ci/cd @ bol · gitlab ci build docker images google container registry spinnaker store docker...
TRANSCRIPT
![Page 1: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/1.jpg)
CI/CD @ bol.com
![Page 2: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/2.jpg)
What I’ll be talking about
1. About me & bol.com2. The CI/CD story @ bol.com3. Current setup4. Mayfly5. The future in the cloud
![Page 3: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/3.jpg)
About me
● Maarten Dirkse● @mdirkse on Twitter● In IT since 2007 (5 years @ bol.com)● Java developer -> CI/CD engineer● Bitten by the container bug in 2014● Hobby: local politics
![Page 4: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/4.jpg)
About bol.com
● Largest online retailer in the Netherlands and Belgium (5.8 million customers, 10+ million products)
● 55 (and growing) multi-disciplinary teams of 5-8 people
● Strong Scrum culture (introduced in 2009)
● 200+ services and apps (SOA, mostly Java + DB backend)
● Mix of fixed sprint rhythm and CD
![Page 5: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/5.jpg)
The Developer Freedom index
![Page 6: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/6.jpg)
Once upon a build-time.....
![Page 7: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/7.jpg)
The situation ca. 2014
● 4 week release cycle● Big-bang release
○ Shop went offline!
● Scrum -> 200 stories per cycle to production● Jenkins -> DeployIT -> Schuberg Phillis
○ Software was “thrown over the wall” to ops
● Every team had admin rights on their jenkins jobs
![Page 8: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/8.jpg)
Freedom index: not free
● Developers couldn’t do their own releases at the time of their choosing● Releases had to be coordinated with SBP
○ Even some property changes
● Stack on which apps ran was tightly locked down● Developers could go crazy on TST, but could do almost nothing on PRO
○ Endless requests for SSH access to servers which were inevitably denied
● 2 levels of gatekeeping: ops and SBP
● On the plus side, they could configure their Jenkins jobs...
![Page 9: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/9.jpg)
Current pipeline
![Page 10: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/10.jpg)
our CD story “Man on the Moon” to give teams autonomy
![Page 11: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/11.jpg)
How things get to production
Build Store Orchestrate Deploy
Run
![Page 12: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/12.jpg)
Key aspects
● TAXP system: custom abstraction over Jenkins jobs○ No more job admin rights for teams
● Teams can deploy to PRO at will (have to send notification)● TST, ACC environments (ACC is “production-like”, used for performance
tests)● No change management process● SRT gatekeeper of deploy functionality and new services
![Page 13: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/13.jpg)
Mayfly
![Page 14: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/14.jpg)
Genesis of Mayfly
Test
Acc
Pro
<master> <master>
<master>
<master>
![Page 15: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/15.jpg)
Mayfly idea
Pro
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
<branch>
.......... .....
![Page 16: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/16.jpg)
Mayfly provides per user story:
● Feature branch in SCM (currently git via Stash)● Continuous integration jobs (Jenkins)● Isolated, production-like runtime environment (Docker cluster)● Automated Definition of Done check● Logs & metrics (Logstash, Graphite, Prometheus)● Optional user story-specific database (Oracle, PostgreSQL, Mongo)
![Page 17: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/17.jpg)
30% of all commitsdone via Mayfly
![Page 18: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/18.jpg)
Freedom index: partially free
● Developers control their releases● Developers don’t control CI or CD● Mayfly offers lots of freedom, until TST
![Page 19: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/19.jpg)
Building and deploying in the cloud
![Page 20: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/20.jpg)
The challenge
Build a container-centric, cloud-native CI/CD pipeline that:
● Is easy to use and get started with● Makes it easy to deploy small changes● Is fully customizable● Can scale to thousands of deploys per
day
![Page 21: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/21.jpg)
What about the current stack?
Will the CI/CD stack that we use at the moment suffice in the cloud?
![Page 22: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/22.jpg)
The current stack
JenkinsDo builds
Artifactory RundeckStore artifacts Orchestration of RPM
builds and rolling out of artifacts
PuppetActually install the new artifact on an existing
machine
Maintenance nightmare
Very expensive
docker registry
*Not* a deployment
tool
Want immutable
infrastructure
![Page 23: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/23.jpg)
The current stack would work, but we can do better by using cloud- native tools
![Page 24: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/24.jpg)
The new stack
Gitlab CIBuild docker images
Google Container Registry
Spinnaker
Store docker imagesDeploy dockerized apps
KubernetesRun docker containers
More developer control & less DPI
maintenanceGoogle’s concern Actual deployment
toolFacilitates immutable
infrastructure
![Page 25: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/25.jpg)
Opt-outis an option!
Convention over configuration
Convincing over compulsion
CI/CD is a product that needs to appeal
Iterate on a vision, don’t crowdsource the design
![Page 26: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/26.jpg)
Freedom index: free
● Developers have full control over CI● Developers have full control over CD● Developers have full control over the stack
○ Well, at least from the kernel up
● Constraints that do exist are, as much as possible, handled transparently● And if opt-out is an option, but comes with many responsibilities
![Page 27: CI/CD @ bol · Gitlab CI Build docker images Google Container Registry Spinnaker Store docker images Deploy dockerized apps Kubernetes Run docker containers More developer control](https://reader033.vdocuments.mx/reader033/viewer/2022042911/5f428fd61720d94e4c0e5823/html5/thumbnails/27.jpg)
Maarten Dirkse
Thanks!