Continuous-Delivery | blog series about continuous delivery | Continous Integration library

Instead of using Pulumi service (managed) backend, I am using Azure blob container as stack state backend. According to the documentation, Pulumi CLI would expect AZURE_STORAGE_KEY (or AZURE_STORAGE_SAS_TOKEN) environment variable in the Pipeline Agent.

When account key is provided as pipeline variable, it's working. But when account key is stored in KeyVault as secret, it's not working.

What I did:

I worked through the CDK Pipelines: Continuous delivery for AWS CDK applications tutorial, which gave an overview of creating a self-mutating CDK pipeline with the new CodePipeline API.

The tutorial creates a CodePipeline with the CDK source code automatically retrieved from a GitHub repo every time a change is pushed to the master branch. The CDK code defines a lambda with a typescript handler defined alongside the CDK.

For my use case, I would like to define a self-mutating CodePipeline that is also triggered whenever I push to a second repository containing my application source code. The second repository will also contain a buildspec that generates a Docker image with my application and uploads the image to ECR. The new image will then be deployed to Fargate clusters in the application stages of my pipeline.

I've created an ApplicationBuild stage after the PublishAssets stage, which includes a CodeBuild project. The CodeBuild project reads from my repository and builds / uploads the image to ECR; however, I need a way to link this CodeBuild to the deployment of the pipeline. It's not clear to me how to do this with the new cdk CodePipeline API.

We have a multi-tenant kubernetes cluster, that hosts various customer environments. Kubernetes namespaces are used to isolate these customer environments. Each of these namespaces have a similar set of k8s resources (deployments, configmap etc) configured. Some of these resources are identical across namespaces, while some are not identical.

From a continuous delivery perspective, I am exploring options to roll out changes to these identical components (across namespaces) in a seamless manner. Git-Ops/Pull-based-Continuous-Delivery seems to be a good approach, which would enable us to seamlessly manage 100s of namespaces across various clusters.

Explored a couple of Git-Ops tools such as ArgoCD, Fluxv2 etc... but couldn't figure out whether these tools would let you roll out changes to multiple namespaces simultaneously (or within a predictable time window). It will be helpful, if you can guide/advice me in terms of choosing the right tool/approach to perform roll out to multiple namespaces. It will also be good to understand whether these Git-Ops tools can be customised to handle such scenarios.

An illustration of how namespaces are setup in our k8s cluster.

I have a repository in GitLab (Lambda Functions) and want to work with the AWS CDK pipeline (https://aws.amazon.com/blogs/developer/cdk-pipelines-continuous-delivery-for-aws-cdk-applications) to develop CI/CD pipeline. In AWS CDK docs there is nowhere mention about Gitlab. Will really appreciate it if someone can confirm this.

I'm using Azure pipelines to set a version number using GitVersion. Here is the pipeline:

I've been experimenting with using the new AWS CDK pipelines construct (https://docs.aws.amazon.com/cdk/api/latest/docs/pipelines-readme.html), and have successfully setup a couple of projects, including following the blog post announcement here: https://aws.amazon.com/blogs/developer/cdk-pipelines-continuous-delivery-for-aws-cdk-applications/.

However, as soon as I try to add a dependency to my lambdas the build fails with a

lib/lambda/handler.ts(2,24): error TS2307: Cannot find module 'stripe' or its corresponding type declarations.

I have installed a package.json file and the node_modules in the directory with the lambdas, tried zipping the lambdas and node_modules, tried uploading the zip file with the console, and tried getting the 'buildCommand' during the 'synthAction' step to install the dependencies. Nothing works.

The asset appears to get created in the cdk.out directory, and code changes are being uploaded, but node_modules themselves never get packaged along with the lambda functions.

I am using the 'SimpleSynthAction.standardNpmSynth' action, along with an 'npm run build' command in the 'buildCommand' step.

I've looked at Lambda can't find modules from outer folders when deployed with CDK, How to install dependencies of lambda functions upon cdk build with AWS CDK and https://github.com/aws-samples/aws-cdk-examples/issues/110#issuecomment-550506116 without luck.

What am I missing?

I have deployed the docker image of my spring boot application over aws ECR, following creation of AWS fargate cluster. PFA screenshots of the configurations stating task, security, service and cluster definition.I can ping my public ip successfully. But I can't access my application over neither load balancer nor public ip. The urls I tried to access application were

public_ip:8081/my_rest_end_point

and

load_balancer_public_dns:8081/my_reset_end_point

I have tested running my docker image on local host using port 8081 and the same 8081 port I have configured for port mapping in my Fargate container configuration (reference: service definition). How can I access my application? I have followed almost all the articles over Medium and AWS.

Tutorials followed: https://medium.com/underscoretec/deploy-your-own-custom-docker-image-on-amazon-ecs-b1584e62484

https://medium.com/faun/aws-fargate-services-deployment-with-continuous-delivery-pipeline-b67d33407c88

I am attempting to follow this example of setting up an AWS Pipeline for use across multiple accounts. I have the four different accounts set up. I've followed through on each step of the process successfully. No commands are generating any errors. The pipeline completes successfully. I can then connect to the pipeline and commit my code changes. In short, every single step up to the final one works as written in the documentation.

However, I'm then presented with an error on the initial trigger of the code commit:

Insufficient permissions The service role or action role doesn’t have the permissions required to access the AWS CodeCommit repository named dbmigration. Update the IAM role permissions, and then try again. Error: User: arn:aws:sts::12345678912:assumed-role/my-pipeline-CodePipelineRole-1UPXOXOXO1WD0H/987654321 is not authorized to perform: codecommit:UploadArchive on resource: arn:aws:codecommit:us-east-2:123456789:dbmigration

The AWS Account I used to create the pipeline is not the root account, but an IAM Administrator login with admin privileges across the account. I've tried adding AWSCodeCommitFullAccess and AWSCodePipelineFullAccess, which I would have thought would have been part of Administration anyway. However, that didn't change anything.

My assumption is I've done something horribly wrong, but I'm not able to identify what that is. Any suggestions for better troubleshooting, let alone suggestions on how to fix it would be most welcome.

The code used to create the pipeline, again, run using the IAM login, Administrator, from a fourth AWS account, is as follows:

I am trying to figure out the simple Mainline developement mode.

My observation is the following.

1. Each direct commit on the master branch is incrementing the patch version.
2. When I create a feature branch, and then when I make commits on this feature branch, the patch is not increasing. I am wondering why? Only the PreReleaseTag is increasing. Example featureBranchName.1, featureBranchName.2 and so on for each commit. Patch does not change.

Why does not the patch version increase when commits are made to feature branch? Does a feature branch always imply a prerelease?

Is there a way to increase the patch on commits to feature branch?

My GitVersion.yml file is below. The -diag output follows, if that helps.