github.com/alphagov from a pipeline - fosdem 2021 - home...from a pipeline to a government cloud 1....
TRANSCRIPT
![Page 1: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/1.jpg)
Toby LorneSRE @ GOV.UK Platform-as-a-Service
www.toby.codesgithub.com/tlwrgithub.com/alphagov
From a pipelineto a government cloud
![Page 2: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/2.jpg)
From a pipelineto a government cloudHow the UK government deploy a Platform-as-a-Service using Concourse,an open-source continuous thing-doer
![Page 3: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/3.jpg)
From a pipelineto a government cloud1. GOV.UK PaaS overview2. Concourse overview3. Pipeline walkthrough4. Patterns and re-use
![Page 4: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/4.jpg)
What is GOV.UK PaaS?
What is a Platform-as-a Service?
What are some challenges with digital services in government?
How does GOV.UK PaaS make things better?
![Page 5: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/5.jpg)
What is a PaaS?
Run, manage, and maintain apps and backing services
Without having to buy, manage, and maintain infrastructure or needing specialist expertise
![Page 6: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/6.jpg)
Here is my source codeRun it for me in the cloudI do not care how
![Page 7: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/7.jpg)
Deploy to production safer and faster
Reduce waste in the development process
![Page 8: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/8.jpg)
Open source
Cloud Foundry
DEIS
Openshift
kf
Dokku
Rio
Proprietary
Heroku
Pivotal application service
EngineYard
Google App Engine
AWS Elastic Beanstalk
Tencent BlueKing
![Page 9: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/9.jpg)
![Page 10: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/10.jpg)
Why does governmentneed a PaaS?
![Page 11: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/11.jpg)
UK-based web hosting for government services
Government should focus on building useful services, not managing infrastructure
![Page 12: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/12.jpg)
Enable teams to create services faster
Reduce the cost of procurement and maintenance
An opinionated platform promotes consistency
![Page 13: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/13.jpg)
Communication within large bureaucracies can be slow
Diverse app workloads are impossible to reason about
Highly leveraged team requires trust and autonomy
![Page 14: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/14.jpg)
Only able to do this because of open source software and communities
![Page 15: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/15.jpg)
APPS SERVICES MANAGEMENT
API + CLI
provided by
Cloud Foundry
Service brokers
OSBspecification
compliant
Operational metrics
User management
Billing
![Page 16: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/16.jpg)
Prometheus
BOSH Grafana
Terraform
Concourse
![Page 17: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/17.jpg)
BOSH
bosh.io
Release engineering, VM provisioning and lifecycling management
Very specific use-case, but very good at it
Steep learning curve, high reward
Terraform
terraform.io
Infrastructure as code, for provisioning arbitrary resources
Versatile tool for managing cloud infrastructure
![Page 18: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/18.jpg)
Grafana
grafana.com
Visualisation and dashboarding tool
Good for aggregating multiple data sources for display
Prometheus
prometheus.io
Metric collection, storage, and query
Large open-source ecosystem
Multi-dimensional labels enable a rich query language
![Page 19: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/19.jpg)
What is Concourse?
