The Blas from Pas: Cloud Native Buildpacks

Showing posts with label Cloud Native Buildpacks. Show all posts

Thursday, 3 September 2020

java-cfenv : A library for accessing Cloud Foundry Services on the new Tanzu Application Service for Kubernetes

The Spring Cloud Connectors library has been with us since the launch event of Cloud Foundry itself back in 2011. This library would create the required Spring Beans from bound VCAP_SERVICE ENV variable from a pushed Cloud Foundry Application such as connecting to databases for example. The java buildpack then replaces these bean definitions you had in your application with those created by the connector library through a feature called ‘auto-reconfiguration’

Auto-reconfiguration is great for getting started. However, it is not so great when you want more control, for example changing the size of the connection pool associated with a DataSource.

With the up coming Tanzu Application Service for Kubernetes the original Cloud Foundry buildpacks are now replaced with the new Tanzu Buildpacks which are based on the Cloud Native Buildpacks CNCF Sandbox project. As a result of this auto-reconfiguration is no longer included in java cloud native buildpacks which means auto-configuration for the backing services is no longer available.

So is their another option for this? The answer is "Java CFEnv". This provide a simple API for retrieving credentials from the JSON strings contained inside the VCAP_SERVICES environment variable.

https://github.com/pivotal-cf/java-cfenv

So if you after exactly how it worked previously all you need to do is add this maven dependancy to your project as shown below.

  
        <dependency>
            <groupId>io.pivotal.cfenv</groupId>
            <artifactId>java-cfenv-boot</artifactId>
        </dependency>

Of course this new library is much more flexible then this and by using the class CfEnv as the entry point to the API for accessing Cloud Foundry environment variables your free to use the Spring Expression Language to invoke methods on the bean of type CfEnv to set properties for example plus more.

For more information read the full blog post as per below

https://spring.io/blog/2019/02/15/introducing-java-cfenv-a-new-library-for-accessing-cloud-foundry-services

Finally this Spring Boot application is an example of using this new library with an application deployed to the new Tanzu Application Service for Kubernetes.

https://github.com/papicella/spring-book-service

More Information

1. Introducing java-cfenv: A new library for accessing Cloud Foundry Services

https://spring.io/blog/2019/02/15/introducing-java-cfenv-a-new-library-for-accessing-cloud-foundry-services

2. Java CFEnv GitHub Repo

https://github.com/pivotal-cf/java-cfenv#pushing-your-application-to-cloud-foundry

Thursday, 7 May 2020

Paketo Buildpacks - Cloud Native Buildpacks providing language runtime support for applications on Kubernetes or Cloud Foundry

Paketo Buildpacks are modular Buildpacks, written in Go. Paketo Buildpacks provide language runtime support for applications. They leverage the Cloud Native Buildpacks framework to make image builds easy, performant, and secure.

Paketo Buildpacks implement the Cloud Native Buildpacks specification, an emerging standard for building app container images. You can use Paketo Buildpacks with tools such as the CNB pack CLI, kpack, Tekton, and Skaffold, in addition to a number of cloud platforms.

Here how simple they are to use.

Steps

1. First to get started you need a few things installed the most important is is the Pack CLI and a Docker up and running to allow you to locally create OCI compliant images from your source code

Prerequisites:

Pack CLI
Docker

2. Verify pack is installed as follows

$ pack version
0.10.0+git-06d9983.build-259

3. Now in this example below I am going to use a Springboot application source code of mine. The Github URL for that is as follows so you could clone it if you want to follow using this demo.

https://github.com/papicella/msa-apifirst

4. Build my OCI compliant image as follows.

$ pack build msa-apifirst-paketo -p ./msa-apifirst --builder gcr.io/paketo-buildpacks/builder:base
base: Pulling from paketo-buildpacks/builder
Digest: sha256:1bb775a178ed4c54246ab71f323d2a5af0e4b70c83b0dc84f974694b0221d636
Status: Image is up to date for gcr.io/paketo-buildpacks/builder:base
base-cnb: Pulling from paketo-buildpacks/run
Digest: sha256:d70bf0fe11d84277997c4a7da94b2867a90d6c0f55add4e19b7c565d5087206f
Status: Image is up to date for gcr.io/paketo-buildpacks/run:base-cnb
===> DETECTING
[detector] 6 of 15 buildpacks participating
[detector] paketo-buildpacks/bellsoft-liberica 2.5.0
[detector] paketo-buildpacks/maven 1.2.1
[detector] paketo-buildpacks/executable-jar 1.2.2
[detector] paketo-buildpacks/apache-tomcat 1.1.2
[detector] paketo-buildpacks/dist-zip 1.2.2
[detector] paketo-buildpacks/spring-boot 1.5.2
===> ANALYZING
[analyzer] Restoring metadata for "paketo-buildpacks/bellsoft-liberica:openssl-security-provider" from app image
[analyzer] Restoring metadata for "paketo-buildpacks/bellsoft-liberica:security-providers-configurer" from app image

...

[builder] Paketo Maven Buildpack 1.2.1
[builder] Set $BP_MAVEN_SETTINGS to configure the contents of a settings.xml file. Default .
[builder] Set $BP_MAVEN_BUILD_ARGUMENTS to configure the arguments passed to the build system. Default -Dmaven.test.skip=true package.
[builder] Set $BP_MAVEN_BUILT_MODULE to configure the module to find application artifact in. Default .
[builder] Set $BP_MAVEN_BUILT_ARTIFACT to configure the built application artifact. Default target/*.[jw]ar.
[builder] Creating cache directory /home/cnb/.m2
[builder] Compiled Application: Reusing cached layer
[builder] Removing source code
[builder]
[builder] Paketo Executable JAR Buildpack 1.2.2
[builder] Process types:
[builder] executable-jar: java -cp "${CLASSPATH}" ${JAVA_OPTS} org.springframework.boot.loader.JarLauncher
[builder] task: java -cp "${CLASSPATH}" ${JAVA_OPTS} org.springframework.boot.loader.JarLauncher
[builder] web: java -cp "${CLASSPATH}" ${JAVA_OPTS} org.springframework.boot.loader.JarLauncher
[builder]
[builder] Paketo Spring Boot Buildpack 1.5.2
[builder] Image labels:
[builder] org.opencontainers.image.title
[builder] org.opencontainers.image.version
[builder] org.springframework.boot.spring-configuration-metadata.json
[builder] org.springframework.boot.version
===> EXPORTING
[exporter] Reusing layer 'launcher'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:class-counter'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:java-security-properties'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:jre'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:jvmkill'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:link-local-dns'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:memory-calculator'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:openssl-security-provider'
[exporter] Reusing layer 'paketo-buildpacks/bellsoft-liberica:security-providers-configurer'
[exporter] Reusing layer 'paketo-buildpacks/executable-jar:class-path'
[exporter] Reusing 1/1 app layer(s)
[exporter] Adding layer 'config'
[exporter] *** Images (726b340b596b):
[exporter] index.docker.io/library/msa-apifirst-paketo:latest
[exporter] Adding cache layer 'paketo-buildpacks/bellsoft-liberica:jdk'
[exporter] Reusing cache layer 'paketo-buildpacks/maven:application'
[exporter] Reusing cache layer 'paketo-buildpacks/maven:cache'
[exporter] Reusing cache layer 'paketo-buildpacks/executable-jar:class-path'
Successfully built image msa-apifirst-paketo

5. Now lets run our application locally as shown below

$ docker run --rm -p 8080:8080 msa-apifirst-paketo
Container memory limit unset. Configuring JVM for 1G container.
Calculated JVM Memory Configuration: -XX:MaxDirectMemorySize=10M -XX:MaxMetaspaceSize=113348K -XX:ReservedCodeCacheSize=240M -Xss1M -Xmx423227K (Head Room: 0%, Loaded Class Count: 17598, Thread Count: 250, Total Memory: 1073741824)
Adding Security Providers to JVM

. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.1.RELEASE)

2020-05-07 09:48:04.153 INFO 1 --- [ main] p.a.p.m.apifirst.MsaApifirstApplication : Starting MsaApifirstApplication on 486f85c54667 with PID 1 (/workspace/BOOT-INF/classes started by cnb in /workspace)
2020-05-07 09:48:04.160 INFO 1 --- [ main] p.a.p.m.apifirst.MsaApifirstApplication : No active profile set, falling back to default profiles: default

...

