Google Cloud Deploy, now GA, makes it easier to do continuous delivery to GKE
Effective software delivery — usually achieved via continuous integration (CI) and continuous delivery (CD) — is a top priority for many product development teams. It’s easy to understand why: the 2021 State of DevOps report found that elite performers of software delivery deployed code much more frequently than low performers, with three times fewer change-related failures. Teams who excel at modern software delivery operational practices were also 1.8 times more likely to report better business outcomes.
You need great tools to do software delivery effectively. Without capable tooling, teams have to design, maintain, and scale their software delivery solutions on their own, which can be difficult given the breadth of continuous delivery’s flow control, security and audit, and integration requirements. Deploying container image artifacts adds further complexity, particularly in Kubernetes environments.
Building on your feedback and Google’s own best practices, we’ve been working on software delivery tooling that helps you meet your continuous delivery goals — especially with respect to Google Kubernetes Engine (GKE) environments. Today, we are pleased to announce the general availability of Google Cloud Deploy, a managed, opinionated continuous delivery service that makes continuous delivery to GKE easier, faster, and more reliable.
Solving for continuous delivery challenges
While designing Google Cloud Deploy, we talked to a number of customers to better understand the challenges they face doing continuous delivery to GKE. While a handful of themes emerged, three stood out: cost of ownership, security and audit, and measurement.
Cost of ownership
As shared in our Preview launch post this past September, the operational cost of Kubernetes continuous delivery can be very high. Identifying best and repeatable practices, scaling delivery tooling and pipelines, collecting key metrics, and staying current — to say nothing of maintenance — is resource-intensive and takes time away from the core business.
As a managed service, Google Cloud Deploy eliminates the scaling and maintenance responsibilities that typically come with self-managed continuous delivery solutions. Now you can reclaim the time spent maintaining your continuous delivery tooling and spend it delivering value to your customers.
Google Cloud Deploy also provides structure. Delivery pipelines and targets are defined declaratively and retained with each release. That means if your delivery pipeline changes, the release’s path to production remains durable. No more time lost troubleshooting issues on in-flight releases caused by changes made to the delivery pipeline.
Promoting a release
Whether or not you already have a continuous delivery capability, you likely already have continuous integration, approval and/or operation workflows, and other systems that intersect with your software delivery practices.
Google Cloud Deploy embraces the GKE delivery tooling ecosystems in three ways: connectivity to CI systems, support for leading configuration (rendering) tooling, and Pub/Sub notifications to enable related software delivery tooling.
“While looking for a Continuous Delivery solution we considered ArgoCD and Spinnaker, however we chose Google Cloud Deploy because it is a managed service, provided proper CD primitives and integrated seamlessly with our GKE clusters. It has empowered every team member to safely and reliably promote their code from commit all the way through to production.”—Jonathan Sokolowski, DevOps Engineer, Search.io
A variety of GKE roles and personas interact with continuous delivery processes. DevOps engineers are focused on release promotion and rollback decisions, while a business decision maker thinks about delivery pipeline health and velocity. Google Cloud Deploy’s user experience keeps these multiple perspectives in mind, making it easier for various personas to perform contextualized reviews and make decisions, improving efficiency and reducing cost of ownership.
Security and control
Google Cloud Deploy’s security foundations strengthen secure software supply chain practices through delivery flow control and auditability.
Lots of different users interact with a software delivery system, making a variety of decisions. Not all users and decisions carry the same authority, however. Being able to define a delivery pipeline and make updates doesn’t always mean you can create release candidates, for example, nor does being able to promote a release to staging mean you can approve it to production. Modern continuous delivery is full of security and audit considerations. Restricting who can access what, where, and how is necessary to maintain release integrity and safety.
Throughout, Google Cloud Deploy enables fine-grained restriction through IAM, with discrete access control and execution-level security. Google Cloud Deploy also supports deploying to private GKE clusters and Virtual Private Cloud (VPC) Service Controls (currently in Beta) to respect security perimeters. For safeguards against unwanted approvals, you can take advantage of flow management features such as release promotion, rollback, and approvals.
Auditing with Google Cloud Deploy works just like it does for other Google Cloud services. Cloud Audit Logs audits user-invoked Google Cloud Deploy activities, providing centralized awareness into who promoted a specific release or made an update to a delivery pipeline. You can also create Google Cloud Deploy pipelines in supported locations to better conform with your business needs.
Great tooling is only part of an effective software delivery strategy — you also need to know what metrics you need to measure, how, and why. By making it easier to measure software delivery performance, Google Cloud Deploy helps teams focus on software delivery optimization and achieve their desired business outcomes.
Google Cloud Deploy collects and makes available built in metrics about delivery pipelines. These include deployment history and success, and also the DORA metric ‘deployment frequency.’
Delivery pipeline metrics
Monitoring your deployed resources is another way to measure the effectiveness of your software delivery processes. To aid monitoring, Google Cloud Deploy automatically labels deployed Kubernetes resources, making it easier to associate your delivery pipelines with application performance. You can integrate application monitoring further using the Google Cloud Deploy API, so you can automatically promote code if it is stable and roll it back if an anomaly is detected.
Comprehensive, easy-to-use, and cost-effective DevOps tools are key to building an efficient software development team, and it’s our hope that Google Cloud Deploy will help you implement complete CI/CD pipelines. And we’re just getting started! Stay tuned as we introduce exciting new capabilities and features to Google Cloud Deploy in the months to come.
In the meantime, check out the product page, documentation, quickstart, and tutorials. Finally, If you have feedback on Google Cloud Deploy, you can join the conversation. We look forward to hearing from you!