On This Page

To briefly summarize, we’ve successfully created a unique sandbox environment for each development team, registered within our environment registry. This has provided us with all necessary namespaces, ArgoCD applications, service accounts, roles, and secrets. The platform is now primed and ready for us to take the next step: the development of an application.

Here we are not referring to the Environments or App Config repositories, but rather the repositories that house the actual source code of the application. This includes all files, tests, Dockerfiles, etc.

Here are the fundamental rules:

  • The repository must contain a Dockerfile or Containerfile.

  • A chart directory is mandatory. This directory should contain a Helm chart, complete with all templates necessary to run the application. Additionally, a values.yaml file must be present within this chart, furnished with reasonable default values. It’s also crucial that the Chart.yaml file clearly specifies a version in semantic versioning format.

  • There must also be a pipeline directory in the repository.

Pipeline

While the provision of a sandbox is beneficial, the real game-changer lies in the execution of CI/CD pipelines. The role of pipelines is crucial in simplifying developers’ workflow. Pipelines automate the building, testing, and deployment processes, thus relieving developers from the tedious task of manual setup and configuration.

The values.yaml file for this pipeline chart should adhere to the following structure:

pipeline:
  team: team-name
  project: project-name
  application:
    name: frontend
    id_rsa: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0gYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUNGd0FBQUFkemMyZ3RjbiBOaEFBQUFBd0VBQVFBQUFnRUE2UkdmeEt0WTE5Yld6K0dpbHVHVVZDbC8zQ1dEbVl5cTJRMjZtdjFlN0g4WEdmcUdwSEg3IFhRcXV2MS8rQ0tRU3ZtK1hXdWRkQ2czSGFnN0NEWjA5bTZMcFZ1blFGdm9nR01vd0JFSXYvVUJhRnFYVS84MmNTQUMrb2ggRnhjOXE3NVdEUERrUGJUNDQ5YSs1bENjVlVRTzlHRkdXWEp0QTRkTVlsN1dXdVpaNmpUSStBUmVGRGU5OEVQWjExUlZqMiBPeEg3d29Kdm1jbHo2K2h3Y3dxL09TVGlBZEVOVnNmSVRhUTFYd3VDQUVRV1A4bkFzWndtT3JtUmsrYWlPcEhZWWpqSmZzIHpDUmh1dFNudFl4QXhhNytONVNWb1U5ZW83eHl6SHNGdmwxQmcrbThDeWsxdEx2REVnbHhzb2FBNGNVNk1GOEJ1M0VPQXEgRHBIaWNnbWNhSDVaemZWcS82R0JyNkhOUHY1a0tEU1B5dGEwNzFlTW92UjN1OWlsZXZlNHFnbWUxa1k2YnJnKzFGYVoxTyByNi9BY0NZSlRwVWZqMzNUcFdkVktibSsxY2xjaS9uRnZEUkVQU2xjZjBlQ1hWMG9xUGt1QjNVbGFGLzhzbWpLd3ByTldqIERXenp0cUxEUUN0OUVXSmczWXlsTE9vOTc0djkvVG9CYU5qdGtkclU4cGlIUVkxaFFmVE5ZZnpHNG5Ca2xsTEtZTnJqeFQgMzM0VjNySVYrNXRxVC9xdi95SExyOW5IQVJ4YUFzUG5EUGpaZUVZWG9VQWwzcms0akpHU1RqMkpYZHFOblhKajdOaExDLyBpc1ArdnBDOXo1VWM5cWc5MFhvYTFOVGFzeUhyZjhEZmRnYWtjZzZJM3h3NlZGWGxUOEgzNFdwUXg3N1RKZ0RlRzI4Wk9PIDhBQUFkUVppNXdZbVl1Y0dJQUFBQUhjM05vTFhKellRQUFBZ0VBNlJHZnhLdFkxOWJXeitHaWx1R1VWQ2wvM0NXRG1ZeXEgMlEyNm12MWU3SDhYR2ZxR3BISDdYUXF1djEvK0NLUVN2bStYV3VkZENnM0hhZzdDRFowOW02THBWdW5RRnZvZ0dNb3dCRSBJdi9VQmFGcVhVLzgyY1NBQytvaEZ4YzlxNzVXRFBEa1BiVDQ0OWErNWxDY1ZVUU85R0ZHV1hKdEE0ZE1ZbDdXV3VaWjZqIFRJK0FSZUZEZTk4RVBaMTFSVmoyT3hIN3dvSnZtY2x6Nitod2N3cS9PU1RpQWRFTlZzZklUYVExWHd1Q0FFUVdQOG5Bc1ogd21Pcm1SaythaU9wSFlZampKZnN6Q1JodXRTbnRZeEF4YTcrTjVTVm9VOWVvN3h5ekhzRnZsMUJnK204Q3lrMXRMdkRFZyBseHNvYUE0Y1U2TUY4QnUzRU9BcURwSGljZ21jYUg1WnpmVnEvNkdCcjZITlB2NWtLRFNQeXRhMDcxZU1vdlIzdTlpbGV2IGU0cWdtZTFrWTZicmcrMUZhWjFPcjYvQWNDWUpUcFVmajMzVHBXZFZLYm0rMWNsY2kvbkZ2RFJFUFNsY2YwZUNYVjBvcVAga3VCM1VsYUYvOHNtakt3cHJOV2pEV3p6dHFMRFFDdDlFV0pnM1l5bExPbzk3NHY5L1RvQmFOanRrZHJVOHBpSFFZMWhRZiBUTllmekc0bkJrbGxMS1lOcmp4VDMzNFYzcklWKzV0cVQvcXYveUhMcjluSEFSeGFBc1BuRFBqWmVFWVhvVUFsM3JrNGpKIEdTVGoySlhkcU5uWEpqN05oTEMvaXNQK3ZwQzl6NVVjOXFnOTBYb2ExTlRhc3lIcmY4RGZkZ2FrY2c2STN4dzZWRlhsVDggSDM0V3BReDc3VEpnRGVHMjhaT084QUFBQURBUUFCQUFBQ0FCQ1NoRDNEd1VsM3FVYVcwS3pSMVc0MmxUVGVKZ0ZoRXpUaiAyUVQwUnkraHljNjdGWi9UeXYvT3BxWk0rUTg4TzJqM0hsZ0VZNFUzZlpwNCtpdGxwdC9PTWJGUVpzOTdjWlRScTZCaDVHICtwaDc1Y2hFeThIZ1N3cU4xMVNBL28yYnR4cXNkazQ4OUFXZlcydWRCOEM0V2lmZVV0WkJZS2NEazliYXozc2ZMZjJOUzAgejNZb2tsZllmOEN4MVlqY3pvVmN2ZjRTc0VUTElrYi8vQjd5QUs3YmhJYUVpdUpFeW1WYTY4Q2FYT0FQOTFVSnozM1JrSiBaVVk1bVVxS3hwZW0xaGhGSlQxT3lQUXo4c2poOUNrYVRGRS9hM1JRNUhYWURJR2xyYjdmZXEwYWpaaHRrYmdNTWM2eWhUIGNnZ1VHTWVKcS81cXVoV2xHdGgyWHhla3YwNDhFSHRudkIxQ2VoQStCWTNzdEhBekZUb0tZbnJMUWVDNEJUMjN4Q0x2ZXEgbW1XQU1iMVA1SW5rUk9ENkVSbnlUTHNlTVk4YmRuODd6YWoyVEpzSDlpcmkwZnYvKzdSYWlYUDE5MWlLRno2UzgvbExldiBHT0V5azlMMUJiY2oxOXhFcncrMnVEdG1VUEJPNmc1L0lwUXpuM2tiSDZhZkhKZjRWTmZ0RzJUSkVaUi9MdnZvN0U2aWM2IDVNV2E1MUNORHJkWFErOWxabGp2MFpVNzJic0FveElTdTRWUWRKUnl6NTdhOUxXemNCd002UlRUanUxdHRlZWNwM0g4cnogVDI1eHV0alVtUy92U3l2ZDBQUXUvclBMb2ZuSStJeWxHeHQyQ0J0QURzQXN0M001VGxLejczL3J2RmE3a1crbHpmTkkyNyB3bXIxckZLSnk3VDAyanYvQWhBQUFCQVFEcFhRak4rNFROWWI1MUZNaXR2UHlWTnJUUFpoVkdEc3NwU3NMUjlmZm1VSWdQIENFZC9yUGRDNitNMTNWUENScjRFZFRMTmcrRTgvK1RWZmRUUVZKbjdjU3BJTFFJN2M1Tm52YnlraytiUzdzVUFxeG9PUUggbVRHQ2hkSmplWHNYQ0UxTjdnZ2UvUStPQnFVc0tSQjYvQXArN05kN0wvSVlPOXNmMzN5Qkxia2pacldockxSTUJDNHZPeSA2VFJoRXRUWTlFN1dQdEUrSnkxdFlPQ3p0UkoydjZIWlJaRWZhTmtBdm0wcnRMYjlSWlVEdmVPd0RwZkFWTmwrdnRWUlF4IFRyTmRPSjNvK0dLMnhzZ0Vxam80T3kvWXIwcDRnYkZOQ0VzNW1jaDVob1lIbGQrbFJLYXVoOS9kNnNlY3pPMm42ZUtUU0YgcENvYXl4dm1ZallPamN0V0FBQUJBUUQyeS8zc1EzUzR0SStrZXRwNWxCVi9KTU12c1h1OTk0aHN4Q0o2Y0o0dkFNby9YNSB5VWUyWWM2UFVncU91OEJCU0pZbmRRbFIvRGl2WEVXeVpBSjhkcFFFbDNBVmVzNDBMM0R5bTZSLytDSVNveWhFQ3JRcVJtIEszcWxBR1dwaVBpYlhKMW9DdmFvcytmTlpCelhFSGluZHI5UlJxNzM4eW9taGNvek1ibk8xdkdONGhVODVjekZtS1VkMmsgWFZqUnVRSFp0WkxLMVFpQUlUcHlxU3hOaWZvM3RETHBOUE1jVnFqdEplbmRtanNFd3YyaWFHbTM5UGIzd1kwS1ZFSHdRSyBrdW1YT3FjbmxibXpOZlBQVUdmT3MyRk5meTd5RGRvMWZvdkNjMUlEQ0k0ejdUMlVqRHVPd09tUFhSTElBUzF2UFdCcnMwIE8xK1ZEL3ExTXpZTS8xQUFBQkFRRHh3cFI1UCtFZ05xdjErTDJjTWdkTzhKSlV6UnhFU1JMMFhjM1V3L3h5dGczaGNzajUgbUs2a3dRNDNzOTdKYm9mM2J6SFluRUNldXFZU05IcE5SZGhML1l0LzA5VGZ6UjFnaXN5d3Q3dloxbE1Lc2wybEJoUHQ0ViB1U09iTlhFRk83Rk1FQm5iT0gvcmhuTWw0c3hBUGVLdDlJRHh1NndwUm1EN1pGdm1CN1JZM2F4UlhuMzNjQ3NObmdCaXJaIFNkdW0yMStGOTlmRXRXSjFnald0cVp5eGRCZDdyYzJpWUh0VUNIeUp0ckpSTXBOQXlEWlZSSWdKbGpCd0VQTW9mbXFRZnEgOTRIaDEvcFEwVUlEa2c2Uk9idFZBRFhpK1BGam1SVXdwdnJ6anY0ZGtlSEdrYXZGNVFoYTViMmprR3FXY3JBazNob3UzcyBHVHZaTkF4bnpVclRBQUFBRTIxdFlXVnpkSEpwUUhKbFpHaGhkQzVqYjIwQkFnTUVCUVlIIC0tLS0tRU5EIE9QRU5TU0ggUFJJVkFURSBLRVktLS0tLQ==

Each new commit pushed to the pipeline folder triggers a real-time synchronization with the Kubernetes cluster.

Branch Workflows

The platform is primarily designed to support GitHub flow as its branching strategy. This approach encompasses:

Non-Main Branches

Commits on non-main branches are confined to their initial environment and won’t be promoted further.

However, every new commit in a non-main branch will still trigger a Tekton PipelineRun execution. To expedite the process, the Kubernetes objects within the chart folder are instantly synced with the cluster. Once the new image is built, it gets tagged with the branch name and deployed.

The deployment of the non-main application results in an ArgoCD application bearing the name of the application appended with the suffix of the branch name. It’s worth noting that Chart Museum is not used for non-main branches.

Main Branch

In contrast, any commit pushed to the main branch could potentially be promoted to a higher environment like production. Therefore, each new commit on the main branch initiates a new Tekton PipelineRun execution.

Provided all the pipeline steps are executed successfully, the source code and Kubernetes objects are compiled into a Helm chart and then pushed to the Chart Museum server. The configurations won’t be reflected immediately, but only after the deployment step in the pipeline.

This execution of the main application deployment creates an ArgoCD application of the same name, pointing to the Helm chart in the Chart Museum as the image to be deployed.