Kubernetes CI/CD Best Practices

by Bala

Set up efficient CI/CD pipelines for Kubernetes deployments

Kubernetes CI/CD Best Practices

Implementing efficient CI/CD pipelines for Kubernetes ensures reliable and consistent deployments. This guide covers essential CI/CD practices.

Prerequisites

  • Basic understanding of Kubernetes
  • Access to a Kubernetes cluster
  • kubectl CLI tool installed
  • Familiarity with CI/CD concepts

Project Structure

.
├── ci-cd/
│   ├── pipelines/         # Pipeline definitions
│   ├── templates/         # Deployment templates
│   ├── scripts/          # Deployment scripts
│   └── environments/     # Environment configurations
└── testing/
    ├── integration/      # Integration test configs
    └── e2e/             # End-to-end test configs

GitLab CI Pipeline

1. Basic Pipeline

image: docker:latest

services:
  - docker:dind

stages:
  - build
  - test
  - deploy

variables:
  DOCKER_REGISTRY: registry.example.com
  KUBERNETES_NAMESPACE: production

build:
  stage: build
  script:
    - docker build -t $DOCKER_REGISTRY/app:$CI_COMMIT_SHA .
    - docker push $DOCKER_REGISTRY/app:$CI_COMMIT_SHA

test:
  stage: test
  script:
    - kubectl apply -f test/
    - ./run-tests.sh
    - kubectl delete -f test/

deploy:
  stage: deploy
  script:
    - kubectl set image deployment/app app=$DOCKER_REGISTRY/app:$CI_COMMIT_SHA
  only:
    - main

GitHub Actions Workflow

1. Kubernetes Deployment

name: Deploy to Kubernetes
on:
  push:
    branches: [ main ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    
    - name: Build and Push
      uses: docker/build-push-action@v2
      with:
        push: true
        tags: ${{ secrets.REGISTRY }}/app:${{ github.sha }}
        
    - name: Deploy to K8s
      uses: actions-hub/kubectl@master
      env:
        KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
      with:
        args: set image deployment/app app=${{ secrets.REGISTRY }}/app:${{ github.sha }}

ArgoCD Configuration

1. Application Definition

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp
spec:
  project: default
  source:
    repoURL: https://github.com/org/app.git
    targetRevision: HEAD
    path: k8s
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Deployment Strategies

1. Rolling Update

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    spec:
      containers:
      - name: app
        image: app:latest
        readinessProbe:
          httpGet:
            path: /health
            port: 8080

2. Blue-Green Deployment

apiVersion: v1
kind: Service
metadata:
  name: app
spec:
  selector:
    app: app
    version: blue
  ports:
  - port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-blue
spec:
  replicas: 3
  selector:
    matchLabels:
      app: app
      version: blue
  template:
    metadata:
      labels:
        app: app
        version: blue

Testing Strategies

1. Integration Tests

apiVersion: batch/v1
kind: Job
metadata:
  name: integration-tests
spec:
  template:
    spec:
      containers:
      - name: tests
        image: test-runner:latest
        command: ["./run-integration-tests.sh"]
      restartPolicy: Never

2. End-to-End Tests

apiVersion: batch/v1
kind: Job
metadata:
  name: e2e-tests
spec:
  template:
    spec:
      containers:
      - name: tests
        image: cypress:latest
        env:
        - name: BASE_URL
          value: http://app-service
        command: ["cypress", "run"]
      restartPolicy: Never

Best Practices Checklist

  1. ✅ Implement automated pipelines
  2. ✅ Use GitOps workflows
  3. ✅ Implement proper testing
  4. ✅ Use deployment strategies
  5. ✅ Configure monitoring
  6. ✅ Implement rollback procedures
  7. ✅ Secure CI/CD pipeline
  8. ✅ Version control everything
  9. ✅ Environment management
  10. ✅ Automated testing

Pipeline Security

1. Secret Management

apiVersion: v1
kind: Secret
metadata:
  name: pipeline-secrets
type: Opaque
data:
  docker-registry: BASE64_ENCODED_VALUE
  kube-config: BASE64_ENCODED_VALUE

2. RBAC Configuration

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ci-role
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

Environment Management

1. Kustomize Base

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml

2. Production Overlay

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
patchesStrategicMerge:
- production-resources.yaml

Common CI/CD Pitfalls

  1. ❌ Manual deployments
  2. ❌ No testing strategy
  3. ❌ Insecure secrets
  4. ❌ No rollback plan
  5. ❌ Poor monitoring

Best Practices by Stage

Build Stage

  • Use multi-stage builds
  • Cache dependencies
  • Security scanning
  • Version tagging

Test Stage

  • Unit tests
  • Integration tests
  • Security tests
  • Performance tests

Deploy Stage

  • Environment validation
  • Canary deployments
  • Automated rollbacks
  • Health checks

Conclusion

Implementing these CI/CD best practices ensures reliable and efficient deployments to your Kubernetes clusters. Regular review and updates of CI/CD processes are essential for maintaining deployment reliability.

Additional Resources