By Anthony Loss, Senior Solutions Architect, ClearScale
CI/CD is the practice of continuous integration and continuous delivery/deployment. The two processes, typically referred to as a CI/CD pipeline, introduce ongoing automation and continuous monitoring throughout the lifecycle of apps, from the integration and testing phases to delivery and deployment. The use of a CI/CD pipeline introduces smaller iterations and faster deployment in the process.
CI/CD isn’t exclusive to cloud-native app development. After all, on-prem data centers can use a CI/CD pipeline to deploy virtual machines or containers such as Docker or Kubernetes. However, CI/CD pipelines are well suited to the use in cloud-native app development, which leverages the benefits of microservices, containers, and container orchestration systems like Kubernetes. It also allows you to grow and scale with CI/CD without managing the underlying build and deploy server hardware.
The Good and Not-so-Good of CI/CD for Microservices
Compared to legacy deployments, using CI/CD in an environment to deploy applications is much more efficient. With continuous deployment for containers, it’s not necessary to take the entire app to make an update or change. Every microservice runs in a container and is deliberately made modular.
With the integration of CI/CD into container-based environments, you can have containers in a node running a staging version of your app, and other containers in a separate node actually handling real users and keeping the application running.
Cloud-native app development, particularly the use of microservices, does present some challenges for CI/CD pipelines. Those issues are primarily due to the complexity that comes with dealing with multiple microservices. This includes the increased layers and dependencies, as well as increased development speed. These issues can negatively impact the individual teams that must release services quickly and reliably, without disrupting other teams or destabilizing the app as a whole.
However, the use of automation, experimentation, DevOps, and best practices across the entire development life cycle and all development components – including CI/CD pipelines – can make a difference.
How CI/CD Works
Before discussing CI/CD best practices, it’s essential to understand the CI/CD process. In general terms, a CI workflow integrates code changes as often as possible via the build automation process. Every code change to the app is automatically built and deployed to a test environment. This eliminates having to manually build and package images every time there’s a code change.
Once you integrate and package the code, the CD workflow takes over. Its goal is to securely deliver the integrated code changes into production by running automated tests. The tests check the build’s validity by traversing it across several stages. If it passes all the stages, it’s ready to be deployed to its endpoint.
The pipeline requires various components in order to work. Typically, they include:
- Version control system, a repository that keeps track of every modification to the code. If someone makes a mistake, developers can go back to earlier versions of the code to help fix the mistake while minimizing disruption to all team members. A good central repository can consist of GitHub, Bitbucket, or AWS CodeCommit.
- A build server. With AWS, you can take advantage of a managed server called AWS CodeBuild. This allows you to focus on your builds instead of managing your underlying hardware. You can also integrate third-party build servers such as Jenkins.
- A deployment service. AWS offers an excellent deployment service called AWS CodeDeploy. This is a fully managed deployment service that automates software deployments to a variety of endpoints such as Amazon EC2, AWS Lambda, AWS Fargate, and even your on-premise environment.
- Orchestration. In order to achieve complete CI/CD, you’ll need an orchestration tool to manage each of these components. AWS offers a great orchestration service called AWS CodePipeline. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates.
CI/CD Best Practices
Best practices for the use of CI/CD pipelines range from those specific to the CI/CD tools employed to the integration of security into the apps. The following are just some to consider.
- Git-based workflows offer better visibility into CI/CD operations by providing significant benefits in terms of ease of use and collaboration. Triggering CI/CD pipelines through Git operations ensures that all changes to applications and clusters are available for review before deployment. Snapshots of clusters and applications are accessible anytime in cases of failures. Also, Git offers a single source of truth, allowing code changes and tracking. This enables teams to simplify integration through chat tools such as Slack for automating CI/CD tasks while eliminating repetitiveness.
Build Once for Error Reduction
- A build once policy implemented at the start of the CI/CD pipeline reduces the chances of errors and inconsistencies that can occur later in the process when using multiple build tools. Rebuilding the image can produce differences across code branches, which can cause applications to fail in production.
Make Small Changes
- Another best practice to decrease application failure is to promote small incremental changes among developer teams as they are easier to integrate and roll back.
- CI mechanisms can have multiple builds deployed at a particular point in time. To ensure a stable build without code quality issues, use a validation methodology, such as white or black box testing, to track failure areas. The validation framework will seamlessly integrate code commits, automate the CI system, and reduce the overhead of detecting issues.
- Implementing rollback mechanisms provides options for restoring to a previous change or state if a code failure or a disaster occurs. Typically with AWS CodeDeploy, rollbacks re-deploy older releases to safeguard the applications.
Testing and Scanning
- Testing and scanning applications every time a new image is built is one of the most useful CI practices that organizations can adopt to detect vulnerabilities. This is known as “DevSecOps”. Testing an application image ensures proper working of commands in the container and checks them for correct contents and specifications. Running an application code scan can help take care of vulnerabilities introduced through new builds pushed to the container registry. AWS CodeGuru can achieve this.
- Automated testing plays a crucial role in streamlining the software delivery lifecycle. Without an automated workflow, randomized unplanned testing results in inefficient builds that affect the code readability and maintainability in production.
- To help avoid security flaws, resource outages, and other issues that can lead to a production instance not working correctly, implement a blue-green deployment pattern that initializes an additional parallel set of deployment instances to the existing production instances. This facilitates easier switching in the event of failure or downtime.
Use AWS Identity & Access Management
- With AWS Identity and Access Management (IAM), you can specify who or what can access your CI/CD pipelines. AWS IAM can also help you centrally manage fine-grained permissions and analyze access to refine permissions across AWS.
- Yet another recommendation practice is to trigger CI/CD pipelines by Git-based operations. A unified source repository stores all the pipeline changes and source code. This allows developers to review changes and eliminate errors before deployment.
The Role of AWS
Given AWS’s extensive support for all aspects of cloud-native app development, it’s not surprising that both AWS and its partners make it easy to embrace and use CI/CD pipelines.
Among the CI/CD services and developer tools AWS offers to build pipelines and accelerate software development and release cycles are:
- AWS CodeCommit – This fully managed source control service hosts secure Git-based repositories and makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.
- AWS CodeBuild – This fully managed continuous integration service compiles source code, runs tests, and produces software packages that are ready to deploy, on a dynamically created build server.
- AWS CodeDeploy – Another fully managed service, this one automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and on-premises servers.
- AWS CodePipeline – AWS CodePipeline is also fully managed and helps automate release pipelines for fast and reliable application and infrastructure updates.
- AWS CodeStar – AWS CodeStar provides a unified user interface for easily managing app development activities in one place.
- Amazon Elastic Container Registry – The fully managed container registry offers high-performance hosting, so application images and artifacts can be reliably deployed anywhere.
- AWS CloudWatch Events – AWS CloudWatch Events rule can trigger the CodePipeline on a Git commit to the CodeCommit repository.
- Amazon Simple Storage Service (Amazon S3) – This object storage service offers industry-leading scalability, data availability, security, and performance.
- AWS Key Management Service (AWS KMS) – AWS KMS makes it easy to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
In addition, you can automate the creation of a CI/CD pipeline using AWS CDK and AWS CloudFormation. AWS also offers a variety of CI/CD best practices, many specific to its broad array of tools and services.
Learn More About CI/CD Best Practices
There are numerous other CI/CD best practices, tools, and services. Their use will depend on many factors, including the specific tools used, project goals, and more. For information on the use of CI/CD pipelines in the cloud-native app development process – and how they can be created and leveraged using AWS services – review ClearScale’s AWS Cloud DevOps services.