Saturday, February 21, 2026

Complete CI/CD Pipeline Setup on Oracle Cloud Infrastructure (OCI) with Oracle Kubernetes Engine (OKE) – Blue/Green Deployment Strategy

 

Building a modern CI/CD pipeline is essential for delivering applications faster, safer, and with minimal downtime. In this blog, I’ll walk you through a complete end-to-end implementation of a CI/CD pipeline in OCI DevOps, integrating GitHub, Container RegistryOKE, and implementing a Blue/Green Deployment strategy.

 

Blue/Green Deployment in Devops using Kubernetes

 

 

This setup ensures:

  • Automated build and deployment
  • Zero-downtime releases
  • Easy rollback mechanism
  • Secure secret management

 

Let’s dive in.

Architecture Overview

We will configure:

  • GitHub repository (source code)
  • OCI Vault & Secrets
  • OCI Container Registry
  • OCI DevOps Project
  • Build Pipeline
  • Deployment Pipeline
  • OKE Cluster
  • NGINX Ingress Controller
  • Blue/Green namespaces (ns-blue & ns-green)

 

Step 1: Secure GitHub Token in OCI Vault

Instead of hardcoding secrets:

  1. Create a Vault
  2. Create a Master Encryption Key
  3. Store the GitHub PAT token as a Secret
  4. Reference the secret in DevOps pipeline

This ensures enterprise-grade security for repository mirroring.

After  a vault is created, create the encryption key inside the vault



Now refer the key to the secrets

 




Secret contents is the PAT(Personal Access token) for the github. 

 

Step 2: Create an OKE Cluster

Create an OKE cluster from OCI Console.

After creation, access it from Cloud Shell:

kubectl get nodes

Your Kubernetes cluster is now ready for deployments.


3 worker nodes are up and running

 

Step 3: Create Container & Artifact Registry

  • Create Container Registry → Stores Docker images
  • Create Artifact Registry → Stores Kubernetes manifest files (YAML)

These artifacts will be referenced inside the pipeline.

 

Container registry:-



Artifact Registry

 



Step 4: Mirror GitHub Repository in OCI DevOps

Inside DevOps Project:

  1. Click Mirror Repository
  2. Provide GitHub credentials (via Vault secret which stores the GitHub PAT)
  3. Wait for sync

After a few minutes, your source code will reflect in OCI.

 

 

 

 

Once it is created, we will be able to see the repositories present inside my github

 

 

 

 

After few minutes, the files will be displayed

 

 

Create the artifcats inside the devops which will store the container images and OKE manifest files

 

 

 

 

 Click on add

 

 Create the OKE manifest artifacts (choose the artifact registry created earlier)

 

 

 



Step 5: Create Build Pipeline

Important: Ensure build_spec.yaml is present in the root of the repository.

Build Pipeline Flow:

  • Fetch Source Code
  • Build Docker Image
  • Push Image to Container Registry
  • Export Image Artifact
  • Trigger Deployment Pipeline

 

 

Add the next stage to deliver the artifacts for next stage

 

Click on +

 

 

 

 

Step 6: Create OKE Deployment Environment

Create an environment pointing to:

 

 

Step 7: Create Deployment Pipeline

 

 

 

 

 

 

Click on next

 

 

Select the environment created earlier

 

 



 

 

 

 

 

Add the trigger deployment under the build pipeline

 

 

 

 

 

Conclusion (End of Part 1)

By completing the steps above, we have successfully:

  • Secured GitHub credentials using OCI Vault
  • Created an OKE cluster
  • Configured OCI Container & Artifact Registry
  • Set up OCI DevOps Project
  • Created a Build Pipeline
  • Configured a Deployment Environment
  • Implemented Blue/Green namespaces (ns-blue & ns-green)

At this stage, the CI/CD foundation is fully ready.

 

However, traffic is not yet exposed externally. The application is deployed inside the cluster, but we still need:

  • An Ingress Controller
  • Load Balancer configuration
  • Traffic routing between Blue and Green
  • Manual approval-based traffic shift
  • Rollback mechanism

These critical production-grade components will be covered in the next blog.


What’s Coming in next post

In the next post-https://samappsdba.blogspot.com/2026/02/oci-devops-cicd-oke-blue-green-ingress-traffic-shift-part-2.html, we will cover:

  • Setting up NGINX Ingress Controller on OKE
  • Configuring LoadBalancer service
  • Executing build pipeline runs
  • Deploying to Green namespace
  • Traffic shifting to Blue namespace
  • Rollback strategy in OCI DevOps

This is where the real power of OCI DevOps Blue/Green deployment becomes visible.

 

Thanks for reading.

 

 

No comments:

Post a Comment