“CI/CD is a heavily abused and misunderstood term”, said Garfield, “There is no such thing as CI and CD. CI is a subset of CD. If you want to do continuous delivery, then you have to be able to do continuous integration.”
He said that Spinnaker is the culmination of work people have been doing in CI for the last 10 years or so, but it is more focused on the virtual machine world than the cloud-native Kubernetes world. Codefresh joined the CD Foundation to bring focus to cloud-native continuous delivery. “We are trying to put together the standards and practices for how the next generation should look and specifically we are really focused on GitOps,” he said.
CI/CD still has a long way to go. “A lot of CD tooling is focused around monolithic architecture where you see patterns like one app, one repo, and one pipeline,” said Garfield. But we are not building monolithic architectures anymore; we’re building microservice-based architectures. If you have 500, 1500, or 2000 microservices then that one app, one repo, one pipeline model starts to break down. It starts to get really problematic and difficult to manage. There is also the issue of observability. How do you even know what’s going on? How do you know what’s deployed? How do you know who’s vetting it? How do you make sure all the policy is enforced?
Garfield sees a lot of opportunities in this area and Codefresh’s focus on microservices adds a lot of value to the foundation and the ecosystem. Garfield claimed that Codefresh users enjoy 5-20 times improvement in how quickly they are able to deliver their software.
“Because when you think about microservices, what you’re figuring out is how do we deliver software at scale? How do I build pipelines that are going to work for 1500 different microservices? How do I deliver observability, that’s going to make it clear to every stakeholder what’s going on, make sure that all the policy is enforced, make sure that we have a rollback plan, make sure that everything is happening exactly the way we want it to, and that we have a very high degree of confidence in deployment success,” he said.
Garfield also touched upon the increasing focus on security, “If you look at the history of hacks it’s almost always a known vulnerability. Nobody gets breached with a zero-day. It’s almost always because they have some unpatched piece of software.”
He argues that by adding things like security scanning in CI/CD process, you can check images for vulnerabilities and if issues come up you put them directly in the path of the developer. You don’t have to worry about patching things running in production. You don’t have to worry about downtime. It’s no longer a showstopper. It can be part of the process that gets vetted and deployed immediately.