Tech Talk CodiLime 22.04.2020. YT: https://youtu.be/66S5LFM12JQ In this talk, we’re going to introduce the general public to our approach to simplified Spinnaker management using Floodgate, our open-source tool as well as Spinnaker-provided components, such as Sponnet.

1. Opening the Floodgates for GitOps
in Spinnaker
Dawid Trzebiatowski | Wojciech Urbański

2. 2
About us
Dawid is a Senior DevOps Engineer at Codilime, evolved
from traditional ops with a background in development.
He enjoys resolving problems and delivering value in
projects. A great fan of CI/CD, he’s currently working on
cloud-based monitoring solutions.
Wojciech is a Senior DevOps Engineer. He has been
working with CI/CD Systems for his entire career and is
also a GCP-Certified Architect and Trainer. He’s also
passionate about automation and making even
complicated processes simple. After-hours, he
programs for fun.
Dawid Trzebiatowski Wojciech Urbański

3. 3
What is Spinnaker and why should we care?
● Open Source
● Continuous Delivery tool
● Created by Netflix and Google
● Designed for application deployments
● Can work with various types of infrastructure:
○ Kubernetes clusters
○ Virtual machines
■ GCP
■ AWS
■ Alibaba cloud
■ etc.
○ Bare metal deployments
● Perfect example of a cloud-native application

4. 4
Spinnaker - Pipeline view

5. 5
Spinnaker - Pipelines/Application view

6. 6
Spinnaker - Infrastructure view

7. 7
Our use case
● Big application consisting of multiple services ( more
than 20 services )
● Number of environments ( multiple dev env, test,
stage, prod )
● Automatic and manual deployments
● Manual deployment should be possible for
○ DevOps team
○ Dev team
○ Management
● Configuration changes tracking
● Simple configuration management

8. 8
Configuration as code
$ jq -c . wordpress.json
{"appConfig":{},"application":"nginx","expectedArtifacts":[],"id":"40154d1a
-26c8-430d-8948-e94f62ce10b3","index":2,"keepWaitingPipelines":false,"lastM
odifiedBy":"admin","limitConcurrent":true,"name":"deploy
wordpress","spelEvaluator":"v4","stages":[{"account":"spinnaker","cloudProv
ider":"kubernetes","manifests":[{"apiVersion":"v1","kind":"Service","metada
ta":{"labels":{"app":"wordpress"},"name":"wordpress-mysql","namespace":"def
ault"},"spec":{"clusterIP":"None","ports":[{"port":3306}],"selector":{"app"
:"wordpress","tier":"mysql"}}},{"apiVersion":"v1","kind":"PersistentVolumeC
laim","metadata":{"labels":{"app":"wordpress"},"name":"mysql-pv-claim","nam
espace":"default"},"spec":{"accessModes":["ReadWriteOnce"],"resources":{"re
quests":{"storage":"5Gi"}}}},{"apiVersion":"apps/v1","kind":"Deployment","m
etadata":{"labels":{"app":"wordpress"},"name":"wordpress-mysql","namespace"
:"default"},"spec":{"selector":{"matchLabels":{"app":"wordpress","tier":"my
sql"}},"strategy":{"type":"Recreate"},"template":{"metadata":{"labels":{"ap
p":"wordpress","tier":"mysql"}},"spec":{"containers":[{"env":[{"name":"MYSQ
L_ROOT_PASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"mysq
l-pass"}}}],"image":"mysql:5.6","name":"mysql","ports":[{"containerPort":33
06,"name":"mysql"}],"volumeMounts":[{"mountPath":"/var/lib/mysql","name":"m
ysql-persistent-storage"}]}],"volumes":[{"name":"mysql-persistent-storage",
"persistentVolumeClaim":{"claimName":"mysql-pv-claim"}}]}}}}],"moniker":{"a
pp":"wordpress"},"name":"Deploy
MySQL","refId":"1","requisiteStageRefIds":["2"],"skipExpressionEvaluation":
false,"source":"text","trafficManagement":{"enabled":false,"options":{"enab
leTraffic":false,"services":[]}},"type":"deployManifest"},{"account":"spinn
aker","cloudProvider":"kubernetes","expectedArtifacts":[],"manifests":[{"ap
iVersion":"v1","data":{"password":"cGFzc3dvcmQ="},"kind":"Secret","metadata
":{"name":"mysql-pass","namespace":"default"},"type":"Opaque"}],"moniker":{
"app":"wordpress"},"name":"Create
secrets","namespaceOverride":"","refId":"2","requisiteStageRefIds":[],"skip
ExpressionEvaluation":false,"source":"text","trafficManagement":{"enabled":
false,"options":{"enableTraffic":false,"services":[]}},"type":"deployManife
st"},{"account":"spinnaker","cloudProvider":"kubernetes","manifests":[{"api
Version":"v1","kind":"Service","metadata":{"labels":{"app":"wordpress"},"na
me":"wordpress","namespace":"default"},"spec":{"ports":[{"port":80}],"selec
tor":{"app":"wordpress","tier":"frontend"},"type":"LoadBalancer"}},{"apiVer
sion":"v1","kind":"PersistentVolumeClaim","metadata":{"labels":{"app":"word
press"},"name":"wp-pv-claim","namespace":"default"},"spec":{"accessModes":[
"ReadWriteOnce"],"resources":{"requests":{"storage":"5Gi"}}}},{"apiVersion"
:"apps/v1","kind":"Deployment","metadata":{"labels":{"app":"wordpress"},"na
m...
● Managing similar environments requires some
sort of automation
● Spin - CLI tool to work with Spinnaker API
● Spinnaker API consumes JSON files
● JSON files can be templated using JSONNET
spinnaker/sponnet
spinnaker/spin

9. We can’t be the first ones with this problem, right?
Off-the-shelf solutions

10. 10
Armory Dinghy
● Allows synchronization with GitHub in both
directions
● Works inside Spinnaker cluster
● Open Source in theory
● Requires custom Spinnaker distribution delivered
by Armory.io
● Requires license
Placeholder image

11. 11
Kapitan
● https://kapitan.dev
● Tool that can be used to generate code for other
applications, e.g. terraform or Kubernetes
● Can also be used to manage Spinnaker JSON
definitions!
● Supports JSONNET
● Manages only configuration files, not apply
commands

12. 12
Managed Delivery
● Uses keel to manage state of infrastructure
● Designed for infrastructure in Cloud
● Is able to spawn testing infrastructure inside
pipeline
● Works as an “infrastructure controller” - receives
a desired state and tries to create it
○ (like Kubernetes does for containers!)

13. 13
Our solution - Floodgate
● Written in go
● Available on GitHub: github.com/codilime/floodgate
● Introducing CI for Spinnaker Pipelines
● ( Currently ) one way sync
● Works with a multiple input files format:
○ YAML
○ JSON
○ JSONNET
● Renders Spinnaker-compliant JSON files
● Manages the configuration on Spinnaker instance

14. It’s DEMO time!

15. 15
Possible CI workflow

16. 16
Possible CI workflow

17. 17
Next steps
● Finishing the implementation of more advanced
usage patterns
● Extending user base through Spinnaker Community
● Making floodgate work within the cluster (as a
microservice)

18. 18
Key learnings
● Spinnaker is not as complicated as you might think.
● You are (most likely) not the only person having
problem X.
● Extending Open-Source projects is fun!
● There are already many elements of the “as-Code”
approach in Spinnaker
● Community members ask for a reference
implementation of “Pipelines as Code” every week
https://xkcd.com/927/

19. Thank you
Want to join our team?
Check open positions at codilime.com/careers