Here's a piece I wrote in collaboration with my colleague, Serge Poueme, about our department's experience with the open source pipeline powerhouse: Spinnaker.

As a Site Reliability Engineer responsible for delivery excellence, solid deployment is important to me. I’ve been working with SAP for a little while now and I’m proud to be a part of their mission: helping the world run better. Trust is at the core of that mission, and in order to establish trust, we have to be a reliable resource for our community. As SREs, our goal is to provide reliability on all fronts, specializing in what usually trails behind in a DevOps team: infrastructure, deployment, configuration, monitoring and documentation. So, nailing down a CI/CD pipeline system that works is essential for our success — and the success of our customers and partners. That’s why we tip our hats to Spinnaker.

 

Discovering the wonderful world of Spinnaker

Our SRE team came across Spinnaker a year ago. We were asked to build a blueprint for a standard CI/CD pipeline to improve developers’ productivity and reduce lengthy development cycles. Right away we got knee-deep in research, exploring solutions from GitLab, Bamboo, Jenkins, Concourse, before finally settling on Spinnaker. While running through our Proof of Concepts (POCs), Spinnaker made our lives much easier, which consequently made our decision to adopt its platform pretty easy too.

So far, we’ve had a great experience using this platform. First, because of its open-source environment. If we run into a problem, Spinnaker’s massive online community likely has the solution. Second, it’s fully integrated with Slack (which is already widely used at SAP), and allows our teams to share insights on deployment flows. Communication is key with any platform, and Spinnaker does a great job in facilitating that.

Why we’re sticking with it.

Spinnaker has given my life meaning—just kidding—no, but it’s definitely helping me get to where I want to go. At SAP, my focus is on CI/CD pipeline standardization and creating DevOps self-services, and I can safely say that Spinnaker is contributing by pushing innovations faster to the cloud. Dare I say that we are on the highway to heaven? I think I can. Especially when considering where we are today: Spinnaker runs deployment pipelines for ten of our development teams. That translates to 30 Kubernetes clusters in production, and 40 distinct deployment pipelines. Not bad, right? Some teams are shooting out 200 daily canary deployments before hitting production!

Here’s one of our pipelines performing a production release in under 13 minutes.

So, because our level of efficiency has increased, naturally our speed has too. Using Spinnaker is easier because there is no coding involved. Instead, you get a digestible UI on the surface and a controlled environment in the back end. Less room for mistakes, and more room for innovation.

Spinnaker has helped us scale our CI/CD pipeline beyond the needs of our line of business. Now, we’re offering it as a shared service across SAP globally. Because not only is it scalable, but it’s incredibly intuitive — making it a breeze to onboard teammates. By leveraging the Halyard configuration tool coupled with a GitOps approach, we can onboard teams using a self-service model (DaaS). This is a game-changer because instead of developers approaching us to make changes during the deployment process, the pipeline sends us the signals instead. I think we can all agree that automation is the future, and Spinnaker nudges us one step closer to that.

A colleague of mine is working on an awesome project called SAP Graph, which is an easy-to-use API for building extensions across applications. Michael, my colleague, was ecstatic about Spinnaker because it both simplified his life and cut costs. “SAP Graph is a collection of 13 components, and with Spinnaker we were able to keep our deployments relatively simple, all while keeping them loosely coupled.” He added to a team discussion. The time and money that he and his team saved was well worth it, thanks to the compatibility with Jenkins and GitHub.

“A clearer error log is one of the best things any SRE can ask for.” — Michael Sabbagh, Site Reliability Engineer at SAP

Where Spinnaker can step it up.

As with any platform, there is always room for improvement. One thing I find to be lacking with Spinnaker—and there are few—is that it’s missing in-depth documentation. I like to dive into topics like the Halyard configuration tool for instance, and the user guides seem to be limited to typical instances. It would be helpful to find a space where we could explore a little deeper into what Spinnaker and its tools can do for us. Another thing is that we have to manipulate config files to automate changes on Spinnaker. Our team has started embedding Halyard into an API, but we’re taking it slow because we want to see where Spinnaker’s development journey leads. Discussions taking place in their Special Interest Groups may lead to solutions that would save us from the trouble.

Security could also be better, especially around the docker images that Spinnaker uses. I think that mandatory scanning could help with this issue, so that blind spots are being covered at a higher rate to protect us from cyber-attacks. My teammate, William, shook his head when we discussed the security issue, “The problem was while configuring LDAP authentication and authorization, it was difficult to add corporate CA certificates into the trust store when setting up the connection to our Active Directory servers.” The Spinnaker team did document a workaround, but even with that, it still took him a while to implement it within our automation.

The takeaway.

Generally speaking though, Spinnaker has the deployment toolset that every SRE team needs. It’s open source, meaning it has a community of people with a boatload of experiences to share. And not only is it easy to connect with Spinnaker users on a grand scale, its integration with Slack makes collaborating with teammates simple too. Jenkins and GitHub are also integrated with the platform, which makes it easy to adopt and onboard other developers. That’s why we’ve had no issues providing it as a shared service across SAP. Take SAP Graph for example! Spinnaker helped Mike and his team simplify their deployment process, saving time and putting money back in their budget.

But this is not to say that the platform is perfect. There are still some areas where we’d like to see improvements, however, I think that Spinnaker is making an honest effort to address them. When William found a bug, he determined the root cause and then proposed a fix via a pull request. Spinnaker responded swiftly, then provided further documentation for him to contribute to the project — another well-deserved high five to Spinnaker for being open source! Anyway, to wrap this all up, I think this photo speaks for itself.

Ain’t nothing better than seeing those bright green numbers.

This article can also be seen on Armory and Spinnaker's blogs.