Note:

This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Create OCI DevOps pipelines to build and deploy the Golang microservices

Introduction

This is part four of a six-part tutorial series that shows you how to deploy a temporary set of resources on an OKE cluster using Golang microservices representing the usage of OCI SDK, OCI-CLI, Resource Manager, OCI Devops and Helm to deploy and destroy Apache Airflow.

Objective

In this tutorial you will learn how to create OCI DevOps pipelines for build and deploy.

Prerequisites

Completion of the previous tutorial in this learning path, Part 3/6 - Create an OCI Devops project, set up permissions and code repository for microservices.

This microservice is a sample code in Golang that is used to create a JWT token and return it to the user. This token will then be used by the go-microservices to authenticate the call. This is a simple method of authentication to ensure security for this tutorial.
The repo contains all files required to deploy on OKE using OCI DevOps service, such as Helm charts, Dockerfile and build_spec.yaml.

Note
The code was already uploaded to your OCI repository called go-login on earlier steps of this lab.

T1_1

Task 2: Explore the go-microservices code

This microservice is a sample code to perform the following tasks:

Method	Description
/oci-init	This route will run a Stack Apply job on the OCI resource manager. This will run a terraform to create a new node-pool on the cluster OKE, It will also start OCI Devops build pipeline to install airflow on the new nodes.
/oci-destroy	This will delete the airflow deployment on OKE and then run stack destroy on resource manager to remove the extra node-pool

The repo contains all needed files to deploy on OKE using OCI DevOps service, such as Helm charts, Dockerfile and build_spec.yaml.

Note
The code was already uploaded to your OCI repository called go-microservice on earlier steps of this lab.

T2_1

Before creating the DevOps build pipeline, we need to create the artifacts that will connect with the build results (Helm package and container image).

Go to the OCI Registry you have created for this tutorial.
Click on the Artifacts under your DevOps project, then click Add artifact, and then type Container image repository.
Important note regarding registry url:
- This is the base of the registry for region sa-saopaulo-1.
- Check for your region code, that will be different if you are not using “sa-saopaulo-1”. For more information, see Regions and Availability Domains.
Repeat Step 2 and add the go-microservice artifact.
Create a new general artifact to store the Helm values for go-login by pasting the content of the values.yaml file from the code repository.
Create a new general artifact to store the Helm values for go-microservice by pasting the content of the values.yaml file from the code repository.
Create a new Helm chart type artifact for go-login. You must set the correct namespace and region code on your chart URL.
Create a new Helm chart type artifact for go-microservice. You must set the correct namespace and region code on your chart URL.

At this point, you should have the following artifacts in your DevOps project.

T3_7

Go the console page for your DevOps project and select the DevOps project you have created.
Select Build Pipelines, then click Create build pipeline, enter the name and description and click Create.
Click Add stage, and then select Managed Build.
On Primary code repository, select your OCI repository for go-login.
- Confirm your repo, select and then click Add.
Add a new stage on your build pipeline to publish the artifact to the registry. Select Deliver artifacts option and then select the go-login-image artifact created in the earlier steps.

Your pipeline should look like this.

T4_5

Task 5: Create the DevOps build pipeline for go-microservice

Go the console page for your DevOps project and select the DevOps project you have created.
Select Build Pipelines, click Create build pipeline, enter the name and description and click Create.
Click Add stage, and then select Managed Build.
On Primary code repository, select your OCI repository for go-microservice.
- Confirm your repo, select and then click Add.
Add a new stage on your build pipeline to publish the artifact to the registry. Select Deliver artifacts option and then select the go-microservice-image artifact created in the earlier steps.

Your pipeline should look like this.

T4_5

The build_spec file is a yaml file that describes the steps to be performed during the build pipeline execution. It runs on a cloud build runner and supports most of the popular languages in cloud native applications. The file is located in the root of your go-login repo code on OCI. This file uses some variables from the VAULT and we need to change it to our tutorial Vault ocids.

For more details regarding build specs, see Build Specification.

The following two variables should be set.

HELM_REPO_USER: The user name that you stored as a secret on the Vault.
USER_AUTH_TOKEN: The authorization token for the user stored on the vault.

Go to your vault secrets and get the OCID for each secret.
Go to your project repositories and get the ssh url for go-login.
- Update your build_spec.yaml file and replace values with the copied OCID secrets and then commit the changes on the code.

Go to your bastion jump-box shell console.

cd $HOME
# If you still have the old go-login.git and go-microservices.git directory, delete it!
rm -rf go-login.git
rm -rf go-microservice.git
git clone <your ssh url for the repo>
cd go-login/
vi build_spec.yaml
#perform the needed changes for your ocid variables and save the file.
git add .
git commit -m "fixed ocid variables"
git push

T6_3

Go to your go-login build pipeline under your DevOps project, select “Parameters” tab and add the following new parameters.
- HELM_REPO: The base of your OCI Registry xxx.ocir.io.
- HELM_REPO_URL: The OCI Registry URL for the related Helm chart.
- APP_HOST: The host will be used to access your application on Ingress Controller.
- IMAGE_URL: The OCI Registry Image URL without the tag.
Click Build pipeline tab and then click Start manual run.
- As we can see, the build was completed successfully along with the image push to the OCI Registry.
Go to the OCI Container Registry and check if there is an image there.

