Modern DevOps with Spinnaker - Olga Kundzich
4 likes1,340 views
Spinnaker is an open source multi-cloud continuous delivery platform that allows developers to release software changes continuously and reliably to any cloud environment, including Kubernetes. It provides automated canary analysis, rollback capabilities, and other guardrails to minimize risk during deployments. Spinnaker fits between the develop and operate stages of the DevOps toolchain, integrating with CI/CD tools during development and deployment and monitoring tools during operations. For Kubernetes environments, Spinnaker can deploy any Kubernetes manifests and leverage features like blue/green deployments, rollbacks, and traffic management across multiple Kubernetes clusters. The Spinnaker community is governed by a technical oversight committee and special interest groups, and has a public roadmap for upcoming features
Modern DevOps with Spinnaker - Olga Kundzich
- 1. DevOps with Spinnaker Olga Kundzich Product Manager, Pivotal @olgakundzich
- 2. Cover w/ Image Topics 1. What is Spinnaker? 2. Where Spinnaker Fits in the DevOps Toolchain? 3. What Spinnaker Brings to Kubernetes? 4. Spinnaker OSS Governance and Roadmap 5. Demo 6. Q&A "Spinnaker" by Craig Stanfill is licensed under CC BY-SA 2.0
- 4. Spinnaker Is an OSS Multi-Cloud Delivery Platform Spinnaker Community “...the passionate open source community dedicated to making deployment pain go away.” https://www.spinnaker.io/publications/ebook/
- 6. Spinnaker Embeds CD Expertise “We want to provide guardrails, not gates.” —Dianne Marsh, Netflix 2012 2019 Netflix built Asgard for managing cloud-based applications and infrastructure Netflix expanded Asgard ideas and introduced Spinnaker internally Spinnaker open sourced Spinnaker community grows Canary analysis and chaos monkey added to Spinnaker Pivotal becomes third largest contributor to Spinnaker OSS Spinnaker joins Continuous Delivery Foundation
- 7. Application Centric Control Plane = Turn monitoring into action Deploy safely with speed
- 8. Leveraging the Inventory Automated Canary Analysis Corrective Actions Chaos Engineering Scanning for Security Vulnerabilities Artifact Traceability Built-in corrective actions
- 9. Guardrails - Go Fast With Safety ■ Automated rollbacks ■ Deployment windows ■ Chaos monkeys ■ Deployment strategies ■ Automated canary analysis ■ Cluster locking ■ Traffic guards ■ Manual judgements ■ Conditional pipeline & stage execution ■ Notifications
- 10. Spinnaker Best Practices ● Blue/green deployments ● Rollbacks ● Automated canary analysis
- 11. Minimizing Production Deployment Risk https://www.spinnaker.io/concepts/
- 12. Multiple Application Versions for Rollback Allows zero-downtime rollbacks to a set number of previous application versions without rebuilding the code
- 13. Automated Canary Analysis Ensures your applications meet your SLAs https://medium.com/netflix-techblog/automated-canary-analysis-at-netflix-with-kayenta-3260bc7acc69
- 14. Spinnaker Ecosystem Cloud Providers App Engine Amazon Web Services Azure Cloud Foundry DC/OS Google Compute Engine Kubernetes Openstack Oracle CI Systems Jenkins Travis CI Wercker Artifact Support Docker GitHub HTTP S3 Artifactory Google Cloud Storage Nexus (coming soon) Monitoring Datadog Prometheus Stackdriver Atlas SignalFx (10+ more on roadmap) Notifications Email HipChat Slack SMS via Twilio
- 16. Where Spinnaker Fits in the DevOps Toolchain?
- 18. Establishing a repeatable, traceable, scalable framework that ● Enables fast, iterative development and testing ● Deploys apps seamlessly, securely, and safely ● Actively operates apps in production - bridge between deployment and monitoring systems Continuous Delivery of Modern Apps Monitoring Managing Resiliency Develop Security Compliance Validation IaaS, Kubernetes, CF. Lambda Deploy Operate Planning Test-Driven Dev CI/Build Development Users
- 19. Establishing a repeatable, traceable, scalable framework that ● Enables fast, iterative development and testing ● Deploys apps seamlessly, securely, and safely ● Actively operates apps in production - bridge between deployment and monitoring systems Continuous Delivery of Modern Apps CO Develop CD IaaS, Kubernetes, CF. Lambda Deploy Operate CI Development Users
- 20. Source code system of record Artifact system of record Runtime app system of record CI/Build automation Delivery automation Code to Cloud: Managing App Release and Operation Systems of Record Automation
- 21. CI and CD are two Different Related Processes Source Code Repository CD Pipeline Development Production CI Pipeline Artifact Repository CI CD Spinnaker Here Other triggers for a CD pipeline are possible
- 22. Different Requirements Continuous Integration ● Accelerate developer feedback ● Continuous testing—fail fast ● Daily code integration practices ● Iterate until your code is “ready to release” Continuous Delivery ● Accelerate software release process ● Security & compliance ● Safe deployment strategies that can scale ● Operationalize apps
- 23. Different Resource Utilization Models CI Systems ● Each deployment is a separate isolated job/container ● Long running deployment jobs putting a lot of strain on the systems ● Impossible to size and scale due to unpredictable load Spinnaker ● Efficiently performs multiple cloud operations in parallel ● Do not use for random tasks such as CI ● Easy to size and scale if only used for cloud operations
- 24. What Spinnaker Brings to Kubernetes?
