DevOps on Google Cloud: a tool to speed up software development

At ForgeRock, they used and approached Kubernetes early on, seeing it as a strategic platform. Running on Kubernetes allows ForgeRock to push multicloud support across Google Kubernetes Engine (GKE), Amazon (EKS) and Azure (AKS). So no matter which cloud their customers are running on, ForgeRock can seamlessly integrate its products into the customer's environment. 

Making it easier for ForgeRock developers and operators to build, deploy and manage applications is critical to our ability to continuously deliver high-quality solutions to customers. ForgeRock is always looking for tools to improve productivity and keep developers focused on writing code instead of configuration. Google Cloud's DevOps toolkit has streamlined three specific practices to help their developers work efficiently.

> Reference: 

• Devops and Breakthrough Security Solutions with GKE Autopilot

1. Help Developers Be Efficient in IDEs

Developer productivity is core to the success of any organization, including ForgeRock. Since developers spend most of their time in the IDE of their choice, ForgeRock's goal is to make it easier for developers to write Kubernetes applications in the IDE they know and love. Cloud Code (https://cloud.google.com/code) help them do exactly that: it makes building, deploying, scaling, and managing Kubernetes infrastructure and applications easy. 

In particular, working with the Kubernetes YAML syntax and schema takes time and a lot of trial and error to master. Ask for a favor supports YAML generation (https://cloud.google.com/code/docs/vscode/yaml-editing) in Cloud Code, the Developer team can easily avoid the complicated and time consuming work of writing YAML files at ForgeRock. With YAML authoring support, developers save time on every error. Cloud Code's inline snippets, completion, and schema validation, aka "linting," further streamline working with YAML files. 

The benefits of CloudCode also extend to in-house development. Local iteration on Kubernetes applications often requires many manual steps, including building container images, update the Kubernetes manifest and redeploy the applications. Doing these steps over and over can be a chore. Cloud Code supports Skaffold under the hood, track changes as they arrive and automatically rebuild and re-register — reducing repetitive development tasks. 

Finally, developing for Kubernetes often involves switching between IDEs, documentation, templates, etc. Cloud Code mitigates this context switching with Kubernetes code sample. With templates, Google Cloud can get new developers up and running quickly. They spend less time learning about configuration and application management — and more time writing and developing code.

2. Drive end-to-end automation

To further improve developer productivity, Google has focused on end-to-end automation: from writing code in the IDE to automatically triggering CI/CD pipelines and running code in production. . Especially, Tekton (https://cloud.google.com/tekton), Cloud Build (https://cloud.google.com/cloud-build), Container Registry (https://cloud.google.com/container-registry) and GKE are critical to Forgerock as Google Cloud streamlines code flow, feedback, and remediation through build and deploy processes. The process looks like this:

ForgeRock started by developing the Kubernetes manifest and dockerfiles using CloudCode. Then they use Skaffold (https://cloud.google.com/blog/products/application-development/kubernetes-development-simplified-skaffold-is-now-ga) to build  containers locally, while CloudBuild helps with continuous integration (CI). CloudBuild GitHub app allows us to automate builds and tests as part of our GitHub workflow. Cloud Build is different from other continuous integration tools because it is completely serverless. It scales up and down in response to load, with no need for Google Cloud to pre-provision servers or pay upfront for more storage. They pay for the exact resources used. 

Once the image is created by Cloud Build, it will be stored, managed and secured within Google Container Registry (https://cloud.google.com/container-registry). Just like Cloud Build, Container Registry is serverless, so ForgeRock only pays for what they use. In addition, since the Container Registry comes with automatic vulnerability scanning, every time they upload a new image to the Container Registry, it can also be scanned for vulnerabilities. 

Next, a Tekton pipeline is activated, deploying docker images stored in the Container Registry and Kubernetes to a running GKE cluster. Along with Cloud Build, Tekton is an important part of the CI/CD process at ForgeRock. Most importantly, because Tekton comes with standardized Kubernetes native prototypes, they can create continuous delivery processes very quickly.

After deployment, Tekton activates a functional test suite to ensure that the deployed ForgeRock applications work as expected. Test results are posted to the team's Slack channel so all developers have instant access and insight into each cluster. From there, ForgeRock can provide customers with their finished product requirements.

3. Promote multicloud model and practice

The industry has seen a shift towards multicloud.Organizations have adopted Multi Cloud strategies to reduce vendor lock-in, leverage best-in-class solutions, improve cost effectiveness, and increase flexibility through choice. 

ForgeRock are big advocates of the Multi Cloud feature. Part of that comes from the fact that their identity and access management product works on Google Cloud Platform, AWS and Azure. Developing products using open source technologies like Kubernetes has been particularly helpful in promoting this interoperability. 

Tekton is another important project that has enabled ForgeRock to prevent vendor lock-in. Thanks to Tekton, their continuous delivery pipelines are deployable on any Kubernetes cluster. Most importantly, since Tekton pipelines run on top of Kubernetes, these pipelines can be decoupled from runtime. Like Tekton and Kubernetes, both Cloud Build and Container Registry are based on open technology. Community-contributed builders and official builder images allowing them to connect to a variety of tools as part of the build process. And finally, with support for open technologies like Google Cloud buildpacks (https://cloud.google.com/blog/products/containers-kubernetes/google-cloud-now-supports-buildpacks) in Cloud Build, they can  build containers without the need for Docker. 

Making it easier for developers and operators to build, deploy, and manage applications is critical to the success of any organization. Driving developer productivity in the IDE, leveraging end-to-end automation, and supporting multi-cloud patterns and practices are just some of the ways ForgeRock is trying to achieve it. To learn more about ForgeRock and deploy the ForgeRock Identity Platform to your Kubernetes cluster, check out the ForgeRock open source code – ForgeOps repository on GitHub.

Source: gcloudvn.com