| gists | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Modernizing CI/CD Pipelines: A Case Study on Building a Robust, Secure, and Efficient System for Cloud-Native Development
In the dynamic sphere of cloud-native development, constructing robust, secure, and efficient CI/CD systems is not just desirable but essential. This talk will take you on a journey through the modernization of our build pipeline and CI/CD systems, specifically focusing on our project, Parca - a performance analysis tool that operates at the kernel level using eBPF technology.
We will explore the challenges of ensuring security and compatibility across various kernel versions, a critical requirement for kernel-level operations like those used by Parca. Our solution is a fully open-source, cross-platform CI/CD pipeline, uniquely tailored to meet Parca's intricate needs. This pipeline exemplifies the power of modern tooling, stepping beyond the limitations of traditional makefiles.
Critical aspects of our discussion will include:
-
Byte-by-Byte Reproducible Builds: Delving into how we achieve exact replicability in our builds to enhance security and fortify the supply chain against vulnerabilities.
-
Locally Reproducible CI/CD: Demonstrating the methodologies that ensure what is run and tested locally can be precisely reproduced on remote CI servers, bridging the gap between local development and production environments.
-
Modern Tooling for CI/CD Pipelines: Showcasing how tools like Jetpack Devbox (easy way to use NixOs), Dagger, Mage, GitHub Actions, and Zig's build system have revolutionized our approach to building CI/CD pipelines.
-
Collaborative Efforts and Open-Source Innovations: Highlighting the cooperative nature of our project and how open-source tools and community contributions have been instrumental in our success.
Attendees will gain valuable insights into creating a secure, adaptable, and efficient pipeline in an open-source environment. This talk will detail our journey and solutions and provide practical lessons for those looking to modernize their CI/CD systems in the cloud-native ecosystem.
Join us to explore the frontiers of CI/CD modernization and learn how your projects can benefit from these cutting-edge practices and tools.
Ali Akca
As a Software Engineer, my proficiency extends beyond traditional boundaries, encompassing key aspects of platform engineering and DevOps practices. This unique blend allows me to design and implement sophisticated, scalable, resilient, cloud-native architectures that are adaptable to evolving business needs.
I’m a coffee junkie, always ready for my next caffeine fix. In a lighter vein, I often muse that had I not ventured into software engineering, an alternative career path might have led me down the road to becoming a super villain – superpowers or not.
Currently, my focus is deeply invested in innovating within the Kubernetes ecosystem. My goal is to leverage my skills and experience to make meaningful contributions to the open-source world, continually pushing for improvements in technology and approaches within this dynamic field.
https://aweris.me/about/ https://github.com/aweris https://twitter.com/sameoldaweris
Kemal Akkoyun
Reasoned Cloud-Native Open-Source Software Infrastructure Engineer. Performance Engineer. Site Reliability Engineer. System Programmer. Observability, Monitoring, and Performance Engineering. Mentor. Speaker. Blogger. Introverted Human (not Cylon, but who knows?). Open Source Software Developer. Prometheus Team member. Thanos Maintainer. CNCF and Prometheus Ecosystem Contributor. Gopher. Rustecean. Wannabe Zigler.
Learning (by building) about Distributed Systems, Databases, and Operating Systems. Focused on Observability, Reliability, Instrumentation, System Programming, and Performance.
I've built Linux observability tools for software and reliability engineers for the past few years. I'm deeply invested in profiling, eBPF, performance, time series, and columnar databases. And currently, hyper-focused on building an eBPF-based whole-system performance profiler.
In my free time, I'm a bookworm, a dog whisperer, a mechanical keyboard and Lego builder, a single malt taster, and a coffee drinker in training (peer pressure).
https://kakkoyun.me/about https://github.com/kakkoyun https://twitter.com/kkakkoyun