2020-05-07 09:48:15.515 INFO 1 --- [ main] p.a.p.m.apifirst.MsaApifirstApplication : Started MsaApifirstApplication in 12.156 seconds (JVM running for 12.975)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2020-05-07 09:48:15.680 INFO 1 --- [ main] p.apj.pa.msa.apifirst.LoadDatabase : Preloading Customer(id=1, name=pas, status=active)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2020-05-07 09:48:15.682 INFO 1 --- [ main] p.apj.pa.msa.apifirst.LoadDatabase : Preloading Customer(id=2, name=lucia, status=active)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2020-05-07 09:48:15.684 INFO 1 --- [ main] p.apj.pa.msa.apifirst.LoadDatabase : Preloading Customer(id=3, name=lucas, status=inactive)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2020-05-07 09:48:15.688 INFO 1 --- [ main] p.apj.pa.msa.apifirst.LoadDatabase : Preloading Customer(id=4, name=siena, status=inactive)

6. Access the API endpoint using curl or HTTPie as shown below

$ http :8080/customers/1
HTTP/1.1 200
Content-Type: application/hal+json;charset=UTF-8
Date: Thu, 07 May 2020 09:49:05 GMT
Transfer-Encoding: chunked

{
"_links": {
"customer": {
"href": "http://localhost:8080/customers/1"
},
"self": {
"href": "http://localhost:8080/customers/1"
}
},
"name": "pas",
"status": "active"
}

It also has a swagger UI endpoint as follows

http://localhost:8080/swagger-ui.html

7. Now you will see as per below you have a locally built OCI compliant image

$ docker images | grep msa-apifirst-paketo
msa-apifirst-paketo latest 726b340b596b 40 years ago 286MB

8. Now you can push this OCI compliant image to a Container Registry here I am using Dockerhub

$ pack build pasapples/msa-apifirst-paketo:latest --publish --path ./msa-apifirst
cflinuxfs3: Pulling from cloudfoundry/cnb
Digest: sha256:30af1eb2c8a6f38f42d7305acb721493cd58b7f203705dc03a3f4b21f8439ce0
Status: Image is up to date for cloudfoundry/cnb:cflinuxfs3
===> DETECTING
[detector] 6 of 15 buildpacks participating
[detector] paketo-buildpacks/bellsoft-liberica 2.5.0
[detector] paketo-buildpacks/maven 1.2.1

...

===> EXPORTING
[exporter] Adding layer 'launcher'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:class-counter'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:java-security-properties'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:jre'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:jvmkill'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:link-local-dns'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:memory-calculator'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:openssl-security-provider'
[exporter] Adding layer 'paketo-buildpacks/bellsoft-liberica:security-providers-configurer'
[exporter] Adding layer 'paketo-buildpacks/executable-jar:class-path'
[exporter] Adding 1/1 app layer(s)
[exporter] Adding layer 'config'
[exporter] *** Images (sha256:097c7f67ac3dfc4e83d53c6b3e61ada8dd3d2c1baab2eb860945eba46814dba5):
[exporter] index.docker.io/pasapples/msa-apifirst-paketo:latest
[exporter] Adding cache layer 'paketo-buildpacks/bellsoft-liberica:jdk'
[exporter] Adding cache layer 'paketo-buildpacks/maven:application'
[exporter] Adding cache layer 'paketo-buildpacks/maven:cache'
[exporter] Adding cache layer 'paketo-buildpacks/executable-jar:class-path'
Successfully built image pasapples/msa-apifirst-paketo:latest

Dockerhub showing pushed OCI compliant image

9. If you wanted to deploy your application to Kubernetes you could do that as follows.

$ kubectl create deployment msa-apifirst-paketo --image=pasapples/msa-apifirst-paketo
$ kubectl expose deployment msa-apifirst-paketo --type=LoadBalancer --port=8080

10. Finally you can select from 3 different builders as per below. We used the "base" builder in our example above

gcr.io/paketo-buildpacks/builder:full-cf
gcr.io/paketo-buildpacks/builder:base
gcr.io/paketo-buildpacks/builder:tiny

More Information

Paketo Buildpacks
https://paketo.io/

Tuesday, 3 March 2020

kpack 0.0.6 and Docker Hub secret annotation change for Docker Hub

I decided to try out the 0.0.6 release of kpack and noticed a small change to how you define your registry credentials when using Docker Hub. If you fail to do this it will fail to use Docker Hub as your registry with errors as follows when trying to export the image.

[export] *** Images (sha256:1335a241ab0428043a89626c99ddac8dfb2719b79743652e535898600439e80f):
[export] pasapples/pbs-demo-image:latest - UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:push Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:pull Class: Name:cloudfoundry/run Type:repository]]
[export] index.docker.io/pasapples/pbs-demo-image:b1.20200301.232548 - UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:push Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:pull Class: Name:cloudfoundry/run Type:repository]]
[export] ERROR: failed to export: failed to write image to the following tags: [pasapples/pbs-demo-image:latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:push Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:pull Class: Name:cloudfoundry/run Type:repository]]],[index.docker.io/pasapples/pbs-demo-image:b1.20200301.232548: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:push Class: Name:pasapples/pbs-demo-image Type:repository] map[Action:pull Class: Name:cloudfoundry/run Type:repository]]]

Previously in kpack 0.0.5 you defined your Dockerhub registry as follows:

---
apiVersion: v1
kind: Secret
metadata:
name: dockerhub
annotations:
build.pivotal.io/docker: index.docker.io
type: kubernetes.io/basic-auth
stringData:
username: dockerhub-user
password: ...

Now with kpack 0.0.6 you need to define the "annotations" using an url with HTTPS and "/v1" appended to the end of the URL as shown below.

---
apiVersion: v1
kind: Secret
metadata:
name: dockerhub
annotations:
build.pivotal.io/docker: https://index.docker.io/v1/
type: kubernetes.io/basic-auth
stringData:
username: dockerhub-user
password: ...

More Information

https://github.com/pivotal/kpack

Wednesday, 11 September 2019

Taking kpack, a Kubernetes Native Container Build Service for a test drive

We wanted Build Service to combine the Cloud Native Buildpacks experience with the declarative model of Kubernetes, and extend the K8s workflow in an idiomatic fashion. With this goal in mind, we leveraged custom resource definitions to extended the K8s API. This way, we could use Kubernetes technology to create a composable, declarative architecture to power build service. The Custom Resource Definitions (CRDs) are coordinated by Custom Controllers to automate container image builds and keep them up to date based on user-provided configuration.

So with that in mind lets go and deploy kpack on GKE cluster and build our first image...

