Skip to content
SARC

Executive presentation — 5-min exec framing

5-minute customer demo: three CI/CDs, three clouds, one source change at a time. Each CI deploys independently to its bound cloud. You can run GitHub on Azure without waiting for GitLab on AWS to finish.

Cloud × CI binding

Section titled “Cloud × CI binding”
CloudCI / source registryDemo URL
AWS EKSGitLab CIa podtato URL on the AWS cluster
Azure AKSAzure DevOpsa podtato URL on the Azure cluster
GCP GKEGitHub Actionsa podtato URL on the GCP cluster

Each cloud’s ArgoCD ApplicationSet reads only the tag file written by its bound CI. A source-change push to main fans out via the GitLab → GitHub / ADO mirror, all three CIs build their image, but only the bound cloud’s tag file gets bumped per CI — so each cloud shows one and only one CI’s deployment.

Pre-staged demo branches

Section titled “Pre-staged demo branches”

Three branches are sitting on origin/, ready to merge into main:

BranchWhat it changesVisible result
demo/gitlab-aws-redpodtato-home.html: title text + body color → redred banner on AWS only
demo/github-gcp-bluesame, blueblue banner on GCP only
demo/ado-azure-purplesame, purplepurple banner on Azure only

Each branch is one commit on main. Merging triggers all three platforms’ build pipelines (via the mirror), but only the bound cloud’s gitops bump fires.

The 5-minute demo flow

Section titled “The 5-minute demo flow”
T+00:00  "Three CI/CDs, three clouds, one source change at a time."
         Open three browser tabs side-by-side:
           tab A: AWS podtato URL
           tab B: Azure podtato URL
           tab C: GCP podtato URL
         All three show the default green podtato-head.


T+00:30  "Watch GitLab CI deploy to AWS — alone."
         Open GitLab branches, click "Merge" on demo/gitlab-aws-red → main.


T+01:00  GitLab pipeline starts:
           build-podtato (matrix: 6 components in parallel)
           gitops:bump:podtato-head:dev (writes image-tag-aws.yaml)


T+02:00  ArgoCD-AWS sync (≤ 1 min). AWS pods pull new image.
         Refresh tab A — RED title. Tabs B + C still green.


T+02:30  "Now watch Azure DevOps deploy to Azure — independently."
         Merge demo/ado-azure-purple → main.


T+03:30  ADO pipeline runs build-podtato + gitops-bump
         (writes image-tag-azure.yaml). ArgoCD-Azure syncs.
         Refresh tab B — PURPLE title. Tab A still red, tab C green.


T+04:00  "Same story for GitHub on GCP."
         Merge demo/github-gcp-blue → main.
         GitHub Actions builds + bumps image-tag-gcp.yaml.
         ArgoCD-GCP syncs.


T+05:00  All three tabs show different colors:
           AWS    = red    (GitLab)
           Azure  = purple (ADO)
           GCP    = blue   (GitHub)
         Open the portal Compliance + Change Requests pages.
         Show each deployment captured as a Kosli trail + ServiceNow
         CR with full evidence (provenance, SBOM, security scans, CAB
         recommendation, schedule window).

What to say during the demo

Section titled “What to say during the demo”

On the audience seeing the same URL pattern across clouds:

“These three URLs are nip.io wildcards. nip.io takes any IP-shaped subdomain and resolves it to that IP. Each cloud’s load balancer has a unique IP, so each demo URL points to a different cluster. Real production would use Route 53 / Azure DNS / Cloud DNS for portal.aws.mycompany.com, but for the demo nip.io gives us instant DNS without any zone setup.”

On the source change being a tiny color flip:

“The change is intentionally trivial — one line of HTML. We’re demoing the pipeline, not the app. In your environment that same line might be a critical security patch or a regulator-mandated data field. The point is: one source push, three independent pipelines, full evidence trail in each.”

On the portal showing all three:

“Each deployment shows up here as its own Kosli trail and its own ServiceNow change request. Auditors don’t have to ask which CI ran — the portal pulls every artifact’s provenance directly from the source registry. GitLab is here, GitHub is here, ADO is here, all in the same compliance view.”

On the multi-cloud point:

“The cluster-bootstrap module is identical across clouds. Same Kosli reporter, same external-secrets controller, same ArgoCD setup. The only thing that changes per cloud is the OIDC trust policy — which we wired in once and stopped touching. The compliance evidence is identical regardless of where the workload runs.”

Out of scope (defer for follow-up demos)

Section titled “Out of scope (defer for follow-up demos)”
  • Per-cloud DNS (portal.aws.example.com etc.)
  • Cosign signature attestations
  • Disabling the GitLab → GitHub / ADO mirror so direct-to-GitHub commits fire only that CI (a bigger architectural change)