from a pipeline to a government cloud
play

From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK - PowerPoint PPT Presentation

Dec 28, 2023 •222 likes •978 views

From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service www.toby.codes github.com/tlwr github.com/alphagov From a pipeline to a government cloud How the UK government deploy a Platform-as-a-Service using

  1. From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service www.toby.codes github.com/tlwr github.com/alphagov

  2. From a pipeline to a government cloud How the UK government deploy a Platform-as-a-Service using Concourse, an open-source continuous thing-doer

  3. From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and re-use

  4. What is GOV.UK PaaS? What is a Platform-as-a Service? What are some challenges with digital services in government? How does GOV.UK PaaS make things better?

  5. What is a PaaS? Run, manage, and maintain apps and backing services Without having to buy, manage, and maintain infrastructure or needing specialist expertise

  6. Here is my source code Run it for me in the cloud I do not care how

  7. Deploy to production safer and faster Reduce waste in the development process

  8. Proprietary Open source Heroku Cloud Foundry Pivotal application service DEIS EngineYard Openshift Google App Engine kf AWS Elastic Beanstalk Dokku Tencent BlueKing Rio

  10. Why does government need a PaaS?

  11. UK-based web hosting for government services Government should focus on building useful services, not managing infrastructure

  12. Enable teams to create services faster Reduce the cost of procurement and maintenance An opinionated platform promotes consistency

  13. Communication within large bureaucracies can be slow Diverse app workloads are impossible to reason about Highly leveraged team requires trust and autonomy

  14. Only able to do this because of open source software and communities

  15. APPS SERVICES MANAGEMENT Operational API + CLI Service brokers metrics provided by OSB User management specification Cloud Foundry compliant Billing

  16. BOSH Grafana Concourse Terraform Prometheus

  17. Terraform BOSH terraform.io bosh.io Infrastructure as code, for Release engineering, VM provisioning arbitrary provisioning and resources lifecycling management Versatile tool for managing Very specific use-case, cloud infrastructure but very good at it Steep learning curve, high reward

  18. Prometheus Grafana prometheus.io grafana.com Metric collection, storage, Visualisation and and query dashboarding tool Large open-source ecosystem Good for aggregating multiple data sources Multi-dimensional labels for display enable a rich query language

  19. What is Concourse? Concourse is an open-source continuous thing-doer “A thing which does things, sometimes continuously” concourse-ci.org

  20. A general approach to automation, with extensibility as the primary design goal

  21. PIPELINE RESOURCE JOB TASK

  22. Pipelines Jobs Directed acyclic graph, Can run in parallel, or not just read in series left-to-right Composed of steps Contain resources and jobs Steps are compositions of running tasks, Written in YAML flow-control, and resource interactions Automatically visualised in the web UI

  23. Tasks Resources Specific Generic Represent doing a thing Defined by (unit of code execution) resource types Are stateless Immutable, idempotent, (in the long run) external source of truth Code is executed inside an “a single object with a ephemeral environment, linear version sequence” based on a container image

  24. Step flow control Resource interactions in_parallel is a step for getting a resource pulls running other steps in external state from the parallel, e.g. clone many source of truth git repos concurrently putting a resource step do is a step for running pushes local state to steps in series the source of truth try is a step which will Periodically resources not fail a job if it does are checked for new not succeed versions set_pipeline will update a pipeline’s config

  25. Task examples Resource types Build a container image Git/Image repository Compile release artefacts File in object storage Run automated tests Semantic version Generate release notes Distributed lock/pool GitHub release Terraform deployment Cloud Foundry app

  26. Simple continuous deployment

  27. Multi-environment continuous deployment

  28. A branching pipeline

  29. “Autonomate” a manual release process

  30. “Show me the YAML”

  31. Example: Continuously deploy terraform

  32. Continuously deploy terraform

  33. resources: - name: my-code-repo … - name: my-tf-deployment … jobs: - name: deploy-my-code …

  34. resources: - name: my-code-repo type: git icon: git source: branch: develop uri: https://github.com/x/y.git - name: my-tf-deployment … jobs: …

  35. resources: - name: my-code-repo … - name: my-tf-deployment type: terraform icon: terraform source: … jobs: - name: deploy-my-code …

  36. resources: … jobs: - name: deploy-my-code serial: true plan: - get: my-code-repo trigger: true - put: my-tf-deployment

  37. resources: This pipeline will deploy - name: my-code-repo terraform whenever the type: git icon: git develop branch changes source: branch: develop uri: https://github.com/x/y.git ((secrets)) are retrieved - name: my-tf-deployment from a credentials provider type: terraform icon: terraform when they are needed source: backend_type: s3 backend_config: Credential providers: bucket: my-prod-bucket key: tfstate/my-deployment.tfstate - Credhub region: eu-west-2 access_key: ((aws_access_key_id)) - AWS SSM secret_key: ((aws_secret_access_key)) - Kubernetes jobs: - Hashicorp Vault - name: deploy-my-code serial: true plan: - get: my-code-repo trigger: true - put: my-tf-deployment

  38. fly login \ --target my-concourse \ --open-browser fly set-pipeline \ --pipeline deployment \ --config cd-tf.yml

  39. Continuously deploy terraform

  40. Continuously deploy terraform (oh no)

  41. resources: - name: my-code-repo … - name: my-tf-deployment … - name: project-slack-channel type: slack icon: slack source: … jobs: …

  42. … put: my-tf-deployment on_failure: put: project-slack-channel params: channel: '#develop' icon_emoji: ':airplane:' text: | Build $BUILD_NAME failed. Check it out at: …

  43. Continuously deploy terraform with failure notifications

  44. Extending Concourse Resource interactions Build your own resource check is executed periodically An OCI compatible image, hosted somewhere Concourse in can access. is executed for a get step Which should contain up to three executables: out - /opt/resource/check is executed for a put - /opt/resource/in step - /opt/resource/out

  45. A git repo flies Through a concourse pipeline It becomes a cloud

  46. What do we care about? App availability (~99.99%) API availability (~99.9%) Safety and reproducibility are achieved through autonomation

  47. GOV.UK PaaS deployment pipeline

  48. GOV.UK PaaS deployment pipeline

  49. GOV.UK PaaS deployment pipeline

  50. GOV.UK PaaS deployment pipeline UNLOCK LOCK

  51. GOV.UK PaaS deployment pipeline CONFIG UNLOCK LOCK

  52. GOV.UK PaaS deployment pipeline CONFIG WAIT UNLOCK LOCK AVAILABILITY TESTS

  53. GOV.UK PaaS deployment pipeline CONFIG TERRAFORM WAIT UNLOCK LOCK AVAILABILITY TESTS

  54. GOV.UK PaaS deployment pipeline CONFIG TERRAFORM WAIT DEPLOY CF UNLOCK LOCK AVAILABILITY TESTS

  55. LOCK AVAILABILITY TESTS CONFIG GOV.UK PaaS deployment pipeline WAIT TERRAFORM DEPLOY CF PROMETHEUS & BROKERS UNLOCK

  56. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF UNLOCK LOCK AVAILABILITY TESTS OTHER APPS

  57. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF UNLOCK LOCK CERT AVAILABILITY TESTS OTHER APPS ROTATION

  58. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF GIT TAG RELEASE UNLOCK LOCK CERT AVAILABILITY TESTS OTHER APPS ROTATION

  59. GOV.UK PaaS deployment pipeline PROMETHEUS & BROKERS TESTS CONFIG TERRAFORM WAIT DEPLOY CF GIT TAG RELEASE UNLOCK LOCK CERT AVAILABILITY TESTS OTHER APPS ROTATION

  60. Now do it all again! git merge --gpg-sign → Deploy staging → git tag → Deploy prod London → Deploy prod Dublin This process happens ~2.5x per day

  61. PROD IRELAND PROD LONDON STAGING

  62. Normal deployments are fully automated, so deploys are small, and occur often Deployments fail safely, due to locking, tests, and BOSH

  63. The UI is “anger optimised” - @vito It is visually obvious* what state a pipeline is in, and if it is broken

  64. Concourse and Grafana deployment overview annotations

  65. Concourse and Grafana deployment overview details

  66. Someone else’s code Is running in production Can I re-use this?

  67. Patterns and re-use, how? Concourse resource types available at resource-types.concourse-ci.org Patterns - Locks, pools, and counters - Availability tests - Metrics and annotations - Releases and communications

  68. Pools and locks with controls for pipeline operators github.com/concourse/pool-resource

  69. Availability tests implemented as a task github.com/tsenart/vegeta

Recommend

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native

Teaching an old DAG new tricks Migrating a decade old pipeline to Airflow Outline Cloud native deployment Cloud native deployment Multi-repo DAG management Manage Airflow Variables with code through Terraform Airflow monitoring

478 views • 30 slides
MeghRaj MeghRaj Service Directory (MSD) G Government of India Cloud initiative u i d CSP

MeghRaj MeghRaj Service Directory (MSD) G Government of India Cloud initiative u i d CSP

MeghRaj Ecosystem Cloud Service Seekers(CSS) Ministry/ Departments MeghRaj MeghRaj Service Directory (MSD) G Government of India Cloud initiative u i d CSP CAP Department a of n Electronics Cloud NIC/ CDAC etc c and Management

1.47k views • 4 slides
Cloud Ser Clo Service Prov Provider(CSP) for for the Government Priv Gov Private Cl Cloud

Cloud Ser Clo Service Prov Provider(CSP) for for the Government Priv Gov Private Cl Cloud

SITA SITA SUS SUSE CSP CSP for for GPC GPCE RFB 2088 RFB 2088/2019 for for the pro procurement of of SUS SUSE Cloud Ser Clo Service Prov Provider(CSP) for for the Government Priv Gov Private Cl Cloud Ecos Ecosyste tem (GP

312 views • 10 slides
CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial Cloud Computing PRESENTED TO HOUSE COMMITTEE ON GOVERNMENT TRANSPARENCY & OPERATION LEGISLATIVE BUDGET BOARD STAFF April 5, 2016 Statement of

374 views • 8 slides
NOAA Pipeline/BUFR/CBUFR, schedule, clear flag and cloud- cleared filter November 2001 AIRS

NOAA Pipeline/BUFR/CBUFR, schedule, clear flag and cloud- cleared filter November 2001 AIRS

NOAA Pipeline/BUFR/CBUFR, schedule, clear flag and cloud- cleared filter November 2001 AIRS science team meeting NOAA/NESDIS Mitch Goldberg Walter Wolf Lihang Zhou Yanni Qu Murty Divarkarla Topics Deliverable AIRS Products NOAA

812 views • 45 slides
Natural Gas Pipeline 101 Brian Fahrenthold Director Government Affairs, Spectra Energy Spectra

Natural Gas Pipeline 101 Brian Fahrenthold Director Government Affairs, Spectra Energy Spectra

1st ANNUAL ARKANSAS ENERGY ROCKS TEACHER ENERGY EDUCATION WORKSHOP | JUNE 16 - 18 Natural Gas Pipeline 101 Brian Fahrenthold Director Government Affairs, Spectra Energy Spectra Energy: Our Pipelines Natural Gas Transmission Pipe: 19,000 mi

365 views • 20 slides
A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios

A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios

A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios Peristeras 2 1 Digital Enterprise Research Institute, NUI Galway, Ireland {fadi.maali,richard.cyganiak}@deri.org 2 European Commission,

156 views • 15 slides
Forming a CI/CD Pipeline and Cloud-first Culture Jeremy Friesen, Manager Digital Libraries

Forming a CI/CD Pipeline and Cloud-first Culture Jeremy Friesen, Manager Digital Libraries

Forming a CI/CD Pipeline and Cloud-first Culture Jeremy Friesen, Manager Digital Libraries Technology Unit I NTRODUCTION Who am I? Jeremy Friesen Digital Library Technologies Unit Manager at the Hesburgh Libraries of the University of

509 views • 36 slides
Every SAS Cloud has a Silver Lining Letting your data reign in the cloud DSS SAS SYSTEM

Every SAS Cloud has a Silver Lining Letting your data reign in the cloud DSS SAS SYSTEM

Every SAS Cloud has a Silver Lining Letting your data reign in the cloud DSS SAS SYSTEM Current Single Virtual Server unit with 16 cores upgraded to 32 cores 256 Gb RAM 150 registered users Data collector from other government

890 views • 21 slides
Pipeline Construction Pipeline Construction Challenges Challenges NAPCA Workshop August 19,

Pipeline Construction Pipeline Construction Challenges Challenges NAPCA Workshop August 19,

U.S. Department of Transportation Pipeline and Hazardous Materials Safety Administration Pipeline Construction Pipeline Construction Challenges Challenges NAPCA Workshop August 19, 2010 Houston, Texas Kenneth Y. Lee Office of Pipeline

507 views • 50 slides
Lessons learned from six years of cloud technology transformation in government David Turner

Lessons learned from six years of cloud technology transformation in government David Turner

Lessons learned from six years of cloud technology transformation in government David Turner Managing Director, MSC Digital MSC Digital Independent and vendor agnostic Formed specifically to assist the UK Public Sector - Its