Task 7: Set up OCI credentials for go-microservice

The go-microservices interacts with OCI using SDK and to be able to do that, we need to setup the correct credentials. We will use the similar information we used to setup the OCI CLI during the bastion setup from earlier steps of this tutorial.

All the required credentials will be stored on the OKE configmap and it is injected on the environment variables inside the running container.

T7_0

Go to your OCI repositories and get the ssh url for your go-microservice repo.
Go to the console page for your OKE cluster, copy the cluster ocid and replace on the command for ENV_CLUSTER_ID env variable in the next step.
Open your bastion jump-box shell terminal. Make sure you have your ssh key created at: ~/.oci/oci_api_key.pem. Except for the ENV_CLUSTER_ID variable, all other variables can be found in the ~/.oci/config file under your bastion host which you previously setup the OCI CLI
```
cat ~/.oci/config
```

The shell command list below will create a new configmap/values.yaml file with all needed variables to be injected on the running container and then push it to your code repository on OCI. Before running the commands on your bastion host terminal, replace the values “PASTE YOUR…” below.

cd $HOME
rm -rf go-microservice/
git clone <PAST YOUR ssh url>
cd go-microservice/chart-go-microservice/configmap/
rm values.yaml
pem=$(cat ~/.oci/oci_api_key.pem|base64 -w 0)
echo 'ENV_PEM: "'$pem'"' > values.yaml
echo 'ENV_TENANCY_OCID: "PASTE YOUR TENANCY OCID"' >> values.yaml
echo 'ENV_USER_OCID: "PASTE YOUR USER OCID"' >> values.yaml
echo 'ENV_REGION: "PASTE YOUR REGION NAME"' >> values.yaml
echo 'ENV_FINGERPRINT: "PASTE YOUR FINGERPRINT"' >> values.yaml
echo 'ENV_CLUSTER_ID: "PASTER YOUR CLUSTER OCID"' >> values.yaml
cd $HOME/go-microservice
git add .
git commit -m "added correct values on configmap"
git push

T7_3

Now, the go-microservice is able to communicate with OCI using the SDK.

Task 8: Build pipeline {build_spec.yaml} – go-microservices

The build_spec file is a yaml file that describes the steps to be performed during the build pipeline execution. It runs on a cloud build runner and supports most of the popular languages in cloud native applications. The file is located on the root of your go-microservice repo code on OCI. This file uses some variables from the VAULT and we need to change it to our tutorial Vault ocids.

For more details regarding build specs, see Build Specification.

The following two variables should be set.

HELM_REPO_USER: The user name that you stored as a secret on the Vault.
USER_AUTH_TOKEN: The authorization token for the user stored on the vault.

Go to your vault secrets and get the OCID for each secret.
Go to your project repositories and get the ssh url for go-login.
- You will need to update your build_spec.yaml file and replace values with the copied OCID secrets and then commit the changes on the code.

Go to your bastion jump-box shell console.

cd $HOME
# If you still have the old go-login.git and go-microservices.git directory, delete it!
rm -rf go-login.git
rm -rf go-microservice.git
git clone <your ssh url for the repo>
cd go-microservice/
vi build_spec.yaml
#perform the needed changes for your ocid variables and save the file.
git add .
git commit -m "fixed ocid variables"
git push

T8_3

Go to your go-microservice build pipeline under your Devops project, select “Parameters” tab and add new parameters.
- HELM_REPO: The base of your OCI Registry xxx.ocir.io.
- HELM_REPO_URL: The OCI Registry URL for the related Helm chart.
- APP_HOST: The host will be used to access your application on Ingress Controller.
- IMAGE_URL: The OCI Registry Image URL without the tag.
Click Build pipeline tab and then click Start manual run.
- As we can see, the build was completed successfully along with the image push to the OCI Registry.
Go to the OCI Container Registry and check if there is an image there.

Task 9: Prepare your OKE to receive the deployments

In this tutorial, we will manually create the OKE namespaces for go-login and go-microservices. We also need to setup the OCI Container Registry credentials inside each of the namespaces using secrets. This is required otherwise your deployment will not be able to fetch the container image from the registry.

Get the plain text TOKEN and username from the OCI Registry you stored on the vault.

Open your bastion jump-box shell console and run the following command.

Note: Make sure you replace the variables on the commands below with the credentials you got in the previous step and also check the correct docker-server based on your region gru.ocir.io.

 cd $HOME
 kubectl get ns
 kubectl create ns go-login
 kubectl create ns go-microservices
 kubectl create secret docker-registry docker-registry --docker-server=gru.ocir.io --docker-username='your_user_name' --docker-password='your_token' --docker-email='user-email' -n go-login
 kubectl create secret docker-registry docker-registry --docker-server=gru.ocir.io --docker-username='your_user_name' --docker-password='your_token' --docker-email='user-email' -n go-microservices

Now let’s deploy the ingress controller to be able to access the microservices over the internet. We are using the official ingress image on version v1.4.0.

