Set Up a CI/CD Pipeline for Cloud Deployments

Quick delivery of software has become a competitive advantage for companies. The automation of development processes facilitates speed and consistency, which led to the rise of continuous integration (CI) and continuous delivery and deployment (CD) pipelines. Jenkins is a popular product among Oracle Cloud Infrastructure customers that can automate all phases of CI and CD.


In this reference architecture, Jenkins is hosted on Oracle Cloud Infrastructure to centralize build automation and scale the deployment by using Oracle Cloud Infrastructure Registry and Container Engine for Kubernetes. GitHub is used to manage source code.

GitHub provides web hook integration, so Jenkins starts running automated builds and tests after each code check-in. A sample web application is deployed as part of CI/CD pipeline, which end users can access from the Container Engine for Kubernetes cluster. To simplify the process, Terraform is used for infrastructure automation.

The following diagram illustrates this reference architecture.

Description of cicd-oci.eps follows
Description of the illustration cicd-oci.eps
This architecture has the following components:
  • Region

    A region is a localized geographic area composed of one or more availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or continents).

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Virtual cloud network (VCN) and subnets

    Jenkins runs on a virtual machine (VM) Compute instance that’s deployed in a VCN that you can segment into subnets. Jenkins is hosted on regional public subnet A, and Container Engine for Kubernetes is deployed in regional public subnet B.

  • Compute instance

    Jenkins is deployed to a Compute instance VM. The Container Engine for Kubernetes cluster also runs its nodes on Compute instances.

  • Container Engine for Kubernetes

    Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the Compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy.

  • Registry

    Registry is an Oracle-managed registry that enables you to simplify the development of production workflow. Registry makes it easy for you as a developer to store, share, and manage development artifacts like Docker images.

  • Jenkins

    Jenkins is an open source automation server that lets developers reliably build, test, and deploy software. Jenkins supports the master/agent mode, where the workload of building projects is delegated to multiple agent nodes by the master. A single Jenkins installation can host multiple projects or provide different environments for builds and tests.


Your requirements might differ from the architecture described here. Use the following recommendations as a starting point.

  • Compute shapes

    This architecture uses an Oracle Linux OS image with the VM.Standard2.1 shape to host both the Jenkins server and the Container Engine for Kubernetes cluster nodes. If your application needs more memory or cores, you can choose a different shape.

  • VCN

    When you create the VCN, determine how many IP addresses your cloud resources in each subnet require. Using the Classless Inter-Domain Routing (CIDR) notation, specify a subnet mask and a network address range that's large enough for the required IP addresses. Use an address space that's within the standard private IP address blocks.

    After you create a VCN, you can't change its address range.

    This architecture uses a public VCN to host Container Engine for Kubernetes. You can also use a private VCN. In that case, use a NAT gateway to give the cluster access over the public internet.

  • Jenkins

    This architecture deploys Jenkins on a Compute instance. A Jenkins master node is used to build the CI/CD pipeline. If you have multiple pipelines to build and run in parallel, you can use a Jenkins agent node to develop more pipelines.

  • Container Engine for Kubernetes

    This architecture deploys the Container Engine for Kubernetes cluster. The worker nodes are deployed on a VM.Standard2.1 Oracle Linux OS. This architecture uses three worker nodes in the cluster, but you can create up to 1000 nodes on each cluster.

  • Registry

    This architecture deploys Registry as a private Docker registry for internal use. Docker images are pushed to and pulled from the Registry. You can also use Registry as a public Docker registry, enabling any user with internet access and knowledge of the appropriate URL to pull images from public repositories in Oracle Cloud.


  • Scalability

    You can scale out your application by updating the number of worker nodes in the Container Engine for Kubernetes cluster, depending on the load. You can also scale in by reducing the number of worker nodes in the cluster. When you create a service on the cluster, you can create a load balancer to distribute traffic among the nodes assigned to that service. For Jenkins, you can use the Jenkins master node to create more agents for multiple pipelines.

  • Application availability

    Fault domains provide the best resilience within a single availability domain. You can deploy Compute instances that perform the same tasks in multiple availability domains. This design removes a single point of failure by introducing redundancy.

  • Manageability

    This architecture uses a sample web application that’s hosted on GitHub for source control. Registry is used in the build pipeline to store the Docker build image for the application.

  • Security

    Use policies to restrict who can access the Oracle Cloud Infrastructure resources that your company has and how.

    Container Engine for Kubernetes is integrated with Oracle Cloud Infrastructure Identity and Access Management (IAM), which provides easy authentication with native Oracle Cloud Infrastructure identity functionality.


The Terraform code for this reference architecture is available on GitHub.

  1. Go to GitHub.
  2. Clone or download the repository to your local computer.
  3. Follow the instructions in the README document.