#codefresh (2019-03)
Archive: https://archive.sweetops.com/codefresh/
2019-03-01
@dustinvb is there are way to update shared configurations using cli?
thx!!
feels very much like kubectl
too bad it doesn’t support -f - for stdin
Error: Failed to read file; caused by Error: File extension is not recognized
@dustinvb got what I wanted to implement (assume roles) for codefresh
2019-03-04
has anyone ever set up deploy conditionals to only deploy when a branch is tagged?
Yes, Mark I have.
I normally evaluate that the variable ${{CF_BASE_BRANCH}} is set to master
This will have a value on tags.
Real world example.
when:
condition:
all:
releaseTag: 'match("${{CF_BRANCH}}", "^([0-9]+)([.][0-9]+){1,2}.*", true) == true'
masterBranch: '"${{CF_BASE_BRANCH}}" == "master"'
This will look at branch for semantic version as tag and also make sure the branch used was master not some feature.
you rock, dustin
It looks like CF_BASE_BRANCH does not exist on Bitbucket? Do you know any other way to pull the name of the branch, not the tag? even when I do
when:
condition:
all:
releaseTag: 'match("${{CF_BRANCH}}", "^([0-9]+)([.][0-9]+){1,2}.*", true) == true'
branch:
only:
- master
the branch still gets pulled as the tag eg 1.0.0
when I do a build with echo "CF_BASE_BRANCH=${{CF_BASE_BRANCH}}", it says there is bad variable substitution
During the event we pick up tag and use for CF_BRANCH based on the event. I am not sure why BASE_BRANCH is not available. Please send this through Codefresh’s Intercom to be tracked by support. BTW new events for Bitbucket have been released providing more filtering options around PRs.
2019-03-06
New Feature: Pipeline ABAC https://codefresh.io/docs/docs/enterprise/access-control/#marking-pipelines-with-policy-attributes
22019-03-08
New Feature: Azure Repositories Support https://codefresh.io/docs/docs/integrations/git-providers/#azure-devops
2019-03-12
GitHub Incident - Degraded performance across Web, Pages and Notifications Mar 12, 15:18 UTC Investigating - GitHub has reported an incident related to degraded performance across Web, Pages and Notifications. More information here: https://www.githubstatus.com/
How come the github status comes to this channel @Erik Osterman (Cloud Posse)?
The Codefresh status page includes statuses of everything they depend on
Ah ok, cool
I just subscribed to github status rss for my firm’s slack.. awesome idea.
Yea it’s worked wonderfully! We have a channel at CloudPosse with feeds for all the status pages (including AWS) that we depend on
2019-03-13
GitHub Incident - Degraded performance across Web, Pages and Notifications Mar 13, 08:51 UTC Resolved - This incident has been resolved. Mar 12, 15:18 UTC Investigating - GitHub has reported an incident related to degraded performance across Web, Pages and Notifications. More information here: https://www.githubstatus.com/
Sorry been traveling see you’re already here @oscarsullivan_old
Indeed! Looking forward to spending tomorrow using Codefresh. Thanks for the demo-call Dustin!
2019-03-14
Just incase anyone is planning on rolling out Codefresh Enterprise (on prem), in AWS, here’s our terraform module for it: https://github.com/cloudposse/terraform-aws-codefresh-backing-services
1
this is to leverage as many fully-managed AWS services as possible that are required to run Codefresh
2019-03-15
Simple Step for Aqua scanning in a Codefresh pipeline. https://github.com/codefresh-contrib/cfstep-aqua
This is the results passed back to Codefresh registry and there is a link to the detailed report in Aqua
@dustinvb did something change in the last 2-3 weeks in codefresh that would lead to this to start failing?
chsh -s /bin/sh nobody
got it
something in alpine:3.7 has changed
so that it prompts for a password
but doesn’t happen in 3.8
i’ll figure this out.
