Codefresh Installation Options
How to run Codefresh in the Enterprise
Codefresh offers 3 installation options that can cater to any size of organization. These are:
- Full cloud version that runs 100% in the cloud and is fully managed by Codefresh
- On-premise version where Codefresh runs inside the customer datacenter/cloud
- Hybrid version where the UI runs in the Codefresh cloud but builds are running on customer premises
On-premise and Hybrid versions are available to Enterprise customers that are looking for a “behind-the-firewall” solution.
The Cloud version is the easiest way to start using Codefresh as it is fully managed and runs 100% on the cloud. All maintenance and updates are executed by the Codefresh DevOps team.
You can also create a free account on the SAAS version right away. The account is forever free with some limitations on number of builds.
The cloud version runs on multiple clouds:
Codefresh Cloud is also compliant with SOC2 - Type2 showing our commitment to security and availability.
The Cloud version has multi-account support with most git providers (Gitlab, Github, Bitbucket) as well as Azure and Google.
For organizations that don’t want their source code to leave their premises, or have other security constraints, Codefresh offers the hybrid installation.
The User Interface still runs on Codefresh infrastructure, while the actual builds happen in the location of the customer (Codefresh builders run on a Kubernetes cluster).
The hybrid installation strikes the perfect balance between security, flexibility and ease of use. Codefresh still does the heavy lifting for maintaining most of the platform parts. The sensitive data (such as source code and internal services) never leave the premises of the customers.
With the hybrid installation mode, Codefresh can easily connect to internal secure services that have no public presence. The UI part is still compliant with Soc2.
Here are the security implications of the hybrid solution:
|Company Asset||Flow/Storage of data||Comments|
|Source code||Stays behind the firewall|
|Binary artifacts||Stay behind the firewall|
|Build logs||Also sent to Codefresh Web application|
|Pipeline volumes||Stay behind the firewall|
|Pipeline variables||Defined in Codefresh Web application|
|Deployment docker images||Stay behind the firewall|
|Development docker images||Stay behind the firewall|
|Images created with Codefresh pipelines||Auto-pushed to internal registry||This is a secure private registry in GCR|
|Testing docker images||Stay behind the firewall|
|Inline pipeline definition||Defined in Codefresh Web application|
|Pipelines as YAML file||Stay behind the firewall|
|Test results||Stay behind the firewall|
|HTML Test reports||Shown on Web application||Stored in your S3 or Google bucket storage|
|Production database data||Stays behind the firewall|
|Test database data||Stays behind the firewall|
|Other services (e.g. Queue, ESB)||Stay behind the firewall|
|Kubernetes deployment specs||Stays behind the firewall|
|Helm charts||Stays behind the firewall|
|Other deployment resources/script (e.g. terraform)||Stays behind the firewall|
|Shared configuration variables||Defined in Codefresh Web application|
|Deployment secrets (from git/Puppet/Vault etc)||Stay behind the firewall|
|Audit logs||Managed via Codefresh Web application|
|Access control rules||Managed via Codefresh Web application|
For customers that wish to have full control over everything, Codefresh also offers an on-premise option. In this case everything (UI and builds) are running on an environment (Kubernetes cluster) fully managed by the customer.
While Codefresh can still help with maintenance of the on-premise platform, we would recommend trying the Hybrid solution first as it offers the most flexibility while maintaining high security.
|Managed by||Codefresh||Codefresh and Customer||Customer|
|UI runs on||public cloud||public cloud||private cluster|
|Builds run on||public cloud||private cluster||private cluster|
|Access to secure/private services||no||yes||yes|
|Customer maintenance effort||none||some||full|
|Best for||most companies||companies with security constraints||Large scale installations|
|Available to||all customers||enterprise plans||enterprise plans|