Learning about Continuous Delivery and workload isolation
IBM Cloud® Continuous Delivery is offered as a regional, shared, multi-tenant service with public endpoints. This service is composed of several major components. Most of these components are fully IBM-managed, and most support a shared compute, network, and physical storage model.
The following table lists the major components of the Continuous Delivery service, who manages each component, and the compute, network, and storage isolation characteristics of each component.
| Component | Manager | Isolation characteristics |
|---|---|---|
| Toolchain platform | IBM | Shared, compute, network, and storage |
| Third-party tool integrations | IBM | Shared, compute, network, and storage |
| Git Repos and Issue Tracking | IBM | Shared, compute, network, and storage |
| DevOps Insights | IBM | Shared, compute, network, and storage |
| Delivery Pipeline | IBM | Shared, compute, network, and storage |
| Delivery Pipeline shared workers | IBM | Each pipeline job or step runs in isolation, in its own container, on a pool of IBM-managed shared worker nodes with shared network and storage. |
| Delivery Pipeline private workers | You | Each pipeline job or step runs in isolation, in its own container on worker nodes that you manage, supported by network and storage that you define or manage. |
Delivery Pipeline jobs and steps run directly within containers on shared (IBM-managed) or private (customer-managed) Kubernetes worker nodes. All other components of the Continuous Delivery service are deployed as microservices within IBM-managed Kubernetes clusters. These components are logically partitioned across a set of clusters. Each set of clusters is replicated across three zones in each region in which the Continuous Delivery service is available.
For more information about availability, see High availability and disaster recovery.
All Continuous Delivery service plans share management, isolation, and deployment characteristics. For more information about the Continuous Delivery plans, see Plan limitations and usage.
You can configure Delivery Pipeline Private Workers to communicate between customer clusters and Delivery Pipeline services by using private endpoints.
Continuous Delivery workload isolation
The IBM-managed components of the Continuous Delivery service are organized to provide compute isolation between the multi-tenant toolchain platform workloads and the single tenant Delivery Pipeline worker workloads of the service.
The following diagram shows the management and isolation characteristics of the Continuous Delivery service components.
- The Multi-tenant toolchain platform section represents the IBM-managed components of the service that provide multi-tenant, or shared, workloads.
- The Container level compute workload isolation section represents the IBM-managed Delivery Pipeline shared workers component of the service. This component supports single tenant workloads.
- The multi-tenant and single tenant workloads each run in different sets of clusters, and are compute-isolated from each other.
- Each Delivery Pipeline job or step runs in its own container that is compute-isolated from the other containers within a cluster. This isolation applies to both IBM-managed shared workers and customer-managed shared workers.
Continuous Delivery dependencies
The Continuous Delivery service depends on several IBM Cloud Platform components and services that include, but are not limited to, the following tasks.
- Hosting the internal microservices of the Continuous Delivery service
- Integrating into the IBM Cloud Platform and user interface
- Storing service and customer-owned data
- Logging and auditing service events
- Backing up service and customer data regularly
The following table lists the main dependencies of the Continuous Delivery service.
The Continuous Delivery service launches its dependencies over public endpoints.
| Dependency | Type | Purpose |
|---|---|---|
| Console | Platform | Enables users to manage Continuous Delivery service instances and toolchains by way of a web UI. Handles user login for most Continuous Delivery service web pages. |
| Identity and Access Management (IAM) | Platform | Provides authorization checks to Continuous Delivery and toolchain resources and actions. Generates and authenticates IAM API keys such as those that are used by the Delivery Pipeline component. |
| Search and tagging | Platform | Provides cached, high performance lookup of resources. |
| Resource controller | Platform | Coordinates the provisioning, updating, and de-provisioning of Continuous Delivery and toolchain resources. |
| Account management | Platform | Provides metadata about IBM Cloud accounts and enterprises that Continuous Delivery uses in the computation of usage metrics. |
| Usage metering | Platform | Receives usage metrics from the Continuous Delivery service to report usage and compute bills for customer accounts. |
| IBM Cloud® Kubernetes Service | Service | Hosts clusters of containers in which the internal microservices of the Continuous Delivery service run. |
| IBM Cloud® Container Registry | Service | Stores container images that are used by Delivery Pipeline jobs and steps. |
| IBM Cloud Logs | Service | Collects internal log events from the Continuous Delivery service for use by IBM specialists in maintaining and supporting the service. |
| IBM Cloud Activity Tracker Event Routing | Platform | Collects action events from the Continuous Delivery service so that customers can audit activities with the Continuous Delivery service and its components. |
| IBM Cloud® App ID | Service | Manages conversions between IBM Cloud user IDs and user email addresses. |
| IBM Cloud® Internet Services (CIS) | Service | Provides domain name resolution and traffic routing for the Continuous Delivery service. |
| IBM® Cloudant® for IBM Cloud® | Service | Serves as the primary database for all structured Continuous Delivery service and customer-owned data. |
| IBM Cloud® Databases for Redis | Service | Provides a shared in-memory cache service for high-speed data sharing among replicas of the microservices that make up the Continuous Delivery service. |
| IBM Cloud® Messages for RabbitMQ | Service | Provides reliable delivery of messages between components of the Continuous Delivery service that include, but are not limited to, Delivery Pipeline triggers. |
| IBM Cloud® Databases for PostgreSQL | Service | Serves as the database for Delivery Pipeline job and step logs. |
| Object Storage | Service | Stores artifacts that are produced by Delivery Pipeline jobs and steps. Stores backups of Continuous Delivery data. |
| QRadar | Service | Collects security events such as successful or failed login authorization attempts for use by IBM specialists who maintain and support the service. |
| General Parallel File System (GPFS) | Storage | Provides secure, high-performance distributed file system storage of Git Repos and Issue Tracking repositories. GPFS runs on nodes within the same clusters that host the Git Repos and Issue Tracking components. |
See What is the IBM Cloud Platform? for more details about key platform components.
The following diagram shows the Continuous Delivery dependencies.
Excluding data backups, customer-owned data that is provided to the Continuous Delivery service in a specific region is exchanged only with data and logging services in the same region. Data backups are stored in Cloud Object Storage cross-region buckets.
Object storage location
The following table shows the cross-region location for Object Storage in which backup data is stored for each Continuous Delivery service region.
| Continuous Delivery service location | Object Storage backup service location |
|---|---|
| Dallas (us-south) | US Cross Region (Dallas, Washington, San Jose) |
| Washington (us-east) | US Cross Region (Dallas, Washington, San Jose) |
| London (eu-gb) | EU Cross Region (Amsterdam, Frankfurt, Milan) |
| Frankfurt (eu-de) | EU Cross Region (Amsterdam, Frankfurt, Milan) |
| Madrid (eu-es) | EU Cross Region (Amsterdam, Frankfurt, Milan) |
| Tokyo (jp-tok) | AP Cross Region (Osaka, Sydney, Tokyo) |
| Sydney (au-syd) | AP Cross Region (Osaka, Sydney, Tokyo) |
| Osaka (jp-osa) | AP Cross Region (Osaka, Sydney, Tokyo) |
| Toronto (ca-tor) | US Cross Region (Dallas, Washington, San Jose, Toronto) |
| Sao Paulo (br-sao) | US Cross Region (Dallas, Washington, San Jose, Toronto, Sao Paulo) |
For more information about Object Storage locations, see Regional Endpoints.
For more information about Continuous Delivery disaster recovery, see Disaster recovery.