Embedded Files
Project overview
Project overview
We have a basic Python Flask app displaying a static cat image. Users come to our application to get their daily cat dose. User experience tests revealed that 8/10 users request dynamic cat images (or even GIFs).
We have a basic Python Flask app displaying a static cat image. Users come to our application to get their daily cat dose. User experience tests revealed that 8/10 users request dynamic cat images (or even GIFs).
Objective
Objective
Design an automated and secure Pull Request CICD pipeline and bump up the new version successfully and gradually adopting Gitops principles.
Design an automated and secure Pull Request CICD pipeline and bump up the new version successfully and gradually adopting Gitops principles.
Duration
3 weeks
Tech Stack
GitHub Actions
AKS (Test and Prod Clusters)
Argo Rollouts
GitHub Package Registry
Nginx Ingress, cert-manager, let's encrypt
Python Flask Application
Python Flask Application
Requirements
Requirements
Infrastructure and Resources
Infrastructure and Resources
* Development Cluster (AKS) for running pull request deployments
* Development Cluster (AKS) for running pull request deployments
* Production Cluster (AKS) for running the stable application
* Production Cluster (AKS) for running the stable application
* Image Registry (GitHub Packages) to store container images
* Image Registry (GitHub Packages) to store container images
* Git Repository to store application code and infrastructure as code (IaC)
* Git Repository to store application code and infrastructure as code (IaC)
* Argo CD for deployment management
* Argo CD for deployment management
CI/CD Pipeline Tools
CI/CD Pipeline Tools
* GitHub Actions for workflow automation
* GitHub Actions for workflow automation
* Argo Rollouts for canary deployments
* Argo Rollouts for canary deployments
Security Considerations
Security Considerations
* Code checks (functionality, errors, coverage, vulnerabilities)
* Code checks (functionality, errors, coverage, vulnerabilities)
* Infrastructure and image scans for vulnerabilities
* Infrastructure and image scans for vulnerabilities
* Secure GitOps principles
* Secure GitOps principles
High Level Diagram
High Level Diagram
Canary Deployments Made Easy: A CI/CD Journey with GitHub Actions and Argo CD Rollouts Diagram
Three Pipelines
Three Pipelines
Solution Approach
Solution Approach
* GitOps with Argo CD for deployments based on Git repository state
* GitHub Actions for automated pipeline execution
* Code checks throughout the pipeline for security
* Canary deployments for safe rollouts with minimal risk
Rollout to Prod Manually
Rollout to Prod Manually
Achievements
Achievements
* Increased Efficiency: Automates repetitive tasks, reducing human error.
* Improved Agility: Enables faster iterations and safer rollouts.
* Increased Reliability: Consistent deployments lead to a more stable application.
* Reduced Risk: Canary deployments and security focus minimize risk during updates.
* Streamlined Workflow: Automates deployments for a smoother development process.
Overall, this CI/CD pipeline helps us deliver reliable Python applications on AKS with minimal risk and improved development speed.
Future Optimizations
Enhanced Testing (Regression, Performance, API, E2E)
Monitoring & Logging (ELK, Prometheus, Grafana, Datadog, New Relic, Robusta)
Cost Optimization (cluster autoscaler, Azure Container Insights, HPA, kubecost)
Code Caching & Dependency Pre-installation
Parallel Builds (for larger projects)
Takeaways
Takeaways
This case study implements a secure GitOps-based CI/CD pipeline for a Python application. It prioritizes security throughout the process, automates deployments with GitOps principles, minimizes the risk during updates.
Remember adapting the philosophy, not just the tools, for a successful DevOps workflow.
Interested in the nitty-gritty of the security tools?
Check out my blog on Kuberada:
Follow me to learn more!
Follow me to learn more!
Stay updated on the latest Kubernetes tips, GitOps practices, and DevOps insights. Follow me for more hands-on projects and tutorials
Page updated
Google Sites
Report abuse