I normally see this error related to npm install using global flag. Not sure why it’s going to fail here. I have to add the unsafe arg to npmconfig to get around it.
+
When I use -g for npm it expects sudo permissions. This is when using node-alpine
this worked for me
echo "auth sufficient pam_shells.so" > /etc/pam.d/chsh in my alpine container
@dustinvb can i unexport an env? (E.g. cf_unexport)
Sorry no, not a feature at this time.
2019-03-19
Codefresh Incident Mar 19, 15:53 UTC Investigating - We are investigating an issue on our platform that is affecting build functionality. We will go to provide more information here as investigation progresses.
For Codefresh, builds are effectively PRs aren’t they? As well as daily/weekly builds?
Surely 220/m would go v quickly
just trying to work that out
Codefresh Incident Mar 19, 16:15 UTC Monitoring - There was an issue during a DB upgrade process. The issue was quickly identified and now is resolved. But we’ll keep monitoring the platform to ensure it is working as expected Mar 19, 15:53 UTC Investigating - We are investigating an issue on our platform that is affecting build functionality. We will go to provide more information here as investigation progresses.
@dustinvb recommends to check out https://github.com/dustinvanbuskirk/github-commit-statistics
This should give you a semi reasonable estimate based on commits to your org repos and the total across all of them.
Brill thanks. Just had a discussion about moving away from jenkins
Just weighing up the costs (setup/migration + long term operating costs) of other platforms.
Jenkins currently costing us $84/m (t2.large + EBS) for 2 concurrent builds… However it is a ball ache to do properly.
The maintenance cost alone is huge
Yes, our SaaS model gets you out of maintenance and gives you a team of support engineers on our side to assist you if you do run into anything.
I encourage you to reach out to [email protected] to ask any questions about pricing.
Just had a count of historic builds on Jenkins
we only just breached 60 builds last month
and only on 35 builds 19 days into march
Did you use https://plugins.jenkins.io/global-build-stats?
turns out we should be fine on the Basic plan
I haven’t had much success with it.
no just manually counted lol
OH well… If you can manually count then probably wouldn’t even be a metric to concern yourself with. Instead look at concurrency and the runtime sizes memory/compute for each pipeline.
Having come into my org and not having setup the Jenkins and knowing it isn’t properly backed up, I wouldnt even dare install that plugin Dustin!
That’s why I made a point here at work that we should move away
I shouldn’t feel scared of infrastructure!
Jenkins is a bit brittle.
If I’m honest, I COULD quite easily have a Dockerised Jenkins with a mounted EBS volume that gets backed up……. but I just don’t think I want to
I would rather we used a SaaS CI tool like CircleCI/Travis/Cloud Fresh
But at the same time it would be quite hard to have this dockerised jenkins scale to use slave workers etc
and then restore the config when updating the EC2
I’ve done it. Terraform + Chef and then ran all the builds from Docker. It was better but I still had to deal with things like the Maven plugin…
if I commit to Codefresh I have to commit to dockerising all our products hmmmm
Not true
It would feel like an anti-pattern to dockerise all our applications, have CI run on the dockerised version, but not deploy it as a container
Easy to roll in anything you’re doing on the Linux Slave with Jenkins over to an Ubuntu or CentOS Docker image and incorporate that same scripting and push binaries. That’s supported.
Oh? That does sound doable
Yes.. interesting
Depends, we have customers that push jars for example that are used by their customers that are not focused on the Docker artifact. I think it depends on what your plan is for the artifact. If it makes sense to run in a container and it is possible that’s an optin.
I literally could use our same pipeline but in codefresh
Yup, and if you’re like me you already have the scripting in version control in something like a make file.
I do not, I have been here for just over a month and desperately want it out of a platform
Practically unreadable in Jenkins (not using Blueocean or Jenkinsfile)
Just leaving the item of building the slave Docker image by running apt-get and other package solutions to prepare the image for the build. Then you can use that in a multistage later on.
Does Codefresh have a CF vs other page?
