DevOps on Google Cloud: a tool to speed up software development

At ForgeRock, they used and approached Kubernetes early on, seeing it as a strategic platform. Running on Kubernetes allows ForgeRock to push multicloud support across Google Kubernetes Engine (GKE), Amazon (EKS) and Azure (AKS). So no matter which cloud their customers are running on, ForgeRock can seamlessly integrate its products into the customer's environment. 

Việc giúp các nhà phát triển và nhà điều hành của ForgeRock dễ dàng hơn trong việc xây dựng, triển khai và quản lý các ứng dụng có vai trò quan trọng trong khả năng liên tục cung cấp các giải pháp chất lượng cao cho khách hàng. ForgeRock luôn tìm kiếm các công cụ để cải thiện năng suất và giữ cho các nhà phát triển tập trung vào viết code thay vì cấu hình. Bộ công cụ DevOps của Google Cloud đã sắp xếp hợp lý ba phương pháp cụ thể để giúp các nhà phát triển của họ làm việc hiệu quả.

> Reference: 

• Devops and Breakthrough Security Solutions with GKE Autopilot

1. Help Developers Be Efficient in IDEs

Developer productivity is core to the success of any organization, including ForgeRock. Since developers spend most of their time in the IDE of their choice, ForgeRock's goal is to make it easier for developers to write Kubernetes applications in the IDE they know and love. Cloud Code (https://cloud.google.com/code) help them do exactly that: it makes building, deploying, scaling, and managing Kubernetes infrastructure and applications easy. 

In particular, working with the Kubernetes YAML syntax and schema takes time and a lot of trial and error to master. Ask for a favor hỗ trợ tạo YAML (https://cloud.google.com/code/docs/vscode/yaml-editing) in Cloud Code, the Developer team can easily avoid the complicated and time consuming work of writing YAML files at ForgeRock. With YAML authoring support, developers save time on every error. Cloud Code's inline snippets, completion, and schema validation, aka "linting," further streamline working with YAML files. 

The benefits of CloudCode also extend to in-house development. Local iteration on Kubernetes applications often requires many manual steps, including building container images, update the Kubernetes manifest and redeploy the applications. Doing these steps over and over can be a chore. Cloud Code supports Skaffold under the hood, track changes as they arrive and automatically rebuild and re-register — reducing repetitive development tasks. 

Finally, developing for Kubernetes often involves switching between IDEs, documentation, templates, etc. Cloud Code mitigates this context switching with Kubernetes code sample. With templates, Google Cloud can get new developers up and running quickly. They spend less time learning about configuration and application management — and more time writing and developing code.

2. Drive end-to-end automation

To further improve developer productivity, Google has focused on end-to-end automation: from writing code in the IDE to automatically triggering CI/CD pipelines and running code in production. . Especially, Tekton (https://cloud.google.com/tekton), Cloud Build (https://cloud.google.com/cloud-build), Container Registry (https://cloud.google.com/container-registry) and GKE are critical to Forgerock as Google Cloud streamlines code flow, feedback, and remediation through build and deploy processes. The process looks like this:

ForgeRock started by developing the Kubernetes manifest and dockerfiles using CloudCode. Then they use Skaffold (https://cloud.google.com/blog/products/application-development/kubernetes-development-simplified-skaffold-is-now-ga) để xây dựng  containers locally, while CloudBuild helps with continuous integration (CI). CloudBuild GitHub app allows us to automate builds and tests as part of our GitHub workflow. Cloud Build is different from other continuous integration tools because it is completely serverless. It scales up and down in response to load, with no need for Google Cloud to pre-provision servers or pay upfront for more storage. They pay for the exact resources used. 

Once the image is created by Cloud Build, it will be stored, managed and secured within Google Container Registry (https://cloud.google.com/container-registry). Just like Cloud Build, Container Registry is serverless, so ForgeRock only pays for what they use. In addition, since the Container Registry comes with automatic vulnerability scanning, every time they upload a new image to the Container Registry, it can also be scanned for vulnerabilities. 

Next, a Tekton pipeline is activated, deploying docker images stored in the Container Registry and Kubernetes to a running GKE cluster. Along with Cloud Build, Tekton is an important part of the CI/CD process at ForgeRock. Most importantly, because Tekton comes with standardized Kubernetes native prototypes, they can create continuous delivery processes very quickly.

After deployment, Tekton activates a functional test suite to ensure that the deployed ForgeRock applications work as expected. Test results are posted to the team's Slack channel so all developers have instant access and insight into each cluster. From there, ForgeRock can provide customers with their finished product requirements.

3. Promote multicloud model and practice

The industry has seen a shift towards multicloud.Organizations have adopted Multi Cloud strategies to reduce vendor lock-in, leverage best-in-class solutions, improve cost effectiveness, and increase flexibility through choice. 

ForgeRock là những người ủng hộ lớn cho tính năng Multi Cloud. Một phần của điều đó đến từ thực tế là sản phẩm quản lý danh tính và quyền truy cập của họ hoạt động trên Google Cloud Platform, AWS và Azure. Việc phát triển các sản phẩm sử dụng công nghệ mã nguồn mở như Kubernetes đã đặc biệt hữu ích trong việc thúc đẩy khả năng tương tác này. 

Tekton is another important project that has enabled ForgeRock to prevent vendor lock-in. Thanks to Tekton, their continuous delivery pipelines are deployable on any Kubernetes cluster. Most importantly, since Tekton pipelines run on top of Kubernetes, these pipelines can be decoupled from runtime. Like Tekton and Kubernetes, both Cloud Build and Container Registry are based on open technology. Community-contributed builders and official builder images allowing them to connect to a variety of tools as part of the build process. And finally, with support for open technologies like Google Cloud buildpacks (https://cloud.google.com/blog/products/containers-kubernetes/google-cloud-now-supports-buildpacks) in Cloud Build, they can  build containers without the need for Docker. 

Making it easier for developers and operators to build, deploy, and manage applications is critical to the success of any organization. Driving developer productivity in the IDE, leveraging end-to-end automation, and supporting multi-cloud patterns and practices are just some of the ways ForgeRock is trying to achieve it. To learn more about ForgeRock and deploy the ForgeRock Identity Platform to your Kubernetes cluster, check out the ForgeRock open source code – ForgeOps repository on GitHub.

Source: gcloudvn.com