Talk given at the February 2018 Spinnaker meetup.

1. Reddit Deployment Infrastructure:
Past, Present, and Future
Ed Ceaser -
/u/heselite

2. K8s At Reddit
● Multi-year project
● 10 separate k8s clusters
● 11 production services, across 7 teams
● Up to 10 deploys per day on some services

3. The past

4. Helm, Helmfile, Drone
● Helm provides basic release
management
● Helmfile provides declarative Helm
chart management
● Helmfiles stored in a central Git repo
● Drone CI runs in each K8s cluster,
runs Helmfile

5. What did we learn???

6. Too many moving parts!

7. Too brittle!
● Tiller sometimes would require
manual intervention
● Drone only reports pass/fail, doesn’t
understand deploys
● Too many layers, hard to debug
● Everything serialized around a single
Git repo

8. Requirements for Deploys V2
● Self-service deploys for service
owners
● Deploy needs to support Helm
● Deploy status should be directly
visible to service owners
● Deployment system should simplify
things for service owners, not
complicate things

9. The present

10. Enter Spinnaker
● Other tools were either CI job executors, or
very immature
● Spinnaker was relatively mature for non-k8s
deployments
● V2 K8s Provider seemed to be a reasonable
approach, under active development
● Had relationships with other users

11. What are the risks?

12. Solving Operational Complexity
● We run Spinnaker in k8s
● Use Halyard
● We use Helm to install and manage Halyard. Halyard then deploys Spinnaker
● We set up metrics and alerting immediately out of the gate

13. Solving Developer Complexity
● Pipelines need to be templated
● Point-and-click style pipeline
configuration needs to be avoided
● Pipeline configuration should be
declarative
● Managed Pipeline Templates 1.0
were already deprecated
● We discovered Sponnet, which
gave us a way to address these
issues

14. Jsonnet??

15. Jsonnet Example
{
person1: {
name: "Alice",
welcome: "Hello " + self.name
+ "!",
},
person2: self.person1 { name: "Bob" },
}
{
"person1": {
"name": "Alice",
"welcome": "Hello Alice!"
},
"person2": {
"name": "Bob",
"welcome": "Hello Bob!"
}
}
local Person(name='Alice') = {
name: name,
welcome: 'Hello ' + name + '!',
};
{
person1: Person(),
person2: Person('Bob'),
}

16. reddit.jsonnet
● ‘Sponnet’ jsonnet library is still very low-level
● Sponnet mainly consists of helpers to construct pipeline primitives
● Users of Sponnet still need to understand how Spinnaker pipelines work
● We created a Jsonnet library that exposes a simple DSL
● That DSL is what is exposed to service owners to configure their pipelines

17. Deployment Definition Example
local reddit = import 'reddit.libsonnet';
local chart = reddit.helmChart(name=’derp', version='0.1.0')
.withGithubValues(‘reddit/reddit-service-derp’, ‘deploy/values.yaml’);
local pipeline = reddit.pipeline(application='derp', name='Deploy')
.deployHelmChart(chart, namespace=’derp’, cluster=['prod-ue1d', ‘prod-ue1e’])
.notifySlackChannel(‘derp-notifications’);
reddit.render(pipeline)

