SlideShare a Scribd company logo

Kubernetes Journey of a Large FinTech

Download as PPTX, PDF
Akshay Mathur
Akshay Mathur

This document summarizes a large fintech company in the Philippines' journey to Kubernetes. It faced challenges of legacy systems, static vs dynamic infrastructure, on-prem vs cloud, and security. It adopted a microservices architecture running on Kubernetes with Docker containers. It started with multiple small clusters but consolidated to a single large cluster with namespace isolation for improved cost and manageability. Automations were implemented for operations. Monitoring and logging were set up with ELK and Prometheus/Grafana. A10 was selected for traffic management and security between services. The final deployment provides north-south load balancing and security and east-west traffic security and visibility between microservices.

1 of 19
Downloaded 59 times
Reliable Security Alwaysโ„ข K8s Journey of a Large FinTech of Philippines
2 Motivation for Change
3 Who is biggest Influencer? Users They demand a lot! And They need it yesterday!
4 Itโ€™s not the strongest of the species that SURVIVE nor the most intelligent but the one MOST RESPONSIVE TO CHANGE. โ€œ Charles Darwin (1809-1882)
5 APP/IT TEAMS NEED Speed Roll-out Of Revenue- Generating Services Team Agility Self-Service BUSINESS NEEDS Data Security & Privacy Protection For Customers Prevent External Attacks & Access Control Between Distributed Microservices Ease-of- Operations & Improved Team Efficiency Ensure Excellent & Consistent User Experience
6 Challenges of running at Scale โ€ข Dealing with Legacy (Technical Debt) โ—ฆ Rewrite the application with microservices architecture โ€ข Static vs Dynamic Infrastructure โ—ฆ Select dynamic Infrastructure with K8s โ€ข On-prem vs Cloud โ—ฆ Select cloud but keep portable โ€ข Security โ—ฆ Implement high security because the application deals with monitory transactions and other sensitive information
7 Kubernetes journey
8 Dealing with various stakeholders โ€ข CISO office โ€ข Developers โ€ข Project Managers โ€ข Network Admins โ€ข Operations Team โ€ข Partners and Vendors
9 Software Architecture โ€ข Every module as microservice โ€ข Clear separation of stateless and stateful microservices โ€ข Microservices have REST APIs with JSON data exchange โ€ข All microservices identified by KubeDNS FQDN โ€ข Strict access control of data exchange between microservices โ€ข No use of cloud specific features to ensure portability
10 Deployment Architecture โ€ข Microservices are deployed in Docker containers โ€ข Containers are managed by Kubernetes โ€ข Each group of services is deployed in separate namespace โ—ฆ Started with multiple small clusters and ended into single large cluster โ—ฆ A few services are still out of K8s โ€ข Services of different group sending traffic via Gateway
11 Cluster Design: Multiple small clusters โ€ข Security and compliance require monitoring traffic between microservices โ€ข In absence of policy enforcement, company isolated clusters โ—ฆ Small machines are used โ€ข Pro: Each Team had its own area โ€ข Con: Cost of infrastructure and management was very high Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
12 Cluster Design: Single large cluster with namespace isolation โ€ข Separated microservices via namespaces โ—ฆ Large machines are used โ€ข Controlled traffic flow via application gateway โ€ข Pro: Optimized cost and manageability โ€ข Pro: Some E/W traffic info from app-gw โ€ข Con: Load on app-gw and NW โ€ข Con: Slow response Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
13 Operations Automations Also helps in dealing with failure โ€ข Complete infrastructure remains as code in SCM system (GIT) โ€ข Entire cluster is deployed/destroyed via CI/CD tools (Jenkins and Ansible) โ€ข Support system tools (controllers, log collectors etc.) follow same principles โ€ข K8s rolling update along with readiness and liveness probe โ—ฆ Entire application is redeployed in UAT on every code commit by any developer โ€ข Sometimes rolling update happen multiple times in a min
14 Monitoring and Log Collection โ€ข Huge ELK deployment in K8s (separate cluster) collecting logs for every component/service โ€ข Prometheus and Grafana for monitoring container infrastructure โ€ข A10 Harmony Controller (separate cluster) for traffic observability
15 Selection of Traffic Management Solution vs Kubernetes NodeKubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment Resource intensive Expensive TCO Low overhead Lower TCO
16 Application Security and Traffic Management โ€ข North-South Traffic โ—ฆ AKAMAI cloud is taking care of SSL offload and WAF โ—ฆ Additional security policies are implemented by A10 Lightning ADC โ—ฆ A10 Lightning ADC takes care of traffic distribution between microservices โ€ข East-West Traffic โ—ฆ A10 Lightning ADC works as transparent service proxy โ—ฆ Access control, Mutual TLS and transparent encryption by Lightning ADC eliminated requirement of external GW โ€ข Harmony Controller provides observability on both N-S and E-W traffic
A10 Secure Service Mesh This Highly-Scalable Solution Provides the Following Capabilities o North-south traffic load balancing, service discovery and application security o East-west traffic security and policy enforcement between microservices o Centralised application traffic visibility and control
18 Final Deployment Diagram POD Service-1 POD POD Service-2 Service-3 POD Service-1 POD POD Service-2 Service-3 Node 1 POD Service-1 POD POD Service-2 Service-3 Kubernetes Connector Harmony Controller Node 2 Node N
Thank You Reliable Security Alwaysโ„ข
Ad

