<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Cloud Native Architecture – service-delivery</title><link>https://deploy-preview-35--cncfarchitecture.netlify.app/tags/service-delivery/</link><description>Recent content in service-delivery on Cloud Native Architecture</description><generator>Hugo -- gohugo.io</generator><language>en</language><lastBuildDate>Wed, 04 Mar 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://deploy-preview-35--cncfarchitecture.netlify.app/tags/service-delivery/index.xml" rel="self" type="application/rss+xml"/><item><title>Architectures: A modern and sovereign Private Cloud «Kubernetes Service» for Swiss-based enterprises.</title><link>https://deploy-preview-35--cncfarchitecture.netlify.app/architectures/swisscom-kubernetes-service/</link><pubDate>Wed, 04 Mar 2026 00:00:00 +0000</pubDate><guid>https://deploy-preview-35--cncfarchitecture.netlify.app/architectures/swisscom-kubernetes-service/</guid><description>
&lt;h2 id="relevant-cncf-projects">Relevant CNCF projects&lt;/h2>
&lt;div class="row row-cols-1 row-cols-md-3 mb-4">
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Kubernetes
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/kubernetes/">&lt;img src="https://raw.githubusercontent.com/cncf/artwork/main/projects/kubernetes/icon/color/kubernetes-icon-color.svg" alt="kubernetes logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> 1.32.8 (CNIP)&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> 1.31.x - 1.34.x (SKP)&lt;/li>
&lt;/ul>
&lt;p>Kubernetes enables high availability, scalability, and performance for infrastructure, offering a centralized and policy-driven platform to manage network and service data supporting Managed Kubernetes for our cloud customers.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
KubeVirt
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/kubevirt/">&lt;img src="https://github.com/cncf/artwork/raw/main/projects/kubevirt/horizontal/color/kubevirt-horizontal-color.svg" alt="kubevirt logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v1.5.0 (CNIP)&lt;/li>
&lt;/ul>
&lt;p>Cluster resources are constructed using KubeVirt for virtual machine abstraction of Control Plane and Worker instances.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Kube-OVN
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/kube-ovn/">&lt;img src="https://github.com/cncf/artwork/raw/main/projects/kube-ovn/horizontal/color/kube-ovn-horizontal-color.svg" alt="kube-ovn logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v1.13.14 (CNIP)&lt;/li>
&lt;/ul>
&lt;p>Kube-OVN is utilized as network stack of the infrastructure cluster to enable intra-cluster/east-west network communication of user clusters. It enables a policy-driven security model as well as customer network isolation using VPCs.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
MetalLB
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/metallb/">&lt;img src="https://github.com/cncf/artwork/raw/main/projects/metallb/horizontal/color/metallb-horizontal-color.svg" alt="metallb logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v0.15.3&lt;/li>
&lt;/ul>
&lt;p>MetalLB is an integral component of the infrastructure deployment process, offering automated access to the framework that provisions individual user cluster resources on bare metal Kubernetes environments.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Container Storage Interface (CSI)
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://github.com/container-storage-interface">&lt;img src="https://github.com/cncf/artwork/raw/main/other/csi/horizontal/color/csi-horizontal-color.svg" alt="csi logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v25.06.3 (trident-csi)&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v0.4.5 (kubevirt-csi)&lt;/li>
&lt;/ul>
&lt;p>Kubevirt-CSI is the standard storage interface for persistent volumes in user clusters. Trident-CSI manages NetApp storage requests and can also be used directly to integrate with Swisscom&amp;rsquo;s File Service Kubernetes, which provides iSCSI and NFS shared storage across all Availability Zones.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Kyverno
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/kyverno/">&lt;img src="https://github.com/cncf/artwork/raw/main/projects/kyverno/horizontal/color/kyverno-horizontal-color.svg" alt="kyverno logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v1.13.4 (CNIP)&lt;/li>
&lt;/ul>
&lt;p>Kyverno serves as the default policy engine for infrastructure and user clusters, providing robust security constraints.
In addition to Kyverno, also Chainsaw (a Kyverno sub-project) is used for automated, declarative e2e testing.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
ArgoCD
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/argo/">&lt;img src="https://github.com/cncf/artwork/raw/main/projects/argo/horizontal/color/argo-horizontal-color.svg" alt="argo logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v3.2.0 (CNIP)&lt;/li>
&lt;/ul>
&lt;p>ArgoCD allows us to deliver comprehensive infrastructure using a fully automated GitOps methodology.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Helm
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/helm/">&lt;img src="https://github.com/cncf/artwork/raw/main/projects/helm/horizontal/color/helm-horizontal-color.svg" alt="helm logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v3.5.1 (CNIP)&lt;/li>
&lt;/ul>
&lt;p>Helm automates the creation, packaging, configuration, and deployment of Kubernetes applications by creating reusable charts.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
CloudNativePG
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/cloudnativepg/">&lt;img src="https://landscape.cncf.io/logos/d795f87b2810954c88802c0b4bd6b3eee5a840c32cbee7276b25831cfb09e1cd.svg" alt="cnpg logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2024&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v1.27.0 (CNIP)&lt;/li>
&lt;/ul>
&lt;p>CloudNativePG (CNPG) manages PostgreSQL databases in cloud-native environments. It handles the full lifecycle of highly available PostgreSQL clusters (primary/standby with native streaming replication), including declarative deployment, scaling, backups, self-healing, failover and monitoring.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;h2 id="describe-your-organisation">Describe your organisation&lt;/h2>
&lt;p>Swisscom is the leading ICT company in Switzerland and offers mobile, Internet and TV, as well as comprehensive IT and digital services to private and business customers.
Swisscom&amp;rsquo;s expertise in cloud native technologies is well-established, as evidenced by its status as a former Gold member and Management Board member of the Cloud Foundry Foundation, along with its certification for Cloud Foundry.
Additionally, Swisscom demonstrates a strong commitment to the Open-Source community, having been a CNCF Silver Member for several years and serving as a Kubernetes Certified Service Provider (KCSP) partner.
Our skilled employees have delivered numerous speeches and presentations at prestigious events such as KubeCon, Cloud Native Zürich, Swiss Cloud Native Day, KCD Suisse Romande, ContainerDays, among others.&lt;/p>
&lt;p>Our next generation Private Cloud Container as a Service offering «Kubernetes Service» for the B2B market addresses customer’s need for scalable and highly available Kubernetes workload as a flexible and secure IT foundation.
