Simplified image management: Dive into our end-to-end Harbor and Jenkins integration

Our new end-to-end Harbor and Jenkins integration lets developers easily push images to Harbor and distribute them securely to different registries. With Backstage templates, setting up new repositories is quick and easy, cutting down on wait times and pull requests. We've also improved our Jenkins-Vault setup to work across Kubernetes clusters and maintain our high-security standards.

Simplified image management with our Harbor and Jenkins integration

We're excited to introduce our latest setup, aimed at streamlining the process of pushing images to Harbor. The setup can be further distributed to multiple other registries, like ECR or Azure/Google container registries. This is done while ensuring secure credential management within Jenkins and Kubernetes. Our main objective is to achieve full automation, empowering developers to create custom images within Dynatrace and seamlessly integrate their deployment into their projects.

Leverage backstage templates

If you are familiar with Backstage, you're likely already familiar with its templating functionality. Utilizing this feature, we significantly reduced the workload for setting up new image repositories. You can now easily create a repository for your image, set up a pipeline, create all necessary credentials, and automatically push the image to Harbor and ECR, thereby eliminating the need for multiple pull requests and their associated wait times, as well as the need to wait for credentials.

You can find the template here:

https://backstage.internal.dynatrace.com/create/templates/default/onboarding-standalone-docker

After the template is executed, there is a single pull request to review to confirm the auto-onboarding of your new Harbor project. You can find a demonstration pull request here: https://github.com/dynatrace-infrastructure/dtp-state-prod/pull/381

Technicalities

For all this to work, we had to extend our previous Jenkins-Vault setup to work across different Kubernetes clusters. With security as our top priority, we found a solution by combining external-secrets and our improved version of the Jenkins kubernetes-credential-provider, which we have contributed to the open-source community. With these changes we eliminated the need for complex networking setups and Jenkins restarts. Most importantly we reduced the number of needed pull requests down to just one.

What's next

If you want to learn more about how we are integrating all this into our builds, or you are interested in integrating steps of this workflow into your own, please check our Dynatrace Backstage documentation at: https://backstage.internal.dynatrace.com/docs/delivery/domain/ci-cd/external-secrets/

Public link

Please use the above public link if you want to share this noodl on another website.