Sep 7, 2021 by Nikema Prophet
I’m personally excited about this year’s Google Summer of Code (GSoC) project try.spinnaker.io. Daniel Ko is the student who worked with Armory mentors and the Continuous Delivery Foundation to complete the project. After his midterm demo, I asked Daniel some questions about the project and why he chose it.
Nikema Prophet: What inspired you to work with the Spinnaker Project for GSoC?
Daniel Ko: I was inspired to submit a proposal for Spinnaker because I was broadly interested in contributing to open source CI/CD tools. I think I would like to work in the DevOps field in the future rather than traditional software development and through my research before applying to GSoC I found out that Spinnaker was one of the most popular and powerful tools for deployment.
My project, try.spinnaker.io, in a nutshell is a sandbox environment where users can test out the core functionality of Spinnaker such as deploying pipelines without having to worry about installing on their machines.
I was motivated to work on try.spinnaker.io because I had a lot of trouble setting up my first test environment for Spinnaker. Spinnaker is notorious for being hard to get up and running. There were so many dependencies that one had to set up correctly such as network configuration and an external storage provider just to see the main ui. I saw that other popular open source projects such as Docker and golang have their own sandbox environments and thought this project would be a great opportunity to encourage people to see for themselves what all the fuss about Spinnaker is about.
NP: We’re midway through GSoC, have you had any challenges that were particularly satisfying to overcome?
DK: One of the tricky technical challenges was mitigating the risk of bad actors deploying malicious containers such as cryptocurrency miners. I first thought of the idea of blocking all inbound and outbound requests besides our private container registry on an AWS security group level but quickly found out that this would cause problems because the Spinnaker images are pulled from a public container registry. I found a workaround where we install a Kubernetes admission controller called “Portieris” which allows us to define image security policies on a namespace level.
NP: Do you have any examples of getting unblocked?
DK: My mentors were able to unblock me on exposing Spinnaker using an ‘Application Load Balancer’ (ALB). This wasn’t a trivial process as there were a lot of moving parts; you need a Route53 hosted zone, changes to the Spinnaker config file such as defining the correct URLs for the Deck and Gate, and setting up certificates for our ALB.
NP: What is something you’re excited about or looking forward to?
DK: I’m excited for new people to try out our sandbox environment and experience Spinnaker for the first time. I know that there will be a lot of bugs and feedback from the community and I hope that this project can gain more traction so we can get more hands working on it!
NP: Has your experience so far matched up with the expectations you had coming into the program?
DK: My experience has definitely exceeded the expectations I had coming in! I didn’t know that I would be paired with three amazing mentors who are willing to unblock me and give constructive feedback. The weekly meetings that we have really helped me to set attainable goals for myself and made me accountable for the work I wanted to accomplish.
NP: Is there anything you need from the Spinnaker community right now?
DK: Nothing as of this moment but keep your eyes peeled for a future beta test release of my project!
NP: Any news to share or amplify?
DK: A video presentation where I go over the project in more detail can be found here! GSoC Phase 1 Try Spinnaker io
Thank you, Daniel, for taking time out of your busy schedule to answer my questions. The demo looks awesome and I can’t wait to try out the beta!
This year was the second year that Armory provided mentors to GSoC for the open source Spinnaker project. For this Armory blog post I asked the mentors Cameron Motevasselani, Dan Johnston, and Fernando Freire how it went from the mentor’s perspective. They had great things to say about Daniel.
A great amount was accomplished even with a shorter project time this year.
Multi-target deployments can feel tedious as you deploy the same code over and over to multiple clouds and environments — and none of them in the same way. With an automatic multi-target deployment tool, on the other hand, you do the work once and deliver your code everywhere it needs to be. Armory provides an […]
Read more →
KubeCon+CloudNativeCon EU is one of the world’s largest tech conferences. Here, users, developers, and companies who have and intend to adopt the Cloud Native standard of running applications with Kubernetes in their organizations come together for 5 days. From May 16-20, 2022, tech enthusiasts will congregate both virtually and in person in Valencia, Spain to […]
Read more →
Deciding how frequently to release a product is an interesting challenge faced by many companies. There are definite pros and cons related to adjusting your release cadence that have to be evaluated on an individual basis. Faster release cycles in theory might sound good, but of course, there can be tradeoffs. Looking at historical release […]
Read more →