It is part of our Swiss-based Enterprise Service Cloud (ESC) market channel as a sovereign, Private Cloud Kubernetes offering for effortless provisioning and usage of our customer’s container workloads.&lt;/p>
&lt;h2 id="describe-your-entity-andor-team">Describe your entity and/or team&lt;/h2>
&lt;p>The development and delivery of the new «Kubernetes Service» is done at within Swisscom&amp;rsquo;s IT-Clouds Value Stream and shared across two teams:&lt;/p>
&lt;ul>
&lt;li>Pathfinders: responsible for the Cloud Native Infrastructure Platform (CNIP).
CNIP handles the creation, delivery, and lifecycle management of the KubeVirt-based virtual machines (VMs). These VMs function as nodes for both the Control Plane and Workers. The VMs are ephemeral and can be re-created immediately in case of any failure. They are solely used to enable container-based workloads and do not act as standalone VMs.&lt;/li>
&lt;li>Guardians: responsible for the Swisscom Kubernetes Platform (SKP), which runs on top of CNIP.
It consists of the installation of Kubermatic Kubernetes Platform (KKP) for the customer tenant (environment) and the setup and support of the highly available Control Plane for any customer (user) cluster.&lt;/li>
&lt;/ul>
&lt;p>The layered approach allows Swisscom to manage technological aspects distinctly by segregating the cloud native infrastructure (managed by the Pathfinders team) from the Kubernetes platform (managed by the Guardians team).
This strategy ensures considerable flexibility, permitting each layer to be combined or integrated with other technologies in the future.&lt;/p>
&lt;p>&lt;img src="./images/kubernetes-service-team-deliverables.png" alt="Kubernetes Service is a combination of CNIP &amp;amp; SKP deliverables">&lt;/p>
&lt;h2 id="brief-overview-of-your-architecture-and-any-potential-goals-you-are-trying-to-achieve-with-it">Brief overview of your architecture and any potential goals you are trying to achieve with it?&lt;/h2>
&lt;h3 id="summary">Summary&lt;/h3>
&lt;p>Kubernetes Service is the successor to our current container offering, representing a significant shift towards a more cloud-native approach using advanced Open-Source technology.
Currently bound to a vendor-specific implementation, Swisscom has opted to employ open-source tools for the development of cloud native products for customer use. This strategy aims to minimize dependencies and mitigate the risk of vendor lock-ins.&lt;/p>
&lt;p>By adopting this architecture, Swisscom can uphold quality within the cloud native domain while maintaining a competitive pricing model due to reduced reliance on external licensing and subscription models.
Furthermore, having the ability to develop, maintain, and operate all components internally enhances our decision-making processes and strengthens our roadmap capabilities.&lt;/p>
&lt;p>Another important point is that our customers&amp;rsquo; data will always remain within Switzerland and under Swiss law. Since we fully own the platform and do not rely on any external vendors, we can confidently guarantee true data sovereignty, hosted entirely on our premises without relying on vague marketing claims. Additionally, because Swisscom is not subject to the US Cloud Act or similar foreign regulations, no non-Swiss legislation can access the data.&lt;/p>
&lt;h3 id="brief-overview-of-architecture">Brief overview of architecture&lt;/h3>
&lt;p>A simplified high-level diagram describes Kubernetes Service, including multi-tenancy and security aspects:&lt;/p>
&lt;p>&lt;img src="./images/kubernetes-service-central-infra.png" alt="Central Kubernetes Infra Cluster is used to provide customer environments/tenants based on consolidated infrastructure">&lt;/p>
&lt;p>As illustrated in the figure, two separate and independent user tenants, BLUE and RED, are established on shared resources (depicted in yellow), managed by the Kubernetes Infrastructure Cluster. The foundation for all virtual abstractions is the Consolidated Infrastructure (COI) in Swisscom’s data centers.&lt;/p>
&lt;p>Each customer-specific environment comprises a management zone (MGMT Zone) and a workload zone.
These zones address shared responsibilities, where Swisscom provides the Control Plane for each customer&amp;rsquo;s environment (illustrated in blue and orange in the next figure).&lt;/p>
&lt;p>Customers have the flexibility to deploy workloads within the workload zone independently of the management resources as required.
Furthermore, each customer is able to maintain multiple environments. This provides an alternative method for segregating workloads at the tenant level instead of the Kubernetes cluster level, thereby ensuring comprehensive isolation from the outset.&lt;/p>
&lt;p>&lt;img src="./images/kubernetes-service-isolated-envs.png" alt="Each customer environment is isolated and comprises a management zone and workload zone">&lt;/p>
&lt;h3 id="goals-and-objectives">Goals and objectives&lt;/h3>
&lt;p>One of the primary objectives of the product refresh is to offer more desired features to customers.
