Feb 22, 2018 by DROdio
Open adoption software is re-drawing the IT Stack. Companies like Github, Docker, Mulesoft, Cloudera, and others are stealing budgets from more traditional application/client-server companies while driving more innovation. The above graphic illustrates the trend over the past few decades.
The same is true in the software delivery world. Spinnaker, an open-source project from Netflix, is the cloud-native, next-generation deployment system that powers the core of Armory’s Platform to help software teams ship better software, faster.
A new entrant in software delivery, Harness, is taking a closed-source approach to software delivery, which negates all the benefits provided by open source and the vibrant community surrounding it. And worse, Harness has misrepresented the capabilities of Spinnaker, as detailed below.
Armory believes that open source will win when pitted against closed-source solutions. The Spinnaker community already has over 4,000 members and is innovating rapidly on Netflix’s platform. Netflix, Google, Microsoft, Oracle and others are investing in Spinnaker and writing drivers for deploying workloads to AWS, Kubernetes, Azure, Bare Metal Cloud, DC/OS, ECS, OpenStack, and others.
No single company will be able to match the velocity of the world’s best cloud providers and the vibrant community building for those targets, nor keep up with the underlying innovation on those clouds.
These are the reasons that Armory uses Spinnaker at the Core of our Platform to help teams ship better software, faster.
Open-Source delivery and external integrations
Both Spinnaker and Harness are targeted at companies with hundreds of applications (and their respective deployment pipelines). Companies at this size have unique requirements in the sense that they might need to comply with specific legislation or processes specific to their business or industry.
In theory, any deployment solution could be used on it own in its original/vanilla form. In practice, however, an extra step of customization is often needed. In the most usual scenario, one or several rounds of modifications are required to accommodate all the corner cases of the company.
With a closed-source delivery platform, any modifications required on the base version are a lengthy, painful process. The company is forced to:
As an example, in the case of Harness, a very small subset of external integrations are currently supported. What happens to companies that wish to integrate another solution that is not on the Harness product roadmap?
With an open-source application, this situation never happens. A company can directly modify the code on demand. In the case of Spinnaker the entire platform is based on nine microservices; each one responsible for a single thing. A company can either add or modify any of those microservices, add a new one, or even replace one without waiting for approval from any vendor.
As an example, Spinnaker comes with a micro-service called Echo which acts as message/event listener. Any company can modify the code and add any integration to any external system — even if it is something developed in-house.
A corollary to the previous point is the ability to extend the core distribution of the delivery solution itself. The most significant example of this in Spinnaker is cloud support. Spinnaker originally supported AWS. OpenStack support was added by Target and Veritas, DC/OS support was added by Cerner, Kubernetes support was added by Google, and ECS support was added by Lookout.
Thus any company that selects Spinnaker knows most cloud providers are directly supported. In the case of Harness, a company can only wait until their cloud provider is added.
Even if Harness has the capacity to cover the most well-known cloud providers on its own, it could never achieve the coverage that Spinnaker is free to achieve. Lesser known cloud providers will be especially happy when they know they can add support for their cloud on the basic Spinnaker distribution.
The perfect current example of how many cloud providers can be supported with an open-source application is the support list for Terraform.
Open source is based on collaboration. Nobody is re-inventing the wheel, and everybody can benefit from the work of others. A bug in Spinnaker that is fixed by one company will probably be useful to all other companies that use the same setup.
This means that with every new Spinnaker release, you essentially get, for free, the knowledge and engineering wisdom of companies in the same space as you — including some of the best engineers on the planet from companies like Netflix and Google.
Spinnaker is being used and supported by major companies including Netflix, Google, Target, Box, Mulesoft, and more. See the full list here.
All those companies have the opportunity and the expertise to contribute fixes and improvements on the open-source Spinnaker distribution, increasing the overall quality of the software in an exponential manner.
With Harness, on the other hand, you are dependent on the Harness team itself, vs. the combined knowledge of all companies deploying and improving on Spinnaker.
Upgrading any software is a time-consuming process. Even here, however, open source comes with two major advantages:
But this flexibility is only possible with open-source software. In the case of closed-source, you are forced to run the “blessed” version provided by the vendor regardless of your needs.
This flexibility is especially necessary in the early years of a software product where new features are added at a much higher rate.
Spinnaker is a mature product that has been used internally in Netflix in production for the last 3-4 years — and Netflix drives 37% of all internet traffic in the evenings, making Spinnaker a very mature and bulletproof software delivery platform.