Recommended

Realising the Immediate Benefits of SDN and NFV
Realising the Immediate Benefits of SDN and NFVRealising the Immediate Benefits of SDN and NFV
Realising the Immediate Benefits of SDN and NFV
Napier University
ย 
QVision Scada
QVision ScadaQVision Scada
QVision Scada
LeePearce18
ย 
Extent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance MessagingExtent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance Messaging
extentconf Tsoy
ย 
Digicomp Citrix Day 2015 : Upate
Digicomp Citrix Day 2015 : UpateDigicomp Citrix Day 2015 : Upate
Digicomp Citrix Day 2015 : Upate
Digicomp Academy Suisse Romande SA
ย 
F5 Cloud Solutions
F5 Cloud SolutionsF5 Cloud Solutions
F5 Cloud Solutions
MarketingArrowECS_CZ
ย 
//customer/
//customer///customer/
//customer/
Alex Thissen
ย 
System Software Integration, Witekio
System Software Integration, WitekioSystem Software Integration, Witekio
System Software Integration, Witekio
Witekio
ย 
Aeonix oct2 webex lm-2 oct
Aeonix oct2 webex lm-2 octAeonix oct2 webex lm-2 oct
Aeonix oct2 webex lm-2 oct
LeeHarris217
ย 
Unify Citrix & Back End Application Performance Data Presented by Correlsense
Unify Citrix & Back End Application Performance Data Presented by CorrelsenseUnify Citrix & Back End Application Performance Data Presented by Correlsense
Unify Citrix & Back End Application Performance Data Presented by Correlsense
Correlsense
ย 
5 pillars of private cloud
5 pillars of private cloud5 pillars of private cloud
5 pillars of private cloud
Tyrone Systems
ย 
Power of ONE Automation through Web Services
Power of ONE Automation through Web ServicesPower of ONE Automation through Web Services
Power of ONE Automation through Web Services
CA | Automic Software
ย 
Data center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesData center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practices
Tibbo
ย 
Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration
AppViewX
ย 
Monitoring Virtualized Environments
Monitoring Virtualized EnvironmentsMonitoring Virtualized Environments
Monitoring Virtualized Environments
Ahmad Khalid Nasrat
ย 
Micro-services architecture
Micro-services architectureMicro-services architecture
Micro-services architecture
Farwa Ansari
ย 
CROC'S VIRTUAL DATA CENTER
CROC'S VIRTUAL DATA CENTERCROC'S VIRTUAL DATA CENTER
CROC'S VIRTUAL DATA CENTER
ะšะ ะžะš
ย 
Benefits of a Multi Regional API Management Solution for a Global Enterprise
Benefits of a Multi Regional API Management Solution for a Global EnterpriseBenefits of a Multi Regional API Management Solution for a Global Enterprise
Benefits of a Multi Regional API Management Solution for a Global Enterprise
WSO2
ย 
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations EffortsDon't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Precisely
ย 
IT Operations Management with OpManager
IT Operations Management with OpManagerIT Operations Management with OpManager
IT Operations Management with OpManager
ManageEngine, Zoho Corporation
ย 
Engage 2018 - What About the Apps? A Domino Modernisation Story
Engage 2018 - What About the Apps? A Domino Modernisation StoryEngage 2018 - What About the Apps? A Domino Modernisation Story
Engage 2018 - What About the Apps? A Domino Modernisation Story
Jared Roberts
ย 
Full-Stack Observability for IoT Event Stream Data Processing at Penske
Full-Stack Observability for IoT Event Stream Data Processing at PenskeFull-Stack Observability for IoT Event Stream Data Processing at Penske
Full-Stack Observability for IoT Event Stream Data Processing at Penske
VMware Tanzu
ย 
Micro Services Architecture
Micro Services ArchitectureMicro Services Architecture
Micro Services Architecture
Rabbani Mohideen
ย 
Using Information Radiators to Communicate IT Statusโ€™
Using Information Radiators to Communicate IT Statusโ€™Using Information Radiators to Communicate IT Statusโ€™
Using Information Radiators to Communicate IT Statusโ€™
William Moore
ย 
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon_Org Team
ย 
Eating our Own Dogfood - How Automic Automates
Eating our Own Dogfood - How Automic AutomatesEating our Own Dogfood - How Automic Automates
Eating our Own Dogfood - How Automic Automates
CA | Automic Software
ย 
APC Live Tour - MW
APC Live Tour - MWAPC Live Tour - MW
APC Live Tour - MW
Romulo Perez
ย 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
ย 
Cloud based dlms cosem metering head end
Cloud based dlms cosem metering head endCloud based dlms cosem metering head end
Cloud based dlms cosem metering head end
Nirmal Thaliyil
ย 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in Kubernetes
Akshay Mathur
ย 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
ย 
Ad