- 25. Spinnaker is complementary to Kubernetes ● Deployed itself on Kubernetes ● Manages apps on all other envs ● Orchestrates business process of releasing software across multiple Kubernetes clusters (dev/test/prod) ● Deploys Kubernetes manifests, any manifests including CRDs (executes kubectl apply -f …)
- 26. Imperative Software Release Process with Declarative Deployment into Each Environment From Google PM Andrew Phillips Spinnaker Here Kubernetes Here
- 27. Using Spinnaker in the Early Days was Tough ● Netflix runs Spinnaker of master and deploys Spinnaker with Spinnaker ● Problem for the community: Identify set of microservices to deploy together ● Problem for the community: Identify configuration yaml, primarily for credentials
- 28. What did Google and the community do? Deployment ● hal CLI and halyard (subset of Spinnaker) for managing Spinnaker (remember it’s 2016) ● Helm chart for Spinnaker with hal command (2018). ● Next: helm chart with dynamic account configuration Release Process ● Two month release cadence with patches ● Nightly build with integration tests ● BOM for Spinnaker microservices ● Hal takes a version and translates it to published BOM
- 29. Kubernetes V1 provider ● Leverages Spinnaker resource model and implements it for Kubernetes ● Too restrictive, doesn’t cover all Kubernetes resources ● Kubernetes clusters and manifests differ across organizations
- 30. Kubernetes Manifests as Templates From Google PM Andrew Phillips: https://www.slideshare.net/apwashere/new-yo rk-kubernetes-cicd-patterns-for-kubernetes
- 31. Native Kubernetes V2 provider ● Native Kubernetes Manifests based ● Deploys any manifests including CRDs and Istio ● Leverages “kubectl apply -f” ● Blue/green, canary, rollbacks for applications (replicasets, configmaps, services) ● Helm, kustomize support
- 32. Spinnaker Artifacts and Triggers ● Multiple types of artifacts: manifests, docker images, kubernetes objects ● Multiple triggers for pipelines ● Stateful system: keeps track of artifacts consumed and produced
- 33. Manifest Processing ● Compile manifests before submitting to Spinnaker ● Use Spinnaker SPEL expressions ● Deploy Manifest stage binds artifacts (docker, kubernetes) to manifests
- 34. GitOps - Things to Consider ● GitOps is a practice requiring to store state in Git and triggering deployments of it ● Whether you use Spinnaker to push manifests into cluster with kubectl or pull with CRDs from within cluster you will have different pros/cons ● Manifests are statements of intent ● Kubernetes mutates manifests based on its configuration ● Delete problem: delete manifest needs to be explicit ● RBAC considerations: delegating it to Git vs Spinnaker and Kubernetes
- 35. Community Governance, Spinnaker Summit, Roadmap
- 36. Community Governance ● Technical Oversight Committee ● Special Interest Groups: Kubernetes, Security, UI, Declarative Delivery https://www.spinnaker.io/community/governance/
- 37. Roadmap ● Dynamic external configuration ● Declarative delivery: templated pipelines and managed delivery ● Security: expanding RBAC ● Increasing adoption ● Internal investments: technical debt and improvements ● Kubernetes: simplification and performance improvements ● Istio and Knative? https://github.com/spinnaker/community/blob/master/roadmap.md
- 38. Resources ● https://www.spinnaker.io/publications/ebook/ ● https://www.spinnakersummit.com/ ● https://cloud.google.com/docs/ci-cd/spinnaker /spinnaker-for-gcp ● https://www.slideshare.net/apwashere (Andrew Phillips’ Presentations)
- 39. Talks ● "Scalable Anomaly Detection (with Zero Machine Learning)" by Arthur Gonigberg ● "How NOT to Measure Latency" by Gil Tene
- 40. Demo
- 41. Demo Setup "Getting a new Spinnaker instance up and running with Spinnaker for GCP was really simple," says Ola Karlsson, SRE on the Chrome Ops Developer Experience team. “The solution takes care of the details of managing Spinnaker and still gives us the flexibility we need. We're now using it to manage our production and test Spinnaker installations”. https://cloud.google.com/blog/produ cts/devops-sre/introducing-spinnaker -for-google-cloud-platform-continuou s-delivery-made-easy ● Google recently announced Spinnaker on Google Cloud Platform ● Example from the GCP tutorial ● Uses Cloud Build ● Google Container Registry ● Modified to run on two Kubernetes clusters and Git artifacts
- 56. Questions?
- 57. EXTRA
- 58. Org-centric CI/CD = Spinnaker
- 59. Deliver Better Software All the Time Continuous Delivery