from a pipeline to a government cloud
play

From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK - PowerPoint PPT Presentation

Dec 28, 2023 •222 likes •978 views

From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service www.toby.codes github.com/tlwr github.com/alphagov From a pipeline to a government cloud How the UK government deploy a Platform-as-a-Service using

  1. From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service www.toby.codes github.com/tlwr github.com/alphagov

  2. From a pipeline to a government cloud How the UK government deploy a Platform-as-a-Service using Concourse, an open-source continuous thing-doer

  3. From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and re-use

  4. What is GOV.UK PaaS? What is a Platform-as-a Service? What are some challenges with digital services in government? How does GOV.UK PaaS make things better?

  5. What is a PaaS? Run, manage, and maintain apps and backing services Without having to buy, manage, and maintain infrastructure or needing specialist expertise

  6. Here is my source code Run it for me in the cloud I do not care how

  7. Deploy to production safer and faster Reduce waste in the development process

  8. Proprietary Open source Heroku Cloud Foundry Pivotal application service DEIS EngineYard Openshift Google App Engine kf AWS Elastic Beanstalk Dokku Tencent BlueKing Rio

  10. Why does government need a PaaS?

  11. UK-based web hosting for government services Government should focus on building useful services, not managing infrastructure

  12. Enable teams to create services faster Reduce the cost of procurement and maintenance An opinionated platform promotes consistency

  13. Communication within large bureaucracies can be slow Diverse app workloads are impossible to reason about Highly leveraged team requires trust and autonomy

  14. Only able to do this because of open source software and communities

  15. APPS SERVICES MANAGEMENT Operational API + CLI Service brokers metrics provided by OSB User management specification Cloud Foundry compliant Billing

  16. BOSH Grafana Concourse Terraform Prometheus

  17. Terraform BOSH terraform.io bosh.io Infrastructure as code, for Release engineering, VM provisioning arbitrary provisioning and resources lifecycling management Versatile tool for managing Very specific use-case, cloud infrastructure but very good at it Steep learning curve, high reward

  18. Prometheus Grafana prometheus.io grafana.com Metric collection, storage, Visualisation and and query dashboarding tool Large open-source ecosystem Good for aggregating multiple data sources Multi-dimensional labels for display enable a rich query language

  19. What is Concourse? Concourse is an open-source continuous thing-doer “A thing which does things, sometimes continuously” concourse-ci.org

  20. A general approach to automation, with extensibility as the primary design goal

  21. PIPELINE RESOURCE JOB TASK

  22. Pipelines Jobs Directed acyclic graph, Can run in parallel, or not just read in series left-to-right Composed of steps Contain resources and jobs Steps are compositions of running tasks, Written in YAML flow-control, and resource interactions Automatically visualised in the web UI

  23. Tasks Resources Specific Generic Represent doing a thing Defined by (unit of code execution) resource types Are stateless Immutable, idempotent, (in the long run) external source of truth Code is executed inside an “a single object with a ephemeral environment, linear version sequence” based on a container image

  24. Step flow control Resource interactions in_parallel is a step for getting a resource pulls running other steps in external state from the parallel, e.g. clone many source of truth git repos concurrently putting a resource step do is a step for running pushes local state to steps in series the source of truth try is a step which will Periodically resources not fail a job if it does are checked for new not succeed versions set_pipeline will update a pipeline’s config

  25. Task examples Resource types Build a container image Git/Image repository Compile release artefacts File in object storage Run automated tests Semantic version Generate release notes Distributed lock/pool GitHub release Terraform deployment Cloud Foundry app

  26. Simple continuous deployment

  27. Multi-environment continuous deployment

  28. A branching pipeline

  29. “Autonomate” a manual release process

  30. “Show me the YAML”

  31. Example: Continuously deploy terraform

  32. Continuously deploy terraform

  33. resources: - name: my-code-repo … - name: my-tf-deployment … jobs: - name: deploy-my-code …

  34. resources: - name: my-code-repo type: git icon: git source: branch: develop uri: https://github.com/x/y.git - name: my-tf-deployment … jobs: …

  35. resources: - name: my-code-repo … - name: my-tf-deployment type: terraform icon: terraform source: … jobs: - name: deploy-my-code …

  36. resources: … jobs: - name: deploy-my-code serial: true plan: - get: my-code-repo trigger: true - put: my-tf-deployment