Compared to the current offering, enhancements include:&lt;/p>
&lt;ul>
&lt;li>Upstream Kubernetes versions with faster updates&lt;/li>
&lt;li>Node Autoscaling&lt;/li>
&lt;li>Integrated Backup functionalities&lt;/li>
&lt;li>Native Kubernetes Load Balancer&lt;/li>
&lt;li>Modern customer self-service portal&lt;/li>
&lt;li>Additional Kubernetes add-ons available via Application Catalog&lt;/li>
&lt;/ul>
&lt;p>Moreover, additional options are directly available to our customers:&lt;/p>
&lt;ul>
&lt;li>Choose from different Container Network Interfaces (CNI)&lt;/li>
&lt;li>Access persistent storage through kubevirt-csi&lt;/li>
&lt;/ul>
&lt;p>With KubeVirt providing abstraction, KVM is employed as the hypervisor on bare-metal servers. From the customer&amp;rsquo;s perspective (Customer X), the administrator of their user cluster manages all selections and abstractions shown in the figure below, enabling customers to make independent decisions, e.g. choosing a default CNI from the available options (Cilium, Canal, None).&lt;/p>
&lt;p>&lt;img src="./images/kubernetes-service-ingredients.png" alt="Ingredients of Kubernetes Service and abstraction towards user/customer">&lt;/p>
&lt;p>In addition to technical improvements, we aimed to minimise reliance on external vendors and build a truly sovereign cloud solution that can compete with Public Cloud offerings, free from outside service dependencies. Our goal is for customers to run their Kubernetes workloads in our sovereign ESC Cloud, providing a comprehensive alternative to US hyperscalers - in terms of functionality and, most importantly, data privacy.&lt;/p>
&lt;h2 id="can-you-expand-on-why-you-are-using-those-projectsservices">Can you expand on why you are using those projects/services?&lt;/h2>
&lt;ul>
&lt;li>&lt;strong>Cloud-Native Implementation&lt;/strong>:
Utilized CNCF projects and technologies to deploy a comprehensive stack consistent with a microservices-based architecture, resulting in enhanced scalability and operational agility.&lt;/li>
&lt;li>&lt;strong>Kubernetes for Orchestration&lt;/strong>:
Adopted Kubernetes to manage containerized workloads, enabling automated deployment, scaling, and resilience on management as well as user cluster level.&lt;/li>
&lt;li>&lt;strong>Kube-OVN as network layer&lt;/strong>:
With Kube-OVN as CNI on the infrastructure clusters and it&amp;rsquo;s VPC functionality, it allows customer environments to be fully segregated on a shared platform, providing maximum flexibility and strong security enforcement. It enables the teams to use familiar cloud-native development, operations, and debugging tools and skills.&lt;/li>
&lt;li>&lt;strong>KubeVirt for VM abstraction&lt;/strong>:
A high-quality, Kubernetes-native virtual machine abstraction facilitates the deployment of container-based resources on a centralized cloud-native infrastructure platform, while maintaining flexibility for future use of VM resources.&lt;/li>
&lt;li>&lt;strong>Open-Source &amp;amp; Cost Efficiency&lt;/strong>:
CNCF components deliver vendor-neutral, cost-effective solutions that are fundamental to container orchestration and observability. These open-source tools form the foundation of our sovereign cloud initiative, empowering internal teams to design customized architectures independently of third-party vendors. Utilizing CNCF technologies allows us to maintain flexibility, scalability, and comprehensive control over our cloud infrastructure, supporting our strategic objectives of autonomy and innovation.&lt;/li>
&lt;li>&lt;strong>Declarative &amp;amp; Configuration-Driven Approach&lt;/strong>:
CNCF tools align with the low-code/no-code principle by enabling declarative configuration management.&lt;/li>
&lt;/ul>
&lt;h2 id="what-has-worked-well">What has worked well?&lt;/h2>
&lt;p>The implementation has eventually lead to the product launch of Kubernetes Service in August 2025, with some strong outcomes:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Layered Architecture for Enhanced Robustness&lt;/strong>:
The integration of Cloud Native Infrastructure Platform (CNIP) and Swisscom Kubernetes Platform (SKP) forms the foundation of the new Kubernetes Service, enabling flexible handling as separate platform layers for streamlined future operations.&lt;/li>
&lt;li>&lt;strong>Vendor-Agnostic Production Platform&lt;/strong>:
By eliminating proprietary technology, a resilient and adaptable foundation has been established to host managed Kubernetes clusters within Swisscom&amp;rsquo;s Private Cloud, ensuring a high degree of flexibility and scalability, as well as privacy.&lt;/li>
&lt;li>&lt;strong>Modern Cloud-Native Foundation&lt;/strong>:
The implementation of Kubernetes to deliver managed Kubernetes clusters to end customers enables a unified cloud-native stack across all layers of responsibility, promoting consistency and efficiency.&lt;/li>
&lt;li>&lt;strong>Best Practice Design&lt;/strong>:
Collaborating with Kubermatic, a modern Kubernetes platform was designed, incorporating the latest technologies such as KubeVirt and Kube-OVN, to ensure an enterprise-ready solution for end customers.&lt;/li>
&lt;li>&lt;strong>Operational Excellence&lt;/strong>:
Equipping teams with essential cloud-native and Kubernetes expertise enhances the attractiveness of Swisscom&amp;rsquo;s tech stack to potential candidates and reinforces the company&amp;rsquo;s commitment to the Open-Source community.&lt;/li>
&lt;li>&lt;strong>Successful Internal Adoption&lt;/strong>:
The Kubernetes Service was successfully launched as Swisscom&amp;rsquo;s internal Container platform, achieving significant traction with over 60% of workloads migrated within the first 9 months of operation.&lt;/li>
&lt;/ul>
&lt;h2 id="what-has-not-worked-well">What has not worked well?&lt;/h2>
&lt;p>While the architecture delivered significant improvements, several challenges emerged during implementation:&lt;/p>
&lt;ul>
&lt;li>
&lt;p>&lt;strong>Enterprise-Readiness of Cloud Native Technologies&lt;/strong>:
Despite successful scaling in test and internal production environments, many advanced cloud-native technologies faced difficulties when deployed in enterprise-grade settings for end customers (e.g., B2B market). This highlighted the need for further refinement and testing in real-world scenarios.&lt;/p>
&lt;p>For KubeVirt, for instance, there are only limited real-world examples, best practices or reference designs available to draw upon for large-scale, production-grade business deployments. Switching fully to Kube-OVN as the main network layer also demands extra effort and is less straightforward than traditional network solutions with established production lifecycles.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>&lt;strong>Limited Support and Professional Services&lt;/strong>:
The availability of professional support, particularly 24/7, for open-source and cloud-native technologies is limited. This poses challenges for enterprises seeking to adopt these technologies and provide services with guaranteed service levels (SLAs).&lt;/p>
