Skip to main content
Version: 4.8

CaaS

CaaS Application Stack

The CaaS application stack is a unified, flexible toolkit for building and deploying containerized applications to the SCALE environment. It supports two modes of operation:

  • Docker Build mode (default for new instances) - You provide your own Dockerfile and source code. The pipeline performs a real docker build, security scans the resulting image, and deploys it through the standard SCALE CD stages.
  • Pre-built Image mode - You upload a pre-built container image to Artifactory and the pipeline deploys it without performing a build. This is useful when deploying vendor-provided images or images built by an external CI system.

Regardless of mode, all CaaS deployments share common SCALE requirements:

  • Security scanning for vulnerabilities
  • Staging of the application in the appropriate Docker image repositories, tagged according to SCALE conventions
  • Completion of Unit Testing and User Acceptance Testing
  • Gated approvals before allowing deployments into pre-production and production environments
  • Audit trail and history of deployment within the SCALE CD Pipeline

For details on getting started, see getting started.

For details on repository structure, see repository structure.

For details on application configuration, see application configuration.


Docker Build Mode

This is the default mode for newly provisioned CaaS instances. The pipeline builds a Docker image from your Dockerfile, scans it, and deploys it.

Repository Directory Structure

The CaaS repository contains the following key files and directories:

  • Dockerfile - A template Dockerfile at the root of the repository. The default sample builds an Nginx-based container. You can replace this entirely with your own Dockerfile.
  • source/ - Contains the sample application source files (HTML content and Nginx configuration). Replace these with your own application source code.
  • Helm chart directory - Contains the Helm chart used for deploying your application to Kubernetes. It includes:
    • templates/ - Kubernetes resource templates (deployment, service, gateway-api, HPA, configmap, cyberark-secrets, volume)
    • values.yaml - Default Helm values for your application
    • values.workspace.yaml, values.dnt.yaml, values.stg.yaml, values.prd.yaml - Environment-specific value overrides
  • azure-pipelines.yml - CI/CD configurations

Customizing the Dockerfile

The included Dockerfile is a working sample that builds an Nginx-based container. You are expected to replace it with your own Dockerfile that builds your application.

When writing your own Dockerfile, keep the following requirements in mind:

  • Use NetApp's Artifactory as your base image source. Instead of pulling directly from Docker Hub (e.g. alpine:latest), use the Artifactory mirror: docker-ngdc.artifactory.devops.netapp.com/alpine:latest. For details on generating an Artifactory identity token for authentication, see Artifactory Token.
  • Update the Helm chart with your application's port. Remember to update the service.port value in the helm chart values.yaml file to match the port your container exposes.
  • Run as a non-root user. Our Kubernetes environment enforces that applications run as a non-root user. You will need to make sure your image and app is designed to run as any uid/gid.

Pipeline Configuration (Docker Build)

For details on CI/CD pipelines, see CI/CD pipelines.

For details on pipeline definition, see pipeline definition.

Converting to Docker Build Mode

If you have an existing CaaS instance using Pre-built Image mode and want to switch to Docker Build mode:

  1. Add a Dockerfile to the root of your repository with your custom build instructions
  2. Remove the caasImageVersion parameter section from azure-pipelines.yml
  3. Set appVersion directly in the extends parameters (e.g. appVersion: 1.0.0)

Pre-built Image Mode

Pre-built Image mode is intended for teams that deploy a pre-built container image (e.g. a vendor-supplied image) and do not need to build a Dockerfile from scratch.

When to Use Pre-built Image Mode

Use Pre-built Image mode when:

  • You are deploying a vendor-provided or externally-built container image
  • Your image is built by a separate CI system and pushed to Artifactory before the SCALE pipeline runs
  • You do not need a custom Dockerfile in your repository

Converting to Pre-built Image Mode

If you have a newly provisioned CaaS instance (which comes with a Dockerfile by default), you can convert it to Pre-built Image mode:

  1. Delete the Dockerfile from the root of your repository
  2. Add the caasImageVersion parameter to the very top of your azure-pipelines.yml
    parameters:
    - name: caasImageVersion
    type: string
    displayName: "Specify the CaaS image version to deploy"
    default:
  3. Update appVersion to reference the caasImageVersion parameter in your azure-pipelines.yml
    appVersion: ${{ parameters.caasImageVersion }}

Uploading Container Images

Prior to running the pipeline, the container image must be uploaded to your project's Artifactory Docker repository in the format of docker-xyz.artifactory.devops.netapp.com/upload/svc_name:1.0.0.

  • Where 'xyz' is your three-letter appcode
  • Where 'svc_name' is your service name (e.g. if your repo is caas-foo-bar, then your service name is foo-bar).

For details on generating an Artifactory identity token for authentication, see Artifactory Token.

Triggering the Pipeline (Pre-built Image Mode)

In Pre-built Image mode, the pipeline is triggered by manually running it from the Azure DevOps web interface. When run manually, the pipeline prompts for the caasImageVersion - the tag/version of the container image to be deployed. This image is expected to be located in Artifactory at the upload path for your service.


Continuous Delivery Pipelines

Once the CD pipeline is started, the container image is subject to quality checks that are prerequisite to deploying the image in SCALE. In Docker Build mode, this includes a full Docker build followed by security scanning. In Pre-built Image mode, the pre-built image is scanned directly.

For details on defining hostspaces, see defining hostspaces.

For details on Horizontal Pod Autoscaler, see Horizontal Pod Autoscaler.

For details on PVC for application stacks, see PVC for application stacks.

For details on Pod Anti-Affinity, see Pod Anti-Affinity.

For details on detailed pipeline configuration, see detailed pipeline configuration.

For details on Kubernetes deployment objects, see Kubernetes deployment objects.

For details on troubleshooting, see troubleshooting.