Cloud
Security
Open source
December 18, 2020 By Henrik Loeser 4 min read

Deploy the tutorial app using Schematics, Terraform, and a Tekton-based pipeline.

If you read the blog “IBM Cloud Solution Tutorials: 2020 in Review,” you will have noticed that the IBM Cloud Solution Tutorials can now also be found in a new tutorials library in the IBM Cloud documentation portal. One of these tutorials from the Security category is discussing how to apply end to end security to a cloud application. In June, I blogged how it had been extended by a discussion on how to share development resources.

The discussed app and its resources can be deployed by following the steps in the tutorial itself or by utilizing an automated toolchain with scripting. I’m happy to share with you that we switched from a classic toolchain that rolls out both the required resources, builds the app, and deploys it to a more granular approach. It is based on utilizing IBM Cloud Schematics for managing resource deployment based on Terraform and a Tekton-based pipeline in the Continuous Delivery service to build and deploy the app.

In the following, I am going to discuss some of the details:

Solution diagram: An app with end-to-end security to share files.

IBM Cloud Schematics and Terraform

Terraform is an open source solution for Infrastructure as Code. The desired state is described in one or more files written in a configuration language. As user or administrator, you would typically plan, apply, or destroy the configuration. That is, by generating a plan, seeing the expected changes to your resources, then applying those changes or destroying (i.e., deleting the resources again). It works well with a local machine, with a single cloud provider, or in a hybrid/multicloud environment.

IBM Cloud Schematics features Terraform-as-a-Service. It manages workspaces that hold a Terraform configuration and execution environment. Similar to running Terraform on your own, you can plan, apply, or destroy a Terraform-based deployment of resources. You can interact with Schematics in the IBM Cloud UI in its dashboard, use the command line, or work with its REST API.

To set up the required resources for the solution tutorial, you would click the “deploy link” found in the source code repository on GitHub. Next, you would set the (Terraform) variables when not going with the defaults (see screenshot below). Then, everything is ready for Apply plan. Once the resources are deployed, the you can set up the toolchain and deploy the app:

Configure the Terraform-based resource deployment in your Schematics workspace.

Tekton pipelines

The Continuous Delivery service on IBM Cloud (CD service) allows for the automation of building and deploying applications. It offers open toolchains to set up CI/CD (Continuous Integration/Continuous Delivery) pipelines, thereby supporting a DevOps or DevSecOps approach for app development and operation. The CD service supports its own (“classic”) or Tekton delivery pipelines. Tekton pipelines provide a deep integration into the Kubernetes ecosystem and either run on shared Kubernetes workers provided by the CD service or your own (private) workers for more security.

To deploy the app, create a toolchain by clicking the Create toolchain link in the source code repository on GitHub. Then, you configure the GitHub integration and few environment settings. All other properties are read from Schematics workspace, which manages most metadata. Once the toolchain is created, you may notice that toolchain has two code integrations with GitHub (and a single Delivery Pipeline):

  • One is for the tutorial source code and provides the app code.
  • The second is to the Tekton Catalog, which offers readily available pipeline tasks for reuse. We integrate two such tasks.

Toolchain with two GitHub integrations and one delivery pipeline.

Our pipeline to build and deploy the app reuses the icr-containerize task to build the app and the icr-va-check-scan task to scan the new image for vulnerabilities and check the result. Both tasks make use of the IBM Cloud Container Registry to manage the Docker image. As you can see in the screenshot below, the container with the updated app will only be deployed if the scans do not find any security issues.

Once the last pipeline task has completed, you can click the link for the log output to access the deployed app.

Tekton pipeline: The image is built, the security check succeeded, deployment is ongoing.

Conclusions

Separating the task of resource (infrastructure) rollout from app deployment allows you to utilize different tools for each task (IBM Cloud Schematics with Terraform-as-a-Service, Continuous Delivery with Tekton pipeline). The pipeline tasks to build the Docker image, and you can scan it for vulnerabilities from an open source library (Tekton Catalog). Switching from the previous classic toolchain to the new setup required some work, but now everything is based on open source technologies, configuration-based, and easy to extend.

If you want to try it, head over to the GitHub repository with the source code and read the tutorial on how to apply end-to-end security to a cloud application for background information.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Was this article helpful?
YesNo
Henrik Loeser
Technical Offering Manager / Developer Advocate

More from Cloud
July 16, 2024

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights into…

July 16, 2024

The power of the mainframe and cloud-native applications 

4 min read - Mainframe modernization refers to the process of transforming legacy mainframe systems, applications and infrastructure to align with modern technology and business standards. This process unlocks the power of mainframe systems, enabling organizations to use their existing investments in mainframe technology and capitalize on the benefits of modernization. By modernizing mainframe systems, organizations can improve agility, increase efficiency, reduce costs, and enhance customer experience.  Mainframe modernization empowers organizations to harness the latest technologies and tools, such as cloud computing, artificial intelligence,…

July 16, 2024

Modernize your mainframe applications with Azure

4 min read - Mainframes continue to play a vital role in many businesses' core operations. According to new research from IBM's Institute for Business Value, a significant 7 out of 10 IT executives believe that mainframe-based applications are crucial to their business and technology strategies. However, the rapid pace of digital transformation is forcing companies to modernize across their IT landscape, and as the pace of innovation continuously accelerates, organizations must react and adapt to these changes or risk being left behind. Mainframe…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters