When migrating to cloud and microservices architecture, companies need to invest in foundational capabilities, such as a microservices platform, continuous delivery, and an immutable infrastructure. In this talk, we will discuss our experience implementing these capabilities on the enterprise scale with Google Cloud, Kubernetes, Istio, Envoy, Spinnaker, and Hashicorp stack. We will also discuss best practices of onboarding the cloud to facilitate DevOps, SRE without sacrificing quality or control.
2. Introducing Grid Dynamics technology services
Digital transformation Big data, real time analytics, ML & AI
Microservices replatforming DevOps & cloud enablement
Open Source Cloud-ready Scalable Automated
7. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
8. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please?
9. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please? Sure. Tomorrow.
10. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please? Sure. Tomorrow.
Cloud
11. Infrastructure team
(as seen by a developer)
Developer
(came to ask for a VM)
Cloud VMs
(carefully managed by infrastructure)
12. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Can I have a VM please? Sure. Tomorrow.
Cloud
13. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
14. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
15. Application teams access
No access
• Cloud projects
• Access policies
• Core networks
• IAM policies
Debatable
• Subnets
• Firewalls
• OS
• Base VM images
Has access
• VMs based on preapproved images
• Storage buckets
• Load balancers
• Firewalls within preapproved limits
• Other preapproved cloud services
16. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Something is missing
28. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
Policy (cost, access, security, other)
29. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
Policy (cost, access, security, other)
30. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
applications deploy themselves?
Policy (cost, access, security, other)
31. Application deployment package
Environment
Deployable unit
Build-time dependencies
Configuration
Deployment
scriptApplication artifact
Platform
& infra
teams
Development
engineers
QA
engineers
Deployment
engineers
Application can deploy itself
32. Application deployment package
Environment
Deployable unit
Build-time dependencies
Configuration
Deployment
scriptApplication artifact
Platform
& infra
teams
Development
engineers
QA
engineers
Deployment
engineers
Application can deploy itself
50. All changes to production should be authorized
1. Development lead should sign off
2. Functional QA lead should sign off
3. Performance QA lead should sign off
4. Security lead should sign off
5. Operations lead should sign off
6. Artifact deployed to production should be the same as tested in QA environment
52. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
All changes to production
should be authorized
53. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
Build,
code analysis,
unit testing
All changes to production
should be authorized
54. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
Build,
code analysis,
unit testing
Service
testing
All changes to production
should be authorized
Small QA
environment
55. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Small QA
environment
56. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
Small QA
environment
57. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Small QA
environment
58. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Small QA
environment
59. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Full release
Small QA
environment
1 hour
60. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Full release
Small QA
environment
1 hour
Spinnaker
65. Digital organization service architecture
Infrastructure
Storage Networking
Base OS
Security
Logging &
Monitoring
Business domain (applications)
Support
(SRE)
Microservices platform
Security
Logging &
Monitoring
Support
(SRE)
Databases, caches, message queues, load balancers
CICD pipeline, self-service
Microservices
Compute
66. Digital organization team structure
Infrastructure (IaaS)
Business domain (applications)
Business
domain
PMO
VP
Architecture &
security
Service(s)
Service
Release engineering
Support
(SRE)
Director/Manager/Lead
QADev Deployment
VP Cloud API Base OS Networking Release
engineering
Architecture &
security
Support
(SRE)
72. Capabilities for enterprise cloud, DevOps, and SRE
Organization Technology Process
Service-oriented organization
Cross-functional teams
DevOps culture and skills
Infrastructure as a service
Site reliability engineering
Microservices architecture
Continuous delivery platform
Chaos engineering
Immutable infrastructure
AI/ML for operations
Microservices platform
Policy-driven CICD
Testing in production
Single environment
Ultra-light change management
Change-driven design
Covered
Not covered