&lt;p>A possible solution is for more companies to provide professional support and make these services more transparent. Furthermore, the CNCF could introduce a &amp;ldquo;Certified Supporter&amp;rdquo; verification system to strengthen trust in firms that offer professional support.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>&lt;strong>Knowledge Gaps and Skills Requirements&lt;/strong>:
Adopting new technologies demands specialized knowledge and expertise. In-house engineers required additional training and support to effectively maintain and troubleshoot products built on these technologies.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>&lt;strong>Customer Acceptance and Migration Challenges&lt;/strong>:
Introducing a new platform based on modern technologies, without a proven track record in enterprise-grade deployments, required significant effort to educate customers, facilitate migration from legacy stacks, and promote the benefits of a sovereign cloud solution. This process demanded substantial resources and support to ensure a smooth transition.&lt;/p>
&lt;/li>
&lt;/ul>
&lt;h2 id="what-sort-of-glue-have-you-had-to-develop-to-enable-usage-of-your-architecture-">What sort of “glue” have you had to develop to enable usage of your architecture ?&lt;/h2>
&lt;p>The reference architecture provides a strong foundation, making it practical and easy to use. The below elements were designed to simplify adoption, improve usability, and ensure seamless interaction across layers acting as the &amp;ldquo;glue&amp;rdquo;:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Unified Abstraction APIs&lt;/strong>: Developed APIs (Open Service Broker spec) that hide complexity and provide a consistent interface for orchestration and other consuming Operational Support Systems (OSS).&lt;/li>
&lt;li>&lt;strong>Advanced Routing Functionality&lt;/strong>: In order to integrate the customer environments into the Swisscom Core Network (MPLS), we developed and implemented our own concept of edge routers using BGP on FRRouting pods. This custom solution supports NAT, Fail-over (VRRP) as well as north-south firewalling (traffic from/to customer environments). These router pods are managed by an operator and configured with custom resource definitions.&lt;/li>
&lt;li>&lt;strong>Policy Integration Layer&lt;/strong>: Built operators to dynamically apply and manage Kyverno policies across different stages without requiring deep technical intervention.&lt;/li>
&lt;li>&lt;strong>Firewall Management&lt;/strong>: Implemented operators and API endpoints to allow customers to manage firewall rules on the SDN layer of the KubeVirt infrastructure, via Kube-OVN network policies.&lt;/li>
&lt;li>&lt;strong>Workflow Orchestration Logic&lt;/strong>: Developed and implemented the entire platform orchestration logic and automated pipelines from bottom-up.&lt;/li>
&lt;li>&lt;strong>Commandline tooling&lt;/strong>: Various commandline tools for human operators to manage and control the entire platform and all parts of it with ease.&lt;/li>
&lt;li>&lt;strong>Testing &amp;amp; Fine-tuning&lt;/strong>: With limited experience in large-scale bare-metal Kubernetes deployments, we had to do a lot of testing, validation and fine-tuning. We had to make sure, that the platform scales properly with more workloads being migrated every day.&lt;/li>
&lt;/ul>
&lt;h2 id="has-your-architecture-evolved-what-lessons-have-you-learned-from-previous-iterations">Has your architecture evolved? What lessons have you learned from previous iterations?&lt;/h2>
&lt;p>Our architecture and product have undergone significant evolution through iterative development, driven by customer feedback and emerging requirements.&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Iterative Development Approach&lt;/strong>:
We began by establishing foundational layers and meeting the needs of our internal Swisscom customers. Subsequent iterations introduced advanced features for end customers, incorporating feedback from both internal and external stakeholders.&lt;/li>
&lt;li>&lt;strong>Continuous Improvement and Feedback Loop&lt;/strong>:
Each iteration allowed us to gather valuable insights and add new functionalities, refining our product and enhancing customer satisfaction.&lt;/li>
&lt;li>&lt;strong>Steep Learning Curve and Expertise Development&lt;/strong>:
As we ramped up the product, our teams faced a significant learning curve, developing essential expertise and professionalizing DevOps processes to ensure seamless operation.&lt;/li>
&lt;li>&lt;strong>Strategic Partnerships and Support&lt;/strong>:
Our collaboration with Kubermatic enabled us to leverage professional support for key components, including KubeVirt and Kube-OVN, ultimately maturing our production platform and solidifying its readiness for enterprise-grade deployments.&lt;/li>
&lt;/ul>
&lt;p>Through this iterative process, we&amp;rsquo;ve gained valuable lessons and refined our architecture to better meet the needs of our customers, while developing the expertise and partnerships necessary to drive continued success.&lt;/p>
&lt;h3 id="outcome">Outcome&lt;/h3>
&lt;p>By embracing open-source and cloud native technologies, Swisscom successfully created a sovereign cloud solution, modernizing its container offering while reducing vendor lock-in and providing advanced features to customers. The new «Kubernetes Service» demonstrates the power of cloud native architectures in creating flexible, scalable, and cost-effective solutions for enterprise-grade services, all while ensuring true data sovereignty and regulatory compliance. This approach positions Swisscom as a leader in sovereign cloud solutions, offering Swiss (and European) customers a trusted alternative to global hyperscalers.&lt;/p>
&lt;h2 id="whats-next-for-your-architecture-what-are-you-looking-to-do-next">What’s next for your architecture? What are you looking to do next?&lt;/h2>
&lt;p>Building on the success of our proven reference architecture, which now supports both internal and external customer workloads in production, we&amp;rsquo;re focused on expanding and enhancing our offerings:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Hybrid Cloud Expansion and Multi-Cloud Flexibility&lt;/strong>:
We&amp;rsquo;re working to enable seamless public cloud deployments, complementing our existing Swiss-based data centers and strengthening hybrid cloud use cases.&lt;/li>
&lt;li>&lt;strong>Edge Cloud Support&lt;/strong>:
With cloud sovereignty in mind, we are developing a «Kubernetes Service On-Prem» extension that will deliver the Private Cloud product on a Cloud Edge Stack at customer premises, enabling an autonomous instance of our Kubernetes Service. This is currently in development with an interested customer.&lt;/li>
&lt;li>&lt;strong>GPU-Enabled Workloads and Emerging Technologies&lt;/strong>:
