Earlier this year, Chainguard quietly migrated its serving platform from Kubernetes to Cloud Run. As far as we can tell, nobody noticed a thing – wh

Migrating Chainguard's Serving Infrastructure to Cloud Run

submited by
Style Pass
2024-12-13 09:00:08

Earlier this year, Chainguard quietly migrated its serving platform from Kubernetes to Cloud Run. As far as we can tell, nobody noticed a thing – which is exactly how things like this are supposed to go! – but as an engineer involved in the project I wanted to take a minute to show off the team's work, and share a peek behind the curtain.

From its beginning, Chainguard ran on two regional GKE clusters, serving our OIDC issuer, gRPC APIs to serve the Console UI and chainctl CLI, datastore services, the Chainguard Registry frontend, our webhook event delivery infrastructure, and a number of internal services. Since the early engineering team largely came from Google and was deeply involved with Knative from the early days, it seemed like a good fit to have a simple Knative-on-GKE stack. We built and deployed our Go services using ko apply in GitHub Actions. We used GCLB to front our public services, and used Istio to route traffic inside the cluster.

GKE's managed Kubernetes updates were smooth for the most part, and Knative updates weren't too toilsome, but it was more than nothing.

Leave a Comment