I..e vs Travis and Circle
Yes we have several
Check the blog here.
Thanks, will search in that
@Kostis (Codefresh) Is our technical writer and does the comparisons posted on the blog if you have any questions.
Haha no luck using the search bar for “Travis” and “Circle”
Does it count as a build if I create a PR, build triggered, and I then update the PR?
Is that 1 or 2 builds?
Say first build fails
and then I fix it
2 builds, but could restrict this to not create on specific events.
Is the notion of a build applicable when I’m just testing? I figure yes, as in order to test it must build in advance
Say if you have filter on commit and PR open, the commit would have already built unless you wanted to do more in regards to a commit pipeline vs. pr pipeline. Then you’d add pull request synchronized event to build on your commits to existing PR.
Alright thanks.. quite a niche scenario from what I’ve seen.. Devs generally test in advance of PR
but just wanted to know whether it is easy to burn through build count
Oscar, I’d suggest emailing Michael about the pricing. He can work with you in regards to concerns around these soft build limits in our plans and find you a plan that fits your budget.
Thanks Dustin. I did mean to reply actually but got caught up elsewhere.
I swear I’m not a busy-bod
I do really do work
Not you ?
No.. more like
Oscar, Michael has confirmed there is alternative plans he can discuss with you. Just FYI.
Thanks, have replied to the existing email chain
Codefresh Incident Mar 19, 19:11 UTC Update - We’re still working on resolving some performance issues. We’re constantly monitoring the system. Once all minor issues are fully resolved, this incident will be closed Mar 19, 16:15 UTC Monitoring - There was an issue during a DB upgrade process. The issue was quickly identified and now is resolved. But we’ll keep monitoring the platform to ensure it is working as expected Mar 19, 15:53 UTC Investigating - We are investigating an issue on our platform that is…
Codefresh Incident Mar 19, 19:46 UTC Resolved - The issue is now resolved. Performance is now at expected levels across all the platform. We’re going to keep monitoring the system to ensure a consistent behavior in terms of performance Mar 19, 19:37 UTC Update - UPDATE: we’re currently performing a DB-upgrade operation as part of the actions to resolve the current performance issues Mar 19, 19:11 UTC Update - We’re still working on resolving some performance issues. We’re constantly monitoring the system. Once…
2019-03-20
https://codefresh.io/docs/docs/getting-started/create-a-basic-pipeline/#running-unit-tests-automatically Is this still valid? Can’t seem to find the ‘Workflow’–>‘Unit Test’ screen.
Ah, I had ‘YAML’ mode on
I am noticing that I’m unable to ‘Launch’ when using YAML mode? I get a warning confirming this isn’t supported.
Alright switched to BASIC mode. It defaulted to YAML, but they seem to do the same things! .. do prefer to have it source vontrolled…. feel like I’ve missed a step
you can definitely have it source controlled
3 ways to define it:
- 1) inline using UI (great for debugging, but not as a workflow)
- 2) from a remote URL
- 3) from source control (how we typically do it)
you can also even define your pipeline creation process as code as we do here:
1
2019-03-21
2019-03-23
Noob question: Hoping to understand (read if there is a resource already) the motivation behind creating *codefresh*. Just to be clear, this is not an ask what is *codefresh* but more around the lines of what kind of issues it tackles better.
@Erik Osterman (Cloud Posse)
@Avineshwar Pratap Singh can you ping me on Monday? I am AFK.
@Erik Osterman (Cloud Posse) looking forward!