More Related Content

What's hot (20)

Unify Citrix & Back End Application Performance Data Presented by Correlsense
Unify Citrix & Back End Application Performance Data Presented by CorrelsenseUnify Citrix & Back End Application Performance Data Presented by Correlsense
Unify Citrix & Back End Application Performance Data Presented by Correlsense
Correlsense
ย 
5 pillars of private cloud
5 pillars of private cloud5 pillars of private cloud
5 pillars of private cloud
Tyrone Systems
ย 
Power of ONE Automation through Web Services
Power of ONE Automation through Web ServicesPower of ONE Automation through Web Services
Power of ONE Automation through Web Services
CA | Automic Software
ย 
Data center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesData center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practices
Tibbo
ย 
Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration
AppViewX
ย 
Monitoring Virtualized Environments
Monitoring Virtualized EnvironmentsMonitoring Virtualized Environments
Monitoring Virtualized Environments
Ahmad Khalid Nasrat
ย 
Micro-services architecture
Micro-services architectureMicro-services architecture
Micro-services architecture
Farwa Ansari
ย 
CROC'S VIRTUAL DATA CENTER
CROC'S VIRTUAL DATA CENTERCROC'S VIRTUAL DATA CENTER
CROC'S VIRTUAL DATA CENTER
ะšะ ะžะš
ย 
Benefits of a Multi Regional API Management Solution for a Global Enterprise
Benefits of a Multi Regional API Management Solution for a Global EnterpriseBenefits of a Multi Regional API Management Solution for a Global Enterprise
Benefits of a Multi Regional API Management Solution for a Global Enterprise
WSO2
ย 
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations EffortsDon't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Precisely
ย 
IT Operations Management with OpManager
IT Operations Management with OpManagerIT Operations Management with OpManager
IT Operations Management with OpManager
ManageEngine, Zoho Corporation
ย 
Engage 2018 - What About the Apps? A Domino Modernisation Story
Engage 2018 - What About the Apps? A Domino Modernisation StoryEngage 2018 - What About the Apps? A Domino Modernisation Story
Engage 2018 - What About the Apps? A Domino Modernisation Story
Jared Roberts
ย 
Full-Stack Observability for IoT Event Stream Data Processing at Penske
Full-Stack Observability for IoT Event Stream Data Processing at PenskeFull-Stack Observability for IoT Event Stream Data Processing at Penske
Full-Stack Observability for IoT Event Stream Data Processing at Penske
VMware Tanzu
ย 
Micro Services Architecture
Micro Services ArchitectureMicro Services Architecture
Micro Services Architecture
Rabbani Mohideen
ย 
Using Information Radiators to Communicate IT Statusโ€™
Using Information Radiators to Communicate IT Statusโ€™Using Information Radiators to Communicate IT Statusโ€™
Using Information Radiators to Communicate IT Statusโ€™
William Moore
ย 
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon_Org Team
ย 
Eating our Own Dogfood - How Automic Automates
Eating our Own Dogfood - How Automic AutomatesEating our Own Dogfood - How Automic Automates
Eating our Own Dogfood - How Automic Automates
CA | Automic Software
ย 
APC Live Tour - MW
APC Live Tour - MWAPC Live Tour - MW
APC Live Tour - MW
Romulo Perez
ย 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
ย 
Cloud based dlms cosem metering head end
Cloud based dlms cosem metering head endCloud based dlms cosem metering head end
Cloud based dlms cosem metering head end
Nirmal Thaliyil
ย 