  37. resources: This pipeline will deploy - name: my-code-repo terraform whenever the type: git icon: git develop branch changes source: branch: develop uri: https://github.com/x/y.git ((secrets)) are retrieved - name: my-tf-deployment from a credentials provider type: terraform icon: terraform when they are needed source: backend_type: s3 backend_config: Credential providers: bucket: my-prod-bucket key: tfstate/my-deployment.tfstate - Credhub region: eu-west-2 access_key: ((aws_access_key_id)) - AWS SSM secret_key: ((aws_secret_access_key)) - Kubernetes jobs: - Hashicorp Vault - name: deploy-my-code serial: true plan: - get: my-code-repo trigger: true - put: my-tf-deployment

  38. fly login \ --target my-concourse \ --open-browser fly set-pipeline \ --pipeline deployment \ --config cd-tf.yml

  39. Continuously deploy terraform

  40. Continuously deploy terraform (oh no)

  41. resources: - name: my-code-repo … - name: my-tf-deployment … - name: project-slack-channel type: slack icon: slack source: … jobs: …

  42. … put: my-tf-deployment on_failure: put: project-slack-channel params: channel: '#develop' icon_emoji: ':airplane:' text: | Build $BUILD_NAME failed. Check it out at: …

  43. Continuously deploy terraform with failure notifications

  44. Extending Concourse Resource interactions Build your own resource check is executed periodically An OCI compatible image, hosted somewhere Concourse in can access. is executed for a get step Which should contain up to three executables: out - /opt/resource/check is executed for a put - /opt/resource/in step - /opt/resource/out

  45. A git repo flies Through a concourse pipeline It becomes a cloud

  46. What do we care about? App availability (~99.99%) API availability (~99.9%) Safety and reproducibility are achieved through autonomation

  47. GOV.UK PaaS deployment pipeline

  48. GOV.UK PaaS deployment pipeline

  49. GOV.UK PaaS deployment pipeline

  50. GOV.UK PaaS deployment pipeline UNLOCK LOCK

  51. GOV.UK PaaS deployment pipeline CONFIG UNLOCK LOCK

  52. GOV.UK PaaS deployment pipeline CONFIG WAIT UNLOCK LOCK AVAILABILITY TESTS

  53. GOV.UK PaaS deployment pipeline CONFIG TERRAFORM WAIT UNLOCK LOCK AVAILABILITY TESTS

  54. GOV.UK PaaS deployment pipeline CONFIG TERRAFORM WAIT DEPLOY CF UNLOCK LOCK AVAILABILITY TESTS

  55. LOCK AVAILABILITY TESTS CONFIG GOV.UK PaaS deployment pipeline WAIT TERRAFORM DEPLOY CF PROMETHEUS & BROKERS UNLOCK

  56. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF UNLOCK LOCK AVAILABILITY TESTS OTHER APPS

  57. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF UNLOCK LOCK CERT AVAILABILITY TESTS OTHER APPS ROTATION

  58. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF GIT TAG RELEASE UNLOCK LOCK CERT AVAILABILITY TESTS OTHER APPS ROTATION

  59. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF GIT TAG RELEASE UNLOCK LOCK CERT AVAILABILITY TESTS OTHER APPS ROTATION

  60. Now do it all again! git merge --gpg-sign → Deploy staging → git tag → Deploy prod London → Deploy prod Dublin This process happens ~2.5x per day

  61. PROD IRELAND PROD LONDON STAGING

  62. Normal deployments are fully automated, so deploys are small, and occur often Deployments fail safely, due to locking, tests, and BOSH

  63. The UI is “anger optimised” - @vito It is visually obvious* what state a pipeline is in, and if it is broken

  64. Concourse and Grafana deployment overview annotations

  65. Concourse and Grafana deployment overview details

  66. Someone else’s code Is running in production Can I re-use this?

  67. Patterns and re-use, how? Concourse resource types available at resource-types.concourse-ci.org Patterns - Locks, pools, and counters - Availability tests - Metrics and annotations - Releases and communications

  68. Pools and locks with controls for pipeline operators github.com/concourse/pool-resource

  69. Availability tests implemented as a task github.com/tsenart/vegeta

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native deployment Cloud native deployment Multi-repo DAG management Manage Airflow Variables with code through Terraform Airflow monitoring

