KCNAApp Delivery & GitOps
App Delivery & GitOps
Cloud native application delivery automates the path from code commit to production.
CI/CD Fundamentals
Continuous Integration (CI): Automatically build, test, and validate every commit.
Continuous Delivery (CD): Automatically deploy validated builds to production (or staging).
Cloud Native CI/CD Tools
| Tool | Type |
|---|---|
| Tekton | Kubernetes-native pipeline primitives |
| Argo Workflows | DAG-based workflow engine on K8s |
| GitHub Actions | Cloud CI/CD |
| Jenkins X | CI/CD for K8s |
GitOps
GitOps uses Git as the single source of truth for declarative infrastructure and apps.
Core principles (OpenGitOps):
- Declarative — desired state described in Git
- Versioned & immutable — Git history is the audit log
- Pulled automatically — agents pull and apply changes
- Continuously reconciled — agents detect and correct drift
GitOps vs Push-based CD
| Push | GitOps (Pull) | |
|---|---|---|
| Trigger | CI pushes to cluster | Agent pulls from Git |
| Credentials | CI has cluster access | Cluster pulls, no external access needed |
| Drift detection | None | Continuous reconciliation |
Argo CD
Argo CD is the leading CNCF GitOps tool:
# Application CR
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: HEAD
path: apps/my-app
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
Flux
Flux is the other major CNCF GitOps tool (graduated). Uses separate controllers (source-controller, kustomize-controller, helm-controller).
Container Image Best Practices
# Multi-stage build — keep images small
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:20-alpine AS runner
WORKDIR /app
COPY --from=builder /app/dist ./dist
RUN addgroup -S app && adduser -S app -G app
USER app
EXPOSE 3000
CMD ["node", "dist/index.js"]
Image scanning: Trivy, Snyk, Grype — scan for CVEs before deploying.
Kustomize
Kustomize allows environment-specific overlays without templating:
base/
deployment.yaml
service.yaml
kustomization.yaml
overlays/
production/
kustomization.yaml # patches: replicas=5, image tag
staging/
kustomization.yaml # patches: replicas=1
kubectl apply -k overlays/production/
Summary
- GitOps treats Git as the single source of truth; agents continuously reconcile
- Argo CD and Flux are the two leading CNCF GitOps tools
- Kustomize enables overlay-based config management without templating
- Multi-stage Dockerfiles + image scanning are production best practices