The challenge: growing pains
One Mount Group is Vietnam’s largest technological ecosystem, providing solutions and services along the entire value chain in the financial services, distribution, real estate, and retail sectors.
With so many services running on this large infrastructure, the data workloads One Mount has to work with every day are enormous.
And with the business rapidly expanding within Vietnam, One Mount recently found itself needing to make careful choices to keep adapting in time with its speed of growth.
With increasing customer need for a large expansion of their existing Kubernetes solution, data platform, and MLOps, the time came for the company to improve its services with faster and more efficient processes, and to scale with an emphasis on a growing focus on cloud operations. One Mount also needed to make sure it developed security appropriately around all these changes.
Due to the sheer scale and speed the project needed to help One Mount maintain the lead in its field, it needed to partner with a company that had expertise and experience in these kinds of infrastructure improvements — as well as a firm grip on best practices to offer the best advice on continuing the journey.
Enter SoftServe. One Mount had already reached out to SoftServe in March 2021 for TAM (technical account management) services, but as the conversations and workshops deepened, and these newer needs were considered, both companies realized a wider and more nuanced approach could achieve amazing results.
The solution: when Dev meets Ops
One Mount and SoftServe began to plan the best way to make this growing infrastructure best-in-class.
On a basic level, the project was all about reducing the load on the infrastructure team and reducing time to market by making it easier for developers to place new code on One Mount’s systems. All this, and taking special care to secure the infrastructure, to protect the data and applications it hosted.
The solution would involve introducing a smoother and better-integrated DevOps process to the whole infrastructure — in other words, infrastructure as code (IaC).
With a set methodology, versioning process, and descriptive models in place for defining and deploying infrastructure, developers would be able to see changes to their code instantly, rather than waiting for a separate team to troubleshoot.
Specifically, One Mount and SoftServe identified that they would need to:
- Implement Terragrunt — a wrapper for HashiCorp’s Terraform IaC tool — along with Atlantis, which is an application for automating pull requests on Terraform.
- Define policies for how Terraform and Atlantis function.
- Introduce quality gates to set criteria for project landmarks, to cut down on non-compliant resources being created.
- Implement a security engine to detect non-compliant resources on One Mount’s systems.
- Define other detective policies for resources that are running on the infrastructure.
The team: specialists assemble!
The work would be carried out by One Mount’s infrastructure and site reliability engineering (SRE) team — which already had members filling in the gaps between “Dev” and “Ops” for One Mount and were skilled in knowing how best to introduce true DevOps.
SoftServe’s team was a mixed group of experts who could work across each key element of the project.
The cloud architect would review technical components and workloads in One Mount’s current cloud environment, explore best practices, and offer technical and strategic guidance in optimizing the cloud frameworks.
Two SoftServe DevOps engineers would prepare the way on a technical level, to make implementing DevOps processes easier. Troubleshooting, diagnosing, and fixing production issues in software across the service lifecycle, they would develop monitoring solutions, perform maintenance and configuration, and help to fix One Mount’s internally developed code.
Adding the security element to the mix, SoftServe’s DevSecOps engineer would be responsible for reviewing existing security policies, procedures, standards, and tools, and advising on how to best move forward with the needs of the new architecture. Off the back of IaC, they would help to introduce security using policy as code (PaC) — managing security policies in the form of code, for continuous integration via the agreed DevOps approach.
Keeping a close eye on project goals and timelines, as well as keeping One Mount stakeholders fully informed of milestones, was SoftServe’s project manager.
Outcomes-at-a-glance: the technical results of One Mount and SoftServe’s collaboration
- A single IaC repository (monorepo), operated using Atlantis, to simplify development.
- Software dependencies managed with Terragrunt for quicker delivery.
- Easier referencing to development resources, with better navigation to and findability of code entities.
- The IaC repository’s structure redesigned to correspond directly to the structure of One Mount’s major cloud provider.
- Much improved compatibility and adaptability of code with One Mount’s infrastructure.
- Reviewed and optimized technical security controls for One Mount’s cloud provider, as well as across One Mount in general.
- Improvement of Docker container runtime security and Docker image security inspection.
- Better validation of compliance when developing new resources, integrated with Atlantis, and using Terraform’s Open Policy Agent for automated, preventative policy testing before implementation.
- Heightened validation to detect compliance of resources already deployed, using Open Policy Agent, allowing the reuse of existing policies for both preventive and detective streams.
Value delivered: optimized, secured, and expansion-ready
The crack team of One Mount and SoftServe techies ticked off every objective on the list, finishing on time and within scope.
The immediate effect was a marked improvement in process and productivity optimization — the main business goal of the project, achieved smoothly.
"Using a Terragrunt and monorepo approach truly empowered IaC’s value", says Nguyen Chi Cong, One Mount’s Head of DevOps and Cloud Infrastructure.
“With solid solutions and recommendations provided by SoftServe, One Mount is now much more confident to accelerate forward with our technology and infrastructure.”
Successfully implemented detection and prevention mechanisms via DevOps and IaC allowed One Mount’s engineering team to focus on value-adding tasks, rather than having to resolve issues manually, as they had in the past.
The IaC workflow, using Terragrunt and Atlantis, tightened the infrastructure development and operation process — meaning much faster scaling, with a lot less headaches.
Finally, built-in security of container management by DevSecOps reduced the pressure on the security team and provided better protection for data and services.
With everything in place, One Mount was all set to keep expanding its infrastructure to maximize the potential of its technology, team, and customer expectations.