Connect + Docker + AWS = Bitbucket Pipelines
-
Upload
atlassian -
Category
Technology
-
view
2.086 -
download
2
Transcript of Connect + Docker + AWS = Bitbucket Pipelines
![Page 1: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/1.jpg)
NATHAN BURRELL • SENIOR DEVELOPER • ATLASSIAN
Connect + AWS + Docker = Bitbucket Pipelines
![Page 2: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/2.jpg)
A short time ago in an office far far away…
![Page 3: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/3.jpg)
Connect Microservices on AWS Docker
Agenda
![Page 4: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/4.jpg)
Connect Descriptor
iFrames and Webhooks
Security
Connect
![Page 5: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/5.jpg)
Connect Descriptor Describes in JSON how the integration will integrate with the Atlassian cloud product.
![Page 6: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/6.jpg)
Permissions
iFrames
Webhooks
Scopes control what your integration can do with JWT tokens generated using the shared secret provided on installation.
{
…
“scopes”: [
“account”,
“repository:admin”,
“pipeline”,
“pipeline:variable”
],
…
}
![Page 7: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/7.jpg)
Permissions
iFrames
Webhooks
Modules are used to specify where you will inject UI fragments into the parent application.
{
…
“modules”: {
“webPanel”: [ {
“key”: “pipelines-overview”,
“name”: { “value”: “Pipelines Overview” },
“url”: “pipelinesOverview.html?accountUuid={repo_owner_uuid} ”,
“location”: “org.bitbucket.repository.overview.informationPanel”,
“condition”: [ { …} ]
}]
},
…
}
![Page 8: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/8.jpg)
Permissions
iFrames
Webhooks
Webhooks are used to specify URLs to be called back to when certain events occur.
{
…
“lifecycle”: {
“installed”: “/api/events/connect/installed”,
“uninstalled”, “api/events/connect/uninstalled”
},
…
“webhooks” : [ {
“event”: “repo:push”,
“url”: “/api/events/repository/push
}]
}
![Page 9: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/9.jpg)
iFrames and Webhooks iFrames are your UI injection points into an Atlassian cloud product. Webhooks allow you to interact with a product when certain events occur.
![Page 10: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/10.jpg)
AP.require(‘request')!…!
AP.js!
AP.js!
Window.postMessage()!
![Page 11: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/11.jpg)
Bitbucket Pipelines
Use the arrows, lines and symbols included here. Do not change the styles. Delete this instructional text.
repo:push Services
![Page 12: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/12.jpg)
Security
Using a JWT token you can implement authentication and authorization.
![Page 13: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/13.jpg)
Creating
Authenticating
OAuth
Each and every request be it for an iFrame or webhook contains a JWT token either as a query parameter or in a header parameter.
Request
Bitbucket Pipelines
JWT
![Page 14: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/14.jpg)
Creating
Authenticating
OAuth
Each and every request be it for an iFrame or webhook contains a JWT token either as a query parameter or in a header parameter.
Request
Pipelines
JWT
Bitbucket
![Page 15: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/15.jpg)
Authenticating
Creating
OAuth
Supporting text should be kept short and to the point; Limit text to a maximum of 2 lines.
access_token Bitbucket Pipelines
JWT
oauth
![Page 16: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/16.jpg)
Transparent Integrations
Connect
![Page 17: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/17.jpg)
Anatomy of Microservice
How we use AWS
Microservices on AWS
![Page 18: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/18.jpg)
Anatomy of a Microservice The architecture of a typical pipelines microservice and how it interacts with connect.
![Page 19: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/19.jpg)
Use the arrows, lines and symbols included here. Do not change the styles. Delete this instructional text.
Microservice
DynamoDB ElastiCache
EC2 ELB
Dropwizard
SQS SNS
Hystrix RxJava Java
![Page 20: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/20.jpg)
Microservice
HTTP
Endpoints
Bitbucket
Browser SNS
Event
Handlers
Webhooks
iFrames
Events
Events Services
Models
Daos
Microservices
SQS
Requests Clients
DynamoDB Requests
![Page 21: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/21.jpg)
How we use AWS How we configure our service stacks running on AWS and deploy updates to our services.
![Page 22: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/22.jpg)
Cloudformation
Code deploy
Monitoring
Use cloudformation to specify how to configure your entire service stack.