478 views • 30 slides
MeghRaj MeghRaj Service Directory (MSD) G Government of India Cloud initiative u i d CSP

MeghRaj MeghRaj Service Directory (MSD) G Government of India Cloud initiative u i d CSP

MeghRaj Ecosystem Cloud Service Seekers(CSS) Ministry/ Departments MeghRaj MeghRaj Service Directory (MSD) G Government of India Cloud initiative u i d CSP CAP Department a of n Electronics Cloud NIC/ CDAC etc c and Management

1.47k views • 4 slides
Cloud Ser Clo Service Prov Provider(CSP) for for the Government Priv Gov Private Cl Cloud

Cloud Ser Clo Service Prov Provider(CSP) for for the Government Priv Gov Private Cl Cloud

SITA SITA SUS SUSE CSP CSP for for GPC GPCE RFB 2088 RFB 2088/2019 for for the pro procurement of of SUS SUSE Cloud Ser Clo Service Prov Provider(CSP) for for the Government Priv Gov Private Cl Cloud Ecos Ecosyste tem (GP

312 views • 10 slides
CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial Cloud Computing PRESENTED TO HOUSE COMMITTEE ON GOVERNMENT TRANSPARENCY & OPERATION LEGISLATIVE BUDGET BOARD STAFF April 5, 2016 Statement of

373 views • 8 slides
NOAA Pipeline/BUFR/CBUFR, schedule, clear flag and cloud- cleared filter November 2001 AIRS

NOAA Pipeline/BUFR/CBUFR, schedule, clear flag and cloud- cleared filter November 2001 AIRS

NOAA Pipeline/BUFR/CBUFR, schedule, clear flag and cloud- cleared filter November 2001 AIRS science team meeting NOAA/NESDIS Mitch Goldberg Walter Wolf Lihang Zhou Yanni Qu Murty Divarkarla Topics Deliverable AIRS Products NOAA

812 views • 45 slides
Natural Gas Pipeline 101 Brian Fahrenthold Director Government Affairs, Spectra Energy Spectra

Natural Gas Pipeline 101 Brian Fahrenthold Director Government Affairs, Spectra Energy Spectra

1st ANNUAL ARKANSAS ENERGY ROCKS TEACHER ENERGY EDUCATION WORKSHOP | JUNE 16 - 18 Natural Gas Pipeline 101 Brian Fahrenthold Director Government Affairs, Spectra Energy Spectra Energy: Our Pipelines Natural Gas Transmission Pipe: 19,000 mi

365 views • 20 slides
A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios

A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios

A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios Peristeras 2 1 Digital Enterprise Research Institute, NUI Galway, Ireland {fadi.maali,richard.cyganiak}@deri.org 2 European Commission,

156 views • 15 slides
Forming a CI/CD Pipeline and Cloud-first Culture Jeremy Friesen, Manager Digital Libraries

Forming a CI/CD Pipeline and Cloud-first Culture Jeremy Friesen, Manager Digital Libraries

Forming a CI/CD Pipeline and Cloud-first Culture Jeremy Friesen, Manager Digital Libraries Technology Unit I NTRODUCTION Who am I? Jeremy Friesen Digital Library Technologies Unit Manager at the Hesburgh Libraries of the University of

509 views • 36 slides
Every SAS Cloud has a Silver Lining Letting your data reign in the cloud DSS SAS SYSTEM

Every SAS Cloud has a Silver Lining Letting your data reign in the cloud DSS SAS SYSTEM

Every SAS Cloud has a Silver Lining Letting your data reign in the cloud DSS SAS SYSTEM Current Single Virtual Server unit with 16 cores upgraded to 32 cores 256 Gb RAM 150 registered users Data collector from other government

890 views • 21 slides
Pipeline Construction Pipeline Construction Challenges Challenges NAPCA Workshop August 19,

Pipeline Construction Pipeline Construction Challenges Challenges NAPCA Workshop August 19,

U.S. Department of Transportation Pipeline and Hazardous Materials Safety Administration Pipeline Construction Pipeline Construction Challenges Challenges NAPCA Workshop August 19, 2010 Houston, Texas Kenneth Y. Lee Office of Pipeline

506 views • 50 slides
Lessons learned from six years of cloud technology transformation in government David Turner

