Skip to main content

Introducing Armory Certified Pipelines

Oct 5, 2017 by Ben Mappen

We’re excited to announce that Armory Certified Pipelines is now available and we’re seeking alpha testers. If you’d like early access to Certified Pipelines, please drop us a note at [email protected].

 

The Problem: Why Deployments are Slow in Most Enterprises

The goal of Certified Pipelines is to help companies achieve their desired outcome – safe deployments – by automating and enforcing the things that actually validate a safe deployment such as load testing, integration testing, security scanning, and canaries.

What we’ve learned, ironically enough, is that the biggest impediment to safety are the very same manual steps in a deployment workflow that were added as safeguards in the first place.

For example, you might have your deployments automated to QA, but still require a human to perform load testing or security scanning before the release is promoted to a Staging environment, and the same is likely true for promotion to production. A human looks at a dashboard, makes a judgement call, or runs a set of scripts in a specific order. Sounds OK, but humans make mistakes, and at some point when your deployment goes sideways your company might institute a new set of rules and policies for every change to production. Soon enough, your once per day releases turn into once per week to accommodate the new approval process.

This series of (mostly) manual steps exists in almost every company. In larger enterprises, this process is formalized into what is called a Change Control Review Board (CCRB). The CCRB exists to increase safety and security, something we all want, especially for our Tier 1 services. In the analog world, these manual checks have existed for a long time and for good reasons (ie. two keys required to fire a warhead), but in the digital world this is an anti-pattern; manual checks have the opposite effect of their original intention. They make us feel safe but they actually result in more outages.

The Solution: Automation with Armory Certified Pipelines

Certified Pipelines helps you deploy more safely in two ways:

  1. It allows you to define and enforce policies in your deployment workflow. What are all of the things that constitute a safe deployment inside your company? Define these steps in a “certified pipeline” to enforce that all deployments follow these standards.
  2. It reduces the cost of implementing deployment best practices like load testing, integration tests, security scanning, and canaries through native integrations with the tools you already use (or want to be using).

Here is a screenshot of the Policy Definition Screen. In this example, the admin user requires these five stages to exist. To apply this policy to an application, just select the app from the policy’s app dropdown menu. You can apply multiple policies to the same application.

And, here’s an example of a pipeline in Spinnaker that has been certified by a policy named “CD Approved”. Because it complies with the policy, this pipeline gets a “CD Approved” badge. And if one of the required stages is deleted, the pipeline will be blocked from deploying to production.

We’re seeking alpha testers so drop us a line at [email protected] if you’re interested getting early access.

How to Enable Certified Pipelines

  1. Add CERTIFIED_PIPELINES_ENABLED=true to your prod.env file
  2. Restart Spinnaker with this command service armory-spinnaker restart (or by redeploying Spinnaker with your Spinnaker Deploy Spinnaker pipeline)
  3. Navigate to https://{Your Spinnaker Domain}/armory/config
  4. Click on the “Certified Pipelines” tab

Roadmap

  • Audit Reporting Dashboard (Q4 2017): Query and visualize every change to production.
  • More Integrations (Q1 2018, on-going): We’re adding LOTS of integrations for metrics, monitoring, load testing, and security scanning to power the automation in Certified Pipelines.

Learn More

Recently Published Posts

September 21, 2021
|
by Nikema Prophet

Interview with Guillermo Huerta for National IT Professionals Day

To celebrate National IT Professionals Day, we’re sharing an interview I had with Armory’s Head of IT and Workplace, Guillermo Huerta. The interview is broken into seven parts. There’s a video and transcript for each section. Introductions Nikema Prophet: [00:00:00] I’m Nikema I am the Associate Community Marketing Manager at Armory and I’m talking to […]

Read more

September 7, 2021
|
by Nikema Prophet

Interview with Daniel Ko — Google Summer of Code 2021

I’m personally excited about this year’s Google Summer of Code (GSoC) project try.spinnaker.io. Daniel Ko is the student who worked with Armory mentors and the Continuous Delivery Foundation to complete the project. After his midterm demo, I asked Daniel some questions about the project and why he chose it. Nikema Prophet: What inspired you to […]

Read more

September 7, 2021
|
by Armory

Amazon EKS Anywhere + Armory

Armory is excited to share we are an Amazon EKS Anywhere launch partner. Amazon EKS Anywhere is a new deployment option for Amazon EKS that enables you to easily create and operate Kubernetes clusters on-premises, including on your virtual machines and bare metal servers.  Armory enables enterprises to unlock innovation by reliably deploying software at […]

Read more