Building a modern CI/CD pipeline is essential for delivering applications faster, safer, and with minimal downtime. In this blog, I’ll walk you through a complete end-to-end implementation of a CI/CD pipeline in OCI DevOps, integrating GitHub, Container Registry, OKE, and implementing a Blue/Green Deployment strategy.
This setup ensures:
-
Automated build and deployment
-
Zero-downtime releases
-
Easy rollback mechanism
-
Secure secret management
Let’s dive in.
Architecture Overview
We will configure:
-
GitHub repository (source code)
-
OCI Vault & Secrets
-
OCI Container Registry
-
OCI DevOps Project
-
Build Pipeline
-
Deployment Pipeline
-
OKE Cluster
-
NGINX Ingress Controller
-
Blue/Green namespaces (ns-blue & ns-green)
Step 1: Secure GitHub Token in OCI Vault
Instead of hardcoding secrets:
-
Create a Vault
-
Create a Master Encryption Key
-
Store the GitHub PAT token as a Secret
-
Reference the secret in DevOps pipeline
This ensures enterprise-grade security for repository mirroring.
After a vault is created, create the encryption key inside the vault
Now refer the key to the secrets
Secret contents is the PAT(Personal Access token) for the github.
Step 2: Create an OKE Cluster
Create an OKE cluster from OCI Console.
After creation, access it from Cloud Shell:
Your Kubernetes cluster is now ready for deployments.
3 worker nodes are up and running
Step 3: Create Container & Artifact Registry
-
Create Container Registry → Stores Docker images
-
Create Artifact Registry → Stores Kubernetes manifest files (YAML)
These artifacts will be referenced inside the pipeline.
Container registry:-
Artifact Registry
Step 4: Mirror GitHub Repository in OCI DevOps
Inside DevOps Project:
-
Click Mirror Repository
-
Provide GitHub credentials (via Vault secret which stores the GitHub PAT)
-
Wait for sync
After a few minutes, your source code will reflect in OCI.
Once it is created, we will be able to see the repositories
present inside my github
After few minutes, the files will be displayed
Create the artifcats inside the devops which will store the
container images and OKE manifest files
Step 5: Create Build Pipeline
Important: Ensure build_spec.yaml is present in the root of the repository.
Build Pipeline Flow:
-
Fetch Source Code
-
Build Docker Image
-
Push Image to Container Registry
-
Export Image Artifact
-
Trigger Deployment Pipeline
Add the next stage to deliver the artifacts for next stage
Click on +
Step 6: Create OKE Deployment Environment
Create an environment pointing to:
-
Your OKE Cluster
-
Target Namespace
-
Kubernetes Manifest (oci-oke-deployment.yaml)
Step 7: Create Deployment Pipeline
Select the environment created earlier
Add the trigger deployment under the build pipeline
Conclusion (End of Part 1)
By completing the steps above, we have successfully:
-
Secured GitHub credentials using OCI Vault
-
Created an OKE cluster
-
Configured OCI Container & Artifact Registry
-
Set up OCI DevOps Project
-
Created a Build Pipeline
-
Configured a Deployment Environment
-
Implemented Blue/Green namespaces (ns-blue & ns-green)
At this stage, the CI/CD foundation is fully ready.
However, traffic is not yet exposed externally. The application is deployed inside the cluster, but we still need:
-
An Ingress Controller
-
Load Balancer configuration
-
Traffic routing between Blue and Green
-
Manual approval-based traffic shift
-
Rollback mechanism
These critical production-grade components will be covered in the next blog.
What’s Coming in next post
In the next post, we will cover:
-
Setting up NGINX Ingress Controller on OKE
-
Configuring LoadBalancer service
-
Executing build pipeline runs
-
Deploying to Green namespace
-
Traffic shifting to Blue namespace
-
Rollback strategy in OCI DevOps
This is where the real power of OCI DevOps Blue/Green deployment becomes visible.
Thanks for reading.
No comments:
Post a Comment