Welcome to Tools of Continuous Delivery. After watching this video, you will be able to describe the different tools that enable Continuous Delivery, or CD, explain what to look for when choosing a CD tool, and describe the Argo CD and Tekton tools for CD. There are many tools available to the average developer for performing Continuous Delivery. Jenkins is one of the older CI/CD tools on the market and one of the most popular. It has a huge community, and supports countless plugins, but it’s not ideal for CD. Jenkins does not provide visibility into the pipeline process, and requires a lot of setup and maintenance, making it uncompetitive compared to other CD tools. Spinnaker, on the other hand, is a dedicated cloud-agnostic CD tool built in-house by Netflix. It allows you to manage CD pipelines and simplifies release rollbacks. It supports the creation of load balancers and scale clusters all natively. Concourse CI is a tool that also contains CD capabilities, and was initially built with containers in mind, although you can still run things on virtual machines. The containers are highly scalable, and due to the container-first approach, every step of the build is very flexible; you just point to a Docker image to build from. Lastly, GitLab can implement both CI and CD. It’s easy to automate the process of deploying code to production since GitLab is also a source code manager. It supports all major cloud platforms, making the CI/CD pipeline very flexible to build. Travis CI is another CI tool that contains CD capabilities. It isn’t as feature-rich as other CD implementations, but it requires minimal maintenance. Tekton enables you to build, test, and deploy apps in Kubernetes using an open source, vendor-neutral framework. Its main strength is its modularity, allowing you to deploy across multiple environments such as VMs, serverless, Kubernetes, and cloud providers. Go CD is a tool that boasts easy pipeline setup with native Docker and Kubernetes support. It comes with its own Value Stream Map tool that helps you trace each pipeline through all of the stages between commit and deployment. You can build pipelines with YAML or JSON files in a visual UI. And finally, Argo CD was originally developed by Intuit, as they were looking for a lighter tool than Spinnaker that would improve build and deployment times and streamline their GitOps workflow. The UI is well made and easy to use and integrates well with a variety of CI tools such as Jenkins, GitHub Actions, CircleCI, and more. When looking for a CD tool to use within your workflow, these key considerations should be top of mind. With CD, you may want full audit trails; proprietary integrated secrets; and fine-grained, role-based access control. These features may only be partially available in CD tools and not ubiquitous, as some tools may be very new and overly simplistic. Having a feature-rich CD tool means that once your applications become more complex with more moving parts, you will already have the features at your disposal. Depending on your CI pipeline, some CD tools may not be compatible with your current process. Picking a tool that is compatible and easily integrates with your current toolset makes setting up CD faster and reduces potential headaches. CD tools can differ greatly in how they are implemented and how easy it is for developers to set up CD in their projects. Tools like Tekton are easy to set up and provide clear insights into your pipelines. Beyond setup, maintenance can also take up a lot of time. Tools like Argo CD are easy to set up and maintain, while Jenkins is a handful to both set up and maintain. Using a CD tool to build a pipeline is just the first step. You must also consider what tools you need within your CD pipeline to perform the following tasks: Within your pipeline, you need tools for application security scanning and ensure overall application health. Security is often an afterthought and added at the end before an application launches. By adding security checks to your pipeline, every change that you make along the way is tested to be secure. Vulnerability scanning helps identify dependencies and components vulnerabilities. Applications that are not vulnerable one day suddenly become vulnerable because of exploits found in existing code or libraries. It is critically important to add vulnerability scanning to your CD pipeline to ensure that you are not shipping code with known vulnerabilities. Secret scanning for API keys and credentials prevents accidental exposure of sensitive information. Many times, developers inadvertently place passwords and other credentials in files that have been erroneously checked into source control. Scanning for secrets ensures that credentials are not leaked. Static Application Security Testing (or SAST) scanning identifies vulnerabilities of the entire code base such as SQL injections and cross-site scripting. While some of these mistakes might get identified during code reviews, it’s important to ensure that your CD pipeline is checking for them in case your developers forget to. Dynamic Application Security Testing (or DAST) scans for incorrect security assumptions that may be hidden in the source code. Dynamic scanning checks the running application for weak spots. Better to catch these in your CD pipeline than have malicious users find them in production. Lastly, a CD pipeline also requires a tool that facilitates code deployment. Automating deployments ensures that they are repeatable so that you get the same results regardless of whether you are deploying to development, test, staging, or production. A relatively new tool that is gaining in popularity is Argo CD. Argo CD is a declarative Continuous Delivery tool that makes CD easy to automate, audit, and understand. It follows the GitOps pattern of using Git repositories as the single source of truth for defining the desired application state. Argo CD, as a Kubernetes controller, monitors the current application state compared to the desired state, visualizes the differences, and ensures parity by automatically syncing. Since we’ll be using Tekton in this course, let’s take a brief look at it. Tekton is a flexible, open source framework that abstracts the implementation details so you can focus on building, testing, and deploying according to your projects’ requirements. By standardizing the CI/CD tooling and process, Tekton works well with other CI/CD tools such as Jenkins, Skaffold, and Knative. Tekton pipelines are fully portable, so once they are created or defined, a developer in the organization can take a pipeline and reuse its components. In this video, you learned that there are many Continuous Delivery tools available to choose from, a good CD tool should be feature-rich, easy to use, highly compatible, and require low maintenance, scanning and deployment tasks should be handled by tools within the CD pipeline, Argo CD is a declarative Continuous Delivery tool implemented as a Kubernetes controller, and Tekton pipelines are fully portable, so developers can reuse their components.
