CI/CD
Layer 3 is how application code gets from a commit to a running workload on the cluster — safely, repeatably, and without anyone hand-deploying at 2am.
We split it into two halves, each with a single job:
- CI — Continuous Integration builds and verifies. On every change it runs tests, builds a container image, scans it, and publishes it.
- CD — Continuous Delivery ships and runs. Using GitOps with ArgoCD, it reconciles the cluster to the desired state declared in Git — with automated rollbacks when something goes wrong.
commit ──► CI (build · test · scan · push image · bump manifest) │ ▼ Git (desired state) ──► CD / ArgoCD ──► Kubernetes cluster ▲ │ └── drift detect ──┘The boundary between them
Section titled “The boundary between them”CI ends by writing the new desired state — a bumped image tag — into a Git repository. CD picks it up from there. Git is the single source of truth and the audit log of what’s running: every change is a reviewed, revertable commit.
This is the “Safe CI/CD with automated rollbacks” that the offer promises: deploys become boring and safe, and rolling back is just reverting a commit.
CI — Continuous Integration Build, test, scan, and publish — on GitHub, GitLab, or Azure DevOps.
CD — Continuous Delivery GitOps delivery with ArgoCD, including automated rollbacks.