By Luo Jing (Yaojing)
According to the China Academy of Information and Communications Technology (CAICT), "The Investigation Report on the DevOps status quo in China (2020)", 63% of the enterprises have put DevOps into practice and adopted a continuous delivery pipeline to enable links, such as development, testing, deployment, and O&M. However, 20% of the enterprises reported the DevOps practice was too complex to implement. Self-built Jenkins requires self-deployment and plug-in O&M, and the CI/CD tool of the SaaS model was complicated to configure. Therefore, more convenient and lightweight tools are necessary to accelerate implementation.
Alibaba Cloud and GitHub released GitHub Actions Workflow, a service that can be deployed quickly to Alibaba Cloud Container Service for Kubernetes (ACK). There is no need for self-deployment and CI/CD tool maintenance. Based on the out-of-the-box GitHub Actions and Alibaba Cloud deployment template, the process of packaging and uploading applications to the Alibaba Cloud Container Registry (ACR) and deploying applications to Alibaba Cloud Container Service for Kubernetes (ACK) can be implemented automatically and quickly after the GitHub code is changed. This article provides detailed descriptions from GitHub Actions and Alibaba Cloud Container Service and demos.
Figure 1 – GitHub Actions supports the Alibaba Cloud deployment template
Figure 2 – GitHub Actions Homepage
GitHub Action is a built-in continuous integration tool launched by GitHub in October 2018 to simplify automated build, test, and deployment processes. GitHub Actions encapsulates continuously integrated atomic operations into Actions and then assembles multiple Actions into reusable templates based on the Workflow process definition to trigger the Actions execution automatically after GitHub events are updated.
GitHub Actions has the following features:
The core concept of GitHub Actions is divided into the following four parts:
.github/workflowsdirectory of the code repository. A code repository can have multiple Workflow files. GitHub runs this Workflow in parallel once it identifies the .yaml file in the directory.
The following is a simple GitHub Actions Workflow example. A Job consisting of two Steps is defined below. The first Step reuses the community template
actions/checkout@v2 to check out the current code repository. The second Step executes the Bash command directly.
name: Greeting on: push jobs: my-job: name: My Job runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Greeting run: | echo 'Welcome to Alibaba Cloud!'
The GitHub Actions Workflow released jointly by GitHub and Alibaba Cloud defines multiple Steps, supporting quick building and deployment to Alibaba Cloud Container Service for Kubernetes (ACK). For the detailed definition of a Workflow, please see this link.
If GitHub Actions is a powerful tool for DevOps practice, then Alibaba Cloud Container Service is the best interface for cloud-native DevOps implementation with various features and convenience. Alibaba Cloud Container Service for Kubernetes (ACK) is one of the first service platforms to pass the Kubernetes conformance certification worldwide. It provides a high-performance container application management service that supports lifecycle management for enterprise-level containerized applications. As the core containerization infrastructure in Alibaba Group, ACK has diverse application scenarios and experiences in e-commerce, real-time audio and video, database, message-oriented middleware (MOM), and AI. It supports a wide range of internal and external Double 11 activities. The container service is integrated with Alibaba's experience and capabilities in various large-scale scenarios and is open to public cloud customers. It provides more functions and improved stability and has won the top market share in the Chinese container market for many years.
Figure 3 – The Alibaba Cloud Container Service Family
In terms of application management, with large-scale Alibaba practices and various enterprise production practices, Alibaba Cloud has further enhanced the reliability and safety and provided Kubernetes clusters with reimbursable SLA – ACK Pro. As an extension of the original ACK-hosted Kubernetes clusters, ACK Pro has all the benefits of the original hosted Kubernetes clusters. For example, Master node hosting and Master node high availability. In addition, ACK Pro improves the reliability, security, and schedulability with reimbursable SLA supported. Therefore, ACK Pro is suitable for enterprise users with large-scale businesses in production environments that require higher stability and security.
In terms of application product management, Alibaba Cloud launched Container Registry Enterprise Edition (ACR EE) for enterprises with high security and performance requirements. ACR EE provides the first enterprise-level service with a separate instance in a public cloud. In addition to multi-architecture container images, ACR EE supports the hosting of multi-version Helm Charts, Operators, and other OCI-compliant products.
