Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by Guilherme (Gui) Alvarenga
How GitHub Uses GitHub to Be Productive and Secure
May 31st 2023 10:30am, by Loraine Lawson
Top 3 Application Security Must-Haves
May 26th 2023 7:59am, by Guilherme (Gui) Alvarenga
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by Steven J. Vaughan-Nichols
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How to Containerize a Python Application with Paketo Buildpacks
May 29th 2023 5:00am, by Sylvain Kalache
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Red Hat Podman Container Engine Gets a Desktop Interface
May 23rd 2023 7:30am, by Joab Jackson
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Spring Cloud Gateway: The Swiss Army Knife of Cloud Development
May 8th 2023 6:47am, by Juergen Sussner
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
WithSecure Pours Energy into Making Software More Efficient
Jun 1st 2023 7:14am, by Joe Fay
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by Keith Pijanowski
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by Jennifer Riggins
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by Doug Flora
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
LangChain: The Trendiest Web Framework of 2023, Thanks to AI
Jun 1st 2023 10:57am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by
API Management Is a Commodity: What’s Next?
Jun 6th 2023 9:59am, by
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by
Python and WebAssembly: Elevating Performance for Web Apps
Jun 5th 2023 3:00am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
A Boring Kubernetes Release
May 19th 2023 12:23pm, by
Optimizing Mastodon Performance with Sidekiq and Redis Enterprise
May 18th 2023 10:30am, by and
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
Bringing AI to the Data Center 
Jun 1st 2023 6:13am, by
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
API Management Is a Commodity: What’s Next?
Jun 6th 2023 9:59am, by
Meta-Semi Is an AI Algorithm That 'Learns How to Learn Better'
Jun 6th 2023 3:00am, by
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by
Google’s Generative AI Stack: An In-Depth Analysis
May 31st 2023 7:59am, by
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by
Compiled Python Code Used in a New PyPI Attack
Jun 2nd 2023 6:00am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by Michael Coté
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
How to Host Your Own Platform as a Product Workshop
May 31st 2023 9:09am, by Jennifer Riggins
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by B. Cameron Gain
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by B. Cameron Gain
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by Alex Williams
How to Improve Operational Maturity in an Economic Downturn
May 31st 2023 8:30am, by Jonathan Rende
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by David Cassel
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by David Eastman
Defend Open Source from Trolls: Oppose Patent Rule Changes
Jun 2nd 2023 6:49am, by Michael Dolan
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by Michael Coté
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
Open Source Jira Alternative, Plane, Lands
Jun 2nd 2023 9:00am, by Darryl K. Taft
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by B. Cameron Gain
My Further Adventures (and More Success) with Rancher
Jun 3rd 2023 7:00am, by Jack Wallen
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
CI/CD / Cloud Native Ecosystem / Kubernetes

Codefresh Runner: Run CI/CD Pipelines Inside a Kubernetes Cluster

Codefresh has recently open-sourced the Codefresh Runner, a native Kubernetes application for running CI/CD pipelines inside any Kubernetes cluster, either on a public cloud or behind the firewall in a private cluster.
Aug 10th, 2020 11:38am by
Featued image for: Codefresh Runner: Run CI/CD Pipelines Inside a Kubernetes Cluster
Feature image via Pixabay.

Kostis Kapelonis
Kostis Kapelonis is a developer advocate at Codefresh, a continuous delivery platform build for Kubernetes and containers. Formerly a Software Engineer, Kostis has years of experience containerizing applications, building CI/CD pipelines, and developing Java applications. He lives in Greece and loves roller skating.

Codefresh has recently open-sourced the Codefresh Runner, a native Kubernetes application for running CI/CD pipelines inside any Kubernetes cluster, either on a public cloud or behind the firewall in a private cluster.

Continuous Integration/Continuous Delivery (CI/CD) pipelines are by their own nature a perfect workload for moving to a Kubernetes cluster. In most software organizations the number of active pipelines is always changing across time. For example, just before a software release happens, the number of active pipelines will skyrocket as engineers are rushing to implement last-minute features and fixes.

Auto-scaling workloads is one of the built-in characteristics of a Kubernetes cluster. Placing CI/CD pipelines in a Kubernetes cluster is an obvious choice as this will make them take advantage of the auto-scaling feature without any other configuration.

The Codefresh Runner not only allows you to take advantage of Kubernetes scalability for CI/CD pipelines but also comes with several advantages for dealing with security and compliance of the data and services used in CI/CD pipelines.

Secure Services in a CI/CD Pipeline

Companies that have strict security limitations are always facing a tough choice when it comes to using a new software tool. The usual option is to install the tool on-premise and spend considerable effort on maintenance and monitoring it. The other choice is to use the public cloud and accept all the risks associated with it.

The Codefresh Runner is taking the best of both worlds by implementing a Hybrid solution. The Runner itself is installed inside a private Kubernetes cluster. This way it gets access to all secure services such as Git repositories, Docker registries, and other databases that the organization already maintains.

