• Stars
    star
    109
  • Rank 319,077 (Top 7 %)
  • Language
    Kotlin
  • License
    Apache License 2.0
  • Created about 7 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Spinnaker's declarative service

Release

High Level Project Overview

For a high level overview of the Managed Delivery project and its goals, check out our introductory post on the Spinnaker blog.

Continue reading for technical architecture, or check out our FAQ section for more information about what we're building. Join us in the #sig-spinnaker-as-code channel on the Spinnaker Slack workspace if you have questions or want to get involved!

Keel Architecture

This document describes the architecture of Spinnaker’s Keel service, which is responsible for the bulk of the functionality behind Managed Delivery.

Terminology

Resources

Resources model the specification for a concrete thing or set of homogeneous things in the cloud. Each distinct type of resource is defined by its API version and kind. For example:

  • EC2 Cluster: a specification for a set of homogeneous auto-scaling groups deployed in one or more regions.
  • EC2 Security Group: a specification for a set of homogeneous security groups existing in one or more regions.
  • EC2 Classic or Application Load Balancer: a specification for a set of homogeneous load balancers existing in one or more regions.
  • Bakery Image: a specification for an AMI derived from successive versions of an artifact.

The representation of resources is consciously designed around the equivalent concept in Kubernetes and we model resources using a format similar to Kubernetes’ CRD format.

Artifacts

An artifact represents a deployable piece of software that has successive versions. For example a Docker image or a Debian package (that is baked into an AMI for deployment). When resources depend on artifacts, there is no need for a team to update their resource specs when a new version of the artifact is released.

Edge cases exist where some teams may require specific versions of artifacts and may “pin” cluster resources to a particular version, essentially opting out of managed artifact promotion. We support such uses cases via a pinning functionality, although we expect them to be a small minority.

Environments

Environments group resources and define constraints that determine how and when a new artifact version is allowed (or "promoted") into the environment.

The intention is that environments in the same application should be largely homogeneous, with specific differences in naming (for example differences in Moniker’s concept of a stack or detail field in a resource’s name), or deployment location (for example, at Netflix, the resources in different environments would typically be deployed in different AWS accounts).

A simple example would be an application with three environments:

  • Test: no constraints, the latest artifact version is deployed as soon as it is available.
  • Staging: constrained by a dependence on the stability of the test environment with artifact versions being promoted once a condition is met such as a metric threshold over a defined time, a smoke test has run successfully, etc.
  • Production: constrained by dependency on the stability of the staging environment and additional constraints such as canary success or manual approval. Additional rules may define things such as region-by-region roll-out of new artifact versions, or a veto on managed changes during certain time windows.

Delivery Configuration Manifests

Environments are further grouped into delivery configuration manifests enabling interdependence between environments (e.g. constraints on one environment requiring successful deployment to another).

Source of Truth

Keel’s database is in all cases the source of truth for a resource spec. Although we support a GitOps style workflow for teams that want it (and we anticipate this being the majority case), we do not require it. Other teams may prefer to submit their resource definitions to Keel’s REST API. For example, teams that use their own tooling to generate specs for ephemeral resources. We also do not want to be reliant on connectivity to a Git repository in order to determine the desired state of resources.

Note that this is no different than the approach used by systems built around Kubernetes, for instance. The Kubernetes resource database in etcd is always the source of truth. The fact that they may have originated in a Git repository and eventually landed in the database makes absolutely no difference with regard to how those resources are handled.

Resource Monitoring

At the core of Keel is a resource monitoring loop that regularly compares the current and desired state of a resource and takes steps to bring them into alignment if they differ.

Resource handlers (one for each resource kind) are responsible for reporting the current state and resolving the desired state (see below). The logic for determining if a delta exists is not specific to each handler but is common to all resource types. If a delta exists, the handler is invoked again in order to converge on the desired state. Existing handlers do this by invoking tasks in Orca such as cloning a new version of a server group, resizing a server group, creating a load balancer, etc.

Handlers can, if they wish, take different actions to align current and desired state depending on the details of the delta. For example, a server group that differs from its desired state only in capacity can be resized rather than having to be re-deployed, a cluster whose actual state differs from the desired in only one region can re-deploy the server group in that one region rather than re-creating the entire cluster.

Artifact Promotion

Similarly to the resource monitoring loop, Keel also regularly evaluates whether new artifact versions meet the constraints on various environments. If they do, the version is promoted to that environment. This will affect the resolution of desired state for resoures that are deployment targets (e.g. compute clusters) within that environment.

Resolution of Desired State

Resource handlers essentially model three operations:

  1. Determine the current state of a particular resource.
  2. Resolve the desired state of a particular resource.
  3. Take action to reconcile a delta detected between current and desired state.

The first two operations are homeomorphic. They are passed a resource _spec _and return a model of the fully-resolved, fine-grained detail of the actual cloud resources the spec represents. For example, the operations on an EC2 cluster handler accept a “cluster spec” and return a map of server group details keyed by region. The values returned by these two operations are diffed and must be identical if current and desired states are in alignment.