Steps

1. Install v0.0.3 of kpack into your Kube cluster

$ kubectl apply -f <(curl -L https://github.com/pivotal/kpack/releases/download/v0.0.3/release.yaml)

...

namespace/kpack created
customresourcedefinition.apiextensions.k8s.io/builds.build.pivotal.io created
customresourcedefinition.apiextensions.k8s.io/builders.build.pivotal.io created
clusterrole.rbac.authorization.k8s.io/kpack-admin created
clusterrolebinding.rbac.authorization.k8s.io/kpack-controller-admin created
deployment.apps/kpack-controller created
customresourcedefinition.apiextensions.k8s.io/images.build.pivotal.io created
serviceaccount/controller created
customresourcedefinition.apiextensions.k8s.io/sourceresolvers.build.pivotal.io created

2. Lets just verify what Custom resources definition (CRD's) have been installed

$ kubectl api-resources --api-group build.pivotal.io
NAME SHORTNAMES APIGROUP NAMESPACED KIND
builders cnbbuilder,cnbbuilders,bldr build.pivotal.io true Builder
builds cnbbuild,cnbbuilds,bld build.pivotal.io true Build
images cnbimage,cnbimages build.pivotal.io true Image
sourceresolvers build.pivotal.io true SourceResolver

3. Create a builder resource as follows

builder-resource.yaml

apiVersion: build.pivotal.io/v1alpha1
kind: Builder
metadata:
name: sample-builder
spec:
image: cloudfoundry/cnb:bionic
updatePolicy: polling

$ kubectl create -f builder-resource.yaml
builder.build.pivotal.io/sample-builder created

$ kubectl get builds,images,builders,sourceresolvers
NAME AGE
builder.build.pivotal.io/sample-builder 42s

4. Create a secret for push access to the desired docker registry

docker-secret.yaml

apiVersion: v1
kind: Secret
metadata:
name: basic-docker-user-pass
annotations:
build.pivotal.io/docker: index.docker.io
type: kubernetes.io/basic-auth
stringData:
username: papicella
password:

$ kubectl create -f docker-secret.yaml
secret/basic-docker-user-pass created

5. Create a secret for pull access from the desired git repository. The example below is for a github repository

git-secret.yaml

apiVersion: v1
kind: Secret
metadata:
name: basic-git-user-pass
annotations:
build.pivotal.io/git: https://github.com
type: kubernetes.io/basic-auth
stringData:
username: papicella
password:

$ kubectl create -f git-secret.yaml
secret/basic-git-user-pass created

6. Create a service account that uses the docker registry secret and the git repository secret.

service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account
secrets:
- name: basic-docker-user-pass
- name: basic-git-user-pass

$ kubectl create -f service-account.yaml
serviceaccount/service-account created

7. Install logs utility. In order to view the build logs for each image as it's created right now you have to use a utility that you build from the kpack github repo source fils itself. Follow the steps below to get it built

$ export GOPATH=`pwd`
$ git clone https://github.com/pivotal/kpack $GOPATH/src/github.com/pivotal/kpack
$ cd $GOPATH/src/github.com/pivotal/kpack
$ dep ensure -v
$ go build ./cmd/logs

You will have "logs" executable created in current directory which we will use it shortly

8. Create an image as follows. The GitHub repo I have here is public so will work no problem at all

pbs-demo-sample-image.yaml

apiVersion: build.pivotal.io/v1alpha1
kind: Image
metadata:
name: pbs-demo-image
spec:
tag: pasapples/pbs-demo-image
serviceAccount: service-account
builderRef: sample-builder
cacheSize: "1.5Gi" # Optional, if not set then the caching feature is disabled
failedBuildHistoryLimit: 5 # Optional, if not present defaults to 10
successBuildHistoryLimit: 5 # Optional, if not present defaults to 10
source:
git:
url: https://github.com/papicella/pbs-demo
revision: master
build: # Optional
env:
- name: BP_JAVA_VERSION
value: 11.*
resources:
limits:
cpu: 100m
memory: 1G
requests:
cpu: 50m
memory: 512M

$ kubectl create -f pbs-demo-sample-image.yaml
image.build.pivotal.io/sample-image created

9. Now at this point we can view the created image and current Cloud native Buildpack builds being run using two commands as follows.

$ kubectl get images
NAME LATESTIMAGE READY
pbs-demo-image Unknown

$ kubectl get cnbbuilds
NAME IMAGE SUCCEEDED
pbs-demo-image-build-1-pvh6k Unknown

Note: Unknown is normal as it has not yet completed

10. Now using our created "logs" utility lets view the current build logs

$ ./logs -image pbs-demo-image
{"level":"info","ts":1568175056.446671,"logger":"fallback-logger","caller":"creds-init/main.go:40","msg":"Credentials initialized.","commit":"002a41a"}
source-init:main.go:277: Successfully cloned "https://github.com/papicella/pbs-demo" @ "cee67e26d55b6d2735afd7fa3e0b81e251e0d5ce" in path "/workspace"
2019/09/11 04:11:23 Unable to read "/root/.docker/config.json": open /root/.docker/config.json: no such file or directory
======== Results ========
skip: org.cloudfoundry.archiveexpanding@1.0.0-RC03
pass: org.cloudfoundry.openjdk@1.0.0-RC03
pass: org.cloudfoundry.buildsystem@1.0.0-RC03
pass: org.cloudfoundry.jvmapplication@1.0.0-RC03
pass: org.cloudfoundry.tomcat@1.0.0-RC03
pass: org.cloudfoundry.springboot@1.0.0-RC03
pass: org.cloudfoundry.distzip@1.0.0-RC03
skip: org.cloudfoundry.procfile@1.0.0-RC03
skip: org.cloudfoundry.azureapplicationinsights@1.0.0-RC03
skip: org.cloudfoundry.debug@1.0.0-RC03
skip: org.cloudfoundry.googlestackdriver@1.0.0-RC03
skip: org.cloudfoundry.jdbc@1.0.0-RC03
skip: org.cloudfoundry.jmx@1.0.0-RC03
pass: org.cloudfoundry.springautoreconfiguration@1.0.0-RC03
Resolving plan... (try #1)
Success! (7)
Cache '/cache': metadata not found, nothing to restore
Analyzing image 'index.docker.io/pasapples/pbs-demo-image@sha256:40fe8aa932037faad697c3934667241eef620aac1d09fc7bb5ec5a75d5921e3e'
Writing metadata for uncached layer 'org.cloudfoundry.openjdk:openjdk-jre'

......

11. Now this will take some time to do our first build given it will hagve to download all the maven dependancies but you may be wondering how do we determine how many builds have been run so we can actually view the logs of any builds across our image we just created. To do that run a command as follows

$ kubectl get pods --show-labels | grep pbs-demo-image
pbs-demo-image-build-1-pvh6k-build-pod 0/1 Init:6/9 0 6m29s image.build.pivotal.io/buildNumber=1,image.build.pivotal.io/image=pbs-demo-image

12. So from the output above you can clearly see we just have the one single build so to view logs of just a particular build we use it's ID as shown above as follows

$ ./logs -image pbs-demo-image -build {ID}

...

