CI/CD Pipeline using GitHub Actions, Harbor Container Registry, ArgoCD, Kubernetes, and NGINX [Overview]
29/12/2022
LinkThis pipeline is implemented in the backend system of ChaturMail: AI Email Generator
Understanding Overall Pipeline Flow
![](https://cdn.hashnode.com/res/hashnode/image/upload/v1672482313295/bcb62eb1-070e-4f8b-9dab-8a4b76ab8bad.png align="center")
-
Code changes are pushed to the master branch on GitHub
-
The repo has a Dockerfile. GitHub Actions does the following tasks
-
Build Docker Image
-
Push the image to Harbor Container Registry
-
Update YAML config being watched by ArgoCD
-
-
The Harbor Container Registry is hosted on my VPS, reverse proxied by NGINX, and domain mapped by Cloudflare. The GH action uploads the built image here
-
ArgoCD is installed on the VPS and watches a repo of YAML configs for Kubernetes. Any changes to the configs trigger a deployment by ArgoCD. The GH action updates the image tag in the YAML config
-
ArgoCD detects the change in YAML and initiates a K8S deployment
-
The docker image needed by K8S pods is fetched locally from Harbor
-
Kubernetes deploys and manages the pods w.r.t. to restarting, respawning, and load balancing
Role of NGINX
NGINX acts as a gateway to the VPS. All services are exposed to the internet utilizing NGINX. In the pipeline, NGINX plays the following roles:
-
Reverse proxies Harbor
-
Reverse proxies ChaturMail backend
Application Exposure
The backend system for ChaturMail is served by a Kubernetes load balancer service which gets an internal local-only IP address. This service is then reverse proxied by NGINX.
Role of Cloudflare
The services and applications exposed by the VPS are all configured to work with subdomains of my main domain wilfredalmeida.com
The domain is managed by Cloudflare and its IP address is proxied which prevents exposing of the original VPS IP and works in favor of Cloudflare's analytics and security services.