2020 Preview: Spinnaker as a Platform
Jan 6, 2020 by DROdio
Spinnaker saw explosive growth across the enterprise in 2019. Forward-thinking enterprises that are farther along their DevOps journey are using Spinnaker as a software delivery orchestration platform – not just as a “CD tool.”
Here’s a peek into how Spinnaker will evolve as a Software Delivery Orchestration Platform in 2020:
We recently shared how Netflix uses Spinnaker to provide “Context over Control” to their developers, enabling all developers to safely access Production. Rob Zienert from Netflix wrote a post last fall about how Neflix extends open source Spinnaker to enable Netflix to do this, and Airbnb and others have also written about how they extend Spinnaker internally to serve as their de-facto cloud-native software delivery platform.
The level of internal customizations these progressive companies have made to Spinnaker is breathtaking, and shows how deeply integrated Spinnaker can become, serving as the “glue” that binds together many different software delivery processes and even departments, from developers to central teams to product managers to security teams to executives who want transparency into SDLC metrics (especially as they learn to let go of control).
Here are a few examples from Rob about how Netflix extends Spinnaker internally:
- Over 15 custom Spinnaker stages that integrate with various internal services. Example: Netflix’s Resilience team has integrated its Chaos Automation Platform, “ChAP,” as a first-class stage. (Rob writes, “Adoption of Spinnaker at Netflix isn’t prescriptive by any means, but simple and tight integrations like this make using Spinnaker ever-more compelling.”)
- An integration point that sprays all events to Chronos, Netflix’s central SRE auditing system, as well as big data portals, since auditing is very important for Spinnaker
- A Lambda integration with Netflix’s Security team which enforces that each application gets its own AWS Instance Profile. (If the Instance Profile doesn’t exist, the Lambda will create it from a blessed company default. Applications cannot use an instance profile created for another application.)
- Any metrics produced by Spinnaker services will be correctly collected into Netflix’s internal metric store, Atlas.
- Custom Migrations that are scheduled to incrementally rollout adoption of new features or configurations without our users having to do anything (instead of “cat wrangling all of the teams,” Rob says)
- An ElasticSearch integration for Docker to more efficiently index and search for Docker tags within our registries via ElasticSearch
- An extension for ALBs & NLBs to auto-attach some custom security rules.
- Many custom views in the Spinnaker UI
- A new trigger type, which integrates into Netflix’s Rocket build system, an internal CI system.
- Source roles for authorization from an internal source of truth service
- Additional validators that are run when someone saves an application, since Netflix requires additional validation for applications
- Many internal-only web controllers, associated services and configuration.
- X509 auth extensions to extract additional user data from our internal certificate manager which allows Netflix finer-grained permission control over inbound traffic.
- OpenConnect, Netflix’s worldwide CDN, performs firmware delivery to datacenters around the world through Spinnaker, which is orchestrated through a custom integration within Orca, a Spinnaker microservice.
- Automate creation of JIRA tickets for releases so users don’t need to create custom Deploy Strategies to automate JIRA creation or resolution. (Rob writes, “In our implementation, it’s entirely invisible to the users, but you could also use Preprocessors to automatically add stages, or build entirely arbitrary pipelines.”)
- Spinnaker API integration to create and orchestrate delivery on-top-of a Netflix-internal spot market of Instance Type Reservations.
- The most widely-known integration: Chaos Monkey.
Rob’s post referenced the concept of Spinnaker with a “Lean Core, Fat Ecosystem:”
“By breaking Spinnaker up into smaller, more discrete services, various integrators will be able to move at their own pace and Spinnaker’s core systems will iterate more slowly, providing a stable foundation for the ecosystem to be built atop.” – Rob Zienert, Netflix
Open-sourcing a Plugin framework for Spinnaker is a foundational step towards accomplishing this goal.
To enable Global 2,000 enterprises to also extend Spinnaker to interface intelligently with their other dev tooling, Armory is working with Netflix and other members of the open source community to create and open source a Plugin system for Spinnaker. Last August, we announced Beta access to the Spinnaker Plugins system. There is now a Plugin Users Guide and Plugin Creators Guide available on Spinnaker.io.
“In the same way Netflix extends Spinnaker internally to be an intelligent, deeply integrated Platform, Armory is enabling Global 2,000 enterprises to do the same.” – DROdio, Armory
Armory’s goal is to make your existing dev tooling more valuable. Monitoring integrations like Datadog more deeply tie application performance monitoring into Spinnaker, and help automate canary deployments through Kayenta. Armory’s Vault integration for secrets management allows developers to write code that references “secrets” but which aren’t checked into the codebase. These are just a few examples of existing integrations into Spinnaker – the Plugin framework will turbocharge many kinds of deep integrations to help automate your software development lifecycle.
We’re looking forward to seeing how progressive Global 2,000 enterprises use this Plugin framework in 2020!