AWSTemplateFormatVersion: “2010-09-09”
Resources:
serviceTable:
Type: “AWS::DynamoDB:Table”
Properties: …
serviceELB:
Type: “AWS:ElasticLoadBalancing::LoadBalancer”
Properties: …
serviceInstance:
Type: AWS::EC2::Instance
Properties: …
aws cloudformation create-stack …
![Page 23: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/23.jpg)
Cloudformation
Code deploy
Monitoring
Use compose to manage your entire local environment.
Version: 0.0
os: linux
files:
- source: app/service.jar
destination: /opt/app/service.jar
hooks:
ApplicationStop:
- location: scripts/shutdown.sh
ApplicationStart:
- location: scripts/startup.sh
application.tar.gz
- app
- service.jar
- AppSpec.yml
- scripts
- shutdown.sh
- startup.sh
AppSpec.yml
S3
![Page 24: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/24.jpg)
Cloudformation
Code deploy
Monitoring
Use datadog to provide you with realtime monitoring.
docker
datadog-agent
EC2
crawler
![Page 25: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/25.jpg)
![Page 26: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/26.jpg)
Battle Tested Easy to Use Cloud scale effortlessly
Microservices on AWS
![Page 27: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/27.jpg)
Runtime Environment
Container Management
Security Tips
Docker
![Page 28: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/28.jpg)
Docker Using docker for runtime environments locally and in the cloud.
![Page 29: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/29.jpg)
Local development
Using compose
Building containers
Use containers to play with multiple versions of tools.
Use container to spin up dependencies.
Dev machine
docker
Working directory
postgres container
-v $(pwd):/opt/code –w /opt/code openjdk:8-jdk javac … -v $(pwd):/opt/code –w /opt/code openjdk:9-jdk javac …
Java container
-d --name postgres postgres:9.6 … docker run ... --link postgres openjdk:8-jdk …
![Page 30: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/30.jpg)
Local development
Using compose
Building containers
Use compose to manage your entire local environment.
version: ‘2’
services:
java:
image: openjdk:8-jdk
links:
- postgres
volumes:
- .:/opt/code
postgres:
image: postgres:9.6
docker-compose up -d down
![Page 31: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/31.jpg)
Local development
Using compose
Building containers
Using compose and dockerfiles to produce your own images.
version: ‘2’
services:
service:
image: service:dev
build:
context: .
dockerfile: DOCKERFILE
docker tag service:dev service:production &&
docker push service:production
FROM openjdk:8-jdk
ADD [ “*.jar”, “/opt/app/service.jar”]
ENTRYPOINT [ “java”, “-jar” “service.jar”]
DOCKERFILE
docker-compose.yml
docker-compose build
![Page 32: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/32.jpg)
Container Management Using kubernetes to manage and run thousands of containers
![Page 33: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/33.jpg)
Pods
Namespaces
Management
Pods are the base concept of kubernetes. They describe a collection of related containers, volumes and their settings.
Node
Web Server File synchronizer
Shared directory
Shared network
Pod
![Page 34: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/34.jpg)
Pods
Namespaces
Management
Namespaces in kubernetes are where you collect groups of related resources together.
A B
![Page 35: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/35.jpg)
Pods
Namespaces
Management
Kubectl is your new best friend.
kubectl create get delete namespace pod
![Page 36: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/36.jpg)
Security Tips Using docker and kubernetes in a secure way in production.
![Page 37: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/37.jpg)
Sibling Containers
User namespace
Networking
Sibling containers are a much safer alternative to privilliged mode and docker in docker.
Node
docker.sock Container with docker
Sibling container
![Page 38: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/38.jpg)
Sibling containers
User namespace
Networking
Enable user namespace remapping.
Using: --userns-remap=default
Node
docker daemon
root build-user
root dockremap
![Page 39: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/39.jpg)
Sibling containers
User namespace
Networking
Disable intercontainer communication and turn on ip table rules.
Using: --icc=false --ip-tables=true
Docker Bridge
Node
iptable rules
![Page 40: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/40.jpg)
Docker
Trust It Use It
![Page 41: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/41.jpg)
Docker Microservices on AWS Connect
Your entry point to an Atlassian cloud product
Speed up time to market and free up
time to focus on your business logic
A runtime environment for your services and
more ;)
Review
![Page 42: Connect + Docker + AWS = Bitbucket Pipelines](https://reader034.fdocuments.us/reader034/viewer/2022042520/58ce9b431a28ab8c3b8b763f/html5/thumbnails/42.jpg)
Connect + AWS + Docker = Bitbucket Pipelines
NATHAN BURRELL • SENIOR DEVELOPER • ATLASSIAN