Canary Deployments Made Easy: A CI/CD Journey with GitHub Actions and Argo CD Rollouts

Project overview

We have a basic Python Flask app displaying a static cat image. Users come to our application to get their daily cat dose. User experience tests revealed that 8/10 users request dynamic cat images (or even GIFs).

Objective

Design an automated and secure Pull Request CICD pipeline and bump up the new version successfully and gradually adopting Gitops principles.

Duration

3 weeks

Tech Stack

GitHub Actions

AKS (Test and Prod Clusters)

Argo Rollouts

GitHub Package Registry

Nginx Ingress, cert-manager, let's encrypt

Python Flask Application

Requirements

Infrastructure and Resources

* Development Cluster (AKS) for running pull request deployments

* Production Cluster (AKS) for running the stable application

* Image Registry (GitHub Packages) to store container images

* Git Repository to store application code and infrastructure as code (IaC)

* Argo CD for deployment management

CI/CD Pipeline Tools

* GitHub Actions for workflow automation

* Argo Rollouts for canary deployments

Security Considerations

* Code checks (functionality, errors, coverage, vulnerabilities)

* Infrastructure and image scans for vulnerabilities

* Secure GitOps principles

High Level Diagram

Canary Deployments Made Easy: A CI/CD Journey with GitHub Actions and Argo CD Rollouts Diagram

Three Pipelines

Solution Approach

* GitOps with Argo CD for deployments based on Git repository state

* GitHub Actions for automated pipeline execution

* Code checks throughout the pipeline for security

* Canary deployments for safe rollouts with minimal risk

Rollout to Prod Manually

Achievements

* Increased Efficiency: Automates repetitive tasks, reducing human error.

* Improved Agility: Enables faster iterations and safer rollouts.

* Increased Reliability: Consistent deployments lead to a more stable application.

* Reduced Risk: Canary deployments and security focus minimize risk during updates.

* Streamlined Workflow: Automates deployments for a smoother development process.

Overall, this CI/CD pipeline helps us deliver reliable Python applications on AKS with minimal risk and improved development speed.

Future Optimizations

Enhanced Testing (Regression, Performance, API, E2E)
Monitoring & Logging (ELK, Prometheus, Grafana, Datadog, New Relic, Robusta)
Cost Optimization (cluster autoscaler, Azure Container Insights, HPA, kubecost)
Code Caching & Dependency Pre-installation
Parallel Builds (for larger projects)

Takeaways

This case study implements a secure GitOps-based CI/CD pipeline for a Python application. It prioritizes security throughout the process, automates deployments with GitOps principles, minimizes the risk during updates.

Remember adapting the philosophy, not just the tools, for a successful DevOps workflow.

Interested in the nitty-gritty of the security tools?

Check out my blog on Kuberada:

Comprehensive Blog Post