Lessons learned from six years of cloud technology transformation in government David Turner

Lessons learned from six years of cloud technology transformation in government David Turner Managing Director, MSC Digital MSC Digital Independent and vendor agnostic Formed specifically to assist the UK Public Sector - Its

386 views • 19 slides
1,000 foot pipeline Connect Replacement (Saugus 3 and 4) Wells to Magic Mountain Pipeline

1,000 foot pipeline Connect Replacement (Saugus 3 and 4) Wells to Magic Mountain Pipeline

Magic Mountain Water Pipeline Installation Agreement Amendment Commerce Center Drive Pipeline Background 1,000 foot pipeline Connect Replacement (Saugus 3 and 4) Wells to Magic Mountain Pipeline Five Point will oversee construction

59 views • 3 slides
Pipeline A Presentation by Team Pipeline Ben Lai Brandon Bakhshai Jeffrey Serio Somya

Pipeline A Presentation by Team Pipeline Ben Lai Brandon Bakhshai Jeffrey Serio Somya

Pipeline A Presentation by Team Pipeline Ben Lai Brandon Bakhshai Jeffrey Serio Somya Vasudevan What is pipeline Pipeline is an asynchronous programming language that uses an event-driven architecture. Pipelines event-loop is powered by

329 views • 20 slides
Highlights Highlights of of New New Pipeline Pipeline Medicines Medicines Based on Meds

Highlights Highlights of of New New Pipeline Pipeline Medicines Medicines Based on Meds

Highlights Highlights of of New New Pipeline Pipeline Medicines Medicines Based on Meds Pipeline Monitor 2018 CADTH Symposium April 15, 2019 Jared Berger Policy Analyst Providing insight into potentially high-impact medicines in the

317 views • 9 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
STINUS Standardised Transfer of INformation about Users Service David Simonsen Mads Freek

STINUS Standardised Transfer of INformation about Users Service David Simonsen Mads Freek

STINUS Standardised Transfer of INformation about Users Service David Simonsen Mads Freek Petersen Hub and spoke Single login, Single sign on provisioning on the fly Systems Institutions 1 Login X WAYF 2 Login Y RASMUS Remote Access

496 views • 12 slides
Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER

Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER

Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER 2017 Overview Google Apps Scripts Overview Google Apps Scripts A scripting language based on JavaScript that lets you automate actions with

268 views • 15 slides
(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 (iPhone) https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 (Android)

365 views • 13 slides
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan, Jingjing Ren, Martina Lindorfer*, Christo Wilson, and David Choffnes Northeastern University, *UC Santa Barbara Motivation + internet connectivity

400 views • 36 slides
Logging in to Google Classroom & Clever Getting Started Your child was provided with a

Logging in to Google Classroom & Clever Getting Started Your child was provided with a

Logging in to Google Classroom & Clever Getting Started Your child was provided with a secure login and password that is unique to them. Check with his/her teacher to obtain this private information. Your child will use this login to

517 views • 12 slides
Using Google Earth for Remote Teaching GSA / NAGT June 16, 2020 Digital Field Tools 11:00 am

Using Google Earth for Remote Teaching GSA / NAGT June 16, 2020 Digital Field Tools 11:00 am

Using Google Earth for Remote Teaching GSA / NAGT June 16, 2020 Digital Field Tools 11:00 am MDT Webinar Series 1:00 pm EDT Using Google Earth for Remote Teaching Presenters: Steve Whitmeyer (James Madison University) Drew L askowski

292 views • 27 slides
The Tor Project Our mission is to be the global resource for technology, advocacy, research and

The Tor Project Our mission is to be the global resource for technology, advocacy, research and

The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention. 1 2 3 4 5 We h a v e a p r

640 views • 33 slides
CS2 : A Searchable Cryptographic Cloud Storage System Seny Kamara (MSR) Charalampos Papamanthou

CS2 : A Searchable Cryptographic Cloud Storage System Seny Kamara (MSR) Charalampos Papamanthou

CS2 : A Searchable Cryptographic Cloud Storage System Seny Kamara (MSR) Charalampos Papamanthou (UC Berkeley) Tom Roeder (MSR) Cloud Computing Cloud Computing o Main concern o will my data be safe? o will anyone see it? o can anyone modify it?

960 views • 42 slides

More recommend