2019-03-25
Codefresh tackles the move from VMs to micro-services supporting build, test, delivery and deployment of micro-services using micro-service based pipelines built upon a scalable platform meant to scale as micro-services emerge which require 10x-1000x the amount of builds in a CI/CD platform as your typical Legacy build VM based applications. Each micro-service can bring in it’s own version of a programming language (best for the job) leaving it up to a VM to build and test offers little flexibility to remain as agile as today’s containers allow. Using a pipeline built out of micro-services gives your CI/CD the same flexibility as the applications you’re building. Around all of this Codefresh has build a UI that integrates with your Version Control System and Kubernetes. Giving you a soup to nuts view of your CI/CD around containers and Kubernetes. We also provide private Docker registry to aid in your archive/deployment of Docker containers. Please see https://steps.codefresh.io/ for a listing of some of the provides micro-services you can include as steps in your pipeline and of course to this document about Codefresh pipelines: https://codefresh.io/docs/docs/configure-ci-cd-pipeline/introduction-to-codefresh-pipelines/
2019-03-27
has anyone used chamber in a codefresh pipeline to inject secrets into helm chart? Wondering whats that best approach for this?
never mind found a link in the docs, here is reference for anyone who cares
2019-03-28
I’m a bit stuck.
I setup my EKS cluster with the CP module.
I’ve connected it to Codefresh.
I’ve created a Codefresh service to launch my image.
I get an error saying no nodes available.
I check EC2 console and I have two worker instances (that’s a synonym of node, right).
Does anyone have any insight on what I may have missed from just reading that and seeing the screenshots below? thanks
EKS cluster
This is following this guide: https://codefresh.io/docs/docs/deploy-to-kubernetes/manage-kubernetes/
if you run kubectl get pods --all-namespaces, what do you see?
~ ⨠ kubectl --kubeconfig="/conf/kube/eks" get pods --all-namespaces
error: the server doesn't have a resource type "pods"
hmm
oh wait sorry my token expired
kubectl --kubeconfig="/conf/kube/eks" get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default pod-68b9fd45b4-w88jb 0/1 Pending 0 40m
kube-public pod-78c67897fc-tvg28 0/1 Pending 0 45m
kube-system coredns-854797898c-jhkfd 0/1 Pending 0 3h
kube-system coredns-854797898c-wp4vz 0/1 Pending 0 3h
what’s weird is that I deployed pod onto default and kube-public a wihle ago
it is since removed form kube-public in codefresh though
and kube-dns appears in codefresh portal with replicas 0/2
@Andriy Knysh (Cloud Posse) others have had trouble with getting nodes registered
What does get nodes show?
kubectl get nodes
(On phone)
kubectl --kubeconfig="/conf/kube/eks" get nodes --all-namespaces
No resources found.
Hmm no it’s actually a CP project Erik pointed me to last week
ah wait
yeh that example
that’s it
for worker nodes to join the cluster, you need to apply that config map
Right that adds up with just what I was reading here https://learn.hashicorp.com/terraform/aws/eks-intro#configuring-kubectl-for-eks
either using the example code, or manually
let me know if that still is not working
it was tested about 2 months ago, was ok
thanks will follow this:
###########################################################################################################################################
#
# NOTE: To automatically apply the Kubernetes configuration to the cluster (which allows the worker nodes to join the cluster),
# the requirements outlined here must be met:
# <https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html#preparation>
# <https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html#configuring-kubectl-for-eks>
# <https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html#required-kubernetes-configuration-to-join-worker-nodes>
#
# If you want to automatically apply the Kubernetes configuration, set `var.apply_config_map_aws_auth` to "true"
#
###########################################################################################################################################
but recently a few people reported issues with workers joining the cluster
so if you have the same issue, I’ll have to look into that
@Andriy Knysh (Cloud Posse)
i saw that
as i mentioned, we did not see issues like that before
@oscarsullivan_old try the example and let us know
where do you store the equivalent of ~/.kube/config for geodesic so you dont have to specify it?
that would technically be /conf/.kube/config correct?
don’t have to
e.g kubectl ~–kubeconfig=”/conf/kube/eks”~et nodes –all-namespaces
i think geodesic has an ENV var for that, @Erik Osterman (Cloud Posse) do you remember which one?