Next, we&amp;rsquo;ll be integrating GPU support and exploring other emerging technologies to unlock new possibilities for compute-intensive applications.&lt;/li>
&lt;li>&lt;strong>Customer-Driven Features and Enhancements&lt;/strong>:
We&amp;rsquo;re committed to delivering additional features and functionalities requested by our customers, further enriching our platform and services.&lt;/li>
&lt;li>&lt;strong>Simplified Onboarding and Resource Optimization&lt;/strong>:
To improve efficiency and resource utilization, we&amp;rsquo;ll be introducing a shared cluster concept, allowing for more flexible and efficient use of our bare-metal infrastructure.&lt;/li>
&lt;li>&lt;strong>Exploring New Use Cases - VM Workloads&lt;/strong>:
We&amp;rsquo;re also investigating the possibility of hosting classical VM workloads on our Cloud Native Infrastructure Platform (CNIP), expanding the platform&amp;rsquo;s use cases beyond container-based workloads and further increasing its versatility.&lt;/li>
&lt;/ul>
&lt;p>By pursuing these initiatives, we aim to continue delivering value to our customers, drive innovation, and grow our architecture and services to meet evolving needs.&lt;/p>
&lt;h2 id="discussion">Discussion&lt;/h2>
&lt;p>End user members may participate in the &lt;a href="https://github.com/cncf/tab/discussions/134">discussion thread&lt;/a> for this architecture.&lt;/p></description></item><item><title>Architectures: Scaling Adobe’s Service Delivery Foundation with a Cell-based Architecture</title><link>https://deploy-preview-35--cncfarchitecture.netlify.app/architectures/adobe/</link><pubDate>Fri, 11 Oct 2024 00:00:00 +0000</pubDate><guid>https://deploy-preview-35--cncfarchitecture.netlify.app/architectures/adobe/</guid><description>
&lt;h2 id="relevant-cncf-projects">Relevant CNCF projects&lt;/h2>
&lt;div class="row row-cols-1 row-cols-md-3 mb-4">
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Kubernetes
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/kubernetes/">&lt;img src="https://raw.githubusercontent.com/cncf/artwork/main/projects/kubernetes/icon/color/kubernetes-icon-color.svg" alt="kubernetes logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2019&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> 1.29.6&lt;/li>
&lt;/ul>
&lt;p>Kubernetes has been the foundation for our Internal Developer Platform and almost all of Adobe&amp;rsquo;s containerized workloads run on Kubernetes clusters.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Helm
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/helm/">&lt;img src="https://raw.githubusercontent.com/cncf/artwork/main/projects/helm/icon/color/helm-icon-color.svg" alt="helm logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2019&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> v3.12.3&lt;/li>
&lt;/ul>
&lt;p>Helm is our package manager and helps us abstract out some of the complexity by including them as dependencies and only exposing the values.yaml file.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Argo
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/argo/">&lt;img src="https://raw.githubusercontent.com/cncf/artwork/main/projects/argo/icon/color/argo-icon-color.svg" alt="prometheus logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2022&lt;/li>
&lt;/ul>
&lt;p>We are using all four projects under Argo:&lt;/p>
&lt;ul>
&lt;li>Argo CD: v2.9.22&lt;/li>
&lt;li>Argo Workflow: v3.4.6&lt;/li>
&lt;li>Argo Events: v1.9.0&lt;/li>
&lt;li>Argo Rollouts v1.6.0&lt;/li>
&lt;/ul>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;div class="col mb-4">
&lt;div class="card h-100">
&lt;div class="card-header">
Backstage
&lt;/div>
&lt;div class="card-body">
&lt;p class="card-text">
&lt;p>&lt;a href="https://www.cncf.io/projects/backstage/">&lt;img src="https://raw.githubusercontent.com/cncf/artwork/main/projects/backstage/icon/color/backstage-icon-color.svg" alt="helm logo">&lt;/a>&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Using since:&lt;/strong> 2023&lt;/li>
&lt;li>&lt;strong>Current version:&lt;/strong> TBD&lt;/li>
&lt;/ul>
&lt;p>Backstage is the backbone for our unified internal developer portal.&lt;/p>
&lt;/p>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;/div>
&lt;h2 id="developer-platforms--adobe">Developer Platforms @ Adobe&lt;/h2>
&lt;p>Adobe has been working on building an Internal Developer Platform (IDP) for the past several years. We have a core infrastructure layer which offers a compute layer on top of cloud providers such as AWS and Azure. On top of the infrastructure layer, we provide an end-to-end developer experience which helps developers in different phases of SDLC.&lt;/p>
&lt;p>Security, Compliance, Support and Cost Efficiency are cross-cutting concerns for both infrastructure and developer experience.&lt;/p>
&lt;h3 id="developer-experience--flex--adobe">Developer Experience / Flex @ Adobe&lt;/h3>
&lt;p>Adobe offers a rich developer experience to its developers to enable them to write better software faster. This includes a seamless experience for all phases of their application lifecycle: Concept → Code → Cloud → Customer. &lt;strong>Flex&lt;/strong> is the codename for Adobe’s &lt;strong>GitOps&lt;/strong>-based Service Delivery foundation.&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Concept → Code&lt;/strong>: Adobe offers standardized &lt;strong>bootstrappable golden templates&lt;/strong> via the unified developer portal (based on &lt;a href="https://backstage.io/">Backstage&lt;/a>), which provides a guided path that generates boilerplate code (with best practices built-in) for the app and infrastructure.
&lt;ul>
&lt;li>The promise is that you should be able to run and test the app locally right after code generation.&lt;/li>
&lt;li>The generated infrastructure includes, among other things, the manifests for the service’s CI/CD pipeline.&lt;/li>
&lt;li>&lt;em>Toolchain&lt;/em> - The developer portal is based on the industry-standard open-source tool Backstage.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>&lt;strong>Code → Cloud&lt;/strong>: Adobe offers customizable and flexible GitOps-based CI/CD pipelines (based on Argo projects) to developers.
&lt;ul>
&lt;li>The developers start with a paved path but Flex allows users to customize their CI/CD pipeline if needed, including adding new steps or changing the pipeline DAG.&lt;/li>
&lt;li>The CI/CD pipeline does just-in-time provisioning during deployments i.e. it provisions necessary resources to make deployments successful. For example, DNS endpoints, K8s namespaces, Argo CD apps etc.&lt;/li>
&lt;li>Advanced deployment strategies like Canary, Blue-Green etc. are supported out of the box.&lt;/li>
&lt;li>&lt;em>Toolchain&lt;/em> - We use industry-standard open-source Argo projects: Argo CD, Argo Workflows, Argo Events, and Argo Rollouts.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>&lt;strong>Cloud → Customer&lt;/strong>: Adobe offers a “Single pane of glass” developer experience (called Flexperience) in the developer portal for managing the application.
