In order to showcase a variety of services Devolut provides, we are sharing another success story, this time from a client in the field of workforce management software.
The client is a well established company running the business for over 8 years and having a steady user base. All of their infrastructure is located on AWS, services are dockerized and deployed via Ansible to EC2 machines. This setup has worked for years, however it proved to be hard to spin up new environments, deployments were slow, rollbacks not trivial and some of the features the client wanted to introduce were hard to implement given the existing architecture.
Upon initial assessment we came up with a short and long term plan, based on migrating the services to Kubernetes. The decision to go with that route was rooted in the customers’ wish to be able to provision new environments quickly, run a self-hosted Gitlab instance (which needs a place to run CI/CD jobs) and use Review apps (a Gitlab feature).
In a short amount of time, using our in-house framework together with some custom development we have successfully created the first environment used for Review apps, allowing developers to have a running instance of a service for every Pull Request, making testing much easier. Some of the features:
Reusable modules for Terraform - shared among all environments
Reusable Helm chart - used for all customers’ services, reducing room for error and simplifying the setup
Hashicorp Vault was introduced as a secrets manager, allowing updating secrets at runtime without redeploying services
Monitoring - Prometheus + Grafana
Logging - ELK stack
Automatic certificate issuing - cert-manager
Automatic backups using Velero
After Review apps were done, subsequent environments were brought up much faster since all of the building blocks were available, allowing us to focus on next challenges which revolved around security - the client is working with user data so it needs to be SOC 2 compliant.
Introducing Kubernetes into the architecture completely changed the security landscape so we needed to come up with mechanisms to mitigate this. Trivy Operator was deployed as a vulnerability scanner, allowing us to be notified on misconfigurations, accidental reveal of secrets, RBAC issues but also to run continuous vulnerability scanning of all images in clusters, along with generating Software Bill Of Materials (SBOM) so we can glance over the list and decide which versions should be updated.
Implementing all of these, the client got multiple benefits:
Drastically increased speed of development
Quality control has been improved since now when developing a new feature a separate deployment is created via Review apps so it is much easier for developers to test their changes
Fast and flexible deployment of new environments
Tightened security
Automatic backups
Alerting in case of failures
Thanks to Devolut's services, our client was able to streamline their infrastructure and optimize their workflow. They experienced improved performance, enhanced security, and reduced operational overheads. If you are facing similar challenges and looking for a remote team to take care of everything for you - look no further, say hi at hello@devolut.io!