When migrating to a cloud and microservices architecture, companies need to invest in foundational capabilities, such as a microservices platform, continuous delivery, and an immutable infrastructure. In this talk, we will discuss our experience implementing these capabilities on the enterprise-scale with Google Cloud, Kubernetes, Istio, Envoy, Spinnaker, and Hashicorp stack. We will also discuss best practices of onboarding the cloud to facilitate DevOps, SRE without sacrificing quality or control.

1. Cloud, Microservices & DevOps
Enterprise-level implementation best practices

2. Maxim Shishkarev
Sr. Solutions Architect @ Grid Dynamics
Cloud Enablement, DevOps and CICD automation
15+ years of experience in these areas and still enjoying it ;)
Family, Travel, Photography, Surfing

3. Introducing Grid Dynamics technology services
Digital transformation Big data, real time analytics, ML & AI
Microservices replatforming DevOps & cloud enablement
Open Source Cloud-ready Scalable Automated

4. Enterprise journey to
cloud, DevOps and SRE
5
...based on a true story.

5. Infrastructure
Architecture
&
Platform
Change
Management

6. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Release
team

7. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Can I have a VM please?
Release
team

8. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Can I have a VM please?
Release
team
Sure. Tomorrow.

9. Datacenter
Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Can I have a VM please? Sure. Tomorrow. Probably
Release
team

10. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Can I have a VM please? Sure. Tomorrow. Probably
Release
team
us-east
Enterprise
Data Centers
us-west
us-central

11. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Can I have a VM please?
Cloud
Sure. Tomorrow. Probably
Release
team

12. Self-service portal
(as seen by a developer)
Developer
(came to ask for a VM)
Cloud VMs
(carefully managed by infrastructure)

13. Agility
Cost reduction
Flexibility
On-demand capacity
Pay as you go
Microservices
Continuous Delivery
Time to market
Speed
Automation
SRE
DevOps
CAPEX --> OPEX

14. Web UI Search Checkout
Infra
team
Self-service portal
Network
team
OS
team
Security
team
Dev
team
QA
team
Can I have a VM please? Sure. Tomorrow. Probably
Cloud
Release
team

15. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Release
team

16. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Release
team

17. Application teams access
No access
• Cloud projects
• Access policies
• Core networking
• IAM policies
Debatable
• Subnets
• Firewalls
• OS
• Base Images
Has access
• VMs based on pre approved images
• Storage buckets
• Load balancers
• Firewalls within pre approved limits
• Other pre approved cloud services

18. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Release
team

19. .WAR
Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Release
team
Monolithic App

20. .WAR
Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Release
team
Monolithic App

21. .WAR
Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Release
team
Monolithic App

22. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
Cloud
Storage Network Other
API API API API
Policy (cost, access, security, other)
Release
team

23. Enterprise
Data Centers
Monolithic
Tightly Coupled
Microservices
Loosely Coupled
IaaS
Search Offers
Browse Checkout
Pricing
Account
All in One

24. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
auto-scale
self-heal
canary
release
rolling upgrade
find new version
of price
Refresh
username/password
of database
route 5% traffic to
price 1.2
register new
nodes in load
balancer

25. Packaging Package
repo
Deployment
Logging & monitoring
Provisioning
Load balancing
Lifecycle management
(scaling, failover, etc.)
Service mesh
Service registry & discovery,
secret management
Business configuration
management
Microservices platform

26. Microservices platform reference technology stack
Feature Container-based VM-based
Packaging
Artifact repository
Deployment and provisioning
Load balancing and routing
Service mesh
Service registry and discovery
Secret management
Feature flags management
Resource management
Auto-scaling, self-healing
Logging and monitoring
Registry

27. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
Policy (cost, access, security, other)

28. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
Policy (cost, access, security, other)

29. Web UI Search Checkout
Infra
teamCompute
Network
team
OS
team
Security
team
Dev
team
QA
team
RE
team
Cloud
Storage Network Other
API API API API
Microservices platform
API
Platform
team
applications deploy themselves?
Policy (cost, access, security, other)

30. Application deployment package
Environment
Deployable unit
Build-time dependencies
Configuration
Deployment
scriptApplication artifact
Platform
& infra
teams
Development
engineers
QA
engineers
Deployment
engineers
Application can deploy itself