&lt;ul>
&lt;li>&lt;em>Toolchain&lt;/em> - The experience is provided as a Backstage plug-in in the developer portal.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>&lt;strong>Control Plane&lt;/strong> – The control plane for the service delivery workflow is based on AWS EKS clusters.&lt;/li>
&lt;/ul>
&lt;p>Flex has had rapid organic growth in the last 2 years since its launch. Here are some numbers that represent the scale that we are handling (as of Oct 2024):&lt;/p>
&lt;ul>
&lt;li>&amp;gt; 360 remote K8s clusters&lt;/li>
&lt;li>&amp;gt; 22K Argo CD apps&lt;/li>
&lt;li>&amp;gt; 30K deployments per month&lt;/li>
&lt;li>&amp;gt; 1K services in production&lt;/li>
&lt;/ul>
&lt;p>And these numbers are increasing by the day.&lt;/p>
&lt;p>In this article, we will cover Flex’s initial architecture, its challenges, and the need for a re-architecture. Then, we will deep-dive into our new Flex-in-a-box architecture, including the architecture requirements and an introduction to cell-based architecture. We’ll conclude by discussing the benefits, challenges, use cases, and future ideas.&lt;/p>
&lt;h2 id="initial-architecture">Initial Architecture&lt;/h2>
&lt;p>Here is a simplified high-level diagram describing how Flex acts as the foundation between the source (Github), destinations, and the developer surfaces.&lt;/p>
&lt;p>&lt;img src="./images/FlexHighLevel.png" alt="High Level Diagram">&lt;/p>
&lt;p>As you can see in the diagram, the CI/CD foundation acts as the glue between the source and the destinations. The developer surfaces, powered by the foundation, offer paved roads and seamless workflows for various use cases.&lt;/p>
&lt;p>Here is the initial architecture that we started with.&lt;/p>
&lt;p>&lt;img src="./images/InitialArchitecture.png" alt="Initial Architecture Diagram">&lt;/p>
&lt;p>We have a Hub-and-Spoke architecture with the Hub in the middle (aka Flex Hub k8s cluster) connected to the various remote K8s clusters, which act as the spokes. As you can see, we have Git as the source of truth on the left, and K8s clusters as the remote clusters (destinations) on the right.&lt;/p>
&lt;p>We use Argo Workflows for creating the CI/CD pipeline, Argo CD for providing GitOps capabilities, and Argo Events for catching events and triggering workflows. The CI/CD pipeline runs on the Hub cluster in a per-service namespace. Argo Rollouts is installed on remote K8s clusters and provides advanced deployment capabilities with Argo CD. The service runtime runs on namespaces provisioner on these remote K8s clusters.&lt;/p>
&lt;p>Provisioner is a homegrown component that does the just-in-time provisioning during deployments. A couple of home-grown Observability components send events and information to our homegrown Flex backend, where the data is aggregated and exposed via a set of Flex APIs. The Flex developer experience (aka Flexperience) in the Developer Portal / Backstage uses the Flex APIs provided by the Flex backend to populate the service’s info.&lt;/p>
&lt;p>Each service has two repos associated with it: an app repo and a deploy repo. App repo has the code for business logic, and the deploy repo has the configs and manifests for CI/CD, K8s resources etc.&lt;/p>
&lt;h3 id="challenges-with-initial-architecture">Challenges with Initial Architecture&lt;/h3>
&lt;p>While the initial architecture provided a starting point, it had its challenges. We realized these challenges after 6 months when we crossed approximately 2.5K Argo CD applications.&lt;/p>
&lt;p>&lt;strong>No tuning&lt;/strong> - We used the Argo components with no/minimal tuning, and realized that there were several knobs and controls available on the Argo components that could be leveraged to improve the stability, performance, and scalability of the components.&lt;/p>
&lt;p>&lt;strong>Heavy load on K8s control plane&lt;/strong> - Flex Hub cluster is based on AWS EKS, and we just had one Hub cluster. We realized that Argo CD and Argo Workflows interact heavily with the EKS control plane, which includes the K8s API Server and etcd. The CI/CD experience is severely impacted when the K8s control plane is under heavy load.&lt;/p>
&lt;p>&lt;strong>Shared control plane&lt;/strong> - Both Argo CD and Argo Workflows were running on the same EKS cluster, which multiplied the overhead and load on the EKS control plane. This impact was observed in terms of degraded latency of the K8s API server, high etcd usage/churn etc., that caused a severe impact on the performance of anything interacting with the K8s control plane, including the Argo components. As a result, the user experience was getting impacted and client deployments were either taking a long time or failing.&lt;/p>
&lt;p>&lt;strong>No automation to create Flex Hub cluster&lt;/strong> - Flex Hub cluster was brought up manually, over many quarters, by different individuals. We did not have a concrete list of steps and automation to bring up a Flex Hub cluster, thereby putting us at risk if the Hub cluster goes down. It was a huge risk for the platform team and client teams because it would have taken us a long time to create a new one, and client deployments would have been stuck during that duration.&lt;/p>
&lt;p>As a result of these challenges, we experienced several outages for the developer experience CI/CD workflows, including slow builds, hung workflows, and deployments taking too long, among other things.&lt;/p>
&lt;h2 id="potential-solutions">Potential Solutions&lt;/h2>
&lt;p>Given the problems we faced, we realized quickly that one Flex Hub cluster would not be enough. We invested heavily in vertically scaling Flex Hub cluster by tuning and optimizing the Argo components, EKS control plane, and homegrown tooling. This helped us get out of the woods and support &amp;gt;10K Argo CD apps. While we will continue to scale Flex Hub cluster vertically to support more services/Argo CD apps, we knew that the runway will be limited.&lt;/p>
&lt;p>We were projecting 10X growth in the next two years, and one Flex Hub cluster could not support all that scale alone. We needed more than one Flex Hub cluster.&lt;/p>
&lt;h3 id="scale-up">Scale Up&lt;/h3>
&lt;p>There were a lot of configuration changes and optimizations we did to scale Flex Hub cluster vertically. These included:&lt;/p>
&lt;ul>
&lt;li>Scale up replica count for Argo CD application controller and repo server&lt;/li>
&lt;li>Ask Argo CD to exclude resources that we should not manage&lt;/li>
&lt;li>Tune Argo CD self-heal and reconciliation timeouts&lt;/li>
&lt;li>Adjust Argo CD repo server parallelism&lt;/li>
&lt;li>Enable gzip compression for server responses&lt;/li>
&lt;li>Archive old Argo Workflows by setting a short TTL&lt;/li>
&lt;li>Switch from K8s APIs to Argo CD APIs to leverage informer cache&lt;/li>
&lt;/ul>
&lt;p>This list is not exhaustive and there were many more improvements which helped us tremendously. We have talked about some of these improvements in previous talks:&lt;/p>
