OpsMx continues to add additional capabilities to OpsMx Enterprise for Spinnaker(OES) to help you solve problems in your day to day life as a CI/CD professional. We are pleased to announce the general availability of the OpsMx Enterprise for Spinnaker (OES) 3.4 version to all our customers.
The theme for this release encompasses the following benefits:
- Simplify configuration of automated approvals in CI/CD with new OES UI
- Improve security using encrypted communication between OES and Spinnaker
- Enable 24×7 Spinnaker using Dynamic Account Management
Simplify configuration of automated approvals in CI/CD with new OES UI
Approvals of release from one stage to the next are time-consuming, and the primary cause is the lack of visibility of information. Approvers, usually a product or project manager, would have to manually ask their team member about build status, test status, etc., before approving a release candidate. This approval used to take hours and sometimes days. To get all the required information at your fingertips, we introduced Visibility in OES 3.3. Citing the scale of CI/CD projects in our customer environments, we have provided a feature to add/manage data sources from a single UI as an extension to the Visibility feature in OES 3.4. From a single pan, you can now add technologies like SonarQube, Autopilot, JIRA, Jenkins, etc.. to fetch information about the build/test stage, risk scores, and ticket information to ratify release progression into production.
Secondly, in large enterprises it is not uncommon to have many monitoring tools/log analyzers and multiple instances of each tool with numerous departments and environments. Continuous verification platform like Autopilot uses data from the monitoring tools to continually assess the risk of release in deployment and production stages. To avoid the infra team to toggle with multiple screens to set up data sources for release verification, OES 3.4 provides a single UI to add or edit log and metric sources.
We have also added the open policy agent(OPA) as a data source, which can be used for performing policy checks and ensuring governance in CI/CD through Spinnaker pipelines.
Lists of data sources that currently exist in OES 3.4:
- Artifact: DockerHUB, Git Repo, Git API
- CI: Jenkins
- Monitoring tools and Log Analyzer: Appdynamics, Datadog, Dynatrace, ElasticSearch, Graphite, New Relic, Prometheus
- Governance: JIRA
- Policy: OPA
- SAST/DAST: SonarQube
- Verification: Autopilot
The image below depicts list of data sources under integration tab of OES 3.4.
Improve security using encrypted communication between OES and Spinnaker
OpsMx Enterprise for Spinnaker consists of multiple services- Security, Audit, Policy Checks, Account Onboarding, and Release Management- which frequently communicates with Spinnaker through Gate service. Earlier, we used standard security authentication mechanisms such as LDAP/SAML/AD. And we realized many of our financial customers have security guidelines to have X.509 certificates based authentication. In X.509 based communication, name and password are encrypted using a public and private key pair and not transferred like a file/web URL.
From OES 3.4 onwards, we provide the flexibility of using basic authentication and/or X.509 authentication for communication between Spinnaker and OES services. You can learn more about Authentication of Spinnaker Services using an x509 client certificate.
Enable 24×7 Spinnaker using Dynamic Account Management
There are situations when the infrastructure or admin team has to create a new cloud provider account in Spinnaker during run-time, say, a new Kubernetes cluster during the pipeline deployment or before the pipeline deployment. Typically they have to modify YAML files and deploy those changes using ‘hal deploy apply’. And to initiate those changes, Spinnaker has to be restarted, leading to service disruption and failure of all pipelines in execution. This will negatively impact releases planned for encashing new business opportunities.
Instead of saving the files in local filesystem of Spinnaker, OES 3.4 offers Dynamic Account Management (refer to Spinnaker Setup tab in the screenshot below) that allows an easy way to add accounts stored in remote locations such as GitHub, Hashicorp Vault, S3 to Spinnaker. Without restarting its services, Spinnaker will automatically identify accounts from these external repositories and can be used for deployment activities. The Infra team needs to mention details such as account name, cloud driver, access groups, and Kube-config file in the external sources and then provide an Provider (i.e. repository name), Account name and Endpoint link in the OES Spinnaker Setup tab.
The below image depicts the list of items you need to provide in OES to add Spinnaker accounts dynamically.
If you want to know about bug fixes, please refer to the release notes.
OpsMx is a leading provider of Continuous Delivery platform that helps enterprises safely deliver software at scale and without any human intervention. We help engineering teams take the risk and manual effort out of releasing innovations at the speed of modern business. For additional information, contact us.