Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spinnaker summit: Design Considerations for Enterprise-wide roll out of Spinnaker

21 views

Published on

Learn the best practices and tips for Enterprise-wide roll out of Spinnaker

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Spinnaker summit: Design Considerations for Enterprise-wide roll out of Spinnaker

  1. 1. Enterprise-Wide of roll out of Spinnaker Design Considerations Gopinath Rebala & Balaji Siva
  2. 2. Balaji Siva (VP. Product) Gopinath Rebala (CTO) gopinath@opsmx.combalaji@opsmx.com
  3. 3. Agenda § Modern Continuous Delivery Enterprise Needs § Solutions Options - Why Spinnaker? § Deploying and managing Spinnaker § Cloud Providers considerations § User onboarding § Application onboarding § Automated and Continuous Verification § Centralized visibility and control § Supporting and Maintenance of Spinnaker Enterprise CD Needs How to meet requirements? Measuring Effectiveness § Success Criteria and KPI for CD-as-a-Service
  4. 4. CD Baseline Needs § Mission Critical CD Infrastructure § Reliability - HA § Scale § Support and Maintenance § Enterprise Security § Automated Releases (code to deploy) - Low ceremony release process § Open Source mandate Dev/Apps Needs § Self-service with easy app on-boarding § Diverse application support § Real time visibility Deployment Needs § Multi-Cloud deployments § Enterprise cloud drivers § Safe deployments Blue/Green, Rolling update § Zero downtime deployments § Seamless Rollback § Automated verification & control of deployments § Ability to test in production, canary, & reliability Engineering Audit and Compliance Needs § Ability to centralize audit - who deployed - what, when and who approved § Centralize Policy § Compliance Checks § Compliant Pipelines § Real-time visibility Enterprise CD Needs
  5. 5. CD Solution Options CD 1.0 and CI Extensions Proprietary Tools. (Vendor or DIY) § Script based – difficult to manage § True CD is very hard to achieve § Expensive § Lack of flexibility and feature velocity § Vendor Lock-in § Open Source § Modern and high velocity features § Extensible
  6. 6. CD Baseline Needs § Mission critical CD infrastructure § Reliability - HA § Scale § Support and maintenance § Enterprise security § Automated Releases (code to deploy) - Low ceremony release process § Open Source mandate Dev/App Needs § Self-service with easy app on- boarding § Diverse application support § Real time visibility Deployment Needs § Multi-cloud deployments § Enterprise cloud drivers § Safe deployments blue/green, rolling update § Zero downtime deployments § Seamless rollback § Automated verification & control of deployments § Ability to test in production, canary, & reliability engineering Audit and Compliance Needs § Centralize audit : who, what, when deployed & approved § Centralize Policy § Compliance Checks § Compliant Pipelines § Real-time visibility Meeting Enterprise Needs
  7. 7. Cisco IT Enterprise Spinnaker Case Study: Lessons from Deploying to OpenShift at Cisco Naran Patel (Cisco) & Gopinath Rebala (OpsMx) 3:30PM today
  8. 8. Spinnaker CD-as -a-Service Design Considerations
  9. 9. Deploying Spinnaker - HA Architecture Single Spinnaker deployment § Suited for Centralized IT application management § Performance of Spinnaker/caching becomes bottleneck with large accounts, namespaces etc. Achieving HA § External Redis with HA § Spinnaker Pipeline/Configuration Database in HA setup Spinnaker per Tenant § Best Spinnaker configuration flexibility per tenant § Spinnaker Maintenance/Per-Tenant configuration needs automation
  10. 10. Deploying and Managing Spinnaker Strategies Deploying Spinnaker § Leverage Halyard for deployments § Use templates/configuration generation to pass to Halyard § Managing Secrets - Use Vault or K8s secret Managing Spinnaker § Best practice for keeping up with OSS versions - Employ Test environment/automation § Best practice for upgrade for no downtime - Use red/back and individual service upgrades to manage resource constraints § Consider Spinnaker managing Spinnaker deployments for spinnaker per tenant use case
