CI/CD Pipeline using GitHub Actions, Harbor Container Registry, ArgoCD, Kubernetes, and NGINX [Overview]

This pipeline is implemented in the backend system of ChaturMail: AI Email Generator

Understanding Overall Pipeline Flow

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1672482313295/bcb62eb1-070e-4f8b-9dab-8a4b76ab8bad.png align="center")

1. Code changes are pushed to the master branch on GitHub

2. The repo has a Dockerfile. GitHub Actions does the following tasks

   • Build Docker Image

   • Push the image to Harbor Container Registry

   • Update YAML config being watched by ArgoCD

3. The Harbor Container Registry is hosted on my VPS, reverse proxied by NGINX, and domain mapped by Cloudflare. The GH action uploads the built image here

4. ArgoCD is installed on the VPS and watches a repo of YAML configs for Kubernetes. Any changes to the configs trigger a deployment by ArgoCD. The GH action updates the image tag in the YAML config

5. ArgoCD detects the change in YAML and initiates a K8S deployment

6. The docker image needed by K8S pods is fetched locally from Harbor

7. Kubernetes deploys and manages the pods w.r.t. to restarting, respawning, and load balancing

Role of NGINX

NGINX acts as a gateway to the VPS. All services are exposed to the internet utilizing NGINX. In the pipeline, NGINX plays the following roles:

• Reverse proxies Harbor

• Reverse proxies ChaturMail backend

Application Exposure

The backend system for ChaturMail is served by a Kubernetes load balancer service which gets an internal local-only IP address. This service is then reverse proxied by NGINX.

Role of Cloudflare

The services and applications exposed by the VPS are all configured to work with subdomains of my main domain wilfredalmeida.com

The domain is managed by Cloudflare and its IP address is proxied which prevents exposing of the original VPS IP and works in favor of Cloudflare's analytics and security services.