Use case
CI/CD Workflows for Building and Deploying Applications to AWS EKS
- Lakshya Chhajed
About the Customer
Five percent is a private equity fund that provides distinctive career-building opportunities for financial market traders across the globe. Founded by experienced forex traders, Five Percent is dedicated to enhancing capital and increasing profits, offering a platform where traders can advance their careers. They have partnered with thousands of traders from diverse backgrounds, varying skill levels, and different trading styles.
Customer Challenge
The customer had a requirement for a robust Continuous Integration and Deployment (CI/CD) pipeline for their NestJS application, which was organized as a monorepo containing multiple microservices.
They faced inefficiencies and delays because each microservice had its own individual CI/CD workflow. This fragmented approach complicated their ability to monitor and coordinate the overall CI/CD process.
Additionally, the lack of a centralized interface made it challenging to manage everything effectively.
The main challenges included:
- Security: Requirement of a robust solution that ensures secure connectivity from GitHub to the EKS cluster for deploying microservices as the EKS cluster is hosted on private network. Additionally, the need for a centralized secret management system to safeguard sensitive information, such as API keys and credentials.
- Inefficiencies in Workflows: The customer’s current CI/CD workflow configuration relies on a main workflow that detects changes in each microservice and triggers the relevant workflow based on those changes. This setup requires individual workflow files for each microservice, leading to a lack of uniformity and increased complexity in managing the overall deployment process.
- Application Build and Deploy Efficiency: The current application build and deployment process is both time-consuming and error-prone. It takes approximately 15 to 20 minutes to build and deploy all 16 microservices, resulting in significant delays in the development workflow. This lengthy build time becomes particularly problematic for multiple developers working in the staging environment, as they must wait for their changes to be reflected.
Solution
High-level Solution:
We deployed the actions-runner-controller Helm chart in the Amazon EKS cluster with the GitHub repository name and PAT secret to authenticate and establish private connectivity with Github for service deployment. Additionally, we configured the GitHub OIDC connector with an AWS IAM role to access AWS services, including EKS, ECR, S3, CloudFront, and AWS Secrets Manager, without using access key and secret key credentials.
We created dynamic GitHub Actions workflow that simplifies managing multiple microservices. By using a single workflow for all builds and deployments, we’ve reduced complexity and ensured consistency throughout the deployment process.
We have used NX’s caching capabilities to optimize the CI build time and also to detect and build only those micro-services in which there is change (affected). This significantly reduces the build time and the computational resources required for building the entire suite of microservices.
We have established synchronization between the monorepo (application repository) and the GitOps (helm-chart) repository by updating the image tag into helm custom-values and committing it to the GitOps repository for the relevant microservice, This action triggers the CD workflow as a result the microservices will be deployed on the AWS Managed EKS (Elastic Kubernetes Service) cluster.
CI/CD Workflow Overview:
When a developer makes changes to the code in their local environment, they need to lint the code using NX before pushing it to the GitHub monorepo. Once the code is linted, the developer can commit it to the repository with a valid commit message for commit-lint. When changes are pushed to the main and stable branches of our repository, GitHub Actions workflows are automatically triggered.
The main branch serves as the staging area, while the stable branch is designated for production.
These workflows are responsible for building Docker images for all relevant microservices where NX has detected changes.
Once the images are created, they are pushed to the Amazon Elastic Container Registry (ECR).Following the image creation, the CI workflows update the image tags in the Helm charts associated with the microservices.
Subsequently, the GitOps repository workflow synchronizes these changes, ensuring that the deployments in the Amazon Elastic Kubernetes Service (EKS) cluster are updated accordingly.
This streamlined CI/CD process facilitates efficient development and deployment cycles, allowing for rapid iteration and reliable production releases.
Results and Benefits
Achieved 60% reduction in overall build and release time, reducing the time from 15-20 minutes to 5-7 minutes, enabling faster delivery of new features and bug fixes.
Developers can focus more on writing code and testing their changes quickly as the reduced build time allows for faster feedback in the Dev/Stage environments.
Also, running all builds in parallel with single workflow has significantly reduced the time needed for builds, leading to enhanced productivity for all developers. The standardized workflow provides the ability to visualize the build and deployment of each microservice directly from GitHub Actions.
Secured and private connectivity between the EKS cluster and GitHub using an action runner controller to deploy the microservices directly from GitHub without utilizing any additional tools or technologies.
Alerting configuration to Slack for both successful and failed deployments from GitHub workflows.
The key learning from the project were:
- CI/CD Practices: Gained insights into practices for setting up CI/CD pipelines with GitHub Actions and NX caching, especially within a Monorepo application architecture.
- Tools Integration: Acquired effective strategies for integrating tools like GitHub, npm, Docker, NX, Action Runner Controller, Helm, and EKS to develop a smooth and efficient CI/CD process.
About IAMOPS
IAMOPS is a full DevOps suite company that supports technology companies to achieve intense production readiness.
Our mission is to ensure that our clients’ infrastructure and CI/CD pipelines are scalable, mitigate failure points, optimize performance, ensure uptime, and minimize costs.
Our DevOps suite includes DevOps Core, NOC 24/7, FinOps, QA Automation, and DevSecOps to accelerate overall exponential growth.
As an AWS Advanced Tier Partner and Reseller, we focus on two key pillars: Professionalism by adhering to best practices and utilizing advanced technologies, and Customer Experience with responsiveness, availability, clear project management, and transparency to provide an exceptional experience for our clients.