More and more organizations are adopting inner loop and outer loop constructs as part of their digital transformation and cloud-native development initiatives. This development strategy can improve developer productivity, reduce cognitive load, and standardize application delivery and deployment.
Figure 1 shows how the division into an inner loop and outer loop helps developers innovate and deploy applications faster with Red Hat OpenShift. There is a clear and physical distinction between the tasks performed by the developer and the larger CI/CD process.
Even though the inner loop encompasses the tasks for which the developers are responsible, the developers must also make sure the application is buildable and deployable after their changes are checked in (merged) to the source control repository. These tasks are implemented as part of the CI/CD implementation in the outer loop. Therefore, developer access to the outer loop is important when implementing a secure software supply chain as part of the outer loop.
Key aspects of the outer loop
The outer loop is responsible for integrating all code and configuration changes into the target environment without compromising the organization's security and compliance requirements. This goal is achieved by implementing a secure software supply chain with security and compliance checks at every stage of the process. Figure 2 shows the implementation model for the outer loop.
The main requirements of the outer loop are to ensure that the latest code and configuration changes are:
- Always buildable (continuous integration)
- Always deployable (continuous delivery)
- Automatically deployed to the target environments (continuous deployment—not always implemented)
The first two aspects are covered under CI/CD implementation, and continuous deployment is typically addressed as part of a GitOps implementation ensuring that the enterprise Git repository and the target environments are always in sync.
The developer needs to be able to monitor builds and to be notified of issues during the CI/CD process, as the developer's code changes are validated to make sure they are buildable and deployable with all the security and compliance checks performed in the CI/CD pipelines.
Red Hat OpenShift has built-in features that address this requirement by providing a Developer perspective in the OpenShift console. The Developer perspective provides a window into the outer loop, helping developers monitor the CI/CD pipeline execution to ensure that their changes are always buildable and deployable. Organizations typically also implement additional notification mechanisms to notify developers of problems through other channels, such as email.
OpenShift helps customers implement the secure software supply chain with the combination of Red Hat OpenShift Pipelines and Red Hat Openshift GitOps. OpenShift Pipelines make sure code changes are buildable and deployable by:
- Building the application on each code merge. This process typically exploits Source-to-Image (S2I), which creates a deployable container image upon a successful build.
- Deploying the container image to an enterprise container image registry such as Red Hat Quay.io to make sure that the most recent deployment images are always available for deployment.
Figure 3 shows the OpenShift Pipelines view from the Developer perspective in the OpenShift console.
Continuous deployment is then implemented by OpenShift GitOps or OpenShift Pipelines.
Try it out
Want to learn more about implementing the outer loop construct with OpenShift? Please visit the OpenShift Outer Loop Workshop.