The Web UI for managing the Runner is running on the public cloud, enjoying all the benefits of a SaaS platform. The important thing to notice is that the network communication is only outgoing. The Codefresh Runner is polling the cloud UI for pipelines to execute. No firewall ports need to open making installation painless.

At the same time, the source code used inside a CI/CD pipeline always stays behind the firewall. The same method is followed for databases, Docker registries, and other secure services.

The end result is that a company using the Codefresh Runner can enjoy the reduced maintenance of a SaaS solution (the Web UI is monitored and managed by the Codefresh team) while still making sure that the intellectual property of the company (i.e. source code and secure data) is still safe behind the company firewall.

Kubernetes Scalability in CI/CD Pipelines

A Kubernetes cluster can be set up to scale according to workload metrics in different ways (i.e. increasing the number of pods or nodes). This is one of the biggest selling points of Kubernetes as it allows administrators to utilize the underlying resources in the best way possible.

The Codefresh Runner will automatically take advantage of any auto-scaling facilities present in the cluster it runs on. This means that as more pipelines are launched, the Runner will adapt to the increased load without any extra configuration.

A classic scenario for an increasing number of CI/CD pipelines is at the end of the sprint. Developers might open a large number of pull requests, or conversely, they will merge a large number of pull requests back to the mainline branch.

With the Codefresh Runner, all pipelines will run as soon as they are queued instead of creating a bottleneck due to a lack of resources. All Codefresh pipelines also have automatic workspace and Docker layer caching enabled without any extra configuration.

Multicloud CI/CD Pipelines

The Codefresh Runner is using the standard Kubernetes API without making any assumption about the underlying cloud provider. This means that the Runner can be installed in any compliant Kubernetes distribution in the same way (even on a local Kubernetes cluster running on your laptop).

Codefresh Pipelines are composable (i.e. you can call one pipeline from another pipeline). There is no restriction on where a child pipeline runs. This key characteristic allows you to chain pipelines that run on completely different clusters or even cloud providers.

As an example, you could run a parent pipeline that starts on the public Google Cloud, and it launches a second pipeline that runs in AWS. Or one pipeline can run inside your on-premise datacenter, but the second pipeline is running on the Codefresh SaaS resources. The Codefresh Runner is agnostic and behaves in the same manner regardless of what cluster it is running on.

Pipelines can be specifically targeted at different clusters or environments, giving maximum flexibility on the resource constraints and security measures present in the runtime environment.

Reusing Kubernetes Knowledge for CI/CD Pipelines

Many CI/CD solutions have been traditionally very difficult to set up and maintain. The Codefresh Runner takes a new approach when it comes to installation and maintenance.

First of all, while you can install the Codefresh Runner in many different ways (e.g. using Kubernetes manifests or a Helm chart), the quickest method of installation is by using a friendly command-line wizard.

The wizard asks some basic questions about your cluster and then proceeds to download, install, and set up all Runner resources inside the Kubernetes cluster in a single step.

After installation is complete, the Runner is self-sufficient. It will automatically look at your pipeline queue and run the pipelines that are assigned to the respective cluster along with all existing integrations of Docker registries and Git providers already set up in the Codefresh account. The Runner is using Docker images as build tooling, which means that new tools don’t have to be installed on the Runner itself.

The Runner components are all native Kubernetes resources. This means that you can monitor the Runner with your existing Kubernetes tools that are already in place inside the cluster. Especially in large organizations, this is a significant advantage as it allows operators to reuse their existing Kubernetes knowledge and investment on tools for cluster monitoring.

Conclusion

Running CI/CD pipelines on a Kubernetes cluster does not have to be a complicated process.

With the Codefresh Runner you can:

  • Execute pipelines  on any compliant Kubernetes cluster regardless of cloud provider
  • Access secure services behind the firewall in any CI/CD pipeline while keeping the source code inside the data center/private cloud
  • Automatically gain the scalability benefits of Kubernetes for handling large numbers of pipelines
  • Run pipelines in multicloud configurations and mix parent/child pipelines on completely clusters and cloud installations
  • Maintain and monitor your CI/CD runtime like any other Kubernetes application

The Codefresh Runner is hosted in GitHub (part of the Codefresh CLI). See the documentation page for more details on how to install it on a Kubernetes cluster and start running CI/CD pipelines.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
A Better Way to Shift Security Left Slim.AI: Automating Vulnerability Remediation for a Shift-Left World AI Has Become Integral to the Software Delivery Lifecycle DevPod: Uber's MonoRepo-Based Remote Development Platform Tech Backgrounder: Slim.AI Makes Container Hardening Easier
TNS owner Insight Partners is an investor in: Docker.
RELATED STORIES
Level up the Dev Experience with DORA Metrics and Continuous Deployment Usenix: Continuous Integration Is Just SRE Alerting 'Shifted Left' Is DevOps Tool Complexity Slowing Down Developer Velocity? A Brief DevOps History: The Roots of Infrastructure as Code Tech Backgrounder: Slim.AI Makes Container Hardening Easier
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.