Unify Citrix & Back End Application Performance Data Presented by Correlsense
Unify Citrix & Back End Application Performance Data Presented by CorrelsenseUnify Citrix & Back End Application Performance Data Presented by Correlsense
Unify Citrix & Back End Application Performance Data Presented by Correlsense
Correlsense
ย 
5 pillars of private cloud
5 pillars of private cloud5 pillars of private cloud
5 pillars of private cloud
Tyrone Systems
ย 
Power of ONE Automation through Web Services
Power of ONE Automation through Web ServicesPower of ONE Automation through Web Services
Power of ONE Automation through Web Services
CA | Automic Software
ย 
Data center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesData center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practices
Tibbo
ย 
Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration
AppViewX
ย 
Monitoring Virtualized Environments
Monitoring Virtualized EnvironmentsMonitoring Virtualized Environments
Monitoring Virtualized Environments
Ahmad Khalid Nasrat
ย 
Micro-services architecture
Micro-services architectureMicro-services architecture
Micro-services architecture
Farwa Ansari
ย 
CROC'S VIRTUAL DATA CENTER
CROC'S VIRTUAL DATA CENTERCROC'S VIRTUAL DATA CENTER
CROC'S VIRTUAL DATA CENTER
ะšะ ะžะš
ย 
Benefits of a Multi Regional API Management Solution for a Global Enterprise
Benefits of a Multi Regional API Management Solution for a Global EnterpriseBenefits of a Multi Regional API Management Solution for a Global Enterprise
Benefits of a Multi Regional API Management Solution for a Global Enterprise
WSO2
ย 
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations EffortsDon't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Precisely
ย 
IT Operations Management with OpManager
IT Operations Management with OpManagerIT Operations Management with OpManager
IT Operations Management with OpManager
ManageEngine, Zoho Corporation
ย 
Engage 2018 - What About the Apps? A Domino Modernisation Story
Engage 2018 - What About the Apps? A Domino Modernisation StoryEngage 2018 - What About the Apps? A Domino Modernisation Story
Engage 2018 - What About the Apps? A Domino Modernisation Story
Jared Roberts
ย 
Full-Stack Observability for IoT Event Stream Data Processing at Penske
Full-Stack Observability for IoT Event Stream Data Processing at PenskeFull-Stack Observability for IoT Event Stream Data Processing at Penske
Full-Stack Observability for IoT Event Stream Data Processing at Penske
VMware Tanzu
ย 
Micro Services Architecture
Micro Services ArchitectureMicro Services Architecture
Micro Services Architecture
Rabbani Mohideen
ย 
Using Information Radiators to Communicate IT Statusโ€™
Using Information Radiators to Communicate IT Statusโ€™Using Information Radiators to Communicate IT Statusโ€™
Using Information Radiators to Communicate IT Statusโ€™
William Moore
ย 
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon2017_Building scalable application with cqrs and event sourcing (a. hars...
GECon_Org Team
ย 
Eating our Own Dogfood - How Automic Automates
Eating our Own Dogfood - How Automic AutomatesEating our Own Dogfood - How Automic Automates
Eating our Own Dogfood - How Automic Automates
CA | Automic Software
ย 
APC Live Tour - MW
APC Live Tour - MWAPC Live Tour - MW
APC Live Tour - MW
Romulo Perez
ย 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
ย 
Cloud based dlms cosem metering head end
Cloud based dlms cosem metering head endCloud based dlms cosem metering head end
Cloud based dlms cosem metering head end
Nirmal Thaliyil
ย 

