Codefresh Installation Options

How to run Codefresh in the Enterprise

Codefresh offers 3 installation options that can cater to any size of organization:

  • Full cloud version that runs 100% in the cloud and is fully managed by Codefresh.
  • On-premise version where Codefresh runs inside the customer datacenter/cloud.
  • Hybrid version where the UI runs in the Codefresh cloud, but builds are running on customer premises.

On-premise and Hybrid versions are available to Enterprise customers that are looking for a “behind-the-firewall” solution.

Cloud version

The Cloud version is the easiest way to start using Codefresh as it is fully managed and runs 100% on the cloud. All maintenance and updates are executed by the Codefresh DevOps team.

You can also create a free account on the SAAS version right away. The account is forever free with some limitations on number of builds.

The cloud version runs on multiple clouds:

sso-diagram.png

Codefresh Cloud is also compliant with SOC2 - Type2 showing our commitment to security and availability.

sso-diagram.png

The Cloud version has multi-account support with most git providers (GitLab, GitHub, Bitbucket) as well as Azure and Google.

Hybrid installation

For organizations that don’t want their source code to leave their premises, or have other security constraints, Codefresh offers the hybrid installation.

The User Interface still runs on Codefresh infrastructure, while the actual builds happen in the location of the customer (Codefresh builders run on a Kubernetes cluster).

sso-diagram.png

The hybrid installation strikes the perfect balance between security, flexibility and ease of use. Codefresh still does the heavy lifting for maintaining most of the platform parts. The sensitive data (such as source code and internal services) never leave the premises of the customers.

With the hybrid installation mode, Codefresh can easily connect to internal secure services that have no public presence. The UI part is still compliant with Soc2.

sso-diagram.png

Here are the security implications of the hybrid solution:

Company Asset Flow/Storage of data Comments
Source code Stays behind the firewall  
Binary artifacts Stay behind the firewall  
Build logs Also sent to Codefresh Web application  
Pipeline volumes Stay behind the firewall  
Pipeline variables Defined in Codefresh Web application  
Deployment docker images Stay behind the firewall  
Development docker images Stay behind the firewall  
Images created with Codefresh pipelines Auto-pushed to internal registry This is a secure private registry in GCR
Testing docker images Stay behind the firewall  
Inline pipeline definition Defined in Codefresh Web application  
Pipelines as YAML file Stay behind the firewall  
Test results Stay behind the firewall  
HTML Test reports Shown on Web application Stored in your S3 or Google bucket storage
Production database data Stays behind the firewall  
Test database data Stays behind the firewall  
Other services (e.g. Queue, ESB) Stay behind the firewall  
Kubernetes deployment specs Stays behind the firewall  
Helm charts Stays behind the firewall  
Other deployment resources/script (e.g. terraform) Stays behind the firewall  
Shared configuration variables Defined in Codefresh Web application  
Deployment secrets (from git/Puppet/Vault etc) Stay behind the firewall  
Audit logs Managed via Codefresh Web application  
Access control rules Managed via Codefresh Web application  

On-premise Installation

For customers that wish to have full control over everything, Codefresh also offers an on-premise option. In this case everything (UI and builds) are running on an environment (Kubernetes cluster) fully managed by the customer.

While Codefresh can still help with maintenance of the on-premise platform, we would recommend trying the Hybrid solution first as it offers the most flexibility while maintaining high security.

Comparison table

Characteristic Cloud Hybrid On Premise
Managed by Codefresh Codefresh and Customer Customer
UI runs on public cloud public cloud private cluster
Builds run on public cloud private cluster private cluster
Access to secure/private services no yes yes
Customer maintenance effort none some full
Best for most companies companies with security constraints Large scale installations
Available to all customers enterprise plans enterprise plans