This video illustrates a banks Cloud Native evolution from COBOL to Kubernetes.
It is presented by Laura Rehorst (Product Owner) and Mike Ryan (DevOps Consultant) working at the ABN AMRO bank (Algemene Bank Nederland-Amsterdam Rotterdam Bank).
Adopting Kubernetes in an enterprise environment is quite challenging, especially in the banking industry. The presenters share their insights and lessons learned during ABN AMRO’s Kubernetes adoption, and how it steadily accelerated the bank’s digital transformation.
In addition, this video includes a technical presentation that demonstrates how ‘Open Policy Agent’ is used in the Continuous Integration and Continuous Delivery (CICD) pipelines and Admission Controllers.
At 2.30 Laura emphasizes the benefits of moving towards containers. Some of the prominent benefits include increased development speed, flexibility, unified environment and cost-efficiency. She adds that containers are cheaper than virtual machines.
At 6.06 Mike Ryan mentions that a team ‘Stratus’ was created at ABN AMRO with a mission to enable development teams to quickly deliver secure and high-quality software by providing them with easy to use platforms, portability across clouds on the enterprise level and also reusable software components. At 11:41 Mike demonstrates a docker-specific pipeline where they are building an image and running the security checks through twist locks.
The final part of the pipeline is the cloud delivery part. The cloud delivery section takes the docker artifacts that are built, the Kubernetes resources are then run through the OPA policy checks. If all the policy and security checks get passed, then the results get delivered to the cluster.
At 12.16 Mike summarizes that ABN AMRO essentially has three pipelines where the output of one is the input through another. He adds that if an application is to be moved from one pipeline to another, the developer will just need to swap the last part of the pipeline with the assumption that their application is portable.
Policy enforcement with the Open Policy Agent (OPA)
At 13:11 Mike discusses how policy enforcement with the Open Policy Agent(OPA) is incorporated at ABN AMRO. OPA allows compliance as code which will allow getting all the benefits of the software development workflows. He adds that Githubs can now be used in their compliance management while semantic versioning is used for their policies.
This helps in instantly viewing which policy version is applied to a Kubernetes cluster. In addition, one can find who has updated and has not updated when a new policy is released. This is possible as they have locks for the differences in policies. At 14.19 he explains that the presence of a compliance dashboard has been really helpful as it helps in providing full visibility over the compliance state of the clusters and applications.
At 14.35 Mike mentions that in case a pipeline fails due to non-compliance, detailed contextual information about the root cause and the ways to fix the issue can be provided to the developers. One of the compliance checks that is done within the ABN internet-facing load balancers is never allowed.
In case a developer tries to create a public-facing load balancer in their module, they will receive an error mentioning ‘AWS internet-facing load balancers are not permitted’. The compliance rules usually have numbers associated with them. The developers can look out for that specific rule to know more about the compliance rule that has not been met.
At 17.46 Laura also discusses the lesson learned during the migration to Kubernetes. Some of their prominent lessons learned include staying focused on the minimal viable product, following a holistic approach to the technical aspects, and also creating clear governance. She also stresses the importance of broadly thinking in terms of platform capabilities rather than focusing too much on tooling.
The presenter also advises to always start small and keep iterating in a lean fashion with the actual customers in order to stay successful and to build a faithful rapport with the customer. Automation will always be welcomed by the customers. It is extremely vital that any process that has scope for automation should be automated in due course.
This video initially talks about the significant benefits of moving your applications towards containers. The presenter briefly explains how important it is for their bank to keep delivering software fast but also in complete compliance in a most secure way. It is also mentioned that around 3000 FSA applications are run within the bank. Their entire development process follows an agile approach.
This is followed by a demonstration of the generic pipeline as well as the Docker-based pipeline, the different compliance policies, and how they are customized to make the development process much easier, fast, and secure.