In terms of security governance, ACR EE provides security protection in multiple dimensions, such as network access control, security scanning, image signing, and security audit, helping enterprises upgrade from DevOps to DevSecOps. In the global distribution acceleration scenario, ACR EE optimizes the network links and scheduling policies to ensure a stable rate of successful cross-sea synchronization. In the large-scale big image distribution scenario, ACR EE supports on-demand loading. Image data can be downloaded without fully downloading the content and decompressed online, reducing the average container startup time by 60%. ACR EE has been put into production environments by many enterprises to ensure the secure hosting of cloud-native application products and the efficient distribution of multiple scenarios.
The following GitHub Actions demonstrates how to package a simple NGINX application into a container image, host it to ACR, and then deploy it automatically to ACK. It helps implement the CI/CD process quickly and easily. For the GitHub Actions Demo, please see this link. Users can update the corresponding YAML file to customize business scenarios.
Figure 4 – The DevOps process based on GitHub Action
In the GitHub repository, click the Tab under Actions, and there will be Workflows recommended based on the current GitHub project. Select the Workflow template to be deployed on ACK.
Figure 5 – Actions built in the GitHub repository
Figure 6 – Select the Workflow to be deployed on Alibaba Cloud ACK
GitHub Actions creates an
alibabacloud.yml file in the
github/workflows directory of the code repository by default. Listening code is defined to publish the Release event in the YAML file. Once the event occurs, the subsequent integration deployment process is automatically triggered. Users can also search for related Actions on the right-side of the marketplace to customize the Actions steps of the Job.
Env environment variables are defined in Workflow. The corresponding information, such as the region, container image service, and container service cluster, should be updated as the practical conditions.
ACCESS_KEY_SECRET define the access key information of an Alibaba Cloud account, which must be set in ciphertext in the corresponding Secrets of the repository.
Figure 7 – Update the corresponding environment variables in Workflow
Figure 8 – Update secret information
After the configuration, when a Release event is published, the GitHub Actions is automatically triggered to execute the task by default. Click the Actions button to view the history and details of the corresponding tasks. The entire workflow is executed sequentially. Once one of the tasks fails, the entire workflow will be terminated. If high-risk security loopholes are detected after container images are pushed to ACR, the subsequent deployment of containers to ACK can be canceled immediately. After the construction, security scanning, and deployment are successfully completed, an NGINX service will be generated on the ACK server based on the new container image. The security risk identification and decision-making features are built during the whole procedure to implement the secure and efficient DevSecOps process.
Figure 9 – Workflow execution history
Users can look for the required Actions task template on GitHub Actions Marketplace to customize the Workflow process. GitHub Actions has a variety of Actions templates, covering code dependency, code integration, code quality, and other scenarios in multiple languages. A Workflow matrix that supports a multi-operation system under multi-language frameworks can be built quickly based on the templates to test multiple versions of the project in parallel.
Figure 10 – GitHub Actions Marketplace
Compared to traditional Jenkins, GitHub Actions is a SaaS-based hosting service that does not require deployment or plug-in O&M. Convenient CI/CD scenarios can be implemented by defining or reusing the official Workflow. In contrast to Travis CI and Circle CI, GitHub Actions is a native tool by GitHub. With better integration experience and flexibility and more ecological support for the Actions Marketplace, it allows users to reuse and customize Workflows more conveniently.
GitHub Actions also provides built-in Workflows that support automatic building and pushing to ACR and automatically deploy ACK. It guides the way for DevOps implementation in the cloud-native era. Alibaba Cloud hopes to help more enterprises complete their digital transformation and architecture upgrades with cloud-native technology.
Understanding Kubernetes from the Perspective of Resource Management
106 posts | 26 followersFollow
Alibaba Developer - July 13, 2021
Alibaba Container Service - April 11, 2019
Alibaba Cloud Community - February 16, 2022
Alibaba Cloud Native Community - March 14, 2022
Alibaba Cloud Native - May 23, 2023
Alibaba Cloud Serverless - December 17, 2020
106 posts | 26 followersFollow
A secure image hosting platform providing containerized image lifecycle managementLearn More
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.Learn More
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resourcesLearn More
Accelerate software development and delivery by integrating DevOps with the cloudLearn More
More Posts by Alibaba Container Service