(or maybe it’s just for kops)
It’s a kubectl env
Yes
That one
so if I set ENV KUBECONFIG=/conf/kube/eks should be ok?
@Andriy Knysh (Cloud Posse) what’s the path setting g for the module
That is what should change to dev shm
groovy that worked
so if I set ENV KUBECONFIG=/conf/kube/eks should be ok?
ok let me try the example proj now
⧉ sandbox (aws:default)
✓ (-sandbox-admin) ~ ⨠ kubectl get nodes --all-namespaces
No resources found.
⧉ sandbox (aws:default)
✓ (-sandbox-admin) ~ ⨠ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default pod-68b9fd45b4-w88jb 0/1 Pending 0 54m
kube-public pod-78c67897fc-tvg28 0/1 Pending 0 59m
kube-system coredns-854797898c-jhkfd 0/1 Pending 0 3h
kube-system coredns-854797898c-wp4vz 0/1 Pending 0 3h
with var.apply_config_map_aws_auth` set to “true”
ok let me try
@Andriy Knysh (Cloud Posse) Where does the module write the config?
you specify the path
Can we specify then dev shm?
kubeconfig_filename = "${path.module}/kubeconfig${var.delimiter}${module.eks_cluster.eks_cluster_id}.yaml"
need to change that to a var
✓ (healthera-sandbox-admin) eks ⨠ kubectl get nodes --all-namespaces
NAME STATUS ROLES AGE VERSION
ip-10-14-108-66.eu-west-2.compute.internal NotReady <none> 10s v1.12.7
ip-10-14-152-132.eu-west-2.compute.internal NotReady <none> 10s v1.12.7
@Andriy Knysh (Cloud Posse) getting closer
cool so kube-dns has deployed now
do you see the workers?
See above
@Andriy Knysh (Cloud Posse) can you update the issue with this new information ?
✓ (healthera-sandbox-admin) eks ⨠ kubectl get nodes --all-namespaces
NAME STATUS ROLES AGE VERSION
ip-10-14-108-66.eu-west-2.compute.internal Ready <none> 47s v1.12.7
ip-10-14-152-132.eu-west-2.compute.internal Ready <none> 47s v1.12.7
⧉ sandbox (aws:default)
✓ (-sandbox-admin) eks ⨠ kubectl get nodes --all-namespaces
NAME STATUS ROLES AGE VERSION
ip-10-14-108-66.eu-west-2.compute.internal Ready <none> 1m v1.12.7
ip-10-14-152-132.eu-west-2.compute.internal Ready <none> 1m v1.12.7
⧉ sandbox (aws:default)
✓ (-sandbox-admin) eks ⨠ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default pod-68b9fd45b4-w88jb 0/1 ImagePullBackOff 0 1h
kube-public pod-78c67897fc-tvg28 0/1 ImagePullBackOff 0 1h
kube-system aws-node-mzj4z 1/1 Running 0 1m
kube-system aws-node-vzj9j 1/1 Running 0 1m
kube-system coredns-854797898c-jhkfd 1/1 Running 0 4h
kube-system coredns-854797898c-wp4vz 1/1 Running 0 4h
kube-system kube-proxy-4b7r7 1/1 Running 0 1m
kube-system kube-proxy-hxkng 1/1 Running 0 1m
i can update the issue, yes
but i pointed out a few times there to do what @oscarsullivan_old just did
so either that did not work for them, or something else was wrong
yeh how come that isn’t true by default
who wouldn’t want their workesr auto connecting???
apply_config_map_aws_auth="true"
I just added this to my terraform.auto.tfvars
ok I’ve got somethingI can try
as i remember there were some thoughts around that, but don’t remember exactly the details
workinggg
codefresh docs a bit dated
the ui said just input the [image]:[tag]
but hte docs said the full path
oh wait no lol still failed
is it your image?
