admin/k3s-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
560931ffb13ee38a7d8550e85d3b9462bc18baca
k3s-gitops/docs/gitops-cicd/09-cicd-components-comparison.md

11 KiB
Raw Blame History

CI/CD Компоненты: Сравнение, Альтернативы и Обоснование выбора

Версия: 1.0
Дата: Январь 2026
Целевая аудитория: Technical Architects, DevOps Team, Management
Статус: Decision Document

Executive Summary

Рекомендованный Stack для FinTech

Компонент Продукт License Annual Cost Обоснование
Git Repository Gitea MIT $0 Lightweight, full-featured, zero cost
CI Server Jenkins MIT $0 Industry standard, 1800+ plugins
GitOps ArgoCD/Custom Apache 2.0 $0 Best GitOps, audit trail
Container Registry Harbor Apache 2.0 $0 Security scanning built-in
Orchestration UI Portainer CE Zlib $0 User-friendly, RBAC
TOTAL $0 vs $6,720 commercial stack

Содержание

  1. Git Repository: Gitea vs Alternatives
  2. CI Server: Jenkins vs Alternatives
  3. GitOps: ArgoCD vs Alternatives
  4. Container Registry: Harbor vs Alternatives
  5. Orchestration UI: Portainer vs Alternatives
  6. Cost Comparison

Git Repository: Gitea

Функциональность

Core Features:

  • Git repository hosting (unlimited repos)
  • Pull Request workflow + code review
  • Issues + Projects (Kanban)
  • Wiki documentation
  • Branch protection rules
  • Webhooks для CI integration
  • LDAP/AD authentication
  • GPG commit signing
  • Git LFS support

Performance:

  • RAM usage: 200-500 MB
  • Single Go binary (50-100 MB)
  • Fast startup (<5 seconds)
  • SQLite/PostgreSQL/MySQL support

Альтернативы

Feature Gitea GitLab CE GitHub Enterprise Bitbucket
Cost FREE FREE $21/user/mo $30/user/mo
RAM 200 MB 4+ GB 2+ GB 1-2 GB
Setup 5 min 30-60 min 60+ min 30 min
Built-in CI
Lightweight ⚠️

Почему Gitea?

Zero cost - критично для budget
Lightweight - 200 MB RAM vs 4+ GB GitLab
Simple - single binary, easy upgrade
Full-featured - все нужное для Git workflow
LDAP ready - corporate authentication

Use GitLab instead if:

  • Need integrated CI/CD (without Jenkins)
  • Team already knows GitLab
  • Can allocate 8+ GB RAM

CI Server: Jenkins

Функциональность

Core Features:

  • Pipeline as Code (Jenkinsfile)
  • 1800+ plugins ecosystem
  • Distributed builds (master-agent)
  • Docker/Kubernetes integration
  • LDAP/AD + RBAC
  • Credentials management
  • Audit trail
  • Blue Ocean modern UI

Plugin Examples:

Security:
├─ OWASP Dependency Check
├─ SonarQube Scanner
├─ Trivy Container Scanner
└─ Snyk Security

Integrations:
├─ Gitea Plugin
├─ Docker Plugin
├─ Kubernetes Plugin
├─ Slack Notification
└─ Email Extension

Quality:
├─ JUnit Test Results
├─ Code Coverage (JaCoCo)
├─ Warnings Next Generation
└─ Performance Plugin

Альтернативы

Feature Jenkins GitLab CI GitHub Actions Drone
Cost FREE FREE Cloud/Self-hosted FREE
Plugins 1800+ Limited Marketplace ~100
Flexibility High Medium Medium Medium
Learning Curve Medium Low Low Low
Git Agnostic GitLab only GitHub only

Pipeline Example

pipeline {
    agent { docker { image 'maven:3.8-openjdk-17' } }
    
    stages {
        stage('Build') {
            steps {
                sh 'mvn clean package'
            }
        }
        
        stage('Test') {
            parallel {
                stage('Unit Tests') {
                    steps { sh 'mvn test' }
                }
                stage('Security Scan') {
                    steps { sh 'mvn dependency-check:check' }
                }
            }
        }
        
        stage('Docker Build') {
            steps {
                sh 'docker build -t app:${BUILD_NUMBER} .'
            }
        }
        
        stage('Push to Harbor') {
            steps {
                sh 'docker push harbor.local/app:${BUILD_NUMBER}'
            }
        }
    }
}

Почему Jenkins?

Industry standard - 70% Fortune 500 use it
Plugin ecosystem - 1800+ plugins
Proven in FinTech - JPMorgan, Deutsche Bank
Flexibility - Pipeline as Code
Git agnostic - works with Gitea, GitLab, etc.