This resolution of desired state means that the resource spec can model things in terms of abstractions. For example:

  • Homogeneous server groups using the specification in multiple environments (in Spinnaker currently users would have to define these separately in the deploy stage of a pipeline).
  • An artifact which is resolved into a specific AMI according to the constraints that exist in the resource’s environment.
  • An EC2 instance type determined by automated recommendation from a central capacity planning team.

Resolution of desired state can change over time which is why it is performed every time a resource is evaluated by the resource monitoring loop. For example:

  • If a new artifact version is promoted to an environment, desired state resolution will include a different AMI the next time it is evaluated.
  • If a centralized team wants to migrate users to a new class of EC2 instance type they can update the recommendation, resulting in a different instance type in the resolved desired state of cluster resources.

Desired state resolution is modular. Multiple resolvers may exist for a resource kind, each being responsible for particular opinions. This modularity not only simplifies testing of resolvers but allows specific resolvers to be enabled or disabled when Keel is deployed. For example, Netflix has specific opinions about the security groups that should be associated with a server group and we have a resolver for that outside of the open-source Keel repository.

Tooling

Although Keel does some templating-style functionality, for example resources that span multiple regions, we anticipate the need to provide tooling that enables users to define homogeneous sets of resources that appear in all their environments based on templates. Whether this is done as a pre-processing step when files are submitted to Keel, or using external tools is yet to be determined.

More Repositories

1

spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.
Shell
9,298
star
2

kayenta

Automated Canary Service
Java
1,287
star
3

clouddriver

read and write operations across cloud providers
Groovy
432
star
4

swabbie

Spinnaker's clean up service
Kotlin
370
star
5

halyard

A tool for configuring, installing, and updating Spinnaker
Java
308
star
6

deck

Management UI for Spinnaker
TypeScript
303
star
7

orca

Orchestration engine
Groovy
245
star
8

igor

Integration with Jenkins and Git for Spinnaker
Groovy
145
star
9

spin

Spinnaker CLI
Go
128
star
10

gate

Spinnaker API Gateway
Groovy
127
star
11

rosco

A bakery for deployable images
Groovy
88
star
12

spinnaker.github.io

spinnaker documentation site
HTML
79
star
13

dcd-spec

Declarative Pipeline specification for Spinnaker
78
star
14

echo

Spinnaker Eventing Service
Java
74
star
15

kleat

A lightweight tool for managing Spinnaker configuration
Go
69
star
16

fiat

Spinnaker auth service
Java
68
star
17

front50

Spinnaker Metadata Repository Service
Java
63
star
18

pipeline-templates

A public collection of Spinnaker declarative pipeline templates
54
star
19

governance

Community documentation for Spinnaker
Kotlin
46
star
20

roer

A thin Spinnaker CLI
Go
45
star
21

kork

Kork provides some basic service building blocks for Spinnaker.
Java
41
star
22

spinnaker-monitoring

Support for monitoring deployed Spinnaker microservices.
Python
39
star
23

workshops

CSS
25
star
24

sponnet

Jsonnet library specifically for Spinnaker
Jsonnet
24
star
25

spinnaker.io

spinnaker.io website content
HTML
20
star
26

spinnaker-gradle-project

Gradle project for spinnaker project conventions
Kotlin
20
star
27

keiko

Queuing library originally built for Orca
Kotlin
18
star
28

deck-kayenta

Spinnaker UI module for Kayenta
TypeScript
17
star
29

kustomization-base

Base kustomize config for deploying Spinnaker to kubernetes
17
star
30

spinnaker-dependencies

Common dependencies for Spinnaker
Shell
14
star
31

deck-customized

Spinnaker Deck with customizations
HTML
14
star
32

rush

Script Execution service
Groovy
12
star
33

moniker

naming for cloud resources
Groovy
11
star
34

spinnaker-config

Template repo for users to overlay the base kustomization with their config
11
star
35

try.spinnaker.io

Spinnaker Playground 🌊🏄
Shell
9
star
36

styleguide

Style guide for Spinnaker UI
HTML
8
star
37

buildtool

Utilities and tools for setting up and execution Spinnaker integration tests
Python
6
star
38

scheduled-actions

As the name suggests ("scheduled actions")
Java
6
star
39

spinnakerbot

A GitHub bot for managing Spinnaker's repos.
Python
6
star
40

stats

Go
5
star
41

rotation-scheduler

A GitHub Action for generation a rotation schedule.
Go
5
star
42

bumpdeps

A GitHub Action to automatically bump Spinnaker dependencies
Kotlin
4
star
43

ops-tools

Unofficial community scripts and tools
4
star
44

dcdspike

quick spike of declarative CD templating
Java
4
star
45

managed.delivery

The microsite for managed.delivery
3
star
46

spinrel

A tool for working with Spinnaker releases.
Kotlin
3
star
47

clouddriver-cloudfoundry

Snapshot of cloud foundry code in clouddriver
Groovy
2
star
48

md-lib-go

Shared library code for Managed Delivery Go clients
Go
2
star
49

plugins

Spinnaker plugins repository
2
star
50

spinnaker-kustomize

Spinnaker installation via kustomize
Makefile
1
star
51

.github

Community Health files repo
1
star
52

spinnaker-dev.github.io

spinnaker.dev site
HTML
1
star
53

pipeline-builder

A Java library to build Spinnaker pipelines
Java
1
star