Concourse is an open-source continuous thing-doer
“A thing which does things, sometimes continuously”
concourse-ci.org
![Page 20: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/20.jpg)
A general approach to automation, with extensibility as the primary design goal
![Page 21: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/21.jpg)
PIPELINE RESOURCE
TASKJOB
![Page 22: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/22.jpg)
Jobs
Can run in parallel, or in series
Composed of steps
Steps are compositions of running tasks, flow-control, and resource interactions
Pipelines
Directed acyclic graph, not just read left-to-right
Contain resources and jobs
Written in YAML
Automatically visualised in the web UI
![Page 23: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/23.jpg)
Tasks
Specific
Represent doing a thing (unit of code execution)
Are stateless(in the long run)
Code is executed inside an ephemeral environment, based on a container image
Resources
Generic
Defined byresource types
Immutable, idempotent, external source of truth
“a single object with a linear version sequence”
![Page 24: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/24.jpg)
Resource interactions
getting a resource pulls external state from the source of truth
putting a resource step pushes local state to the source of truth
Periodically resources are checked for new versions
Step flow control
in_parallel is a step for running other steps in parallel, e.g. clone many git repos concurrently
do is a step for running steps in series
try is a step which will not fail a job if it does not succeed
set_pipeline will update a pipeline’s config
![Page 25: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/25.jpg)
Task examples
Build a container image
Compile release artefacts
Run automated tests
Generate release notes
Resource types
Git/Image repository
File in object storage
Semantic version
Distributed lock/pool
GitHub release
Terraform deployment
Cloud Foundry app
![Page 26: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/26.jpg)
Simple continuous deployment
![Page 27: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/27.jpg)
Multi-environment continuous deployment
![Page 28: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/28.jpg)
A branching pipeline
![Page 29: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/29.jpg)
“Autonomate” a manual release process
![Page 30: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/30.jpg)
“Show me the YAML”
![Page 31: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/31.jpg)
Example:
Continuously deploy terraform
![Page 32: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/32.jpg)
Continuously deploy terraform
![Page 33: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/33.jpg)
resources:- name: my-code-repo …- name: my-tf-deployment …
jobs:- name: deploy-my-code …
![Page 34: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/34.jpg)
resources:- name: my-code-repo type: git icon: git source: branch: develop uri: https://github.com/x/y.git- name: my-tf-deployment …
jobs: …
![Page 35: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/35.jpg)
resources:- name: my-code-repo …- name: my-tf-deployment type: terraform icon: terraform source: …
jobs:- name: deploy-my-code …
![Page 36: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/36.jpg)
resources: …
jobs:- name: deploy-my-code serial: true plan: - get: my-code-repo trigger: true - put: my-tf-deployment
![Page 37: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/37.jpg)
This pipeline will deploy terraform whenever the develop branch changes
((secrets)) are retrieved from a credentials provider when they are needed
Credential providers:- Credhub- AWS SSM- Kubernetes- Hashicorp Vault
resources:- name: my-code-repo type: git icon: git source: branch: develop uri: https://github.com/x/y.git
- name: my-tf-deployment type: terraform icon: terraform source: backend_type: s3 backend_config: bucket: my-prod-bucket key: tfstate/my-deployment.tfstate region: eu-west-2 access_key: ((aws_access_key_id)) secret_key: ((aws_secret_access_key))
jobs:- name: deploy-my-code serial: true plan: - get: my-code-repo trigger: true - put: my-tf-deployment
![Page 38: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/38.jpg)
fly login \ --target my-concourse \ --open-browser
fly set-pipeline \ --pipeline deployment \ --config cd-tf.yml
![Page 39: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/39.jpg)
Continuously deploy terraform
![Page 40: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/40.jpg)
Continuously deploy terraform(oh no)
![Page 41: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/41.jpg)
resources:- name: my-code-repo …- name: my-tf-deployment …- name: project-slack-channel type: slack icon: slack source: …
jobs: …
![Page 42: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/42.jpg)
…put: my-tf-deploymenton_failure: put: project-slack-channel params: channel: '#develop' icon_emoji: ':airplane:' text: | Build $BUILD_NAME failed. Check it out at: …
![Page 43: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/43.jpg)
Continuously deploy terraformwith failure notifications
![Page 44: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/44.jpg)
Resource interactions
checkis executed periodically
inis executed for a get step
outis executed for a put step
Extending Concourse
Build your own resource
An OCI compatible image, hosted somewhere Concourse can access.
Which should contain up to three executables:- /opt/resource/check- /opt/resource/in- /opt/resource/out
![Page 45: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/45.jpg)
A git repo fliesThrough a concourse pipelineIt becomes a cloud
![Page 46: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/46.jpg)
What do we care about?
