Skip to content

Continuously deliver a secure container app to the IBM Kubernetes Service

Notifications You must be signed in to change notification settings

open-toolchain/secure-kube-toolchain

Repository files navigation

Icon Develop a Kubernetes app

Continuously deliver a secure container app to a Kubernetes Cluster

This Hello World application uses Docker with Node.js and includes a DevOps toolchain that is preconfigured for continuous delivery with Vulnerability Advisor, source control, issue tracking, and online editing, and deployment to the IBM Kubernetes Service.

Application code is stored in source control, along with its Dockerfile and its Kubernetes deployment script. The target cluster is configured during toolchain setup (using an IBM Cloud API key and cluster name). You can later change these by altering the Delivery Pipeline configuration. Any code change to the Git repo will automatically be built, validated and deployed into the Kubernetes cluster.

Icon

To get started, click this button:

Create toolchain

It implements the following best practices:

  • sanity check the Dockerfile prior to attempting creating the image,
  • build container image on every Git commit, setting a tag based on build number, timestamp and commit id for traceability
  • use a private image registry to store the built image, automatically configure access permissions for target cluster deployment using API tokens than can be revoked,
  • check container image for security vulnerabilities,
  • insert the built image tag into the deployment manifest automatically,
  • use an explicit namespace in cluster to insulate each deployment (and make it easy to clear, by "kubectl delete namespace"),

Learn more

About

Continuously deliver a secure container app to the IBM Kubernetes Service

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published