The deployment platform used within a company is the most critical piece of software, second only to the runtime environment used for the application deployment.The long-term viability, safety, and flexibility of the deployment solution a company is using is of utmost importance.
Spinnaker is not controlled by any particular company. If Google, Netflix, or Target go out of business tomorrow, Spinnaker will continue to exist. Companies that have the expertise and knowledge can still maintain Spinnaker and upgrade it with new features and fixes (which is very easy given the availability of the source code).
Given the number of companies that are using Spinnaker, it is highly unlikely that all of them will disappear at the same time. For this reason alone, Spinnaker has a bright future ahead of it, because as long as any company is using it, it still can be improved and extended.
Harness is a single company that fully controls the deployment solution they offer. This makes the viability of the product dependent on the company itself.
If Harness goes out of business for any reason, the product simply ceases to exist. If another vendor merges/buys Harness, your company will need to adapt to any pricing scheme or roadmap the new vendor will dictate.
Choosing an open-source deployment solution is the only rational choice to avoid vendor lock-in while participating in the community-driven innovation.
Deployments are one of the most sensitive and critical parts of your organization. Even if you don’t want to modify the code itself, having access to it means that you can audit and verify it to make sure that it does what it is supposed to be doing.
A closed-source product, on the other hand, is unverifiable. It might suffer from security vulnerabilities. It might “phone home.” It might leak your sensitive data. There is no way to know for sure.
Since Spinnaker deploys infrastructure, not applications, it also manages your cloud infrastructure. This makes it doubly important to run Spinnaker in a trusted cloud environment — yours.
Choosing a closed-source solution for your delivery pipeline means that you blindly trust the vendor with your intellectual property and application source code. Also, you accept the risk that when a security issue is indeed found, the solution vendor is solely responsible for providing a fix on time.
With an open-source solution, you don’t need to trust any external entity at all. The source code is there for you to audit and verify and your intellectual property can safely stay within your premises.
If a security issue is found, you can either fix the problem yourself or benefit from the collective response of all companies that are using it.
An open-source solution is open for everybody to collaborate. This means that finding engineers to work on it is always easier as you can look at the community already participating in building that product.
An open-source delivery solution means that you can draw potential employees from the pool of contributors to the project. In an open-source project, any engineer can be a contributor, as there is no barrier for anybody to enter.
This means a company can recruit the top experts or contributors of a particular open-source solution on its workforce.
With closed-source solutions, the only experts that can be found are the people who work on the vendor, making them an extremely scarce resource.
Engineers love to work on open-source software. This is why Netflix open-sourced Spinnaker in the first place. By encouraging your engineers to participate in an open-source project that’s core to your company’s software delivery processes, you are providing your engineers a fulfilling and strategic outlet.
There is no longer an argument on whether open source is the best possible choice. Open-source solutions have already won. Just take a look at the rest of the deployment infrastructure and runtime. The whole stack is open source:
Harness is going against the current, following the old ways.
Harness makes the case that Spinnaker is missing many features when compared to Harness. Not only is this false, as detailed below, but Armory believes the open-source community will, over the long-term, move much faster than any single company can. Investing in a closed-source solution is a guaranteed way to miss on the Open Adoption Software movement and experience massive vendor lock-in with a sub-standard, proprietary solution.
Here are other inaccuracies from the Harness PDF:
An important point about trust, safety and security: Harness claims to be the better option “where the application is truly critical to the business.”
Relying on a hosted solution for software delivery means that hosted solution also has the ability to destroy your cloud accounts.
Armory installs Spinnaker within a company’s Virtual Private Clouds (VPCs), so you can leverage the benefits of a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. This avoids the security & compliance risks of SaaS offering.
Multi-target deployments can feel tedious as you deploy the same code over and over to multiple clouds and environments — and none of them in the same way. With an automatic multi-target deployment tool, on the other hand, you do the work once and deliver your code everywhere it needs to be. Armory provides an […]
Read more →
KubeCon+CloudNativeCon EU is one of the world’s largest tech conferences. Here, users, developers, and companies who have and intend to adopt the Cloud Native standard of running applications with Kubernetes in their organizations come together for 5 days. From May 16-20, 2022, tech enthusiasts will congregate both virtually and in person in Valencia, Spain to […]
Read more →
Deciding how frequently to release a product is an interesting challenge faced by many companies. There are definite pros and cons related to adjusting your release cadence that have to be evaluated on an individual basis. Faster release cycles in theory might sound good, but of course, there can be tradeoffs. Looking at historical release […]
Read more →