 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml
 kubectl scale --replicas=4 deployment ingress-nginx-controller -n ingress-nginx

T9_2

Now, let’s check if the ingress services are good, it should look like this.
```
kubectl get svc -n ingress-nginx
```
After creating the ingress-nginx, a new load balancer is automatically created on OCI. Now update the load balancer shape to a cheaper shape and avoid extra costs.

Go to your console, select Load balancers under Networking and then select the newly created load balancer.
Click to update the SHAPE and select the Use a Flexible Load Balancer checkbox.

Task 10: Create a new OCI DevOps environment

To be able to deploy your apps, we need to create the environment.

Select your DevOps project, click Environments, and then click Create environment.

Go to your Devops project, click Deployment Pipelines and create a new pipeline for go-login.
Click to add new stage to deploy, select “Install Helm Charts to Kubernetes Cluster”, select the helm artifact and the values artifact for go-login. Make sure you fill the namespace name as go-login.
Create a trigger on the build pipeline to start the deploy automatically after the build is completed.
1. Go to the go-login build pipeline under your Devops project and click Add stage.
2. Select Trigger deployment, click Select deployment pipeline and then select go-login-deploy.
Click Start manual run to test the pipeline.
On the Devops Project page, click Deployments to check the running deployment status.

Go to your bastion host terminal and check the following:
- Check the pod health.
```
kubectl get pod -n go-login
```
- Check the ingress host and address for the app.
```
kubectl get ingress -n go-login
```
- This deployment uses the ingress control routing traffic over the host name, which means we need to call the service using the correct host name as part the URL.
- In this tutorial, we did not use SSL certificates. In order to be able to call the services we need to include in the local /etc/hosts of your laptop the right DNS route for it. This is not recommended for production environments.
- Take note of your external IP address and add the entry in your /etc/hosts.
```
 sudo vi /etc/hosts
```
- Add a new line at the end of the file.
```
your.ip.aaa.xx go-login.superocilab.com
```
- Run the following command.
```
cat /etc/hosts
```
- Your /etc/hosts should look like this.
Now you can call the go-login service using a curl and generate a jwt TOKEN by calling the /login endpoint.
```
curl http://go-login.superocilab.com
curl http://go-login.superocilab.com/login
```

Task 13: Deploy go-microservice to OCI Devops using Helm charts

Go to your Devops project, click Deployment Pipelines and create a new pipeline for go-microservice.
Click to add new stage to deploy, select Install Helm Charts to Kubernetes Cluster, select the helm artifact and the values artifact for go-microservice. Make sure you fill the namespace name as go-microservices.
Create a trigger on the build pipeline to start the deploy automatically after build is completed.
1. Go to the go-microservice build pipeline under your Devops project and click Add stage.
2. Select Trigger deployment, then click Select deployment pipeline and then select go-microservice-deploy.
Click Start manual run to test the pipeline.
On the Devops Project page, click Deployments to check the running deployment status.

Task 14: Verify your go-microservice deployment

Go to your bastion host terminal and check the following details:
- Check the pod health.
```
kubectl get pod -n go-microservices
```
- Check the ingress host and address for the app.
```
kubectl get ingress -n go-microservices
```
- This deployment uses the ingress control routing traffic over the host name, which means we need to call the service using the correct host name as part the URL.
- In this tutorial, we did not use SSL certificates. In order to be able to call the services we need to include in the local /etc/hosts of your laptop the right DNS route for it. This is not recommended for production environments.
- Take note of your external IP address and add the entry on your /etc/hosts (you can add on your local machine too!)
```
 sudo vi /etc/hosts
```
- Add a new line at the end of the file.
```
your.ip.aaa.xx go-microservice.superocilab.com
```
- Run the following command.
```
cat /etc/hosts
```
- Your /etc/hosts should look like this.

Now you can call the go-microservice service.

curl curl http://go-microservice.superocilab.com

T14_1

Next Step

To proceed to the next tutorial in this learning path, click here.

Acknowledgments

Author - Joao Tarla (Oracle LAD A-Team Solution Engineer)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

Title and Copyright Information

Create OCI DevOps pipelines to build and deploy the Golang microservices

F79787-01

April 2023

Create OCI DevOps pipelines to build and deploy the Golang microservices

Introduction

Objective

Prerequisites

Task 1: Explore the go-login code

Task 2: Explore the go-microservices code

Task 3: Create the DevOps artifacts for go-login and go-microservice

Task 4: Create the Devops build pipeline for go-login

Task 5: Create the DevOps build pipeline for go-microservice

Task 6: Build pipeline {build_spec.yaml} – go-login

Task 7: Set up OCI credentials for go-microservice

Task 8: Build pipeline {build_spec.yaml} – go-microservices

Task 9: Prepare your OKE to receive the deployments

Task 10: Create a new OCI DevOps environment

Task 11: Deploy go-login to OCI DevOps using Helm charts

Task 12: Verify your go-login deployment

Task 13: Deploy go-microservice to OCI Devops using Helm charts

Task 14: Verify your go-microservice deployment

Next Step

Related Links

Acknowledgments

More Learning Resources