About the Client
A large telco serving the Philippines market was looking to improve its use of Kubernetes, the open-source tool for automated deployment, scaling, and management of containerised applications. Amazon Elastic Kubernetes Service (Amazon EKS) was already in use, but the telco was struggling to manage clusters of containerised applications at scale and was concerned about compliance.
Sourced Group (Sourced) an Amdocs company was selected to devise an Amazon EKS solution rooted in cloud best practice and tailored to the telco’s specific needs. Outcomes of the engagement include:
- Key Kubernetes processes on Amazon EKS streamlined using modern tools and approaches.
- Compliance and consistency improved via a centralised governance model with automation.
- Future Kubernetes workloads enabled with robust, reliable, repeatable processes.
Challenge: Issues With Kubernetes Were Stalling Progress in the Cloud
Having embraced cloud, this Philippines-based telco was looking to scale-up adoption via container-based cloud migration, using Kubernetes to handle orchestration.
Kubernetes is a powerful system, but it is also highly complex. The consistent onboarding of containers across Kubernetes environments can be very difficult, especially in large organisations with a vast cloud estate. This can result in issues surrounding important factors such as security, compliance, and cost management.
Managing multiple Kubernetes clusters and keeping them up-to-date was already proving difficult for the telco. Recognising that this problem would only escalate as the number of clusters increased, it partnered with Sourced under the AWS Migration Acceleration Program (MAP) to find the best way forward.
Prior to this engagement, Sourced had supported the telco with the set-up of a Terraform-based automation platform on top of its AWS landing zone, enabling application teams to provision themselves. We set out to apply our technical knowledge of AWS and Kubernetes to ease and optimise this next stage of the telco’s cloud journey.
Solution: A ‘Compliant by Design’ Amazon EKS Platform
Sourced’s cloud engineering specialists resolved the container management challenges with automation and a ‘compliance by design’ ethos. First, the core AWS cloud platform was extended, then Amazon EKS features were integrated to streamline the onboarding of containers.
Noteworthy features of the platform include its DevOps enablement and a sophisticated set-up for compliance and controls:
DevOps enablement – we implemented a self-service mechanism for application teams to deploy workloads into Kubernetes, and an automated approach for platform teams to provision clusters and onboard workloads. This reduces the operational burden on the platform team, enabling them to support multiple application teams effectively. With this set-up, it’s crucial to ensure consistency across clusters and applications using centralised governance. To this end, we employed the ‘App-of-Apps’ pattern whereby a central application is used as a reference for hierarchical deployments across other applications.
Compliance and controls – we created a compliance policy repository which acts as a single source of truth for all cluster policies. It includes validation gates and checks to ensure policies are valid and perform as expected. The management cluster is bootstrapped with Kubernetes-native continuous deployment tool ArgoCD, which manages the deployment of compliance controls. This forms a baseline for the creation of ArgoCD applications across other clusters, which are then configured to push policy changes from the compliance policy repository to assigned clusters. Additional platform features were used to enhance security, observability, cost visibility, and networking capabilities. Once the platform was complete, we conducted a successful pilot migration
Outcome: Intelligent Use of Amazon EKS Empowers Telco to Scale Cloud Operations
The telco now benefits from a sophisticated Amazon EKS platform, enabling it to manage clusters and container workloads seamlessly as it scales cloud adoption. Developers and platform engineers can deploy and onboard containerised applications knowing that compliance and other important factors are accounted for. This empowers them to accelerate the cloud migration process. It also allows them to focus on continual improvement and innovation, rather than baseline security and compliance, so they can unlock business value from the cloud faster.
