Local Kubernetes Cluster
CI Sense's Docker images and Helm charts are made available via a private repo. Please contact your Code Intelligence Customer Success Manager to receive the relevant credentials.
With the CI Sense Helm charts it's easy to deploy CI Sense into an existing kubernetes cluster to best integrate into various infrastructures.
Without access to a kubernetes cluster or for demo purposes it is possible to deploy CI Sense to a single node kubernetes cluster which can be installed in minutes. We recommend a kind cluster for trying out CI Sense before deploying to a managed kubernetes cluster.
Creating a local Kind cluster
To test the CI App locally download the kind cluster binary. A suitable kind cluster configuration can be found in kind-cluster-config.yaml. Create the cluster with
kind create cluster --config <kind-cluster-config.yaml>
After the cluster is up create the TLS certificate secret as described in the Ingress section and deploy an ingress controller with the commands
kubectl apply -f "https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/provider/kind/deploy.yaml"
kubectl wait deployment -n ingress-nginx ingress-nginx-controller --for condition=Available=true
See here for more details on
alternative Ingress controllers that work in the kind
cluster.
Create a custom-values.yaml
with the following content and fill in the
registry username, password and a domain of your choice:
global:
imagePullSecret:
create: true
username: "<$USER_NAME>"
password: "<$PASSWORD>"
fuzzContainerRegistry:
address: registry.<your-domain>
externalCredentials:
username: cifuzz
password: cifuzz-registry-password
clusterCredentials:
username: cisense
password: cisense-registry-password
persistence:
storageClassName: "standard"
# Kind cluster's default storage class is a local storage provider.
# Storage is not synced between nodes, so it doesn't support ReadWriteMany
# access mode. It does provide ReadWriteOnce, which is ok as long as we're
# running with a single worker node.
accessModes:
- ReadWriteOnce
ingress:
tlsSecretName: cifuzz-server-certificates
hosts:
gateway: app.<your-domain>
grpcIngress:
host: grpc.<your-domain>
tlsSecretName: cifuzz-server-certificates
cifuzz-worker:
enabled: true
registry:
enabled: true
ingress:
host: registry.<your-domain>
tlsSecretName: cifuzz-server-certificates
# Storage for the container registry.
minio:
enabled: true
persistence:
storageclass: standard
size: 20gi
resources:
requests:
memory: 500mi
and execute the deployment
helm upgrade cifuzz-server oci://f5d6e55758e0d08d.azurecr.io/helm/cifuzz-server \
--install \
--namespace <namespace> \
--create-namespace \
--values custom-values.yaml
After successful deployment add the following lines to your /etc/hosts
:
127.0.0.1 app.<your-domain>
127.0.0.1 grpc.<your-domain>
127.0.0.1 registry.<your-domain>
You should be able to access the CI App on https://app.code-intelligence.local.
Container Registry Setup
In a kind cluster some additional steps are required to enable pulling from the
registry inside the cluster. Firstly, the registry host name needs to be
resolvable on the node level. Run the following command to add hostname entries
to the /etc/hosts
file:
REGISTRY_HOST="registry.<your-domain>"
CLUSTER_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller -o json | jq -r ".spec.clusterIP")
for node in $(kind get nodes); do
docker exec "${node}" bash -c "echo \"${CLUSTER_IP} ${REGISTRY_HOST}\" >> /etc/hosts"
done
In the case of a self signed certificate containerd
will refuse pulling images
from the container registry. To bypass this issue you can disable certificate
verification for one specific container registry with the command:
REGISTRY_HOST="registry.<your-domain>"
REGISTRY_DIR="/etc/containerd/certs.d/${REGISTRY_HOST}"
for node in $(kind get nodes); do
docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
[host."https://${REGISTRY_HOST}"]
skip_verify = true
EOF
done
Cluster storage requirements
CI Sense application recommends at least 256 GB of storage available for the Container Registry. Fuzz Containers stored in the Registry are periodically pruned to keep the storage usage in check.