenkinsPipelineStrategy
BuildConfig - An
s2i
BuildConfig - An ImageStream for the s2i build config to push to
The build template contains a default source code repo for a java application compatible with this pipelines architecture
The second template, .openshift/templates/deployment.yml
is the "Deploy" template. It contains:
- A tomcat8 DeploymentConfig
- A Service definition
- A Route
The idea behind the split between the templates is that I can deploy the build template only once (to my build project) and that the pipeline will promote my image through all of the various stages of my application's lifecycle. The deployment template gets deployed once to each of the stages of the application lifecycle (once per OpenShift project).
This project includes a sample Jenkinsfile
pipeline script that could be included with a Java project in order to implement a basic CI/CD pipeline for that project, under the following assumptions:
- The project is built with Maven
- The OpenShift projects that represent the Application's lifecycle stages are of the naming format:
<app-name>-dev
,<app-name>-stage
,<app-name>-prod
.
This pipeline defaults to use our Spring Boot Demo App.
- One or Two OpenShift Container Platform Clusters
- OpenShift 3.5+ is required
- Red Hat OpenJDK 1.8 image is required
- Access to GitHub
For the purposes of this demo, we are going to create three stages for our application to be promoted through.
basic-spring-boot-build
basic-spring-boot-dev
basic-spring-boot-stage
basic-spring-boot-prod
In the spirit of Infrastructure as Code we have a YAML file that defines the ProjectRequests
for us. This is as an alternative to running oc new-project
, but will yeild the same result.
$ oc create -f .openshift/projects/projects.yml
projectrequest "basic-spring-boot-build" created
projectrequest "basic-spring-boot-dev" created
projectrequest "basic-spring-boot-stage" created
projectrequest "basic-spring-boot-prod" created
For this step, the OpenShift default template set provides exactly what we need to get jenkins up and running.
$ oc process openshift//jenkins-ephemeral | oc apply -f- -n basic-spring-boot-build
route "jenkins" created
deploymentconfig "jenkins" created
serviceaccount "jenkins" created
rolebinding "jenkins_edit" created
service "jenkins-jnlp" created
service "jenkins" created
A deploy template is provided at .openshift/templates/deployment.yml
that defines all of the resources required to run our Tomcat application. It includes:
- A
Service
- A
Route
- An
ImageStream
- A
DeploymentConfig
- A
RoleBinding
to allow Jenkins to deploy in each namespace.
This template should be instantiated once in each of the namespaces that our app will be deployed to. For this purpose, we have created a param file to be fed to oc process
to customize the template for each environment.
Deploy the deployment template to all three projects.
$ oc process -f .openshift/templates/deployment.yml -p=APPLICATION_NAME=basic-spring-boot -p NAMESPACE=basic-spring-boot-dev -p=SA_NAMESPACE=basic-spring-boot-build -p=READINESS_PATH="/health" -p=READINESS_RESPONSE="status.:.UP" | oc apply -f-
service "spring-rest" created
route "spring-rest" created
imagestream "spring-rest" created
deploymentconfig "spring-rest" created
rolebinding "jenkins_edit" configured
$ oc process -f .openshift/templates/deployment.yml -p=APPLICATION_NAME=basic-spring-boot -p NAMESPACE=basic-spring-boot-stage -p=SA_NAMESPACE=basic-spring-boot-build -p=READINESS_PATH="/health" -p=READINESS_RESPONSE="status.:.UP" | oc apply -f-
service "spring-rest" created
route "spring-rest" created
imagestream "spring-rest" created
deploymentconfig "spring-rest" created
rolebinding "jenkins_edit" created
$ oc process -f .openshift/templates/deployment.yml -p=APPLICATION_NAME=basic-spring-boot -p NAMESPACE=basic-spring-boot-prod -p=SA_NAMESPACE=basic-spring-boot-build -p=READINESS_PATH="/health" -p=READINESS_RESPONSE="status.:.UP" | oc apply -f-
service "spring-rest" created
route "spring-rest" created
imagestream "spring-rest" created
deploymentconfig "spring-rest" created
rolebinding "jenkins_edit" created
A build template is provided at applier/templates/build.yml
that defines all the resources required to build our java app. It includes:
- A
BuildConfig
that defines aJenkinsPipelineStrategy
build, which will be used to define out pipeline. - A
BuildConfig
that defines aSource
build withBinary
input. This will build our image.
Deploy the pipeline template in build only.
$ oc process -f .openshift/templates/build.yml -p=APPLICATION_NAME=basic-spring-boot -p NAMESPACE=basic-spring-boot-build -p=SOURCE_REPOSITORY_URL="https://github.com/nmalvankar/spring-rest.git" -p=APPLICATION_SOURCE_REPO="https://github.com/nmalvankar/spring-rest.git" | oc apply -f-
buildconfig "spring-rest-pipeline" created
buildconfig "spring-rest" created
At this point you should be able to go to the Web Console and follow the pipeline by clicking in your basic-spring-boot-build
project, and going to Builds -> Pipelines. At several points you will be prompted for input on the pipeline. You can interact with it by clicking on the input required link, which takes you to Jenkins, where you can click the Proceed button. By the time you get through the end of the pipeline you should be able to visit the Route for your app deployed to the myapp-prod
project to confirm that your image has been promoted through all stages.
Cleaning up this example is as simple as deleting the projects we created at the beginning.
oc delete project basic-spring-boot-build basic-spring-boot-dev basic-spring-boot-prod basic-spring-boot-stage