&lt;ul>
&lt;li>&lt;a href="https://www.youtube.com/watch?v=7yVXMCX62tY">Key Takeaways from Scaling Adobe&amp;rsquo;s CI/CD Solution to Support 50K Argo CD Apps (KubeCon EU 2024)&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://www.youtube.com/watch?v=MDXrc_cLVns">Scaling a GitOps Platform at Adobe (GitOpsCon 2024)&lt;/a>&lt;/li>
&lt;/ul>
&lt;h3 id="scale-out">Scale Out&lt;/h3>
&lt;p>While the scale-up improvements were helping, we decided to re-architect. Though we had a couple of options, we decided to scale horizontally by having more than one Flex Hub cluster because it satisfied many of the architecture requirements (listed below) and gave us the biggest bang for the buck.&lt;/p>
&lt;p>This was not going to be easy, because we had hundreds of production services running and we did not want to impact any of them. The rest of the article goes into the details of how we approached the re-architecture.&lt;/p>
&lt;h3 id="flexbox-concept">Flexbox concept&lt;/h3>
&lt;p>As a first step, we came up with the concept of a &lt;strong>Flexbox&lt;/strong>. A Flexbox is a collection of Flex components that work together to provide the GitOps foundation for our CI/CD solution. We called the Flex Hub K8s cluster which formed the basis of our initial architecture, Flexbox 1.&lt;/p>
&lt;p>Keeping future extensibility in mind, we also decoupled the concept of Flexbox from clusters. A Flexbox can be extended to support many physical and virtual Hub clusters inside it. Because the initial architecture had just one physical Flex Hub cluster, Flexbox 1 also had one Hub cluster.&lt;/p>
&lt;h2 id="new-architecture-requirements">New Architecture Requirements&lt;/h2>
&lt;p>We came up with the following key requirements for the new architecture.&lt;/p>
&lt;ol>
&lt;li>Ability to &lt;strong>predictably add scale&lt;/strong> (horizontally and vertically) as needed, for short-term and future needs.&lt;/li>
&lt;li>Ability to &lt;strong>relocate services&lt;/strong> out of Flexbox 1 and relieve pressure.&lt;/li>
&lt;li>The services should not decide which Flexbox they are on.&lt;/li>
&lt;li>&lt;strong>No impact of rearchitecture on any existing services&lt;/strong> (runtime or CI/CD) on Flexbox 1.&lt;/li>
&lt;li>No impact on service runtime during box-2-box relocation.&lt;/li>
&lt;li>A service (app and deploy repos) should be associated with one Flexbox at a time.&lt;/li>
&lt;li>Minimal impact/downtime during relocation to the service’s CI/CD pipeline, if at all.&lt;/li>
&lt;li>During relocation, the service owners should be aware of the relocation and the downtime.&lt;/li>
&lt;li>Ability to support more than one physical or virtual clusters inside a Flexbox.&lt;/li>
&lt;li>Ability to support non-container workflows as well e.g. Serverless, Cloud Infrastructure etc.&lt;/li>
&lt;/ol>
&lt;h2 id="what-is-cell-based-architecture">What is Cell-Based architecture&lt;/h2>
&lt;p>Cell-based architecture is an architecture pattern that involves designing systems with multiple cells capable of executing the designated tasks independently. The basic idea is to have the ability to scale out by adding identical cells that handle the same kind of workload and isolate fault boundaries to limit the impact in case of failures.&lt;/p>
&lt;p>Each cell is independent, does not share any state with other cells, and handles a subset of the overall workload requests. This reduces the potential impact of a failure, such as a bad software update, on an individual cell and the requests that it&amp;rsquo;s processing.&lt;/p>
&lt;p>Here&amp;rsquo;s a diagram that depicts the cell-based architecture at a high level:
&lt;img src="./images/CellBasedArchitecture.webp" alt="Cell-based Architecture Diagram">&lt;/p>
&lt;p>More details here:
Diagram Source: &lt;a href="https://newsletter.systemdesign.one/p/cell-based-architecture">https://newsletter.systemdesign.one/p/cell-based-architecture&lt;/a> &lt;br>
Reference: &lt;a href="https://docs.aws.amazon.com/wellarchitected/latest/reducing-scope-of-impact-with-cell-based-architecture/what-is-a-cell-based-architecture.html">https://docs.aws.amazon.com/wellarchitected/latest/reducing-scope-of-impact-with-cell-based-architecture/what-is-a-cell-based-architecture.html&lt;/a>&lt;/p>
&lt;h2 id="flex-in-a-box-fiab-architecture">Flex-in-a-Box (FiaB) architecture&lt;/h2>
&lt;p>With the requirements above, we developed a &lt;strong>Flex-in-a-box (FiaB) architecture&lt;/strong>. This architecture allows us to encapsulate Flex components in boxes and easily replicate them to add scale on demand. We started by adding a new Flexbox 2. Before FiaB, all services were associated with Flexbox 1. This means that the CI/CD pipelines for these services run on Flexbox1. With FiaB and newer Flexboxes, now services can be onboarded to Flexbox 2 also, and any of the future Flexboxes.&lt;/p>
&lt;p>To keep the impact of architectural changes to a minimum, we decided to have just one physical Hub cluster in Flexbox 2 too, and make it very similar to the Flex Hub cluster in Flexbox 1.&lt;/p>
&lt;p>Our FiaB architecture is based on three Rs:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Recreation&lt;/strong> – Ability to (re)create and upgrade more Flexboxes with repeatability and predictability, with a GitOps-based CI/CD pipeline.&lt;/li>
&lt;li>&lt;strong>Redirection&lt;/strong> – Ability for Flex admins to decide which service maps to which Flexbox via declarative rules, and have services routed to the correct boxes based on those rules.&lt;/li>
&lt;li>&lt;strong>Relocation&lt;/strong> – Ability to relocate a service (with automation) from one Flexbox to another with zero downtime for the service runtime, zero work for the service team, and minimal downtime (&amp;lt; 15 mins) for the CI/CD pipeline.&lt;/li>
&lt;/ul>
&lt;p>Here’s a diagram that captures these three concepts. More details on these 3 Rs below.&lt;/p>
&lt;p>&lt;img src="./images/FiaBArchitecture.png" alt="3R diagram">&lt;/p>
&lt;h3 id="recreation">Recreation&lt;/h3>
&lt;p>We created a GitOps-based pipeline for Flexbox lifecycle management. This means that there is a Flexbox config in Git which defines what a Flexbox looks like. Here is a diagram showing the workflow in action:&lt;/p>
&lt;p>&lt;img src="./images/FiaBAutomation.png" alt="Recreation diagram">&lt;/p>
&lt;p>As can be seen from the diagram, any changes to the Flexbox config triggers a Flexbox automation Argo workflow. The workflow has a series of steps that automate the setup of a Flexbox on top of an EKS cluster.&lt;/p>
&lt;p>The workflow has two key objectives:&lt;/p>
&lt;ol>
&lt;li>Creates the Helm charts for the various Flexbox components - This step understands the Flexbox configs and creates the Helm charts for Flexbox components, including Argo CD, Argo Workflows, Argo Events, Provisioner and Monitoring.
