DevSecOps with Gitlab | Setup & Introduction | Part -1
With the current advent of marrying security with development speed and scale, the world is moving towards DevSecOps at a fast pace. This post is not about why DevSecOps, it is more about the “How” of DevSecOps, in a series of posts we will learn end to end implementation of it using Gitlab. Let’s get started.
I’m sure you might have heard about this Gitlab, if not Gitlab is kinda like GitHub, but it offers more than Github, with features like a complete DevOps platform.
GitLab is a web-based DevOps lifecycle tool that provides a Git-repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab — says Wikipedia
So, Gitlab has a couple of ways to work on the DevSecOps/DevOps implementation, the one is a cloud-ready platform where everything is ready for you, you just need to write down the things that you want to do and another one is an on-premise setup where you set up the entire environment in a server or two. We will look into on-premise setup in this post.
First lets understand, how GitLab works behind scenes, in order to make it easy while setting up.
Gitlab includes 2 major components to achieve Continuous methodologies which are Gitlab server and GitLab Runner.
Gitlab Server: GitLab server is just a web server that gives us a web interface for maintaining projects, tracking issues, and a bunch of other features present in GitHub.
Gitlab Runner: Runner is an application that works with GitLab CI/CD to run jobs in a pipeline. Think of it like a machine that runs on all the instructions provided.
Executors: Gitlab runner has this concept called Executors, basically its what kind of environment you need to run your jobs. Gitlab runner offers many executors includes Shell, Paralles,Docker, Kurbernets ,.etc. If you choose shell for example, it will run your entire jobs in the shell and returns the result.
And this runner can be a server, it’s basically waiting for the jobs to assign by the GitLab server and if it gets a job it’ll run it and pass the results back to the GitLab server
Just look at this below picture, for understanding the idea.
And don't get confused with the picture, both the GitLab server and the runner can be installed in the same machine.
This can be installed on all major operating systems without any issues, but ill tell you some heads-ups.
Make sure you have git installed before installing the GitLab server and if you are going to use docker inside the runner as executors make sure you have that also.
Follow the below link to step by step installation process of the GitLab server.
And follow this for Gitlab Runner
After setting up these things, we need to register a runner with the project to do that follow the below steps
login into GitLab and create a project with your code in it and go to settings -> CI / CD, then expand the runner panel, then disable the shared runner and copy the GitLab Project URL and runner token from the specific runner panel.
And go to the system terminal, then run ‘sudo gitlab-runner register’ (running with sudo is required) and paste the URL that copied, and token as well.
Give the tag name as you want and choose the desired executor, like ‘shell’ if you want to run the job inside the shell that's it now you can create our first pipeline.
A pipeline definition is a representation of the automation process that you want to run to build and test your application. The automation process is defined as a collection of jobs here.
Pipeline in GitLab is achieved by ‘.gitlab-ci.yml’ file and we need to put down all the instructions inside the file in a specific format.
Create a gitlab-ci.yml file with the following code in it
stages:
- build
build:
tags:
- your_tag #tag name you gave during the runner register
stage: build
script:
- echo "Hello there" And just commit the file, if everything is fine you can see the output on the CI/CD -> pipeline page.
So, that's it for now I’ll write more about creating your first pipeline and we can easily dive into the actual implementation of security in the DevOps.
Hope this blog helps you.
Feel free to write down your thoughts, and also if you have a problem while installing comment it down, if possible I’ll help you out.
Thanks for reading.