I felt I had correctly linked codefresh, codefresh repo, codefresh pipeline pushing to repo, and EKR to codefresh correctly
i think you need to deploy Docker pull secrets to k8s https://github.com/cloudposse/charts/tree/master/incubator/dockercfg
1 sec
It doesn’t have any secrets
(if that’s a valid answer)
That’s even when it is codefresh’s registry?
yes
Alright thanks
will look at htose last 3 links and report back
heh I’m using the GUI
ok let’s try that
super easy with GUI
darn still a failure
when we deploy an app to the cluster, we usually create a helmfile in the same repo
we call it Helm Cartridge
the helmfile deploys the pull-secret chart and then the app chart
Right.. had this fundamental misunderstanding:
Kubernetes deployments are based on a “pull” approach. When you deploy your application to a Kubernetes cluster you don’t upload the application itself (which usually happens with traditional deployments). Instead, Kubernetes will pull the Docker images to its nodes on its own.
https://codefresh.io/docs/docs/deploy-to-kubernetes/access-docker-registry-from-kubernetes/
My understanding was that since I’ve linked Codefresh and EKS and Codefresh + Codefresh registry that was enough??
I went through this a little while ago, I created a secret in the namespace I was deploying to
kubectl create secret docker-registry ${name_of_secret} --docker-server=r.cfcr.io --docker-username=${codefresh_username} --docker-password=${codefresh_cr_generated_password} -n ${namespace}
Then when you deploy you have to set the imagePullSecret in the Deployment spec
k8s itself needs permissions to pull images
(that’s for @oscarsullivan_old ^)
when pulling the image during deployment
These docs imply this gives permissions
yeah thats the pull secret that you upload as a secret to kubernetes
it has nothing to do with Codefresh, which just sends k8s resource definitions to the cluster, the cluster itself pulls the images
But this would provide permission? https://sweetops.slack.com/archives/CE2A5C206/p1553792460039500
It’s just From now on, this cluster on this namespace will be able to deploy Docker images from the selected Registry. sort of says what you’re saying @Andriy Knysh (Cloud Posse)
the cluster itself pulls the images
yes, it does the same as the chart
(too many moving parts )
so if that does the same as the chart
need I do Mark’s step?
and need I do what you’re referencing needs doing?
For a quick test, do what Mark showed
We use the chart and the helmfile to automate all of that
–docker-password=${codefresh_cr_generated_password}
Is this the token you can generate or my actual codefresh password???
thats the token
and the username is the name of the token
or my username
its whatever you set here
right now it would be your username, unless you have a service account
fab
in the future I think they are going to allow you to generate users for CFCR that are not tied to an individual user
yeh makes sense
once you added that to the cluster’s namespace with kubectl, did you need to referene the secret?
yup, I referenced it in the helm chart
in the Deployment spec
Ah damn I don’t have any helm bits setup
Should I get familiar with that via kubernetes.io ‘s tutorial?
There is nothing specific to Codefresh regarding the usage of Docker registry secrets, and therefore following the official Kubernetes documentation is the recommended approach.
Yep ok
if you are not using helm you can just set it in the deployment spec itself https://kubernetes.io/docs/concepts/containers/images/
cat <<EOF > pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: awesomeapps
spec:
containers:
- name: foo
image: janedoe/awesomeapp:v1
imagePullSecrets:
- name: myregistrykey
EOF
here is an example for a pod from their documentation
myregistrykey would be the name of the secret you created in the namespace
Can I execute an ansible playbook in a code fresh pipeline?
Instead of K8s deployment it pulls the latest container with ansible. K8s doesn’t feel in scope for the nest 3 months after having tried it for a day it is clear it is a 6-9 month project
Yes you can execute anything that fits in a container
I think geodesic has ansible too :-)
So just run geodesic as part of your Codefresh pipeline
Ooo wow ok that saves me a lot!
Hadn’t considered using my module lol
Will need to start actually pushing that up now / placing it in a CI pipeline
That’s the beauty of it! It’s a container. Run it anywhere containers are run… locally or in CICD. Same workflow.