Spinnaker — Multi-Cloud Continuous Delivery at Scale

Introduction

Spinnaker grew out of Netflix''s Asgard tool and was open-sourced in 2015 to codify the deployment patterns (immutable images, red/black, canary analysis) that made Netflix''s cloud resilient. It is a polyglot microservice platform — each subsystem handles one concern — that glues cloud APIs, CI outputs, and observability signals into safe, auditable production pipelines. Spinnaker is now CDF-hosted and used by Airbnb, Salesforce, Box, and other large engineering orgs.

What Spinnaker Does

• Models application deployment as multi-stage pipelines with manual judgments, parallel forks, and rollbacks.
• Ships strategies out of the box: highlander, red/black, rolling red/black, and canary.
• Integrates with AWS, GCP, Azure, Kubernetes, Cloud Foundry, and Oracle Cloud as deploy targets.
• Triggers from Jenkins, GitHub, Docker registries, cron, pub/sub, and webhooks.
• Performs automated canary analysis via Kayenta using Prometheus, Datadog, or Stackdriver metrics.

Architecture Overview

Spinnaker is split into roughly a dozen microservices — Deck (UI), Gate (API gateway), Orca (orchestration), Clouddriver (cloud adapter), Front50 (persistent config), Igor (CI integrator), Echo (events), Fiat (auth), Rosco (bakery), Keel (declarative delivery), and Kayenta (canary) — communicating over REST. State lives in Redis (queues), a SQL/NoSQL store for pipeline configs (Front50), and the cloud provider APIs themselves as the source of truth for infrastructure. The whole thing is typically deployed with Halyard or the Spinnaker Operator on Kubernetes.

Self-Hosting & Configuration

• Use Halyard (hal) for imperative config or the Spinnaker Operator for GitOps-style declarative installs.
• Persist Front50 data to S3/GCS/Minio; do not rely on in-cluster storage for production.
• Wire up OAuth2, SAML, LDAP, or X.509 via Fiat and scope accounts with role-based permissions.
• Size Orca and Clouddriver horizontally — they are the hot path for pipeline throughput.
• Plan upgrades via hal version and always take a Front50 backup first.

Key Features

• Multi-cloud, multi-account, multi-region deploys from a single pipeline.
• Built-in canary analysis (Kayenta) with statistical scoring from time-series metrics.
• Server Groups abstraction that normalizes ASGs, Deployments, Replica Sets across clouds.
• Pipeline-as-code via Managed Delivery / Keel using declarative YAML.
• Fine-grained RBAC and audit logging through Fiat and Echo.

Comparison with Similar Tools

• Argo CD — Kubernetes-native GitOps; Spinnaker does multi-cloud, not just K8s manifests.
• Harness — Commercial CD with similar features; Spinnaker is free and extensible but heavier to run.
• Jenkins X — Opinionated GitOps on Kubernetes; smaller scope than Spinnaker''s multi-cloud story.
• GitLab CD — Tightly integrated with GitLab CI; weaker canary and multi-cloud orchestration.
• AWS CodeDeploy — Single-cloud only; Spinnaker wins when you span multiple providers.

FAQ

Q: Is Spinnaker overkill for a single-cluster setup? A: Often yes. Argo CD or Flux are simpler. Spinnaker shines when you deploy across clouds or need advanced canary analysis.

Q: How heavy is the install? A: A minimal deploy uses ~12 services and 8+ GB RAM; production deploys often run in the tens of GB.

Q: Can pipelines be code-reviewed? A: Yes — export JSON pipelines and manage them in Git, or adopt Managed Delivery / Keel for YAML specs.

Q: What about secrets? A: Spinnaker integrates with Vault, AWS Secrets Manager, GCP Secret Manager, and Kubernetes secrets via Halyard resolvers.

Sources

• https://github.com/spinnaker/spinnaker
• https://spinnaker.io/docs/