App availability (~99.99%)
API availability (~99.9%)
Safety and reproducibility are achieved through autonomation
![Page 47: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/47.jpg)
GOV.UK PaaS deployment pipeline
![Page 48: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/48.jpg)
GOV.UK PaaS deployment pipeline
![Page 49: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/49.jpg)
GOV.UK PaaS deployment pipeline
![Page 50: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/50.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
![Page 51: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/51.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
![Page 52: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/52.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
![Page 53: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/53.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
![Page 54: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/54.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
DEPLOY
CF
![Page 55: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/55.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
DEPLOY
CF
PROMETHEUS
& BROKERS
![Page 56: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/56.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
DEPLOY
CF
PROMETHEUS
& BROKERS TESTS
OTHER APPS
![Page 57: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/57.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
DEPLOY
CF
PROMETHEUS
& BROKERS TESTS
OTHER APPS CERTROTATION
![Page 58: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/58.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
DEPLOY
CF
PROMETHEUS
& BROKERS TESTS
OTHER APPS CERT ROTATION
GIT TAG RELEASE
![Page 59: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/59.jpg)
GOV.UK PaaS deployment pipelineLOCK
UNLOCK
CONFIG
WAIT
AVAILABILITY TESTS
TERRAFORM
DEPLOY
CF
PROMETHEUS
& BROKERS TESTS
OTHER APPS CERT ROTATION
GIT TAG RELEASE
![Page 60: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/60.jpg)
Now do it all again!
git merge --gpg-sign→ Deploy staging → git tag → Deploy prod London → Deploy prod Dublin
This process happens ~2.5x per day
![Page 61: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/61.jpg)
STAGING
PROD LONDON
PROD IRELA
ND
![Page 62: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/62.jpg)
Normal deployments are fully automated, so deploys are small,and occur often
Deployments fail safely, due to locking, tests, and BOSH
![Page 63: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/63.jpg)
The UI is “anger optimised” - @vito
It is visually obvious* what state a pipeline is in, and if it is broken
![Page 64: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/64.jpg)
Concourse and Grafanadeployment overview annotations
![Page 65: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/65.jpg)
Concourse and Grafanadeployment overview details
![Page 66: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/66.jpg)
Someone else’s codeIs running in productionCan I re-use this?
![Page 67: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/67.jpg)
Patterns and re-use, how?
Concourse resource types available at resource-types.concourse-ci.org
Patterns- Locks, pools, and counters- Availability tests- Metrics and annotations- Releases and communications
![Page 68: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/68.jpg)
Pools and locks
with controls for pipeline operators
github.com/concourse/pool-resource
![Page 69: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/69.jpg)
Availability tests
implemented as a task
github.com/tsenart/vegeta
![Page 70: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/70.jpg)
Annotations
github.com/alphagov/paas-grafana-annotation-resource
![Page 71: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/71.jpg)
Metrics increase( concourse_builds_finished{ exported_job="continuous-smoke-tests", status!="succeeded" }[30m] ) >= 1
concourse-ci.org/metrics.html
![Page 72: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/72.jpg)
Release management
with controls for maintainers
github.com/concourse/github-release-resourcegithub.com/concourse/semver-resource
![Page 73: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/73.jpg)
Communications
Please don’t rely on watching your pipelines
github.com/FidelityInternational/concourse-pagerduty-notification-resourcegithub.com/cloudfoundry-community/slack-notification-resource
github.com/hpcloud/hipchat-notification-resourcegithub.com/pivotal-cf/email-resource
![Page 74: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/74.jpg)
That’s Concourse!
Concourse is an open-source continuous thing-doer
“A thing which does things, sometimes continuously”
concourse-ci.org
![Page 75: github.com/alphagov From a pipeline - FOSDEM 2021 - Home...From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and](https://reader036.vdocuments.us/reader036/viewer/2022071214/6043256035ea57153034643c/html5/thumbnails/75.jpg)
Toby LorneSRE @ GOV.UK Platform-as-a-Service
www.toby.codesgithub.com/tlwrgithub.com/alphagov
From a pipelineto a government cloud