13. Now if we wait at least 5 minutes as the first build will always take time just to the dependancies required to be downloaded it will eventually complete and show it's complete using the following commands

$ kubectl get images
NAME LATESTIMAGE READY
pbs-demo-image index.docker.io/pasapples/pbs-demo-image@sha256:a2d4082004d686bb2c76222a631b8a9b3866bef54c1fae03261986a528b556fe True

$ kubectl get cnbbuilds
NAME IMAGE SUCCEEDED
pbs-demo-image-build-1-pvh6k index.docker.io/pasapples/pbs-demo-image@sha256:a2d4082004d686bb2c76222a631b8a9b3866bef54c1fae03261986a528b556fe True

14. Now let's actually make a code change to our source code and issue a git commit. In this example below I am using IntelliJ IDEA for my code change/commit

15. Now let's see if a new build is kicked off it should be. Run the following command

$ kubectl get cnbbuilds
NAME IMAGE SUCCEEDED
pbs-demo-image-build-1-pvh6k index.docker.io/pasapples/pbs-demo-image@sha256:a2d4082004d686bb2c76222a631b8a9b3866bef54c1fae03261986a528b556fe True

pbs-demo-image-build-2-stl8w Unknown

16. Now lets see that in fact this new build is build ID 2 using a command as follows

$ kubectl get pods --show-labels | grep pbs-demo-image
pbs-demo-image-build-1-pvh6k-build-pod 0/1 Completed 0 21m image.build.pivotal.io/buildNumber=1,image.build.pivotal.io/image=pbs-demo-image
pbs-demo-image-build-2-stl8w-build-pod 0/1 Init:6/9 0 2m15s image.build.pivotal.io/buildNumber=2,image.build.pivotal.io/image=pbs-demo-image

17. Lets view the logs for BUILD 2 as follows

$ ./logs -image pbs-demo-image -build 2
{"level":"info","ts":1568176191.088838,"logger":"fallback-logger","caller":"creds-init/main.go:40","msg":"Credentials initialized.","commit":"002a41a"}
source-init:main.go:277: Successfully cloned "https://github.com/papicella/pbs-demo" @ "e2830bbcfb32bfdd72bf5d4b17428c405f46f3c1" in path "/workspace"
2019/09/11 04:29:55 Unable to read "/root/.docker/config.json": open /root/.docker/config.json: no such file or directory
======== Results ========
skip: org.cloudfoundry.archiveexpanding@1.0.0-RC03
pass: org.cloudfoundry.openjdk@1.0.0-RC03
pass: org.cloudfoundry.buildsystem@1.0.0-RC03
pass: org.cloudfoundry.jvmapplication@1.0.0-RC03
pass: org.cloudfoundry.tomcat@1.0.0-RC03
pass: org.cloudfoundry.springboot@1.0.0-RC03
pass: org.cloudfoundry.distzip@1.0.0-RC03
skip: org.cloudfoundry.procfile@1.0.0-RC03
skip: org.cloudfoundry.azureapplicationinsights@1.0.0-RC03
skip: org.cloudfoundry.debug@1.0.0-RC03
skip: org.cloudfoundry.googlestackdriver@1.0.0-RC03
skip: org.cloudfoundry.jdbc@1.0.0-RC03
skip: org.cloudfoundry.jmx@1.0.0-RC03
pass: org.cloudfoundry.springautoreconfiguration@1.0.0-RC03
Resolving plan... (try #1)
Success! (7)
Restoring cached layer 'org.cloudfoundry.openjdk:openjdk-jdk'
Restoring cached layer 'org.cloudfoundry.openjdk:90c33cf3f2ed0bd773f648815de7347e69cfbb3416ef3bf41616ab1c4aa0f5a8'
Restoring cached layer 'org.cloudfoundry.buildsystem:build-system-cache'
Restoring cached layer 'org.cloudfoundry.jvmapplication:executable-jar'
Restoring cached layer 'org.cloudfoundry.springboot:spring-boot'
Analyzing image 'index.docker.io/pasapples/pbs-demo-image@sha256:a2d4082004d686bb2c76222a631b8a9b3866bef54c1fae03261986a528b556fe'
Using cached layer 'org.cloudfoundry.openjdk:90c33cf3f2ed0bd773f648815de7347e69cfbb3416ef3bf41616ab1c4aa0f5a8'
Using cached layer 'org.cloudfoundry.openjdk:openjdk-jdk'
Writing metadata for uncached layer 'org.cloudfoundry.openjdk:openjdk-jre'
Using cached layer 'org.cloudfoundry.buildsystem:build-system-cache'
Using cached launch layer 'org.cloudfoundry.jvmapplication:executable-jar'
Rewriting metadata for layer 'org.cloudfoundry.jvmapplication:executable-jar'
Using cached launch layer 'org.cloudfoundry.springboot:spring-boot'
Rewriting metadata for layer 'org.cloudfoundry.springboot:spring-boot'
Writing metadata for uncached layer 'org.cloudfoundry.springautoreconfiguration:auto-reconfiguration'

Cloud Foundry OpenJDK Buildpack 1.0.0-RC03
OpenJDK JDK 11.0.4: Reusing cached layer
OpenJDK JRE 11.0.4: Reusing cached layer

Cloud Foundry Build System Buildpack 1.0.0-RC03
Using wrapper
Linking Cache to /home/cnb/.m2
Compiled Application: Contributing to layer
Executing /workspace/mvnw -Dmaven.test.skip=true package
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------< com.example:pbs-demo >------------------------
[INFO] Building pbs-demo 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ pbs-demo ---

...

18. Now this build won't take as long as the first build as this time we don't have to pull down the maven dependancies plus avoid creating layers that have not changes in the first OCI complaint image which is something cloud native buildpacks does for us nicely. Once complete you now have two builds as follows

$ kubectl get cnbbuilds
NAME IMAGE SUCCEEDED
pbs-demo-image-build-1-pvh6k index.docker.io/pasapples/pbs-demo-image@sha256:a2d4082004d686bb2c76222a631b8a9b3866bef54c1fae03261986a528b556fe True
pbs-demo-image-build-2-stl8w index.docker.io/pasapples/pbs-demo-image@sha256:a22c64754cb7addc3f7e9a9335b094adf466b5f8035227691e81403d0c9c177f True

19. Now let's run this locally as follows given I have docker desktop running. First we pull down the created image which in this case is the LATEST build build 2 here

$ docker pull pasapples/pbs-demo-image
Using default tag: latest
latest: Pulling from pasapples/pbs-demo-image
35c102085707: Already exists
251f5509d51d: Already exists
8e829fe70a46: Already exists
6001e1789921: Already exists
76a30c9e6d47: Pull complete
8538f1fe6188: Pull complete
2a899c7e684d: Pull complete
0ea0c38329cb: Pull complete
bb281735f842: Pull complete
664d87aab7ff: Pull complete
f4b03070a779: Pull complete
682af613b7ca: Pull complete
b893e5904080: Pull complete
Digest: sha256:a22c64754cb7addc3f7e9a9335b094adf466b5f8035227691e81403d0c9c177f
Status: Downloaded newer image for pasapples/pbs-demo-image:latest

20. Now let's run it

$ docker run -p 8080:8080 pasapples/pbs-demo-image

. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.6.RELEASE)

2019-09-11 04:40:41.747 WARN 1 --- [ main] pertySourceApplicationContextInitializer : Skipping 'cloud' property source addition because not in a cloud
2019-09-11 04:40:41.751 WARN 1 --- [ main] nfigurationApplicationContextInitializer : Skipping reconfiguration because not in a cloud
2019-09-11 04:40:41.760 INFO 1 --- [ main] com.example.pbsdemo.PbsDemoApplication : Starting PbsDemoApplication on 5975633400c4 with PID 1 (/workspace/BOOT-INF/classes started by cnb in /workspace)

...

