Enterprise Spinnaker Audit Logging
Although Spinnaker is used to deploy applications, under the covers it’s actually doing something much more powerful: Spinning up, managing and destroying cloud infrastructure.
This means that each time a company uses Spinnaker to deploy an update to an app, it’s actually deploying new virtual machines on AWS (or GCP, or Azure, etc.). Not only does this immutable infrastructure approach enable tremendous benefits like blue/green deployments, phased/canary deployments, and the ability to quickly roll deployments back, but it also gives Spinnaker the ability to act as a “system of record,” tying specific infrastructure to its corresponding applications, and even tracking which users within the company kicked off those deployments, which Jira (or other tracking) tickets corresponded to the change, and when the change was made.
Out of the box, however, while Spinnaker provides a strong snapshot of what actions it’s taking in realtime, it does not keep an audit trail.
Armory Spinnaker takes the open source version of Spinnaker one step further, providing a strong audit trail capability that makes the full deployment history stored and query-able.
Here’s a demo of our CTO Isaac showing how Spinnaker is connected to Splunk, and what kind of reporting/auditing capabilities are provided.
Here’s the transcript:
Daniel: All right. Hey, guys. It’s DROdio with Armory. We are actually here at a hotel room to visit a customer, doing a little bit of work. Ben is going to talk about the problem that we’re solving. And then Isaac is going to dive in. So go ahead and kick it off, Ben.
Ben: A big problem that several companies have alerted us to is this concept of an audit trail or record-keeping. Because Spinnaker deploys infrastructure and it has a good sense of what’s in production, it can be used as a system of record. But there’s no easy way within Spinnaker today to see a full history of what was changed by who and when. And Isaac has just done some feature development to solve that.
Daniel: Yeah, let’s take a look, Isaac. Show us what you’ve got.
Isaac: Sure. Here you’re just looking at a regular Spinnaker instance. And I’ll be clicking around, just doing “real” work and deploying something to production. Here I’m baking an image. I can go here into this multi-cloud. And then make another change here. I will type my-aws-account. Now what’s happening is obviously, within Spinnaker, there’s a whole bunch of events being passed around. But it’s not easy to kind of see from the naked eye, as Ben was saying. And there’s not really kind of like a dashboard that’s accessible for you to easily search it. So what we did was we quickly built a server that would grab all the events that are inside of echo. And echo comes with web hooks available. So you could be a webserver of your own. And then we funnel these off into Splunk. So let’s take a look at Splunk now. And what you see is a few events that happened a couple of minutes ago, 17 events that happened just a minute ago. And with each event, echo is really, really good at giving you a ton of detail. So you have which server group was actually deployed or modified. In this case, it was 0009. And you can see here that corresponds to the server group that I did modify, 009. It gives you the credentials which account which region it was in, again, what server group in that particular region as server groups can be modified per region. We’re not using authentication. But if you are using OAuth, your user would be your username. So that would be there too. So which user did what, additional information, application config, down to how did everything look at the time of execution. What was the description, like a human description of the actual change? So resizing the server group from 2 to whatever. Which instance in Spinnaker actually executed that change? So there’s an immense amount of detail that you can go through here and search and be able to use for auditing purposes. And with something like Splunk or any other database, you’re able to kind of put together a report so that you can show anybody what happened when and where.
Daniel: And I imagine anyone watching this is going to be familiar with Splunk. But for [inaudible – 03:22] familiar with it. It’s a login tool that also has great dashboard. So I would it’d be pretty easy to [inaudible – 03:28] dashboard and be able to see in real time in a very visually pleasing format if somebody wanted to do that too. Awesome.
If you’re interested in learning more about Spinnaker or Armory Spinnaker, let us know, and we’ll be happy to chat with you. Thanks.