  11. 11. Cloud Driver Considerations Note: Spinnaker does not uniformly support all features for all providers and provider implementation is not comprehensive § AWS § No serverless § Kubernetes § V2 is best, but Red/Black is not supported. § No built in single stage canary. No native Istio integration § GCP § No rolling update § Azure § Limited support § OpenStack § Requires ceilometer, make sure latest version works. § Mesos § Requires 1.10 to avoid downtime during deploys § VSphere and Bare Metal § No support
  12. 12. User Onboarding - Enterprise Security Enterprise Auth Integrations § For two factor authentication systems - SAML § LDAP/IAM is preferred method for auth Authorization Considerations § Use Service Accounts in centralized Spinnaker deployments § Configure Spinnaker accounts auth for read/write to avoid unwanted privilege escalations
  13. 13. App onboarding Existing Applications § Migrate cloud native microservices app first (immutable servers) § Consider migration tools to accelerate existing deployment to Spinnaker pipelines New Services § Enable self service for scaling of developers and applications § Setup beginner pipeline templates for user developers/apps to be onboarded quickly. § Setup advanced pipelines template for sophisticated users or for applications needs with ability to customize. Multi- Service Applications § Setup pipeline dependencies for multi-service applications with specific dependency or upgrade sequence requirements.
  14. 14. Centralized Visibility and Control Compliance § Consider Managed pipelines to allow for automated update to all pipeline without user intervention to comply with changing IT policies § Use lockdown pipelines to ensure compliance with IT policies Visibility § Consider Enterprise grade audit tool to track who deployed - what and when and who approved for compliance verification Control § Consider automatic audit rules that enforces policies on the fly for all pipelines § Enable audit violation alerts
  15. 15. Automated and Continuous verification Verifying new applications through staging, canary, red/black, rolling update and in production for release readiness. Canary Analysis § Leverage Kayenta for ACA § Kayenta currently supports Prometheus, StackDriver and Datadog only. Red/Black and Rolling Update • Extend analysis for Red/Black deployments • Extend analysis for rolling update (via Istio) Reliability (Chaos) Analysis • Extend analysis to measure reliability based on Chaos events Log and APM Analysis • Extend analysis using Log and APM data for verification
  16. 16. Support for Spinnaker Deployments Commercial support of Spinnaker 24x7 § Vendor version or OSS Enterprise support? § Vendor may be able to fix critical issues in OSS for you § Vendor may be able to add new features/drivers for you Self support for Spinnaker § Consider dedicated team to ensure uptime and OSS sync up. § Ability to fix any critical issues § Fix it yourself, or influence community
  17. 17. CD Baseline §Automate test and validate new Spinnaker versions before rolling into production Dev/Apps §Enable service for developers through beginner/advanced templates for faster adoption of Spinnaker in the Enterprise Deployment § Understand missing features and caveats as you adopt different cloud providers §Automated and Continuous verifications is a must for safety at speed Audit and Compliance §Use Managed pipelines to stay compliant §Use Spinnaker for centralized audit and policy enforcement Summary of Best Practices
  18. 18. Benefits of Modern CD Business Velocity Increase Reliability Organizational Efficiency Reduce Cost § Deployment Success Metrics § Deployment Frequency (5x-10x improvement) § Reduction in production failures § Mean Time to Recovery in failed deployments § Developer Success Metrics § Time to onboard applications § Time to diagnose production failures § Cost Reduction Success Metrics § Time saved for deployment § Time saved in automated verification (vs manual) § Spinnaker Success Metrics § Reliability/availability of Spinnaker § Applications/Developers adoption Measuring Success
  19. 19. Q&A
  20. 20. Don’t Miss Out the Following Sessions Lessons from Deploying to OpenShift at Cisco Naran Patel (Cisco) & Gopinath Rebala (CTO) 3:30PM today Creating Custom Judge for Kayenta - Lessons Learned Gopinath Rebala, (OpsMx) 10:45AM tomorrow
  21. 21. CONFIDENTIAL

×