CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.

SDO uses the Per-Build Container (PBC) paradigm for executing Bamboo build plans. This paradigm is relatively new and is not as well documented as other Bamboo features. Use this article to gain a high-level understanding of the PBC infrastructure, administration and integration points.

Introduction

When a PBC-based build plan is executed it is deployed as a pod in Kubernetes. Each pod must have at least two containers.

  1. Sidekick container that mounts a volume containing all the Bamboo resources, including a JRE, required to perform a build.
  2. Container hosting the actual build and that shares the volume mounted by the Sidekick.

Note that when executing builds for other PBCs a third container is required.

  1. Docker-in-Docker (DinD) container that exposes the Docker daemon.

Sidekick

The sidekick container used by SDO is based on the image found here at Docker Hub. It adds to the baseline capability by adding a Bamboo user and group. Note that any other container sharing the volume mounted by the sidekick container must also have a Bamboo user and group with the same UID and GID. This is critical so that the builds can be run as the Bamboo user instead of root.

The sidekick is administered in Bamboo at Per-build Container Kubernetes Backend. See the README for additional details on administration.


Build Container

The PBC, i.e. the container hosting the actual build, must run as the Bamboo user. See the Docker files in BitBucket at SecDevOps for templates and working instances. Administration of the PBC is performed in Bamboo for each build plan. See the following README for additional administration details.



Docker-in-Docker

Docker-in-Docker (DinD) is required only when executing builds of other Docker images. The DinD exposes the Docker daemon that is necessary to perform builds and run containers. Administration of the PBC is performed in Bamboo for each build plan under the Additional Containers section.

Resources


https://community.atlassian.com/t5/Bamboo-questions/Use-docker-containers-as-instead-of-elastic-instances-for-bamboo/qaq-p/167123
https://bitbucket.org/atlassian/per-build-container/src/master/
https://hub.docker.com/r/mkleint/sidekick-openjdk/
https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/
https://github.com/jpetazzo/dind
https://itnext.io/docker-in-docker-521958d34efd
https://hub.docker.com/_/docker
https://kubernetes.io/





The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
CONTROLLED DATA