HomeDockerCI/CD Pipelines for Kubernetes Apps with Pulumi & Codefresh

CI/CD Pipelines for Kubernetes Apps with Pulumi & Codefresh

Editor’s note: This blog post was co-written by Sophia Parafina from Pulumi and Kostis Kapelonis from Codefresh. A webinar was recorded on this very topic! Scroll down to view the on-demand webinar. 

Delivering modern applications is complicated and requires the coordination of many shifting parts. Applications are frequently updated to implement new features and improve security and performance which interprets to a better user experience for your clients. To further complicate matters, infrastructure should also be deployed and maintained simultaneously with applications to avoid conflicts or dependencies.

Containerized applications deployed on Kubernetes are particularly susceptible to a misalignment between developers who frequently push changes and operators who want to maintain a stable architecture. Continuous Integration builds and checks software and delivers it as packages. Continuous Delivery or Deployment deploys applications on infrastructure. Let’s take a gaze at how we can accomplish CI/CD for both applications and infrastructure.

CI/CD and Pipelines

CD is sometimes called Continuous Delivery or Continuous Deployment. These have the same results, i.e., deploying software artifacts to manufacturing. However, Continuous Deployment is an automated process that deploys artifacts without human intervention. Continuous Delivery occurs when a person decides when to deploy an application. The reason could be a business decision, such as coordinating the release with a marketing campaign or having a final check by an engineer before release.

Continuous integration is an automated process that begins with a code push to a repository. From there, the code can be constructed and examined, and ultimately launched as an artifact. The CI process is determined by your organization and it can include guide testing of the code to catch nook cases.

A pipeline is the deployable unit path for CI/CD. A pipeline begins when code is dedicated to a repository like GitHub. The next step is a notification to a construct system, such as Codefresh. The construct system compiles the code and runs unit checks. If your code passes the unit checks, integration checks are the next step. In the case of containers, if your code passes both unit and integration checks, the images will be created and pushed into a registry service. This is the easiest example of a pipeline, but you can do many more things such as security scans, check modules for CVEs (Common Vulnerabilities and Exploits), send Slack notifications, and run quality checks. A pipeline can be fully automated or have checkpoints that require approval before resuming.

A pipeline in Codefresh is composed of a series of steps, where every step is a Docker container. This means that creating a pipeline is as easy as accumulating your favorite Docker images from any public or private Registry. Therefore, integration with Pulumi is trivial as Pulumi is already offered in the form of a public image 

CICD Pipelines for Kubernetes Apps with Pulumi Codefresh

On the deployment entrance, Codefresh has native integration for Kubernetes, container registries, and Git providers. This means that you can set up your cluster once in a central configuration and then make it available to all your pipelines by name. Codefresh is cloud-agnostic on all fronts. All major Git providers are supported and deployment can happen on any compliant Kubernetes cluster.

Every Codefresh account comes with a constructed-in graphical dashboard that allows you to inspect your Kubernetes cluster not only on the service/pod level but also on the application (i.e. Helm releases). This means that with Codefresh you don’t need to use multiple unrelated applications to understand if your deployment was successful. 

1612630795 14 CICD Pipelines for Kubernetes Apps with Pulumi Codefresh

A deployment that begins from a Git commit can be monitored with Codefresh from beginning to end, following all pipeline stages from application compilation/packaging to security scanning and infrastructure deployment.

See our dedicated documentation page on how to use Pulumi and Codefresh together.

Building Modern Infrastructure

Just like your application code, you can construct your infrastructure with a CI/CD pipeline. Pulumi lets developers write infrastructure with code using their favorite language such as Typescript, Python, or go. Developers can take advantage of abstractions, code reuse, refactoring, their favorite development environment, and testing tools. 

In addition to supporting multiple languages, you can construct infrastructure on any cloud such as AWS, Azure, GCP, and Kubernetes and take full advantage of their service choices. Choose your toolchain and frameworks and you’re set to deploy infrastructure on any major cloud provider and even hybrid and on-premises environments.

By leveraging infrastructure as code combined with real languages, engineers can achieve greater productiveness, while also enabling their development teams to be more “self-serve” with appropriate policies and guardrails in place. Pulumi brings cloud security engineering to the infrastructure and development teams. By using 1 common workflow that spans any cloud environment, whether public, private, or hybrid, security teams are able to implement policies that accomplish cloud governance initiatives of all kinds — security, compliance, cost control, and more. Help your teams deliver faster with safety and confidence.

To see how infrastructure as code simplifies infrastructure deployment, let’s take a gaze at an example for deploying Kubernetes with python on AWS. The full example is available on Github.

The code breaks up the Kubernetes deployment into python modules:

The main program (main.py) creates the Kubernetes cluster by calling the modules to deploy a cluster and a nodegroup with the policies utilized. By using modules, we can make changes to the vpc, networking, roles, and policies and customise it to our application. In a CI/CD, all these changes would be pushed through a pipeline before deployment.

Although this example is written in Python for AWS, there are identical examples in other languages and cloud providers in https://github.com/pulumi/examples“>Pulumi Examples.

Putting it Together 

In this article, we described how we can construct both applications and infrastructure with CI/CD pipelines. To learn more about how Codefresh and Pulumi can automate Kubernetes deployments, watch this on-demand webinar:





Most Popular