18. Which turns into...
{
"expectedArtifacts": [
{
"defaultArtifact": {
"kind": "default.s3",
"name": "s3://helm-charts/derp-
0.1.0.tgz",
"reference": "s3://helm-charts/derp-
0.1.0.tgz",
"type": "s3/object",
"version": "/derp-0.1.0.tgz"
},
"id": "s3://helm-charts/derp-0.1.0.tgz",
"matchArtifact": {
"kind": "s3",
"name": "s3://helm-charts/derp-
0.1.0.tgz",
"type": "s3/object"
},
"useDefaultArtifact": true,
"usePriorArtifact": false
}
],
"keepWaitingPipelines": false,
"lastModifiedBy": "anonymous",
"limitConcurrent": true,
"notifications": [],
"parameterConfig": [
{
"default": "master",
"description": "Docker image tag",
"hasOptions": false,
"label": "Image Tag",
"name": "image_tag",
"required": false
},
{
"default": true,
"description": "Deploy to prod-2-ue1d",
"hasOptions": true,
"label": "Deploy to prod-2-ue1d",
"name": "prod-2-ue1d",
"options": [
{
"value": false
}
],
"required": false
},
{
"default": true,
"description": "Deploy to prod-2-ue1e",
"hasOptions": true,
"label": "Deploy to prod-2-ue1e",
"name": "prod-2-ue1e",
"options": [
{
"value": false
}
],
"required": false
}
],
"stages": [
{
"expectedArtifacts": [
{
"id": "derp",
"matchArtifact": {
"kind": "base64",
"name": "derp",
"type": "embedded/base64"
}
}
],
"inputArtifacts": [
{
"account": "s3",
"id": "s3://helm-charts/derp-0.1.0.tgz"
}
],
"name": "Bake Manifest (derp) - prod-2-
ue1d",
"namespace": "derp",
"outputName": "derp",
"overrides": {
"image.tag": "${parameters.image_tag}"
},
"refId": "Bake Manifest (derp) - prod-2-
ue1d",
"requisiteStageRefIds": [],
"stageEnabled": {
"expression": "parameters["prod-2-
ue1d"] == true",
"type": "expression"
},
"templateRenderer": "HELM2",
"type": "bakeManifest"
},
{
"account": "prod-2-ue1d",
"cloudProvider": "kubernetes",
"manifestArtifactAccount": "embedded-
artifact",
"manifestArtifactId": "derp",
"moniker": {
"app": "derp"
},
"name": "Deploy Manifest (derp) - prod-
2-ue1d",
"overrideTimeout": true,
"refId": "Deploy Manifest (derp) - prod-
2-ue1d",
"requisiteStageRefIds": [
"Bake Manifest (derp) - prod-2-ue1d"
],
"source": "artifact",
"stageEnabled": {
"expression": "parameters["prod-2-
ue1d"] == true",
"type": "expression"
},
"stageTimeoutMs": 600000,
"type": "deployManifest"
{
"expectedArtifacts": [
{
"id": "derp",
"matchArtifact": {
"kind": "base64",
"name": "derp",
"type": "embedded/base64"
}
}
],
"inputArtifacts": [
{
"account": "s3",
"id": "s3://helm-charts/derp-0.1.0.tgz"
}
],
"name": "Bake Manifest (derp) - prod-2-
ue1e",
"namespace": "derp",
"outputName": "derp",
"overrides": {
"image.tag": "${parameters.image_tag}"
},
"refId": "Bake Manifest (derp) - prod-2-
ue1e",
"requisiteStageRefIds": [],
"stageEnabled": {
"expression": "parameters["prod-2-
ue1e"] == true",
"type": "expression"
},
"templateRenderer": "HELM2",
"type": "bakeManifest"
},
{
"account": "prod-2-ue1e",
"cloudProvider": "kubernetes",
"manifestArtifactAccount": "embedded-
artifact",
"manifestArtifactId": "derp",
"moniker": {
"app": "derp"
},
"name": "Deploy Manifest (derp) - prod-
2-ue1e",
"overrideTimeout": true,
"refId": "Deploy Manifest (derp) - prod-
2-ue1e",
"requisiteStageRefIds": [
"Bake Manifest (derp) - prod-2-ue1e"
],
"source": "artifact",
"stageEnabled": {
"expression": "parameters["prod-2-
ue1e"] == true",
"type": "expression"
},
"stageTimeoutMs": 600000,
"type": "deployManifest"
}
],
"triggers": [
...

19. Rendering the Pipelines
● Continue to use Drone for rendering
pipeline definitions
● We use the Spin CLI to talk to
Spinnaker’s API
● Pipeline templating is done in a
Docker container which is versioned
● This allows for managed upgrades
to newer pipeline templates
● Container lints and validates
pipelines

20. Where are we today?
● Spinnaker has been in production for ~5 months
● Spinnaker drives all of our production k8s service deploys
● Services are deployed to multiple clusters
● All pipelines are rendered by Jsonnet, nothing managed by the UI
● Service owner response has been very positive
● Two Spinnaker deployments, production and staging

21. The Future

22. Lessons Learned
● Simply providing tools is not enough if
they’re hard to use
● Log aggregation is a must for Spinnaker
● Jsonnet is very powerful. Devs need to be
encouraged to stay within guardrails
● Helm difficult abstraction for new k8s
developers

23. Future Improvements
● More visibility in Helm chart rendering
● Traffic control / service mesh support.
● Managed Pipeline Templates 2.0
● Automated canarying

24. twitter.com/asdf
reddit.com/u/heselite
Contact Info

25. Interesting Links
● Helmfile: https://github.com/roboll/helmfile
● Drone: https://drone.io/
● Jsonnet: https://jsonnet.org/
● Sponnet: https://github.com/spinnaker/spinnaker/tree/master/sponnet
● K8s-pipeliner: https://github.com/namely/k8s-pipeliner