DevOps Automation in AWS and OpenShift

• SECTOR: INSURANCE

• Task: Provide a unified identity management system as a microservice architecture for all AOK services and team platforms:
• Team:
• 3 DevOps Engineers
• Multiple Architects
• 2x Project Managers

• Project duration: +6 months  

• Automation of various DevOps processes in OpenShift environments
• Acceleration of release cycles in different application teams
• Providing a uniform identity management system as a microservice architecture for all AOK services and platforms.
• Scaling of the software architecture for increasing customer demand
• Development of Helm deployments for cross-platform releases
• High security requirements due to strong legal regulations and data protection requirements

• Automation of all release & deployment processes through CICD (ArgoCD, Jenkins, Bitbucket)

• Implementation of release cycles in different stages

• Implementation of security relevant features for the highly regulated processes (ImageScan, Nexus, SonarQube)

• Introduction of DevOps processes and methods in all project teams

• Deployment and implementation of cloud-native concepts

• Building a modular architecture to increase security while achieving a scalable architecture

• Helm deployments for the release on different environments (OpenShift, Rancher)

• Hosting various OpenShift environments on AWS

• Image Repository in AWS ECR

• Stability and quality in the deployment of releases through Jenkins
• Faster release cycles thanks to the use of CICD (ArgoCD, Jenkins, Bitbucket)
• Higher flexibility due to the modular structure of the software architecture
• Scalability through horizontal scaling in OpenShift Cluster

Special requirements from the customer

The project had special requirements because the demand for high security is given by the regulatory and legal processes. The team was very large and the infrastructure was spread across different environments. Due to the constant growing number of users, the software had to be adapted to meet the scaling requirements. The goal of the project was to optimize the release and deployment processes of all application teams in order to guarantee the timely delivery and commissioning of the identity management software for all cash registers.

Improvement of the release and deployment cycles

By building and operating multiple OpenShift stages orchestrated with Argo and Helm deployments, the customer has been able to shorten the time between releases and ensure organized quality assurance of the software. During the development of the pipelines, care was always taken to ensure that they cover the special security requirements. The pipelines serve to reduce error susceptibility and to make the rollout processes as standardized as possible without the need to give roles and rights to specific persons. SonarQube and automated tests were used to automatically check and report various vulnerabilities. Thanks to the newly introduced development and deployment workflows, consistent code quality was ensured and release cycles accelerated.

Project Status and Results

Thanks to the modular structure of the software and the implemented CICD and release processes, the customer has been able to provide numerous growing teams with the necessary versions of the software within short time frames, thus enabling deliveries to the end operator. In the process, both the security of the delivered artifacts and the software itself could be checked and ensured at all times. The further development of the project is ongoing. The benefits of the new technologies are already being felt by the customer as well as the users of the platform. Through the use of modern technologies and infrastructure, the solution is very robust and now scales with the requirements of the users.

Cloud infrastructure:

• AWS-Amazon-Web-Service

• Container Runtime: Docker

• Orchestrator: OpenShift, EC2

Daten Services:

• Postgres-SQL

CICD & IaC:

• Jenkins

• Bitbucket

• ARGO-CD

Security Management:

• Keycloak

• NexusIQ

• SonarQube

• OWASP ZAP

Software Entwicklung:

• Java SpringBoot

• Ruby

• Angular

• Shell

• Helm Charts