Canary Deployments Made Easy: A CI/CD Journey with GitHub Actions and Argo CD Rollouts
Project overview
We have a basic Python Flask app displaying a static cat image. Users come to our application to get their daily cat dose. User experience tests revealed that 8/10 users request dynamic cat images (or even GIFs).
Objective
Design an automated and secure Pull Request CICD pipeline and bump up the new version successfully and gradually adopting Gitops principles.
3 weeks
Tech Stack
GitHub Actions
AKS (Test and Prod Clusters)
Argo Rollouts
GitHub Package Registry
Nginx Ingress, cert-manager, let's encrypt
Python Flask Application
Requirements
Infrastructure and Resources
* Development Cluster (AKS) for running pull request deployments
* Production Cluster (AKS) for running the stable application
* Image Registry (GitHub Packages) to store container images
* Git Repository to store application code and infrastructure as code (IaC)
* Argo CD for deployment management
CI/CD Pipeline Tools
* GitHub Actions for workflow automation
* Argo Rollouts for canary deployments
Security Considerations
* Code checks (functionality, errors, coverage, vulnerabilities)
* Infrastructure and image scans for vulnerabilities
* Secure GitOps principles
High Level Diagram
Canary Deployments Made Easy: A CI/CD Journey with GitHub Actions and Argo CD Rollouts Diagram
Three Pipelines
Solution Approach
* GitOps with Argo CD for deployments based on Git repository state
* GitHub Actions for automated pipeline execution
* Code checks throughout the pipeline for security
* Canary deployments for safe rollouts with minimal risk
Rollout to Prod Manually
Achievements
* Increased Efficiency: Automates repetitive tasks, reducing human error.
* Improved Agility: Enables faster iterations and safer rollouts.
* Increased Reliability: Consistent deployments lead to a more stable application.
* Reduced Risk: Canary deployments and security focus minimize risk during updates.
* Streamlined Workflow: Automates deployments for a smoother development process.
Overall, this CI/CD pipeline helps us deliver reliable Python applications on AKS with minimal risk and improved development speed.
Future Optimizations
Enhanced Testing (Regression, Performance, API, E2E)
Monitoring & Logging (ELK, Prometheus, Grafana, Datadog, New Relic, Robusta)
Cost Optimization (cluster autoscaler, Azure Container Insights, HPA, kubecost)
Code Caching & Dependency Pre-installation
Parallel Builds (for larger projects)
Takeaways
This case study implements a secure GitOps-based CI/CD pipeline for a Python application. It prioritizes security throughout the process, automates deployments with GitOps principles, minimizes the risk during updates.
Remember adapting the philosophy, not just the tools, for a successful DevOps workflow.
Interested in the nitty-gritty of the security tools?
Check out my blog on Kuberada: