Kubernetes CI/CD Pipeline

andy-thomas-83 · July 16, 2020, 11:39am

I am building a CI/CD pipeline to allow us to deploy OpenEDX in EKS with tutor (and terraform). I have it working now with an out of the box setup or rather the default containers.

As part of the build I would like our studio team to commit changes to themes and the pipeline to apply them. I have started by trying to get the indigo theme to be built into a container and then deployed.

The pipeline is structured into different steps and the build of the theme is done in its own step (if there is a change in the theme directory). I check the custom version into our ECR registry (AWS Docker Registry) but am having a bit of an issue in getting tutor to use that in the run step.

If I set the environment variable DOCKER_REGISTRY it applies to all containers which means:

I can pull down all images to build the platform and upload them to our ECR registry. I started to do this but notice there are specific version of containers called in tutor (like rabbitm1.3.5.10-management-alpine). I think this would lock me into a specific version - rather than rebuilding with the latest tutor version each time the pipeline runs?
I can have tutor build out the configs and then overlay our private repo on the deployment file in k8s instead. Finishing with a kube apply -f kustomisation.yml.

Is there anyway to specifically tell it to only pull down the openedx container from a private repo?

andy-thomas-83 · July 20, 2020, 3:05pm

I went with the second option and it all seems to be working

regis · July 21, 2020, 6:46am

Dear @andy-thomas-83,

The fact that it is difficult to override the docker image registry for just one service is a problem. I will fix this in the next release. The various DOCKER_IMAGE_* configuration values will be set to, e.g:

DOCKER_IMAGE_OPENEDX: "{{ DOCKER_REGISTRY }}overhangio/openedx:{{ TUTOR_VERSION }}"

This way, you’ll be able to override DOCKER_IMAGE_OPENEDX without touching DOCKER_REGISTRY or having to define your own private deployment file.

Does that sound reasonable to you?

EDIT: see this commit https://github.com/overhangio/tutor/commit/bbd92223eee4a17b6b59e81dfea084388b28dc98

andy-thomas-83 · July 21, 2020, 8:27am

That would be super helpful - my current method is a bit ergh . . . ropey is probably a good word:)

I have written a Python script that runs after Tutor has re-built the images with our themes and generated Kubernetes deployment files. It replaces just the OpenEDX image:

{{ecr_repo}}.ecr.{{aws_region}}.amazonaws.com/openedx:{{build_number}}

Then we are using kubectl with Kustomize to deploy. We are using the build number and not tutor version (which goes into tags) so we can reference back to the build logs on the CD server to see what was changed and also check the Kubernetes cluster is running the latest build without too much checking.

If I am reading the git commit correctly I could change:

DOCKER_IMAGE_OPENEDX={{ecr_repo}}.ecr.{{aws_region}}.amazonaws.com/openedx:{{build_number}}

Then ditch my python script?

The job template is great for changing theme/MySQL as well - thank you for that update

andy-thomas-83 · August 18, 2020, 2:53pm

Pipeline is updated to latest version of tutor and the above changes work great which means we have ditched the python script to hack it

Thank you!