Many developers, DevOps engineers, and SREs are clearly excited about using Spinnaker to modernize their overall software delivery (CI/CD) process. And the primary reasons for this excitement are Spinnaker is open-source software and the only tool to offer hybrid and multi-cloud deployment in the marketplace.
At the same time, many organizations are hesitant to move forward with Spinnaker for continuous delivery because it has a reputation of being difficult to get right.
If you are considering adopting Spinnaker to transform your continuous delivery, I am confident that you can be successful. Simplifying Spinnaker isn’t easy, but it can be done.
Our many customers around the world have seen compelling success – driving down costs, slashing delivery errors, and improving cycle time. They have mastered the challenges of scaling Spinnaker, even though they had plenty of questions along the way.
That’s the purpose of this blog – to highlight the top four challenges you should address to ensure a successful transformation to Spinnaker Continuous Delivery (CD) – and move quickly from your very first service in production with Spinnaker to your first 100 applications.
Remember that adopting any product with the potential of Spinnaker, and updating any process as important as software delivery, brings with it some complexity and potential for error. You’re not alone – most companies have struggled with the same difficulties that you have now – and have overcome them.
Nearly every company today must transform their software delivery process to meet their business goals. Leverage the learning of the Spinnaker early adopters to eliminate the risk of being buried underneath an avalanche of work as you adopt Spinnaker and transform your Continuous Delivery processes across your organization.
Integrate Spinnaker with your Existing CI/CD Tools
Spinnaker is a great CI/CD tool and saves time, energy, and effort in moving your services and applications through your deployment process, culminating with the apps running successfully in production.
However, Spinnaker doesn’t exist in a vacuum. You probably already have a well-developed toolchain, perhaps using GitHub for source control, Jenkins for the build, Jira for tickets, Slack for communication, JFrog Artifactory for binaries, and perhaps many others.
The first element that companies struggle to address is to completely configure Spinnaker so it is set up to fit well into your existing toolchain. Some of the integrations are simple, others are more complex. Unfortunately, Spinnaker doesn’t provide an “easy button” for any of the integrations. And extending your existing processes to include a new tool like Spinnaker always takes more thought and effort than we’d like.
So before you install Spinnaker or begin thinking about creating your first few pipelines, consider how Spinnaker will fit into your overall toolchain and how to fit in with the processes that are adjacent to the deployment step in your SDLC.
Design Spinnaker CI/CD Pipelines for Broad Adoption
Once Spinnaker is integrated into your toolchain and word gets around that you have enabled Spinnaker, you’ll be a hero because Spinnaker reduces work for everyone involved.
At the same time, you’ll likely be deluged with requests for assistance – especially for “onboarding” new applications onto Spinnaker. The process for building new pipelines for applications isn’t really onerous, but Spinnaker on its own doesn’t provide an easy way for individuals to do this work on their own.
CI/CD pipeline deployment strategies with Spinnaker
Further, it is highly likely that you won’t use the same deployment strategy across all your different applications. When should you use the different strategies available to you? How should you set up Spinnaker to utilize a dark, canary, blue/green, rolling, or highlander deployment? How do you modify any of these strategies to your specific environment? Not all these questions have obvious answers when you’re getting started.
Once you have experience with the first few applications and have the pipelines happily moving changes through the process, you should consider how to streamline the process of deploying new applications. Can you set up the system so that new teams can onboard their applications without you providing significant assistance?
Each organization is of course different. Some want to have full control by a central team; other times the individual development teams should have the ability to control the process for each service they build. Still, other times the company wants to outsource the whole thing to an outside team so their inside teams can concentrate on their highest value.
Whichever option is good for you, consider the onboarding process or you will have difficulty moving past the first few applications toward broad deployment.
You may like to refer to an example of how to create the first continuous delivery pipeline in Spinnaker to deploy to a Kubernetes cluster.
Handle Governance and Security Concerns in Continuous Delivery
Making Spinnaker operational is one thing. Making sure that the system is secure and follows your organization’s rules and regulations is also critically important before you move to wide adoption.
There are many different sub-bullets to this general topic of governance, much more than I can cover in a single blog. The good news is that Spinnaker is built for large-scale operations and so you can effectively handle just about every security and governance concern that you might have.
In order to ensure your specific governance requirements with Spinnaker are met for a broad range of services and applications, the top items that you should address are secrets management, user onboarding, and access control, audit, and policy compliance.
Different organizations have different strategies for secrets management, some heavily using Git, others using a product like Vault from Hashicorp. You must configure Spinnaker to fit into your security and secrets processes before you’re able to broadly deploy it. You definitely don’t want to manage your passwords and other secrets within Spinnaker itself.
You may like to explore an interesting blog on security- Securely deploy Kubernetes manifests using Spinnaker and Vault.
Authentication and Authorization
User onboarding and permissions are a second area to consider. All but the smallest organizations have some centralized user management in place, and you’ll want to integrate Spinnaker into the system you’ve chosen, whether it be LDAP or something different.
Auditing of CI/CD pipelines
An audit is a next element that typically impedes organizations from broad deployment. Ensuring that you can track the successes and failures of all the different changes that are pushed into production is important for every company, not just those in regulated industries.
And finally, general policy compliance is a must for organization-wide adoption of any product or process, especially one in as important an area as software deployment. Whether the policies are as simple as blackout windows (at which times completed software can move into production) or as complex as who within the organization can or must approve any move, and under what circumstances a move can be approved, there must be a simple way to ensure that the rules are followed (and of course, the compliance must be documented and easily verified).
You can read more on how you can make your CI/CD compliant and Auditbale using Spinnaker.
Trust an Experienced Navigator for your Spinnaker Transformation
Once Spinnaker is in place for more than a few applications, you’ll see demand for it increase quickly. And with more users, there will be more need for support. Many of the questions will be simple, but you will want to be sure that your team has someone available at all times to have their questions answered – you don’t want to be first, second, and third-level support to your Spinnaker installation.
In addition to simple support questions, a healthy percentage of requests will be around the best way to use different Spinnaker capabilities, and which approach enabled by Spinnaker would be recommended for your specific situation. These types of best practice questions should be answered by someone with specific knowledge of your situation and deep knowledge of and experience with Spinnaker. Of course, you could let everyone experiment and build best practices over time, but it’s much more efficient to leverage best practices from someone who has plenty of experience. Addressing this challenge is required before you can really start to scale past your first 100 applications. Don’t feel that you need to go it alone – work with an external company like OpsMx that you can trust and that has led multiple CD transformations with Spinnaker. Check out our professional services that will help you to enhance and customize Spinnaker for your enterprise requirements.
Now is the Time to Start your successful Spinnaker journey
Organizations that are successful with Spinnaker achieve impressive results. They dramatically improve the speed at which changes are deployed into production. And they are able to simultaneously slash costs, reduce errors in production, improve the experience of their end-users, and better maintain compliance with standards and regulations.
Spinnaker is proven in organizations around the world, many of whom are OpsMx customers. They confronted the same anxiety that you may be having as you begin your Spinnaker rollout. We helped them get past the initial Spinnaker struggles and would be excited to work with you as well.
For more detailed information on getting started with Spinnaker, download the O’Reilly eBook “Continuous Delivery with Spinnaker.” You can find more general information on our OpsMx website.
OpsMx is a leading provider of Continuous Delivery solutions that help Fortune 500 companies safely deliver software at scale and without human intervention. We help engineering teams take the risk and manual effort out of releasing innovations at the speed of modern business. For additional information, contact us