Pipelines - HackMD

## GitOps continuous integration You will also learn about different promotion strategies and how to revert, reset, or roll back application changes. ![](https://hackmd.io/_uploads/BJshMFGxa.png) PREBUILD STAGES *Vulnerability scan*: Integrating an open source library scanning tool like Nexus Vulnerability Scanner can detect known vulnerabilities and licensing issues. *Code analysis*: an automated linting or code analysis . BUILD STAGES *Unit test*: verify a small piece of code doing what it is supposed to do. *Code coverage*: measure the percentage of code that is covered by automated unit tests. *Docker build and push*: build container image and push to registry. GITOPS CI STAGES POSTBUILD STAGES *Publish CI metrics*: build issues, CI build time, compliance requirements (build information such as test results, who did the release). *Build notification*: send noti ![](https://hackmd.io/_uploads/BJi39hjxp.png) QUESTION If the CI/CD pipeline typically takes an hour to run, what other tasks can developers do during that time? What if the CI/CD pipeline takes 10 minutes instead? ## GitOps continuous delivery ![](https://hackmd.io/_uploads/HJ4f6niea.png) The boxes in gray are new stages for a complete CD solution (depending on your company). GITOPS CD STAGES *Git clone config repo* *Discover manifests*: determines any delta between the manifests in Kubernetes versus the latest manifests from Git repo. If there is no difference, the GitOps operator stops at this point. *Kubectl apply* POSTDEPLOYMENT STAGES *Tests* *Run-time vulnerability*: also called pen testing or ethical hacking. *Publish CD metrics*: run-time issues, compliance requirements. ## Rollback Since our production environment consists of the manifest and the application configuration for the environment, the rollback process could roll back the app config, manifest, or both repos. With GitOps, our rollback process is once again controlled by Git changes, and the GitOps operator will take care of the eventual deployment. Git Revert and Git Reset are two ways to roll back changes in Git. ![](https://hackmd.io/_uploads/HJhx4SUZT.png) For example of a rollback pipeline. This pipeline will start with `git revert` and `git commit` to roll back the manifest to the previously known good state. After a pull request is generated from the `revert` commit, approver(s) can approve and merge the PR to the manifest master branch. ![](https://hackmd.io/_uploads/HJrVEHUWp.png) ``` git log --pretty=oneline ``` ``` eb1a692029a9f4e4ae65de8c11135c56ff235722 (HEAD -> master) guestbook with image hash <HASH> ``` ``` git revert eb1a692029a9f4e4ae65de8c11135c56ff235722 ``` Now we are ready to push the revert of the manifest by pushing back to the repo and let the GitOps operator do its deployment. ``` git push https://<GIT_USERNAME>:<GIT_PASSWORD>@<your repo> master ``` ## Compliance pipeline A compliance pipeline essentially needs to ensure second-person approval for production release and record by whom, when, and what gets released. ![](https://hackmd.io/_uploads/rkrORSCZp.png) When the approver wants to release a particular image to production, he/she can simply approve the respective PR and the Prod environment will be updated by the GitOps operator. ![](https://hackmd.io/_uploads/HJMFRB0Za.png) ## Deployment strategies Argo Rollout: + Blue-green + Canary + Progressive delivery Progressive delivery can also be viewed as a fully automated version of canary deployment. Argo Rollouts uses the canary strategy along with *AnalysisTemplate* to achieve progressive delivery. ![](https://hackmd.io/_uploads/BJQg4w0bp.png) We need to create the *AnalysisTemplate* for Rollout to collect metrics and determine the health of the Pods. ```yaml apiVersion: argoproj.io/v1alpha1 kind: AnalysisTemplate metadata: name: pass spec: metrics: - name: pass interval: 15s failureLimit: 1 provider: job: spec: template: spec: containers: - name: sleep image: alpine:3.8 command: ... # command here args: ... # arg here restartPolicy: Never backoffLimit: 0 ``` ```yaml apiVersion: argoproj.io/v1alpha1 kind: Rollout metadata: name: demo spec: replicas: 3 revisionHistoryLimit: 1 selector: matchLabels: app: demo strategy: canary: analysis: templateName: pass ## Specifies the AnalysisTemplate steps: - setWeight: 10 - pause: duration: 20 template: metadata: labels: app: demo spec: containers: - image: argoproj/rollouts-demo:blue imagePullPolicy: Always name: demo ports: - containerPort: 8080 ``` ![](https://hackmd.io/_uploads/HJVFOPRZa.png)