Similar to Kubernetes Journey of a Large FinTech (20)

Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in Kubernetes
Akshay Mathur
ย 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
ย 
Enhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices ApplicationsEnhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices Applications
Akshay Mathur
ย 
Stop Wasting Energy on M2M
Stop Wasting Energy on M2MStop Wasting Energy on M2M
Stop Wasting Energy on M2M
Eurotech
ย 
3 reasons to pick a time series platform for monitoring dev ops driven contai...
3 reasons to pick a time series platform for monitoring dev ops driven contai...3 reasons to pick a time series platform for monitoring dev ops driven contai...
3 reasons to pick a time series platform for monitoring dev ops driven contai...
DevOps.com
ย 
Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...
Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...
Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...
DevOps.com
ย 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
Jay Bryant
ย 
The Art of Displaying Industrial Data
The Art of Displaying Industrial DataThe Art of Displaying Industrial Data
The Art of Displaying Industrial Data
Inductive Automation
ย 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
ย 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
Ieva Navickaite
ย 
3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...
3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...
3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...
DevOps.com
ย 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
NGINX, Inc.
ย 
Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)
Ahmed Misbah
ย 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
ย 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot
ย 
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Weaveworks
ย 
RedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in Equinix
Redis Labs
ย 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
Stef Coetzee
ย 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOps
Jim Bugwadia
ย 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
ย 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in Kubernetes
Akshay Mathur
ย 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
ย 
Enhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices ApplicationsEnhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices Applications
Akshay Mathur
ย 
Stop Wasting Energy on M2M
Stop Wasting Energy on M2MStop Wasting Energy on M2M
Stop Wasting Energy on M2M
Eurotech
ย 
3 reasons to pick a time series platform for monitoring dev ops driven contai...
3 reasons to pick a time series platform for monitoring dev ops driven contai...3 reasons to pick a time series platform for monitoring dev ops driven contai...
3 reasons to pick a time series platform for monitoring dev ops driven contai...
DevOps.com
ย 
Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...
Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...
Business Continuity with Microservices-Based Apps and DevOps: Learnings from ...
DevOps.com
ย 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
Jay Bryant
ย 
The Art of Displaying Industrial Data
The Art of Displaying Industrial DataThe Art of Displaying Industrial Data
The Art of Displaying Industrial Data
Inductive Automation
ย 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
ย 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
Ieva Navickaite
ย 
3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...
3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...
3 Reasons to Select Time Series Platforms for Cloud Native Applications Monit...
DevOps.com
ย 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
NGINX, Inc.
ย 
Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)
Ahmed Misbah
ย 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
ย 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot
ย 
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Weaveworks
ย 
RedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in Equinix
Redis Labs
ย 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
Stef Coetzee
ย 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOps
Jim Bugwadia
ย 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
ย 
Ad

More from Akshay Mathur (19)

Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with Sphinx
Akshay Mathur
ย 
Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Akshay Mathur
ย 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
Akshay Mathur
ย 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
ย 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
Akshay Mathur
ย 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
ย 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
Akshay Mathur
ย 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScript
Akshay Mathur
ย 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JS
Akshay Mathur
ย 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing Team
Akshay Mathur
ย 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQuery
Akshay Mathur
ย 
CoffeeScript
CoffeeScriptCoffeeScript
CoffeeScript
Akshay Mathur
ย 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JS
Akshay Mathur
ย 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with Web
Akshay Mathur
ย 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with Javascript
Akshay Mathur
ย 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine Python
Akshay Mathur
ย 
Working with GIT
Working with GITWorking with GIT
Working with GIT
Akshay Mathur
ย 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page Webapp
Akshay Mathur
ย 
Mongo db
Mongo dbMongo db
Mongo db
Akshay Mathur
ย 
Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with Sphinx
Akshay Mathur
ย 
Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Considerations for East-West Traffic Security and Analytics for Kubernetes En...
Akshay Mathur
ย 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
Akshay Mathur
ย 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
ย 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
Akshay Mathur
ย 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
ย 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
Akshay Mathur
ย 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScript
Akshay Mathur
ย 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JS
Akshay Mathur
ย 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing Team
Akshay Mathur
ย 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQuery
Akshay Mathur
ย 
CoffeeScript
CoffeeScriptCoffeeScript
CoffeeScript
Akshay Mathur
ย 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JS
Akshay Mathur
ย 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with Web
Akshay Mathur
ย 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with Javascript
Akshay Mathur
ย 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine Python
Akshay Mathur
ย 
Working with GIT
Working with GITWorking with GIT
Working with GIT
Akshay Mathur
ย 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page Webapp
Akshay Mathur
ย 
Mongo db
Mongo dbMongo db
Mongo db
Akshay Mathur
ย 
Ad

Recently uploaded (20)

Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
ย 
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy ConsumptionDrupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Exove
ย 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
ย 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
ย 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
ย 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
ย 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
ย 
Leading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael JidaelLeading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael Jidael
Michael Jidael
ย 
"PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System""PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System"
Jainul Musani
ย 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
ย 
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
ย 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
ย 
Salesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docxSalesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docx
Josรฉ Enrique Lรณpez Rivera
ย 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
ย 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
ย 
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your UsersAutomation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Lynda Kane
ย 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
ย 
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy ConsumptionDrupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Exove
ย 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
ย 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
ย 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
ย 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
ย 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
ย 
Leading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael JidaelLeading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael Jidael
Michael Jidael
ย 
"PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System""PHP and MySQL CRUD Operations for Student Management System"
"PHP and MySQL CRUD Operations for Student Management System"
Jainul Musani
ย 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
ย 
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
ย 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
ย 
Salesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docxSalesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docx
Josรฉ Enrique Lรณpez Rivera
ย 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
ย 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
ย 
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your UsersAutomation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Lynda Kane
ย 

