Open-source CI/CD with full features, running in Kubernetes
NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.
Spinnaker is in the business of “Application Management Tooling”.
Spinnaker is a multi-cloud continuous delivery platform for releasing software changes at high velocity and confidence. It is part of the delivery pipeline, taking care of deployment to production on all cloud providers. It can be integrated with other CI/CD tools (GitHub Actions, Jenkins, CircleCI, TravisCI, TeamCity, Bitbucket Pipelines, etc.).
Historically, it was thought that deploying more often meant more risk for potential problems. Nowadays, most agree that deploying small changes means less risk than big mistakes because small changes are more quickly identified and resolved.
Spinnaker was initially developed within Netflix (the streaming service) and extended by Google. On November 16, 2015 it was open sourced under Apache License 2.0 as a Linux Foundation project, and owned by the CD Foundation, which executes the product roadmap and strategic initiatives.
- https://aws.amazon.com/blogs/opensource/spinnaker-on-aws/ 12 JUL 2018
OSS Edition Benefits
- Creation and modification of pipelines using their virtual no-code interface
- Role-based Access Control (for better security) and other security mechanisms
- Pipeline-as-code to enforce fine-grained policies
- Monitoring and Notifications on email, Slack, SMS, Hipchat
- Multi-cloud deployment in multiple clouds (and private cloud OpenShift)
- Safe deployment with veriications, blue/green, canary, rolling update, rollbacks
- Integrates with HashiCorp Vault to store and manage secrets
A key benefit for using Spinnaker is, instead of manual control review boards – which is the real blocker of being able to deliver continuously – use Open Policy Engine software that automatically checks every run.
Enterprise Edition from Armory.io
Armory.io (HQ San Mateo, California) creates a paid edition of Spinnaker for enterprise scale:
- YouTube channel
- Join armory.io’s Spinnaker community on Slack: http://join.spinnaker.io/ [doesn’t work]
- Spinnaker Training Series
- Discussing Terraform and Spinnaker on Amory’s YouTube channel.
https://www.youtube.com/watch?v=VpWruxtQcA8 Policy Engine Demo
From https://www.slideshare.net/jeetendramandal1/what-is-spinnaker-spinnaker-tutorial Dec. 10, 2022 by jeetendra mandal, Senior Tech Lead at Opengov
Pipelines can be triggered by the completion of a Jenkins Job, manually, via a cron expression, or even via other pipelines.
Spinnaker facilitates the creation of pipelines that represent a delivery process that can begin with the creation of some deployable asset (such as an machine image, Jar file, or Docker image) and end with a deployment.*
Web Services Architecture
To avoid being locked into a particular cloud vendor, Spinnaker consists of an abstraction layer on top of various cloud providers so the system can be switched more easily. Alternately, deploying to multiple providers at the same time provides extra redundancy.
The Halyard CLI is used for setup and administration.
Spinnaker is built on top of (Java) Spring Boot. So Cluster Management is a collection of JVM-based services, fronted by a customizable AngularJS single-page application. The UI leverages a RESTful API exposed via a gateway service.
Spinnaker is made up of 11 microservices working together within Kubernetes:
- “Deck” is the front-end service providing a UI.
- “Gate” is the API gateway fronting all services.
- “Orca” performs ad hoc operations.
- Redis provides data persistence.
- “Cloud Driver” makes calls to cloud providers and caching deployed resources.
- “Front50” persiststhe metadata about apps, pipelines, projects, notifications, etc.
- “Rosco” bakes images to be deployed, using HashiCorp Packer.
- “Igor” connects continous integration platforms such as Jenkins.
- “Echo” is the event bus sending notifications and receiving incoming webhook calls
- “Fiat” handles authorizations and queries for user permissions.
- “Kayenta” automates canary analysis
From OpsMx, which specialzes in Spinnaker services:
- https://www.youtube.com/watch?v=h6m22hVe47U by Nirmalya Sen at OpsMx
by youngookkim in South Korea
The load balancer works off a port range as ingress, and distributes work among server groups.
A Server Group is a collection of running instances of the application.
Each pipeline consists of several stages, each performing actions: Bake, Deploy, Judgement, Disable, Resize, etc.
Parameters are passed from stage to stage.
https://www.baeldung.com/ops/spinnaker August 6, 2021
https://www.udemy.com/course/continuous-deployments-using-spinnaker-on-aws-and-kubernetes/ covers AWS, Jenkins, Kubernetes $14.99 - 24.99 by Edward Viaene & Jorn Jambers
https://www.youtube.com/watch?v=mEgvOfmLnlY Emily Burns and Rob Fletcher “Managed Delivery: Bringing Infrastructure…” - Spinnaker Summit Dec 3, 2019