At ChefConf 2019 in Seattle, I led a session discussing the challenges and the opportunities of bringing a Chef Habitat Depot on-site.
The core focus of my talk was on:
- The difference between Product Based Origins and Channels and Organization Based Origin and Channels.
- Single Vs Multi-Depot.
- Possible iterations of Multi-Depot architecture along with their pros and cons and best use cases.
To see my presentation and slide deck, just scroll down to the bottom of this post.
Chef Habitat Origins and Channel Patterns
When selecting the pattern that is right for you, ask yourself the following questions:
- How do my application/product teams work?
- How do we release code?
- How do we want to work and release code?
Organization Based Origins and Channels
Product Based Origin and Channels
Big enterprises will usually adopt a Product Based pattern as it allows teams to work independently without losing sight of the company’s standards. It’s also ideal for large product-driven organizations; however, on the flip-side, it introduces a lot of management overhead for the product teams.
Single vs. Multi-Depot
Single Depot Overview
Single Depot has a straightforward architecture: your on-prem depot syncs with an upstream public depot.
As the name implies, Multi-Depot architecture involves a single on-prem Prod Depot syncing with multiple non-Prod upstream Depots.
Indellient has an open source Habitat Builder Upstream Sync to help you adopt a multi-depot pattern: Indellient/bldr_package_sync
CI PIPELINE INTEGRATION AND GOVERNANCE
Multi-Depot With CI
This architecture enables you to connect your Habitat Multi-Depot with a CI pipeline and abstract the build, upload and promote tasks of your Habitat Packages.
Multi-Depot with CI and RBAC:
To ensure that your pipeline is secured and compliant, you can also introduce Role Based Access Control as illustrated by the following diagram:
For a stricter Pipeline Governance, you can add separation of concerns to your architecture so that the non-production stages promote packages to a production pipeline where they undergo further checks before getting pushed to the Production Ready Habitat Depot.
The following is a Service Architecture that I proposed where a Depot API manages the Depot storage and renders data and relevant controls on a Web UI.
Here’s one possible infrastructure for a Hybrid Enterprise Cloud where built packages are stored on an external service:
HA Multi-Depot With CI and RBAC
Chef Habitat offers flexibility for large enterprises when it comes to architecting their CI pipeline and their Depot Infrastructure. To sum it all up:
- Choose the correct origin and channel strategy that works for you.
- Ensure that you address CI pipeline integration and governance.
- HA S3 storage is essential for production readiness.
- A Multi-Depot strategy depends on an organization’s needs (separation of responsibilities, etc.)
- Chef Habitat is ready for the enterprise.