2019-09-11 04:40:50.255 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2019-09-11 04:40:50.259 INFO 1 --- [ main] com.example.pbsdemo.PbsDemoApplication : Started PbsDemoApplication in 8.93 seconds (JVM running for 9.509)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2019-09-11 04:40:50.323 INFO 1 --- [ main] com.example.pbsdemo.LoadDatabase : Preloading Customer(id=1, name=pas, status=active)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2019-09-11 04:40:50.326 INFO 1 --- [ main] com.example.pbsdemo.LoadDatabase : Preloading Customer(id=2, name=lucia, status=active)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2019-09-11 04:40:50.329 INFO 1 --- [ main] com.example.pbsdemo.LoadDatabase : Preloading Customer(id=3, name=lucas, status=inactive)
Hibernate: insert into customer (id, name, status) values (null, ?, ?)
2019-09-11 04:40:50.331 INFO 1 --- [ main] com.example.pbsdemo.LoadDatabase : Preloading Customer(id=4, name=siena, status=inactive)

21. Invoke it through a browser as follows

http://localhost:8080/swagger-ui.html

22. Finally let's actually run this application on our k8s cluster itself. So start by creating a basic YAML file for deployment as follows

run-pbs-image-k8s-yaml.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: pbs-demo-image
spec:
replicas: 2
template:
metadata:
labels:
app: pbs-demo-image
spec:
containers:
- name: pbs-demo-image
image: pasapples/pbs-demo-image
ports:
- containerPort: 8080

---
apiVersion: v1
kind: Service
metadata:
name: pbs-demo-image-service
labels:
name: pbs-demo-image-service
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app: pbs-demo-image
type: LoadBalancer

23. Apply your config

$ kubectl create -f run-pbs-image-k8s-yaml.yaml
deployment.extensions/pbs-demo-image created
service/pbs-demo-image-service created

24. Check we have running pods and LB service created

$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/pbs-demo-image-build-1-pvh6k-build-pod 0/1 Completed 0 39m
pod/pbs-demo-image-build-2-stl8w-build-pod 0/1 Completed 0 19m
pod/pbs-demo-image-f5c9d989-l2hg5 1/1 Running 0 48s
pod/pbs-demo-image-f5c9d989-pfxzs 1/1 Running 0 48s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.101.0.1 443/TCP 86m
service/pbs-demo-image-service LoadBalancer 10.101.15.197 80:30769/TCP 49s

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/pbs-demo-image 2/2 2 2 49s

NAME DESIRED CURRENT READY AGE
replicaset.apps/pbs-demo-image-f5c9d989 2 2 2 50s

More Information

Introducing kpack, a Kubernetes Native Container Build Service
https://content.pivotal.io/blog/introducing-kpack-a-kubernetes-native-container-build-service

Cloud Native Buildpacks
https://buildpacks.io/

Friday, 2 August 2019

Taking Pivotal Build Service (PBS) for a test drive

Pivotal Build Service ALPHA was just released and in this blog post let's take it for a test drive to work out how it works. The Pivotal blog post about this release is below. In short it Assembles and Updates Containers in Kubernetes

https://content.pivotal.io/blog/pivotal-build-service-now-alpha-assembles-and-updates-containers-in-kubernetes

Steps:

1. Once you have deployed Pivotal Build Service, the pb CLI can be used to target it with the following command.

Note: Use the --skip-ssl-validation flag if the Pivotal Build Service targets a UAA that has a self-signed CA cert

$ pb api set https://pbs.picorivera.cf-app.com --skip-ssl-validation
Successfully set 'https://pbs.picorivera.cf-app.com' as the Build Service

2. Login using "pb login" as shown below

$ pb login
Target Build Server at: https://pbs.picorivera.cf-app.com

Username: papicella@gmail.com
Password: ******
Login successful

Using the Pivotal Build Service (PBS) requires us to create a TEAM and IMAGE. Both are explained below.

TEAM: A team is an entity on Pivotal Build Service that is used to manage authentication for the images built by Pivotal Build Service and to manage registry and git credentials for the images managed by the team

3. Create a TEAM yaml as per below and then apply that config using the pb cli

example-team.yaml

name: example-team-name
registries:
- registry: index.docker.io
username: pasapples
password: *****
repositories:
- domain: github.com
username: papicella
password: *****

$ pb team apply -f example-team.yaml
Successfully applied team 'example-team-name'

IMAGE: An image defines the specification that Pivotal Build Service uses to create images for a user.

4. Create a IMAGE yaml as per below and then apply that config using the pb cli. The PBS will automatically kick off a build.

example-image.yaml

team: example-team-name
source:
git:
url: https://github.com/papicella/pbs-demo
revision: master
image:
tag: pasapples/pbs-demo-image

$ pb image apply -f example-image.yaml
Successfully applied image configuration 'pasapples/pbs-demo-image'

$ pb image builds pasapples/pbs-demo-image
Build Status Image Started Time Finished Time Reason
----- ------ ----- ------------ ------------- ------
1 BUILDING -- 2019-08-02 09:43:06 -- CONFIG

5. You can view the logs of the build using it's ID as shown below driving off the Build ID

$ pb image logs pasapples/pbs-demo-image -b 1

papicella@papicella:~$ pb image logs pasapples/pbs-demo-image -b 1
[build-step-credential-initializer] {"level":"info","ts":1564739008.561973,"logger":"fallback-logger","caller":"creds-init/main.go:40","msg":"Credentials initialized.","commit":"002a41a"}
[build-step-credential-initializer]
[build-step-git-source-0] git-init:main.go:81: Successfully cloned "https://github.com/papicella/pbs-demo" @ "c1aae50feaffcd61c521796cd675e6576e58bc64" in path "/workspace"
[build-step-git-source-0]
[build-step-prepare]
[build-step-detect] Trying group 1 out of 3 with 27 buildpacks...
[build-step-detect] ======== Results ========
[build-step-detect] skip: Cloud Foundry Archive Expanding Buildpack
[build-step-detect] pass: Pivotal OpenJDK Buildpack
[build-step-detect] pass: Pivotal Build System Buildpack
[build-step-detect] pass: Cloud Foundry JVM Application Buildpack
[build-step-detect] pass: Cloud Foundry Spring Boot Buildpack
[build-step-detect] pass: Cloud Foundry Apache Tomcat Buildpack
[build-step-detect] pass: Cloud Foundry DistZip Buildpack
[build-step-detect] skip: Cloud Foundry Procfile Buildpack
[build-step-detect] skip: Pivotal AppDynamics Buildpack
[build-step-detect] skip: Pivotal AspectJ Buildpack
[build-step-detect] skip: Pivotal CA Introscope Buildpack
[build-step-detect] pass: Pivotal Client Certificate Mapper Buildpack

....

6. So after a few minutes or so we will see we have built our initial image from the GitHub repo and that OCI compliant image built using Cloud Native Buildpacks is created on our DockerHub account

$ pb image builds pasapples/pbs-demo-image
Build Status Image Started Time Finished Time Reason
----- ------ ----- ------------ ------------- ------
1 SUCCESS 98239112 2019-08-02 09:43:06 2019-08-02 09:44:34 CONFIG

One of the PBS job is to keep this image updated as new successful commits occur off the matser branch. Lets show how this works as per below

7. Let's make a change to the code for or GitHub repo here I do this in IntelliJ IDEA

8. Commit the changes as shown below

9. Let's see if indeed the PBS actually started a new build for us and we should see it is doing that.

$ pb image builds pasapples/pbs-demo-image
Build Status Image Started Time Finished Time Reason
----- ------ ----- ------------ ------------- ------
1 SUCCESS 98239112 2019-08-02 09:43:06 2019-08-02 09:44:34 CONFIG
2 BUILDING -- 2019-08-02 09:57:11 -- COMMIT