Use GitLab CI instead if:

  • Using GitLab as Git provider
  • Need simpler YAML syntax
  • Want all-in-one platform

GitOps: ArgoCD / Custom

ArgoCD (для Kubernetes)

Features:

  • Declarative GitOps
  • Automatic sync from Git
  • Web UI (topology view)
  • Multi-cluster support
  • SSO (OIDC, LDAP)
  • Rollback capabilities
  • Audit logging

Альтернативы:

  • Flux CD - no UI, CLI-first
  • Jenkins X - very opinionated
  • Spinnaker - complex, multi-cloud

Custom GitOps Operator (для Docker Swarm)

Why custom для Swarm:

  • ArgoCD designed для K8s
  • Swarm simpler - custom operator = 200 lines Python
  • Full control, easy maintenance

Implementation:

# gitops-swarm-operator.py
import time, subprocess
from git import Repo

class GitOpsOperator:
    def __init__(self, repo_url, local_path):
        self.repo = Repo.clone_from(repo_url, local_path)
    
    def sync_loop(self, interval=30):
        while True:
            self.repo.remotes.origin.pull()
            
            for compose_file in Path(self.local_path).rglob('docker-compose.yml'):
                stack_name = compose_file.parent.name
                subprocess.run([
                    'docker', 'stack', 'deploy',
                    '-c', str(compose_file),
                    stack_name
                ])
            
            time.sleep(interval)

Почему ArgoCD/Custom?

Kubernetes: ArgoCD
Best-in-class UI
Strong RBAC
Audit trail

Docker Swarm: Custom
Simple (200 lines)
Lightweight (50 MB RAM)
Easy troubleshooting

Container Registry: Harbor

Функциональность

Core Features:

  • Docker Registry v2 API
  • Vulnerability scanning (Trivy)
  • Image signing (Notary/Cosign)
  • RBAC (project-level)
  • LDAP/AD integration
  • Replication
  • Webhook notifications
  • Audit logging

Security Workflow:

Push Image → Harbor
     │
     ├──> Trivy Scan
     │    ├─ OS vulnerabilities
     │    └─ App dependencies
     │
     ├──> Policy Check
     │    ├─ CRITICAL CVEs? → ❌ Block
     │    ├─ HIGH CVEs? → ⚠️ Warn
     │    └─ MEDIUM/LOW → ✅ Allow
     │
     └──> Notification
          └─ Slack/Email

Альтернативы

Feature Harbor Docker Registry Nexus Artifactory
Cost FREE FREE FREE (limited) $3K+/year
UI
Vuln Scan Trivy ⚠️ Paid
Signing ⚠️ Paid
RBAC

Почему Harbor?

Security built-in - Trivy scanning included
Compliance-ready - audit logs, signing
Enterprise RBAC - project-level permissions
Zero cost - vs $3K+ Artifactory

Use Nexus instead if:

  • Need multi-format (Maven, npm, PyPI)
  • Already using Sonatype tools

Orchestration UI: Portainer

Функциональность

Core Features:

  • Docker Swarm native support
  • Modern Web UI
  • Stack deployment (Compose)
  • RBAC + Teams
  • LDAP/AD integration
  • Container logs streaming
  • Resource monitoring
  • Template library

RBAC Example:

Teams:
├── DevOps (Admin)
│   └─ Full access
├── Developers
│   └─ Deploy to dev only
├── QA
│   └─ Deploy to staging
└── Managers
    └─ View-only

Альтернативы

Feature Portainer CE Swarmpit Docker CLI Rancher
Cost FREE FREE FREE FREE
UI Excellent Good Excellent
RBAC ⚠️ Basic
LDAP
Swarm Focus ⚠️ K8s focus

Почему Portainer?

User-friendly - non-DevOps can deploy
RBAC - compliance-ready access control
Free - CE version has all needed features
Audit trail - who deployed what

Cost Comparison

Recommended (Open Source)

Gitea:          $0
Jenkins:        $0
ArgoCD/Custom:  $0
Harbor:         $0
Portainer CE:   $0
───────────────────
TOTAL:          $0/year

Savings:        $6,720/year

Alternative (Commercial)

GitHub Enterprise:  $2,520/year (10 users)
Bamboo CI:         $1,200/year
Spinnaker:         $0 (FOSS)
Artifactory:       $3,000/year
Rancher:           $0 (FOSS)
────────────────────────────────────
TOTAL:             $6,720/year

Implementation Priority

Week 1-2: Core

  1. Deploy Gitea + PostgreSQL
  2. Deploy Harbor
  3. Migrate existing repos

Week 3-4: CI/CD 4. Deploy Jenkins 5. Create first pipeline 6. Setup webhooks

Week 5-6: GitOps 7. Deploy ArgoCD/Custom 8. Deploy Portainer 9. End-to-end test

Decision Matrix

When to Choose Alternatives

GitLab over Gitea:

  • Need integrated CI/CD
  • Team knows GitLab
  • Have 8+ GB RAM

GitHub Actions over Jenkins:

  • Using GitHub (not on-prem)
  • Simple workflows only

Artifactory over Harbor:

  • Need multi-format registry
  • Budget allows $3K+/year

Rancher over Portainer:

  • Multiple clusters
  • Heavy K8s focus

Appendix: Quick Reference

Component URLs

Gitea:     https://git.company.local
Jenkins:   https://jenkins.company.local
Harbor:    https://harbor.company.local
ArgoCD:    https://argocd.company.local
Portainer: https://portainer.company.local:9443

Default Ports

Gitea:     3000 (HTTP), 22 (SSH)
Jenkins:   8080 (HTTP)
Harbor:    80/443 (HTTP/HTTPS)
ArgoCD:    8080 (HTTP), 8083 (gRPC)
Portainer: 9443 (HTTPS), 8000 (Edge)

Document Version: 1.0
Last Updated: Январь 2026
Status: Decision Document - Ready for Approval

Approvals:

  • Technical Architect
  • DevOps Lead
  • Security Lead
  • CTO