31. Application deployment package
Environment
Deployable unit
Build-time dependencies
Configuration
Deployment
scriptApplication artifact
Platform
& infra
teams
Development
engineers
QA
engineers
Deployment
engineers
Application can deploy itself

32. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Microservices platformUpstream services

33. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Deploy
Instance group
Load balancer
VM
Template
Microservices platformUpstream services

34. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

35. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

36. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

37. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services
Rolling upgrade

38. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

39. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

40. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

41. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

42. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance
Microservices platformUpstream services

43. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

44. Application deployment package
Environment
Deployable unit (VM) Deployment script
Cloud Infrastructure
Instance group
Load balancer
VM
Template Instance Instance Instance
Microservices platformUpstream services

45. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Production traffic

46. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

47. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic
Order
Cart
Search
Product
Web UI

48. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

49. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

50. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

51. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

52. Web UI
Search
Profile
Cart
Order
Price
(v1.1)
Product
Price
(v1.2)
Production traffic Canary or test traffic

53. Platform & Tooling
Infrastructure
App1 v1.1
Configuration
Data
App2 v2.1
Configuration
Data
App3 v3.1
Configuration
Data
Interfaces
Interfaces
Interfaces
Interfaces
Code is broken
Wrong endpoint
Corrupted Data
Incompatible with App2 v2.1
Incorrect GC Config
Tested v3 only
Manually tweaked OS
Exposes /v2.1/ instead
of /v2/
Edge
Forgot rules for App3
Still warming-up
Interfaces
Built on a laptop
Create a ticket to get an
environment
Sent package via email
Sent config via
chat
Forgot to restart another service after
deployment Get configs from a
spreadsheet
Destroyed wrong env
Messed with Firewalls
VPN is downSuddenly out of quota or capacity
What could possibly go wrong? –Everything…

54. All changes to production should be authorized

55. All changes to production should be authorized
1. Development lead should sign off
2. Functional QA lead should sign off
3. Performance QA lead should sign off
4. Security lead should sign off
5. Operations lead should sign off
6. Artifact deployed to production should be the same as tested in QA environment

56. Release
Engineer
Dev
QA
DevOps
Perf QA
Business
Test environment
Production
deployment CR
sign offs
Dev Lead
QA Lead
Perf Lead
Business
Ops Lead
Security Lead

57. Source
code
Production
Web UI
Search
v1.1
Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
All changes to production
should be authorized

58. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
All changes to production
should be authorized

59. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
Build,
code analysis,
unit testing
All changes to production
should be authorized

60. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Code
review
Build,
code analysis,
unit testing
Service
testing
All changes to production
should be authorized
Small QA
environment

61. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Small QA
environment

62. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
Small QA
environment

63. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Small QA
environment

64. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Small QA
environment

65. Production deployment sign offs
Dev lead
QA lead
Perf QA lead
Business (product manager)
Ops lead
Security lead
Artifact wasn’t tampered with
Source
code
Production
Web UI
Search
v1.1
Search
v1.2
Code
review
Build,
code analysis,
unit testing
Service
testing
Deploy
All changes to production
should be authorized
Integration testing
UAT
Canary release (1% traffic)
Full release
Small QA
environment
1 hour

66. Requirements
management
Project
management
Source code
repository
Continuous integration and delivery pipeline
Approvals and audit log
Change management dashboard
Release notes
generation
Functional testing platform
Performance testing platform
Security testing platform
Code review
Code analysis
CICD platform components

67. CICD platform sample technology stack
Feature Technology options
Requirements and project management
SCM and code review
Static code analysis and scanning
CICD pipeline
Functional testing platform
Performance testing platform
Approvals and audit log
Change management dashboard
Release notes generation

68. Closing notes
69

69. Capabilities for enterprise cloud, DevOps, and SRE
Organization Technology Process
DevOps culture and skills
Site reliability engineering
Service-oriented organization
Infrastructure as a service
Cross-functional teams
Microservices architecture
Continuous delivery platform
Chaos engineering
Immutable infrastructure
AI/ML for operations
Microservices platform
Policy-driven CICD
Testing in production
Single environment
Ultra-light change management
Change-driven design
Covered
Not covered

70. 10 years of
experience in cloud,
DevOps and digital
transformation

71. www.griddynamics.co
m
Thank you!
www.griddynamics.com