386 views • 19 slides
1,000 foot pipeline Connect Replacement (Saugus 3 and 4) Wells to Magic Mountain Pipeline

1,000 foot pipeline Connect Replacement (Saugus 3 and 4) Wells to Magic Mountain Pipeline

Magic Mountain Water Pipeline Installation Agreement Amendment Commerce Center Drive Pipeline Background 1,000 foot pipeline Connect Replacement (Saugus 3 and 4) Wells to Magic Mountain Pipeline Five Point will oversee construction

60 views • 3 slides
Pipeline A Presentation by Team Pipeline Ben Lai Brandon Bakhshai Jeffrey Serio Somya

Pipeline A Presentation by Team Pipeline Ben Lai Brandon Bakhshai Jeffrey Serio Somya

Pipeline A Presentation by Team Pipeline Ben Lai Brandon Bakhshai Jeffrey Serio Somya Vasudevan What is pipeline Pipeline is an asynchronous programming language that uses an event-driven architecture. Pipelines event-loop is powered by

330 views • 20 slides
Highlights Highlights of of New New Pipeline Pipeline Medicines Medicines Based on Meds

Highlights Highlights of of New New Pipeline Pipeline Medicines Medicines Based on Meds

Highlights Highlights of of New New Pipeline Pipeline Medicines Medicines Based on Meds Pipeline Monitor 2018 CADTH Symposium April 15, 2019 Jared Berger Policy Analyst Providing insight into potentially high-impact medicines in the

318 views • 9 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
API 15S Spoolable Composite Pipeline Systems SD / ND Commissions PHMSA TQ Pipeline Safety

API 15S Spoolable Composite Pipeline Systems SD / ND Commissions PHMSA TQ Pipeline Safety

API 15S Spoolable Composite Pipeline Systems SD / ND Commissions PHMSA TQ Pipeline Safety Seminar Sioux Falls, SD April 15, 2015 DeWitt Burdeaux Regulatory Affairs FlexSteel Pipeline Technologies Presentation Topics Why Use Spoolable

539 views • 31 slides
Motihari-Amlekhgunj Petroleum Pipeline Project Presented by: Er. Pradip Kumar Yadav

Motihari-Amlekhgunj Petroleum Pipeline Project Presented by: Er. Pradip Kumar Yadav

Presentation on Motihari-Amlekhgunj Petroleum Pipeline Project Presented by: Er. Pradip Kumar Yadav Motihari-Amlekhgunj Petroleum Pipeline Project Manager 26 th August, 2020 Backgroud: MoU between the India Government and Nepal

936 views • 36 slides
Spire Missouri STL Pipeline November 13, 2019 STL Pipeline Supports strategy to modernize

Spire Missouri STL Pipeline November 13, 2019 STL Pipeline Supports strategy to modernize

Spire Missouri STL Pipeline November 13, 2019 STL Pipeline Supports strategy to modernize our 60-mile pipeline gas assets to: with capacity of 400 MMcf/d Achieve more diverse supply portfolio Improve reliability and resiliency

623 views • 11 slides
The OpenGL Rendering Pipeline The Rendering Pipeline The process to generate two-dimensional

The OpenGL Rendering Pipeline The Rendering Pipeline The process to generate two-dimensional

The OpenGL Rendering Pipeline The Rendering Pipeline The process to generate two-dimensional images from given virtual cameras and 3D objects The pipeline stages implement various core graphics rendering algorithms Why should you

724 views • 16 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
Rationale Conventional Computational Pipeline Monitoring (CPM) methods have very limited

Rationale Conventional Computational Pipeline Monitoring (CPM) methods have very limited

Liquid Pipeline Leak Detection - Ongoing Research to Evaluate Selected External Leak Detection Technologies Mark Stephens, C-FER Technologies Pipeline Safety Trust Conference, New Orleans LA October 20, 2016 www.cfertech.com 1 2016 Pipeline

182 views • 17 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
Detecting Pipeline Leaks Whats the Right Approach? October 20, 2016 | Pipeline Safety

Detecting Pipeline Leaks Whats the Right Approach? October 20, 2016 | Pipeline Safety

Detecting Pipeline Leaks Whats the Right Approach? October 20, 2016 | Pipeline Safety Trust Conference New Orleans, LA Leak Detection Best Defense is Preventing Leaks from Occurring in First Place Proactive pipeline integrity

259 views • 7 slides

More recommend