10. We can tail the logs as shown below and actually tail the build logs live using "-f"

papicella@papicella:~$ pb image logs pasapples/pbs-demo-image -b 2 -f
[build-step-credential-initializer] {"level":"info","ts":1564739850.5331886,"logger":"fallback-logger","caller":"creds-init/main.go:40","msg":"Credentials initialized.","commit":"002a41a"}
[build-step-credential-initializer]
[build-step-git-source-0] git-init:main.go:81: Successfully cloned "https://github.com/papicella/pbs-demo" @ "0bb81c7523be7ada3ed956569d0241cda6b410d2" in path "/workspace"
[build-step-git-source-0]
[build-step-prepare]
[build-step-detect] Trying group 1 out of 3 with 27 buildpacks...
[build-step-detect] ======== Results ========
[build-step-detect] skip: Cloud Foundry Archive Expanding Buildpack
[build-step-detect] pass: Pivotal OpenJDK Buildpack
[build-step-detect] pass: Pivotal Build System Buildpack
[build-step-detect] pass: Cloud Foundry JVM Application Buildpack
[build-step-detect] pass: Cloud Foundry Spring Boot Buildpack
[build-step-detect] pass: Cloud Foundry Apache Tomcat Buildpack
[build-step-detect] pass: Cloud Foundry DistZip Buildpack
[build-step-detect] skip: Cloud Foundry Procfile Buildpack
[build-step-detect] skip: Pivotal AppDynamics Buildpack
[build-step-detect] skip: Pivotal AspectJ Buildpack
[build-step-detect] skip: Pivotal CA Introscope Buildpack
[build-step-detect] pass: Pivotal Client Certificate Mapper Buildpack
[build-step-detect] skip: Pivotal Elastic APM Buildpack
[build-step-detect] skip: Pivotal JaCoCo Buildpack
[build-step-detect] skip: Pivotal JProfiler Buildpack
[build-step-detect] skip: Pivotal JRebel Buildpack
[build-step-detect] skip: Pivotal New Relic Buildpack
[build-step-detect] skip: Pivotal OverOps Buildpack
[build-step-detect] skip: Pivotal Riverbed AppInternals Buildpack
[build-step-detect] skip: Pivotal SkyWalking Buildpack
[build-step-detect] skip: Pivotal YourKit Buildpack
[build-step-detect] skip: Cloud Foundry Azure Application Insights Buildpack
[build-step-detect] skip: Cloud Foundry Debug Buildpack
[build-step-detect] skip: Cloud Foundry Google Stackdriver Buildpack
[build-step-detect] skip: Cloud Foundry JDBC Buildpack
[build-step-detect] skip: Cloud Foundry JMX Buildpack
[build-step-detect] pass: Cloud Foundry Spring Auto-reconfiguration Buildpack
[build-step-detect]
[build-step-restore] Restoring cached layer 'io.pivotal.openjdk:openjdk-jdk'
[build-step-restore] Restoring cached layer 'io.pivotal.buildsystem:build-system-application'
[build-step-restore] Restoring cached layer 'io.pivotal.buildsystem:build-system-cache'
[build-step-restore] Restoring cached layer 'org.cloudfoundry.jvmapplication:executable-jar'
[build-step-restore] Restoring cached layer 'org.cloudfoundry.springboot:spring-boot'
[build-step-restore]
[build-step-analyze] Analyzing image 'index.docker.io/pasapples/pbs-demo-image@sha256:982391123b47cdbac534aaeed78c5e121d89d2064b53897c23f2248a7658fa50'
[build-step-analyze] Using cached layer 'io.pivotal.openjdk:openjdk-jdk'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:java-security-properties'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:jvmkill'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:link-local-dns'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:memory-calculator'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:openjdk-jre'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:security-provider-configurer'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.openjdk:class-counter'
[build-step-analyze] Using cached layer 'io.pivotal.buildsystem:build-system-application'
[build-step-analyze] Using cached layer 'io.pivotal.buildsystem:build-system-cache'
[build-step-analyze] Using cached launch layer 'org.cloudfoundry.jvmapplication:executable-jar'
[build-step-analyze] Rewriting metadata for layer 'org.cloudfoundry.jvmapplication:executable-jar'
[build-step-analyze] Using cached launch layer 'org.cloudfoundry.springboot:spring-boot'
[build-step-analyze] Rewriting metadata for layer 'org.cloudfoundry.springboot:spring-boot'
[build-step-analyze] Writing metadata for uncached layer 'io.pivotal.clientcertificatemapper:client-certificate-mapper'
[build-step-analyze] Writing metadata for uncached layer 'org.cloudfoundry.springautoreconfiguration:auto-reconfiguration'
[build-step-analyze]
[build-step-build]
[build-step-build] Pivotal OpenJDK Buildpack 1.0.0-M9
[build-step-build] OpenJDK JDK 11.0.3: Reusing cached layer
[build-step-build] OpenJDK JRE 11.0.3: Reusing cached layer
[build-step-build] Java Security Properties 1.0.0-M9: Reusing cached layer
[build-step-build] Security Provider Configurer 1.0.0-M9: Reusing cached layer
[build-step-build] Link-Local DNS 1.0.0-M9: Reusing cached layer
[build-step-build] JVMKill Agent 1.16.0: Reusing cached layer
[build-step-build] Class Counter 1.0.0-M9: Reusing cached layer
[build-step-build] Memory Calculator 4.0.0: Reusing cached layer
[build-step-build]
[build-step-build] Pivotal Build System Buildpack 1.0.0-M9
[build-step-build] Using wrapper
[build-step-build] Linking Cache to /home/vcap/.m2
[build-step-build] Compiled Application (141 files): Contributing to layer
[build-step-build] [INFO] Scanning for projects...
[build-step-build] [INFO]
[build-step-build] [INFO] ------------------------< com.example:pbs-demo >------------------------
[build-step-build] [INFO] Building pbs-demo 0.0.1-SNAPSHOT
[build-step-build] [INFO] --------------------------------[ jar ]---------------------------------
[build-step-build] [INFO]
[build-step-build] [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ pbs-demo ---
[build-step-build] [INFO] Using 'UTF-8' encoding to copy filtered resources.
[build-step-build] [INFO] Copying 1 resource
[build-step-build] [INFO] Copying 0 resource
[build-step-build] [INFO]
[build-step-build] [INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ pbs-demo ---
[build-step-build] [INFO] Changes detected - recompiling the module!
[build-step-build] [INFO] Compiling 9 source files to /workspace/target/classes
[build-step-build] [INFO]
[build-step-build] [INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ pbs-demo ---
[build-step-build] [INFO] Not copying test resources
[build-step-build] [INFO]
[build-step-build] [INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ pbs-demo ---
[build-step-build] [INFO] Not compiling test sources
[build-step-build] [INFO]
[build-step-build] [INFO] --- maven-surefire-plugin:2.22.2:test (default-test) @ pbs-demo ---
[build-step-build] [INFO] Tests are skipped.
[build-step-build] [INFO]
[build-step-build] [INFO] --- maven-jar-plugin:3.1.2:jar (default-jar) @ pbs-demo ---
[build-step-build] [INFO] Building jar: /workspace/target/pbs-demo-0.0.1-SNAPSHOT.jar
[build-step-build] [INFO]
[build-step-build] [INFO] --- spring-boot-maven-plugin:2.1.6.RELEASE:repackage (repackage) @ pbs-demo ---
[build-step-build] [INFO] Replacing main artifact with repackaged archive
[build-step-build] [INFO] ------------------------------------------------------------------------
[build-step-build] [INFO] BUILD SUCCESS
[build-step-build] [INFO] ------------------------------------------------------------------------
[build-step-build] [INFO] Total time: 7.214 s
[build-step-build] [INFO] Finished at: 2019-08-02T09:57:52Z
[build-step-build] [INFO] ------------------------------------------------------------------------
[build-step-build] Removing source code
[build-step-build]
[build-step-build] Cloud Foundry JVM Application Buildpack 1.0.0-M9
[build-step-build] Executable JAR: Reusing cached layer
[build-step-build] Process types:
[build-step-build] executable-jar: java -cp $CLASSPATH $JAVA_OPTS org.springframework.boot.loader.JarLauncher
[build-step-build] task: java -cp $CLASSPATH $JAVA_OPTS org.springframework.boot.loader.JarLauncher
[build-step-build] web: java -cp $CLASSPATH $JAVA_OPTS org.springframework.boot.loader.JarLauncher
[build-step-build]
[build-step-build] Cloud Foundry Spring Boot Buildpack 1.0.0-M9
[build-step-build] Spring Boot 2.1.6.RELEASE: Reusing cached layer
[build-step-build] Process types:
[build-step-build] spring-boot: java -cp $CLASSPATH $JAVA_OPTS com.example.pbsdemo.PbsDemoApplication
[build-step-build] task: java -cp $CLASSPATH $JAVA_OPTS com.example.pbsdemo.PbsDemoApplication
[build-step-build] web: java -cp $CLASSPATH $JAVA_OPTS com.example.pbsdemo.PbsDemoApplication
[build-step-build]
[build-step-build] Pivotal Client Certificate Mapper Buildpack 1.0.0-M9
[build-step-build] Cloud Foundry Client Certificate Mapper 1.8.0: Reusing cached layer
[build-step-build]
[build-step-build] Cloud Foundry Spring Auto-reconfiguration Buildpack 1.0.0-M9
[build-step-build] Spring Auto-reconfiguration 2.7.0: Reusing cached layer
[build-step-build]

