Weeklong Spinnaker Gardening Days ahead for DevOps, Security & Delivery Engineers

A hub of the SDLC, Spinnaker offers the world’s most advanced collection of enterprise-tested software delivery abstractions. The vitality and resilience of that collection comes down to Spinnaker’s open source core, which codifies the automation that Netflix developed for its feature-rich, highly available entertainment platform. Because of transparent open source governance and culture, we can trace Spinnaker’s trajectory from a uniquely adapted solution for Netflix’s use case, to a secure, cloud agnostic, hyper-extensible platform capable of abstracting the unique software development and delivery lifecycles of diverse enterprises across the banking, retail, technology, and multimedia industries.

We can also stay connected to the contributors who have made Spinnaker’s evolution possible as they grow career expertise and leverage it to deliver results. Armory invests in this network of DevOps, DevSecOps, and reliability practitioners; we take an active role in Spinnaker’s governance via the TOC, and by co-chairing SIGs and creating opportunities for the community to connect, share, and contribute. Open source is about being better together through shared motivation, and that principle inspired Spinnaker Gardening Days.

Spinnaker Gardening Days, vision to reality

After an exciting first Gardening event in April, Armory is excited to present an extended version of this virtual open source hackathon July 16 – 23, 2020. We’re inviting all who are getting started with, operating, or perennially contributing to Spinnaker to gather and automate the SDLC with us. New challenges, team matching support, and a week-long hack period will make this event even more impactful than the first.

Spinnaker Gardening Days gives DevOps engineers, SREs, cloud architects, and all involved in the software lifecycle the chance to get involved in the project. As the global open source community around Spinnaker grows, companies like AWS, Salesforce, and Pulumi have joined to help build a thriving ecosystem. For the July hackathon, AWS has generously sponsored compute for participants so that those without a development-friendly Spinnaker environment can still hack.

This spring, Salesforce had planned to host the first Gardening Days live at its San Francisco headquarters, in a hybrid in-person and virtual format. As we pivoted the event to a virtual one, Salesforce worked with Armory to provide registrants with lunch vouchers and incredible prize perks to motivate them despite the distance and global disruption. We weren’t sure what to expect, but a Pulumi plugin for Spinnaker was one of the most exciting projects to come out of April’s Gardening Days.

I want to give a special thanks to Armory. They spent a lot of time with us on building the plugin and showing us how to work with various nuances in Spinnaker. -Dan Hernandez, Pulumi

The Pulumi Plugin is born

Pulumi, a multicloud infrastructure-as-code tool that allows users to define infrastructure in any language as they build modern apps, was aware of Spinnaker and heard about Gardening Days a week before it took place. They put a team together and decided to leverage Spinnaker’s plugin framework to build an integration between their open source project and ours. This opportunity to deliver value to shared stakeholders without maintaining modifications to the core project represents Spinnaker’s vision for plugins, and as a bonus, is a perfect nerd-out opportunity for delivery engineers. So, naturally, Armory engineers joined the Pulumi team to support and validate the nascent framework while helping to envision a new SDLC collaboration.

You can read more about how to use the new Pulumi plugin for Spinnaker to run Pulumi apps in the Pulumi Docs. If you like using the plugin, please share your story with us by posting in the #gardening-general channel on Spinnaker Slack! Pulumi’s Dan Hernandez and Praneet Loke joined us recently for Spinnaker.Live, a virtual Spinnaker conference in June that drew 800 attendees from the delivery community to share Spinnaker success stories, discuss problems and innovations in the SDLC, and learn new ways to solve with Spinnaker. Their talk tells the story of Armory & Pulumi’s collaboration, and demos the functionality of the Pulumi plugin to build infrastructure within Spinnaker pipelines.

Gardening Days V2: Spotlight on Security & Ops, backed by AWS

Indeed, as the enterprise Spinnaker experts, Armory engineers and architects know more than most about the challenges of using Spinnaker at scale to safely fuel business results via better software. At the July Gardening Days, they will again join fellow SIG-members and friends from Netflix, Google, and AWS as “experts” to guide hackathon participants in projects through mentorship and on-call help. In addition, to help attendees best leverage the sponsored AWS compute, a team of Armory engineers led by Fernando Freire will offer a hands-on first time contributor course on July 16th. This class will guide attendees through making a first contribution using EKS with Kubectl to develop against a Spinnaker instance in the cloud, and will provision an environment for them to use for contributions all week.

Another way Spinnaker Gardening Days will evolve in July is with a stronger focus on enabling collaboration with Security and Ops experts in the SDLC. Luckily, Spinnaker’s Special Interest Groups (SIGs) have already taken this on with a variety of projects. Both the Security SIG and the Ops SIG will host their next meetings on July 16th, the first day of Spinnaker Gardening, and each will use the meeting to form a hackathon team as part of the SIG challenge. The Security SIG is in the midst of announcing their new CVE tracking and scoring process for managing reported CVEs that impact Spinnaker. As part of this process, they must develop threat models for each of Spinnaker’s common deployment endpoints – sounds like a fun hackathon project! This innovation around Spinnaker CVEs represents an important step in giving security-minded professionals what they need to collaborate in delivery pipelines as we “shift left” for more secure software products.

On the Ops SIG, we hear a lot of buzz about improving dynamic account loading, a key process in scaling Spinnaker usage. The Ops SIG hopes to build something like a pipeline stage that Spinnaker operators can use to add accounts, and will form a team on the 16th, too. Both the Ops and Security SIGs invite you to join them and bring your problems, frustrations, and ideas in scaling, hardening, and operating Spinnaker. Since no two software delivery life cycles are alike, exchanging fresh perspectives and best practices raises the bar for everyone. When it comes to security, SIG co-chair Beth Fuller highlights the value of sharing expertise that may not have been considered if everyone involved in a discussion had the same background and experience. She’s hoping DevSecOps professionals will register for Gardening Days to earn prizes and recognition for sharing that expertise.

Reach the Delivery Community through open source engagement

2020 is the year of Spinnaker! There’s still time to sign up as a Spinnaker Gardening Days sponsor and join AWS, Pulumi, Salesforce, Netflix, Google, and many more companies in representing the open source future of the SDLC. Check out the sponsor prospectus here and email [email protected] to show the Spinnaker-curious and Spinnaker contributors that you’ll invest in being #betterTogether as an open source community. Want to check out the event itself? Register here, and we’ll see you on July 16!