Bring Your Own Container Images and CI Pipelines to Choreo
- Binura Gunasekara
- Senior Technical Lead - WSO2
With Choreo as your internal developer platform, taking your code to production has never been easier without worrying about the complexities needed to run a production-ready system.
Choreo works as both an orchestrator (referred to as the Choreo control plane) and a deployment platform (Choreo data planes) that integrates architecture best practices from multiple domains like DevOps, Kubernetes, eBPF-based observability, API management, and many more, helping you focus on developing your applications without building and maintaining the underlying platforms.
In simple terms, Choreo connects to your Git source repositories (GitHub, BitBucket, etc.) with automated CI pipelines that build, test, and scan your source code to produce containerized artifacts on commit. Once a container is built for your application, it is automatically stored in a container registry. This is either a private registry in the case of an Azure/GCP/AWS private data plane or a Choreo-managed registry on the default cloud data plane. These containers are then seamlessly deployed and promoted across multiple cloud environments (i.e., from your development to production environments) through Choreo’s continuous delivery (CD) pipelines.
This feature allows you to build with your own CI pipeline and manage the deployment through Choreo. Once your container image is built, push it to a container registry of your choice, notify the Choreo control plane that a new build is available, and let Choreo take care of the rest all the way to production, just as it does with components built from a Git repository. The process is shown in Figure 1 below.
Figure 1: A high-level overview of how bringing your own images and CI work in Choreo
Who is This For?
Most organizations have embraced some aspects of modern DevOps practices. These features allow them to continue using their own CI framework to produce containerized images or use Choreo’s full CI/CD capabilities by utilizing their existing technologies first.
This feature also enables organizations with stricter compliance regulations to onboard Choreo as an internal developer platform. Choreo now acts only as an orchestrator for deployments, ensuring that source code and build artifacts stay within their private infrastructure.
Register an External Container Registry
When external container registries are added to a Choreo organization, all data planes within that organization can pull and deploy images from them, allowing you to build your images once and then deploy them across multiple cloud environments.
The Choreo control plane securely distributes encrypted credentials across the Kubernetes clusters that form your private data planes (even across different cloud providers), enabling seamless multi-cloud deployments.
Choreo supports several standard authentication mechanisms to register third-party container registries, including but not limited to Google Container Registry (GCR), Azure Container Registry (ACR), GitHub Container Registry, and Docker Hub.
Creating a Component in Choreo Using a Container Image
You can now create services, web apps, manual triggers, and scheduled tasks using your own container images, eliminating the previous need to point to a Git repository containing a Dockerfile or source code. This is shown in Figure 2.
Figure 2: Creating an image-based component
Deploy Manually or Use Your Own CI Pipeline to Trigger an Automated Deployment
After creating a component from a container image, you can deploy it - manually via the Choreo Console or by triggering the continuous delivery mechanism on Choreo using your existing CI pipeline that you used to build new images.
You can manually deploy a new release by choosing one of these options, as shown in Figure 3:
- Updating the image tag in the Choreo Console.
- Updating the full image format (Note: If you need to update the image repository, please name and tag details directly.)
- Selecting previously deployed images (i.e., redeploying a previously deployed image.)
Figure 3: Options to update or revert an image through the Choreo Console
To automate deployments for new builds, add an extra step at the end of your build pipeline once the container image has been built and pushed to the linked container registry.
When a new image build/tag is available, the Choreo control plane must be notified for automatic deployment. As container registries do not emit ‘events’ when a new image is available, the notification is done by executing a simple HTTP POST request to the Choreo control plane from your build pipeline. The request should specify the new image details, triggering an automatic deployment to your development environment.
At the component-level DevOps menus, the Choreo Console offers a new ‘External CI’ page where you can find the webhook request for popular CI pipelines. This feature lets you generate and manage authentication tokens for your CI pipeline. This is shown in Figure 4.
Figure 4: A component’s ‘External CI’ view for managing webhook snippets and integration tokens for your CI pipeline
Expose Service Endpoints for API Management
When creating a component from a container image, there is no attached Git repository to declare the API endpoints to be exposed and managed. To solve this, Choreo provides a UI-based editor to update the endpoints.yaml file, where the API endpoints can be declared. Additionally, API schema files like OpenAPI or Graph Query Language (GQL) schemas can be attached to your endpoints by uploading them via the editor. This is seen in Figure 5.
Once the endpoints are defined, there is no change in API behavior between image-based or Git-based components.
Figure 5: UI-based editor for exposing and managing service endpoints
Feature Parity With Git-based Components
With container image-based components, you can leverage all the functionalities available in Choreo with no restrictions, create and trigger deployments, and modify service endpoints.
Both types of components can co-exist in the same project, communicate with each other, and be managed identically. This brings your entire developer platform under one pane of glass, no matter how and where your source code is stored.
At the time of writing, creating image-based components is only available on Choreo private data planes, which are available on all cloud providers. However, we plan to extend these functionalities to our users on the Choreo cloud data planes in the future.