...

11. This time the build will be faster given we are using Cloud Native Buildpacks a CNCF project and it will only rebuild the layers required versus the whole image itself. You can see from the time taken of build "2"

$ pb image builds pasapples/pbs-demo-image
Build Status Image Started Time Finished Time Reason
----- ------ ----- ------------ ------------- ------
1 SUCCESS 98239112 2019-08-02 09:43:06 2019-08-02 09:44:34 CONFIG
2 SUCCESS 1e4b63b1 2019-08-02 09:57:11 2019-08-02 09:58:15 COMMIT

Hopefully this demo shows what the PBS is all about and how it will simplify how you create and keep updated your OCI compliant images.

More Information:

1. Get started with Pivotal Build Service.
https://github.com/pivotal-cf/docs-build-service/blob/master/using.md

2. Request alpha access to Build Service via this form, or by reaching out to your account team. Once you’ve gained access, you’ll see the bits on up PivNet

3. Cloud Native buildpacks
https://buildpacks.io/

Wednesday, 12 June 2019

Using Cloud Native Buildpacks (CNB) on a local registry to speed up the building of images for test purposes

I previously blogged about the CNCF project known as Cloud Native Buildpacks previously on this blog entry below.

Building PivotalMySQLWeb using Cloud Native Buildpacks (CNB)
http://theblasfrompas.blogspot.com/2019/06/building-pivotalmysqlweb-using-cloud.html

In the steps below I will show how to use a local docker registry on your laptop or desktop to enable faster builds of your OCI compliant images using CNB's. Here is how using the same application.

Pre Steps:

1. Ensure you have Docker CE installed if not use this link

https://hub.docker.com/search/?type=edition&offering=community

Steps:

1. Start by running a local registry on your own laptop. The guide shows how to get a container running which will be our local registry and then how you verify it's running.

https://docs.docker.com/registry/

$ docker run -d -p 5000:5000 --restart=always --name registry registry:2

Verify it's running:

$ netstat -an | grep 5000
tcp6 0 0 ::1.5000 *.* LISTEN
tcp4 0 0 *.5000 *.* LISTEN

2. Then pull the CNB images versions of the "official" build and run images from the GCR as follows. Those images exist here

https://console.cloud.google.com/gcr/images/cncf-buildpacks-ci/GLOBAL/packs/run?gcrImageListsize=30

Here I am using the latest build/run images which at the time of this post was "run:0.2.0-build.12"

papicella@papicella:~$ docker pull gcr.io:443/cncf-buildpacks-ci/packs/run:0.2.0-build.12
0.2.0-build.12: Pulling from cncf-buildpacks-ci/packs/run
Digest: sha256:ebd42c0228f776804f2e99733076216592c5a1117f1b3dde7688cf3bd0bbe7b9
Status: Downloaded newer image for gcr.io:443/cncf-buildpacks-ci/packs/run:0.2.0-build.12

papicella@papicella:~$ docker tag gcr.io:443/cncf-buildpacks-ci/packs/run:0.2.0-build.12 localhost:5000/run:0.2.0-build.12

papicella@papicella:~$ docker rmi gcr.io:443/cncf-buildpacks-ci/packs/run:0.2.0-build.12
Untagged: gcr.io:443/cncf-buildpacks-ci/packs/run:0.2.0-build.12
Untagged: gcr.io:443/cncf-buildpacks-ci/packs/run@sha256:ebd42c0228f776804f2e99733076216592c5a1117f1b3dde7688cf3bd0bbe7b9

papicella@papicella:~$ docker push localhost:5000/run:0.2.0-build.12
The push refers to repository [localhost:5000/run]
1315c94f2536: Layer already exists
63696cbb6c17: Layer already exists
30ede08f8231: Layer already exists
b57c79f4a9f3: Layer already exists
d60e01b37e74: Layer already exists
e45cfbc98a50: Layer already exists
762d8e1a6054: Layer already exists
0.2.0-build.12: digest: sha256:ebd42c0228f776804f2e99733076216592c5a1117f1b3dde7688cf3bd0bbe7b9 size: 1780

3. Now lets use our local registry and build/run images which will be much faster for local development

papicella@papicella:~/pivotal/PCF/APJ/PPTX/CNCF/buildpacks.io/demos$ docker tag localhost:5000/run:0.2.0-build.12 localhost:5000/run

papicella@papicella:~/pivotal/PCF/APJ/PPTX/CNCF/buildpacks.io/demos$ docker push localhost:5000/run:latest
The push refers to repository [localhost:5000/run]
1315c94f2536: Layer already exists
63696cbb6c17: Layer already exists
30ede08f8231: Layer already exists
b57c79f4a9f3: Layer already exists
d60e01b37e74: Layer already exists
e45cfbc98a50: Layer already exists
762d8e1a6054: Layer already exists
latest: digest: sha256:ebd42c0228f776804f2e99733076216592c5a1117f1b3dde7688cf3bd0bbe7b9 size: 1780

