Efficient deployment processes are essential for ensuring the smooth delivery of software products in today's fast-paced technological landscape. UniCredit Bulbank, a leading financial institution in Bulgaria, recognised the need for a streamlined deployment pipeline to enhance productivity and reliability in their software development lifecycle. They collaborated with our internal development team at DSS to devise a comprehensive deployment process to achieve this goal.
Overview of the Deployment Process
Our internal deployment process follows a meticulous series of steps to ensure the quality and security of software releases. The process can be broken down into the following stages:
- Dependency Auditing and Testing: The journey begins within our internal Kubernetes infrastructure, where we audit dependencies and conduct tests to ensure quality standards are met before deployment.
- Static Code Analysis with SonarQube: Following successful testing, the project undergoes a thorough static code analysis using SonarQube. This step helps identify and rectify potential code quality issues early in development.
- Building Docker Images: After passing all tests and analysis, we proceed to build Docker images that encapsulate the application and its dependencies. This ensures consistency and portability across different environments.
- Security Scanning with Trivy: We employ Trivy to conduct security scans on the Docker images, identifying and addressing any vulnerabilities before deployment.
- Deployment with Helm Charts: Leveraging Helm charts, we orchestrate the deployment of applications to our internal Kubernetes infrastructure. Helm charts provide a convenient and reproducible way to manage Kubernetes applications.
- Integration with Jenkins: Our deployment process integrates seamlessly with Jenkins, utilising Kubernetes pods as agents. Jenkins automates the entire pipeline, from auditing and testing to building and deployment, ensuring consistency and efficiency.
Extension to UniCredit Infrastructure
The collaboration with UniCredit Bulbank seamlessly extends our deployment process to their infrastructure. When commits are made to a specific branch, Jenkins triggers a job to commit to the UniCredit repository. Their Jenkins instance then mirrors our pipeline, including auditing, testing, SonarQube analysis, Docker image building, Trivy security scanning, and image repository push.
However, the deployment target differs, as UniCredit's Jenkins deploys to their Openshift infrastructure. This ensures that software releases undergo the same rigorous testing and scrutiny before deployment to UniCredit's environments.
Monitoring and Visibility
To ensure smooth and uninterrupted deployment cycles, all logs are readily available in UniCredit's Grafana instance for real-time monitoring and troubleshooting, maintaining transparency and visibility throughout the deployment process.
Consistency Across Environments
It's noteworthy that the same deployment process is upheld for both internal development and testing environments, as well as UniCredit's test and production environments. This consistency ensures that software releases maintain the same quality and security level across all deployment lifecycle stages.
Conclusion
The collaboration between our internal development team and UniCredit Bulbank exemplifies the importance of robust deployment processes in modern software development. We have streamlined deployment pipelines by leveraging advanced technologies such as Kubernetes, Helm, Jenkins, and Trivy, ensuring software products' rapid and reliable delivery. This partnership not only enhances productivity and efficiency but also reinforces our commitment to delivering high-quality solutions that meet the strict standards of the financial industry.