Kubernetes Journey of a Large FinTech

  • 1. Reliable Security Alwaysโ„ข K8s Journey of a Large FinTech of Philippines
  • 3. 3 Who is biggest Influencer? Users They demand a lot! And They need it yesterday!
  • 4. 4 Itโ€™s not the strongest of the species that SURVIVE nor the most intelligent but the one MOST RESPONSIVE TO CHANGE. โ€œ Charles Darwin (1809-1882)
  • 5. 5 APP/IT TEAMS NEED Speed Roll-out Of Revenue- Generating Services Team Agility Self-Service BUSINESS NEEDS Data Security & Privacy Protection For Customers Prevent External Attacks & Access Control Between Distributed Microservices Ease-of- Operations & Improved Team Efficiency Ensure Excellent & Consistent User Experience
  • 6. 6 Challenges of running at Scale โ€ข Dealing with Legacy (Technical Debt) โ—ฆ Rewrite the application with microservices architecture โ€ข Static vs Dynamic Infrastructure โ—ฆ Select dynamic Infrastructure with K8s โ€ข On-prem vs Cloud โ—ฆ Select cloud but keep portable โ€ข Security โ—ฆ Implement high security because the application deals with monitory transactions and other sensitive information
  • 8. 8 Dealing with various stakeholders โ€ข CISO office โ€ข Developers โ€ข Project Managers โ€ข Network Admins โ€ข Operations Team โ€ข Partners and Vendors
  • 9. 9 Software Architecture โ€ข Every module as microservice โ€ข Clear separation of stateless and stateful microservices โ€ข Microservices have REST APIs with JSON data exchange โ€ข All microservices identified by KubeDNS FQDN โ€ข Strict access control of data exchange between microservices โ€ข No use of cloud specific features to ensure portability
  • 10. 10 Deployment Architecture โ€ข Microservices are deployed in Docker containers โ€ข Containers are managed by Kubernetes โ€ข Each group of services is deployed in separate namespace โ—ฆ Started with multiple small clusters and ended into single large cluster โ—ฆ A few services are still out of K8s โ€ข Services of different group sending traffic via Gateway
  • 11. 11 Cluster Design: Multiple small clusters โ€ข Security and compliance require monitoring traffic between microservices โ€ข In absence of policy enforcement, company isolated clusters โ—ฆ Small machines are used โ€ข Pro: Each Team had its own area โ€ข Con: Cost of infrastructure and management was very high Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
  • 12. 12 Cluster Design: Single large cluster with namespace isolation โ€ข Separated microservices via namespaces โ—ฆ Large machines are used โ€ข Controlled traffic flow via application gateway โ€ข Pro: Optimized cost and manageability โ€ข Pro: Some E/W traffic info from app-gw โ€ข Con: Load on app-gw and NW โ€ข Con: Slow response Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
  • 13. 13 Operations Automations Also helps in dealing with failure โ€ข Complete infrastructure remains as code in SCM system (GIT) โ€ข Entire cluster is deployed/destroyed via CI/CD tools (Jenkins and Ansible) โ€ข Support system tools (controllers, log collectors etc.) follow same principles โ€ข K8s rolling update along with readiness and liveness probe โ—ฆ Entire application is redeployed in UAT on every code commit by any developer โ€ข Sometimes rolling update happen multiple times in a min
  • 14. 14 Monitoring and Log Collection โ€ข Huge ELK deployment in K8s (separate cluster) collecting logs for every component/service โ€ข Prometheus and Grafana for monitoring container infrastructure โ€ข A10 Harmony Controller (separate cluster) for traffic observability
  • 15. 15 Selection of Traffic Management Solution vs Kubernetes NodeKubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment Resource intensive Expensive TCO Low overhead Lower TCO
  • 16. 16 Application Security and Traffic Management โ€ข North-South Traffic โ—ฆ AKAMAI cloud is taking care of SSL offload and WAF โ—ฆ Additional security policies are implemented by A10 Lightning ADC โ—ฆ A10 Lightning ADC takes care of traffic distribution between microservices โ€ข East-West Traffic โ—ฆ A10 Lightning ADC works as transparent service proxy โ—ฆ Access control, Mutual TLS and transparent encryption by Lightning ADC eliminated requirement of external GW โ€ข Harmony Controller provides observability on both N-S and E-W traffic
  • 17. A10 Secure Service Mesh This Highly-Scalable Solution Provides the Following Capabilities o North-south traffic load balancing, service discovery and application security o East-west traffic security and policy enforcement between microservices o Centralised application traffic visibility and control
  • 18. 18 Final Deployment Diagram POD Service-1 POD POD Service-2 Service-3 POD Service-1 POD POD Service-2 Service-3 Node 1 POD Service-1 POD POD Service-2 Service-3 Kubernetes Connector Harmony Controller Node 2 Node N
  • 19. Thank You Reliable Security Alwaysโ„ข

Editor's Notes

  • #5: Users are demanding Users needs always evolving Quote To succeed in FINTECH, your business needsโ€ฆ
  • #6: Letโ€™s take a look at some of the struggles and business challenges IT experts and CISOโ€™s are dealing with on a daily basis: The average enterprise is running applications in at least 5 clouds. That represents quite a complex application networking and security environment. According to a recent survey by 451 Research, 71% of enterprises are either using or evaluating container orchestration options like Kubernetes and Docker. On the other hand and according to a study by Ponemon, 65% of all security issues are due to human error and inadequate in-house security expertise. The Ponemon Institute published a study recently whereas 79% of enterprises lack a comprehensive DDoS attack and mitigation strategy.