papicella@papicella:~/pivotal/PCF/APJ/PPTX/CNCF/buildpacks.io/demos$ pack build localhost:5000/pivotal-mysql-web --path ./PivotalMySQLWeb --no-pull --publish
Using default builder image cloudfoundry/cnb:cflinuxfs3
Selected run image cloudfoundry/cnb-run:cflinuxfs3 from builder
Using build cache volume pack-cache-65bb470893c1.build
Executing lifecycle version 0.2.1
===> DETECTING
[detector] Trying group 1 out of 4 with 8 buildpacks...
[detector] ======== Results ========
[detector] pass: Cloud Foundry OpenJDK Buildpack
[detector] skip: Cloud Foundry Build System Buildpack
[detector] pass: Cloud Foundry JVM Application Buildpack
[detector] skip: Cloud Foundry Azure Application Insights Buildpack
[detector] skip: Cloud Foundry Debug Buildpack
[detector] skip: Cloud Foundry Google Stackdriver Buildpack
[detector] skip: Cloud Foundry JMX Buildpack
[detector] skip: Cloud Foundry Procfile Buildpack
===> RESTORING
[restorer] restoring cached layer 'org.cloudfoundry.openjdk:d2df8bc799b09c8375f79bf646747afac3d933bb1f65de71d6c78e7466ff8fe4'
===> ANALYZING
[analyzer] using cached layer 'org.cloudfoundry.openjdk:d2df8bc799b09c8375f79bf646747afac3d933bb1f65de71d6c78e7466ff8fe4'
[analyzer] writing metadata for uncached layer 'org.cloudfoundry.openjdk:openjdk-jre'
[analyzer] writing metadata for uncached layer 'org.cloudfoundry.jvmapplication:main-class'
===> BUILDING
[builder] -----> Cloud Foundry OpenJDK Buildpack 1.0.0-M8
[builder] -----> OpenJDK JRE 11.0.3: Reusing cached layer
[builder]
[builder] -----> Cloud Foundry JVM Application Buildpack 1.0.0-M8
[builder] -----> Main-Class Classpath: Reusing cached layer
[builder] -----> Process types:
[builder] task: java -cp $CLASSPATH $JAVA_OPTS org.springframework.boot.loader.JarLauncher
[builder] web: java -cp $CLASSPATH $JAVA_OPTS org.springframework.boot.loader.JarLauncher
[builder]
===> EXPORTING
[exporter] Reusing layer 'app' with SHA sha256:b32618ed6b86fb496a4ce33db9df49fdd4ef16c5646b174b5643c8befcb7408a
[exporter] Reusing layer 'config' with SHA sha256:9538e967fa10f23b3415c382a3754ebf4c2645c20b6d76af519236c1181e7639
[exporter] Reusing layer 'launcher' with SHA sha256:04ca7957074763290a9abe6a067ce8c902a2ab51ed6c55102964e3f3294cdebd
[exporter] Reusing layer 'org.cloudfoundry.openjdk:openjdk-jre' with SHA sha256:e540f1464509ac673a25bd2f24c7dd6875f805c0dd35e9af84dd4669e2fd0c93
[exporter] Reusing layer 'org.cloudfoundry.jvmapplication:main-class' with SHA sha256:8537197b3f57d86a59397b89b4fbdd14900a602cc12961eae338b9ef2513cdc0
[exporter]
[exporter] *** Image: localhost:5000/pivotal-mysql-web:latest@sha256:f1d7a25fc5159ceb668c26b595dcffb00ef54ada31cbb52eaa8319dc143fc9d8
===> CACHING
[cacher] Reusing layer 'org.cloudfoundry.openjdk:d2df8bc799b09c8375f79bf646747afac3d933bb1f65de71d6c78e7466ff8fe4' with SHA sha256:11439713b023be71211cb83ecd56a1be63e0c0be3e4814a18cc4c71d2264dea5
Successfully built image localhost:5000/pivotal-mysql-web

papicella@papicella:~/pivotal/PCF/APJ/PPTX/CNCF/buildpacks.io/demos$ docker pull localhost:5000/pivotal-mysql-web
Using default tag: latest
latest: Pulling from pivotal-mysql-web
410238d178d0: Already exists
a00e90b544bc: Already exists
9de264eecc08: Already exists
4acedf754175: Already exists
d5a72fc0c7a1: Already exists
4066d2d744ac: Already exists
dba1ef680b99: Already exists
Digest: sha256:f1d7a25fc5159ceb668c26b595dcffb00ef54ada31cbb52eaa8319dc143fc9d8
Status: Downloaded newer image for localhost:5000/pivotal-mysql-web:latest

papicella@papicella:~/pivotal/PCF/APJ/PPTX/CNCF/buildpacks.io/demos$ docker run -m 1G -p 8080:8080 localhost:5000/pivotal-mysql-web

. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.0.RELEASE)

2019-06-12 01:02:16.174 INFO 1 --- [ main] c.p.p.m.PivotalMySqlWebApplication : Starting PivotalMySqlWebApplication on a018f17d6121 with PID 1 (/workspace/BOOT-INF/classes started by vcap in /workspace)
2019-06-12 01:02:16.179 INFO 1 --- [ main] c.p.p.m.PivotalMySqlWebApplication : No active profile set, falling back to default profiles: default
2019-06-12 01:02:18.336 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2019-06-12 01:02:18.374 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2019-06-12 01:02:18.375 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/9.0.12
2019-06-12 01:02:18.391 INFO 1 --- [ main] o.a.catalina.core.AprLifecycleListener : The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [/layers/org.cloudfoundry.openjdk/openjdk-jre/lib:/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib]
2019-06-12 01:02:18.512 INFO 1 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2019-06-12 01:02:18.512 INFO 1 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 2270 ms
2019-06-12 01:02:19.019 INFO 1 --- [ main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/*]
2019-06-12 01:02:19.020 INFO 1 --- [ main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'webMvcMetricsFilter' to: [/*]
2019-06-12 01:02:19.020 INFO 1 --- [ main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2019-06-12 01:02:19.020 INFO 1 --- [ main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'formContentFilter' to: [/*]
2019-06-12 01:02:19.021 INFO 1 --- [ main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/*]
2019-06-12 01:02:19.021 INFO 1 --- [ main] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2019-06-12 01:02:19.022 INFO 1 --- [ main] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'httpTraceFilter' to: [/*]
2019-06-12 01:02:19.022 INFO 1 --- [ main] o.s.b.w.servlet.ServletRegistrationBean : Servlet dispatcherServlet mapped to [/]
2019-06-12 01:02:19.374 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-06-12 01:02:19.918 INFO 1 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: 42d4ec01-6459-4205-a66b-1b49d333121e

2019-06-12 01:02:20.043 INFO 1 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/**'], []
2019-06-12 01:02:20.092 INFO 1 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@47e4d9d0, org.springframework.security.web.context.SecurityContextPersistenceFilter@5e4fa1da, org.springframework.security.web.header.HeaderWriterFilter@4ae263bf, org.springframework.security.web.csrf.CsrfFilter@2788d0fe, org.springframework.security.web.authentication.logout.LogoutFilter@15fdd1f2, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@2d746ce4, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@70e02081, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@49798e84, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@1948ea69, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3f92c349, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@66ba7e45, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6ed06f69, org.springframework.security.web.session.SessionManagementFilter@19ccca5, org.springframework.security.web.access.ExceptionTranslationFilter@57aa341b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7c6442c2]
2019-06-12 01:02:20.138 INFO 1 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 9 endpoint(s) beneath base path '/actuator'
2019-06-12 01:02:20.259 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2019-06-12 01:02:20.265 INFO 1 --- [ main] c.p.p.m.PivotalMySqlWebApplication : Started PivotalMySqlWebApplication in 4.841 seconds (JVM running for 5.646)

And that's it a locally built OCI image (Built very fast all locally) you have run locally from your local image registry.

Here is how to view your local registry using HTTPie showing our locally built "pivotal-mysql-web" OCI image we created above

papicella@papicella:~$ http http://localhost:5000/v2/_catalog
HTTP/1.1 200 OK
Content-Length: 63
Content-Type: application/json; charset=utf-8
Date: Wed, 12 Jun 2019 01:53:40 GMT
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff

{
"repositories": [
"pivotal-mysql-web",
"run",
"sample-java-app"
]
}

More Information

1. Cloud Native Buildpacks: an Industry-Standard Build Process for Kubernetes and Beyond.
https://content.pivotal.io/blog/cloud-native-buildpacks-for-kubernetes-and-beyond

2. buildspacks.io Home Page
https://buildpacks.io/

Search This Blog