Skip to content

Commit

Permalink
cherrypick from main branch
Browse files Browse the repository at this point in the history
  • Loading branch information
@rcarrata
rcarrata committed Jul 23, 2021
2 parents 78c7a1a + 0e60396 commit cf08216
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 9 deletions.
23 changes: 16 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,6 @@ DevSecOps CICD pipeline demo using several technologies such as:
- [Gatling](https://gatling.io/)
- [Zap Proxy](https://www.zaproxy.org/)

## Prerequisites

- Openshift Cluster 4.7+
- Ansible 2.7+

# Overview

## 1. Continuous Integration
Expand Down Expand Up @@ -54,7 +49,6 @@ NOTE: these 3 steps are executed in parallel for saving time in our DevSecOps pi

8. Kubernetes [kustomization files updated](docs/Steps.md#update-deployment) with the latest image [commit-sha] in the overlays for dev. This will ensure that our Application are deployed using the specific built image in this pipeline.


## 3. Continuous Delivery

Argo CD continuously monitor the configurations stored in the Git repository and uses Kustomize to overlay environment specific configurations when deploying the application to DEV and STAGE environments.
Expand Down Expand Up @@ -106,10 +100,17 @@ This ensures that we have the total control of our pipelines, and no image is pu

## Prerequisites

- Openshift Cluster 4.7+
- Ansible 2.7+

* [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora)

* [Install Kubernetes Ansible Module](https://docs.ansible.com/ansible/latest/collections/community/kubernetes/k8s_module.html)

```
ansible-galaxy collection install community.kubernetes
```

## Bootstrap

Fully automated deployment and integration of every resource and tool needed for this demo.
Expand All @@ -120,6 +121,8 @@ Fully automated deployment and integration of every resource and tool needed for

IMPORTANT: this is a working progress, be aware that some parts could not work as expected. PR are welcome :)

NOTE: you want to test the full end2end install using Ansible? Check out the [develop branch](https://github.com/rcarrata/devsecops-demo/tree/develop)!

## Credentials & Resources

Check the resources deployed for this demo with:
Expand Down Expand Up @@ -150,11 +153,17 @@ NOTE: This pipeline will fail if you don't [disable the "Fixable CVSS >= 7"](doc

* [Option II - Failure CICD pipeline due to the ACS violation policy](https://youtu.be/jTRImofd6wQ?t=380)

* [Openshift Coffee Break - ACS for Kubernetes - DevSecOps Way](https://youtu.be/43Mr30mXq0I?t=1955)

## Promote Pipeline and Triggers

* [Promote Pipeline](docs/promote.md)
* [Triggers in Dev Pipeline](doc/triggers.md)

# Troubleshooting

* [Check the Tshoot section](docs/tshoot.md)

# Credits

This repo is heavily based in the [CICD repository](https://github.com/siamaksade/openshift-cicd-demo) and work of Siamak Sadeghianfar. Kudos to Siamak!
Expand All @@ -163,7 +172,7 @@ Big thanks also to [Rodrigo Alvares](https://github.com/ralvares) that helped wi

## TODO

- Improve automation and bootstraping scripts
- Add documentation about triggers
- Add better branching with GitHub Flow model
- Update images for the infra (nexus, gogs, etc) with the latest versions
- Use Nexus Operator
2 changes: 1 addition & 1 deletion demo.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ command.status() {

info "## GOGS Server - Username/Password: gogs/gogs ##"
GOGS=$(oc get route -n cicd gogs -o jsonpath='{.spec.host}')
printf "https://$GOGS"
printf "http://$GOGS"
echo ""

info "## Nexus Server - Username/Password: admin/admin123 ##"
Expand Down
73 changes: 73 additions & 0 deletions docs/tshoot.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Troubleshooting section

## Rate limiting issues

* Issue:

Rate limiting in DockerHub sometimes prevent to pull the images if your cluster reach the DockerHub limit.

For example:

```
Failed to pull image "centos": rpc error: code = Unknown desc = Error reading manifest latest in
docker.io/library/centos: toomanyrequests: You have reached your pull rate limit. You may increase
the limit by authenticating and upgrading:
```

* Resolution:

To prevent this you can [authenticate your docker hub
account](https://developers.redhat.com/blog/2021/02/18/how-to-work-around-dockers-new-download-rate-limit-on-red-hat-openshift#authenticate_to_your_docker_hub_account)

On the other hand, we'll move all the images to quay.io / registry.redhat.io to prevent this issue.

## Code Analysis Failures

* Issue:

Sometimes Code Analysis raises an error when mvn is running the maven install 'sonar:sonar':

```
[[1;31mERROR[m] Failed to execute goal
[32morg.apache.maven.plugins:maven-compiler-plugin:3.8.1:testCompile[m [1m(default-testCompile)[m on
project [36mspring-petclinic[m: [1;31mCompilation failure[m
[[1;31mERROR[m]
[1;31m/workspace/source/spring-petclinic/src/test/java/org/springframework/samples/petclinic/service/ClinicServiceTests.java:[30,51]
cannot access org.springframework.samples.petclinic.owner.Pet[m
[[1;31mERROR[m] [1;31m bad class file:
/workspace/source/spring-petclinic/target/classes/org/springframework/samples/petclinic/owner/Pet.class[m
[[1;31mERROR[m] [1;31m class file contains wrong class:
org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest[m
[[1;31mERROR[m] [1;31m Please remove or make sure it appears in the correct subdirectory of the
classpath.[m
[[1;31mERROR[m] [1;31m[m
[[1;31mERROR[m] -> [1m[Help 1][m
[[1;31mERROR[m]
```

* Resolution:

Just rerun the pipeline and will succeed without changing anything additional. The results will
succeed afterwards:

```
[[1;34mINFO[m] Analyzed bundle 'petclinic' with 20 classes
[[1;34mINFO[m]
[[1;34mINFO[m] [1m--- [0;32mmaven-jar-plugin:3.1.2:jar[m [1m(default-jar)[m @
[36mspring-petclinic[0;1m ---[m
[[1;34mINFO[m]
[[1;34mINFO[m] [1m--- [0;32mspring-boot-maven-plugin:2.2.5.RELEASE:repackage[m [1m(repackage)[m @
[36mspring-petclinic[0;1m ---[m
[[1;34mINFO[m] Replacing main artifact with repackaged archive
[[1;34mINFO[m] [1m------------------------------------------------------------------------[m
[[1;34mINFO[m] [1;32mBUILD SUCCESS[m
[[1;34mINFO[m] [1m------------------------------------------------------------------------[m
[[1;34mINFO[m] Total time: 01:55 min
[[1;34mINFO[m] Finished at: 2021-07-23T07:37:09Z
[[1;34mINFO[m] Final Memory: 118M/1245M
[[1;34mINFO[m] [1m------------------------------------------------------------------------[m
```

## JUnit Tests Failures

Refer to the Code Analysis. Just rerun and it'll fix it.
2 changes: 1 addition & 1 deletion status.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
printf "\n## GOGS Server - Username/Password: gogs/gogs ##\n"
GOGS=$(oc get route -n cicd gogs -o jsonpath='{.spec.host}')
printf "https://$GOGS"
printf "http://$GOGS"
printf "\n"

printf "\n## Nexus Server - Username/Password: admin/admin123 ##\n"
Expand Down

0 comments on commit cf08216

Please sign in to comment.