I’m personally excited about this year’s Google Summer of Code (GSoC) project try.spinnaker.io. Daniel Ko is the student who worked with Armory mentors and the Continuous Delivery Foundation to complete the project. After his midterm demo, I asked Daniel some questions about the project and why he chose it.
Nikema Prophet: What inspired you to work with the Spinnaker Project for GSoC?
Daniel Ko: I was inspired to submit a proposal for Spinnaker because I was broadly interested in contributing to open source CI/CD tools. I think I would like to work in the DevOps field in the future rather than traditional software development and through my research before applying to GSoC I found out that Spinnaker was one of the most popular and powerful tools for deployment.
My project, try.spinnaker.io, in a nutshell is a sandbox environment where users can test out the core functionality of Spinnaker such as deploying pipelines without having to worry about installing on their machines.
I was motivated to work on try.spinnaker.io because I had a lot of trouble setting up my first test environment for Spinnaker. Spinnaker is notorious for being hard to get up and running. There were so many dependencies that one had to set up correctly such as network configuration and an external storage provider just to see the main ui. I saw that other popular open source projects such as Docker and golang have their own sandbox environments and thought this project would be a great opportunity to encourage people to see for themselves what all the fuss about Spinnaker is about.
NP: We’re midway through GSoC, have you had any challenges that were particularly satisfying to overcome?
DK: One of the tricky technical challenges was mitigating the risk of bad actors deploying malicious containers such as cryptocurrency miners. I first thought of the idea of blocking all inbound and outbound requests besides our private container registry on an AWS security group level but quickly found out that this would cause problems because the Spinnaker images are pulled from a public container registry. I found a workaround where we install a Kubernetes admission controller called “Portieris” which allows us to define image security policies on a namespace level.
NP: Do you have any examples of getting unblocked?
DK: My mentors were able to unblock me on exposing Spinnaker using an ‘Application Load Balancer’ (ALB). This wasn’t a trivial process as there were a lot of moving parts; you need a Route53 hosted zone, changes to the Spinnaker config file such as defining the correct URLs for the Deck and Gate, and setting up certificates for our ALB.
NP: What is something you’re excited about or looking forward to?
DK: I’m excited for new people to try out our sandbox environment and experience Spinnaker for the first time. I know that there will be a lot of bugs and feedback from the community and I hope that this project can gain more traction so we can get more hands working on it!
NP: Has your experience so far matched up with the expectations you had coming into the program?
DK: My experience has definitely exceeded the expectations I had coming in! I didn’t know that I would be paired with three amazing mentors who are willing to unblock me and give constructive feedback. The weekly meetings that we have really helped me to set attainable goals for myself and made me accountable for the work I wanted to accomplish.
NP: Is there anything you need from the Spinnaker community right now?
DK: Nothing as of this moment but keep your eyes peeled for a future beta test release of my project!
NP: Any news to share or amplify?
DK: A video presentation where I go over the project in more detail can be found here! GSoC Phase 1 Try Spinnaker io
Thank you, Daniel, for taking time out of your busy schedule to answer my questions. The demo looks awesome and I can’t wait to try out the beta!
Additional Insights from the Mentors
This year was the second year that Armory provided mentors to GSoC for the open source Spinnaker project. For this Armory blog post I asked the mentors Cameron Motevasselani, Dan Johnston, and Fernando Freire how it went from the mentor’s perspective. They had great things to say about Daniel.
On working with Daniel (and what he did well)
- It “was a great experience.”
- “He came up with a plan of attack, broke the project up into doable parts with milestones.”
- It was an “ambitious project and he delivered.”
On overcoming technical challenges
- “Daniel’s work touched many different areas, requiring help from different mentors. Having multiple mentors with a variety of experience helped. “
- As a team, they implemented role-based access control (RBAC) to prevent abuse of service.
Advice for future GSoC mentees
- “Be prepared to do research prior to diving into coding”
- “Break the project down into achievable milestones”
A callout of Daniel’s technical skills
- Locking down the instance and creating a plugin to modify RBAC was impressive.
A final thought
A great amount was accomplished even with a shorter project time this year.