&lt;ul>
&lt;li>The workflow step then commits these Helm charts to Git, allowing Argo CD apps to sync these changes to the destination Flexbox.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>Provisioning resources for Flexbox components, including creating Argo CD apps for each of the Flex components (Argo CD, Argo Workflows, Argo Events etc.) that need to be installed in the Flexbox. It’s an Argo of Argos architecture, where an Argo CD 0 (level zero) manages the Argo CD apps (level 1) for the various Flex components to be deployed on the destination Flexbox.&lt;/li>
&lt;/ol>
&lt;h3 id="redirection">Redirection&lt;/h3>
&lt;p>Once we have a new Flexbox, we need the ability to map services to Flexboxes and redirect the Github events to the correct Flexbox. This function is performed by a new component called &lt;strong>Redirector&lt;/strong>, which sits between Github and the Flexboxes (as can be seen in the new architecture diagram above).&lt;/p>
&lt;p>Loosely speaking, Redirector acts as a poor man&amp;rsquo;s load balancer for Flexboxes. When the first event arrives for any service, Redirector evaluates the rules defined by Flex admins and maps the service to a Flexbox based on the rules. These rules are specified declaratively in a Github repo for Redirector by Flex admins. Redirector stores the box&amp;lt;&amp;gt;service mapping in a DB for future reference. For any subsequent GitHub events, it just picks up the mapping from the DB and routes the events to the appropriate Flexbox.&lt;/p>
&lt;h3 id="relocation">Relocation&lt;/h3>
&lt;p>While Flexbox 2 and other components in FiaB architecture were being built, there was constant organic adoption of Flex, Flexbox 1 was getting filled up and was under increasing pressure.&lt;/p>
&lt;p>To relieve the pressure on Flexbox 1 and future use cases too, we needed a way to cleanly relocate a service from a source Flexbox to a destination Flexbox, without disrupting the service runtime. We created a new component called &lt;strong>Relocator&lt;/strong> which does just that. Here are the four broad phases in the Relocator:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>Stop the service’s CI/CD pipeline on source Flexbox&lt;/strong> - This would include pausing the Argo CD sync and stopping Redirector from sending the events for this service to the source Flexbox. This step also flags the service status (in Redirector) as “relocating” which helps us inform the developers that their service’s deployment pipeline is “under maintenance”.&lt;/li>
&lt;li>&lt;strong>Recreate the service’s CI/CD pipeline on the destination Flexbox&lt;/strong> - This includes recreating/copying the resources in the source Flexbox on the destination Flexbox.&lt;/li>
&lt;li>&lt;strong>Validate and start the service’s CI/CD on destination Flexbox&lt;/strong> - This includes starting the Argo CD sync and allowing Redirector to send the events for this service to the destination Flexbox.&lt;/li>
&lt;li>&lt;strong>Delete Flex pipeline on source Flexbox&lt;/strong> - Once everything is working fine, delete the resources on the source Flexbox to clean things up. This step also removes the “relocating” service status in Redirector.&lt;/li>
&lt;/ol>
&lt;h3 id="flex-in-a-box-fiab-vs-cell-based-architecture">Flex-in-a-box (FiaB) vs Cell-based architecture&lt;/h3>
&lt;p>When we started on FiaB, we did not use cell-based architecture as a reference. We realized later when we had conceived the new architecture that it is conceptually very similar to cell-based architecture.&lt;/p>
&lt;p>In terms of comparison, a Cell in a cell-based architecture is loosely equivalent to a Flexbox in Flex-in-a-Box (FiaB).&lt;/p>
&lt;h2 id="benefits--what-worked-well">Benefits / What worked well&lt;/h2>
&lt;p>The new Flex-in-a-box architecture offers various benefits:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>“Stamp” setup&lt;/strong> - Ability to predictably and reliably create new Flexboxes.&lt;/li>
&lt;li>&lt;strong>Scale horizontally&lt;/strong> - Industry-proven way to scale horizontally by adding scale on demand.&lt;/li>
&lt;li>&lt;strong>Reduce existing load&lt;/strong> - Ability to relieve pressure on a Flexbox by allowing us to relocate services across Flexboxes, without any downtime.&lt;/li>
&lt;li>&lt;strong>Minimal relocation impact&lt;/strong> - Minimal impact/downtime to the service’s CI/CD pipeline for the duration of the relocation.&lt;/li>
&lt;li>&lt;strong>Abstracted Flexbox mapping&lt;/strong> - Service teams need not worry about which Flexbox they are on. Flex team decides the service&amp;lt;&amp;gt;Flexbox mapping.&lt;/li>
&lt;li>&lt;strong>Dedicated Flexboxes&lt;/strong> - Ability to provide dedicated Flexboxes to teams if need be.&lt;/li>
&lt;li>&lt;strong>Enhanced testing ability&lt;/strong> - Allow Flex team to test features/rollouts/infrastructure better using multiple boxes.&lt;/li>
&lt;li>&lt;strong>Configuration flexibility&lt;/strong> - Different Flexboxes may have different versions of Flex components installed if need be. In fact, different Flexboxes may have different components altogether. For example, one may host GitHub Action runners inside a Flexbox, rather than Argo Workflows. One Flexbox may have two clusters in it. We need to be wary of snowflakes though.&lt;/li>
&lt;li>&lt;strong>Better audit&lt;/strong> - Ability to track, monitor and audit GitHub events coming via Redirector.&lt;/li>
&lt;li>&lt;strong>Efficiency&lt;/strong> - Ability to maintain Flexboxes at optimum capacity rather than stretching one Flexbox to the limit.&lt;/li>
&lt;li>&lt;strong>Limit blast radius&lt;/strong> - If one of the boxes goes down, only services mapped to that Flexbox are affected, and can be relocated.&lt;/li>
&lt;li>&lt;strong>Better disaster recovery&lt;/strong> - Ability to recover quickly from disasters because of relocation.&lt;/li>
&lt;/ol>
&lt;h2 id="performance-tests--benchmarking">Performance Tests / Benchmarking&lt;/h2>
&lt;p>We did several benchmarking and testing efforts to see the benefits of the various vertical and horizontal scaling improvements.&lt;/p>
&lt;p>We recently presented them with the details at KubeCon EU 2024. Here’s the link: &lt;br>
&lt;a href="https://www.youtube.com/watch?v=7yVXMCX62tY">Key Takeaways from Scaling Adobe&amp;rsquo;s CI/CD Solution to Support 50K Argo CD Apps&lt;/a>&lt;/p>
&lt;p>We also published a blog with focus on Argo Workflows scalability testing:&lt;br>
&lt;a href="https://cnoe.io/blog/argo-workflow-scalability">Argo Workflows Controller Scalability Testing on Amazon EKS&lt;/a>&lt;/p>
&lt;h2 id="challenges--risks">Challenges / Risks&lt;/h2>
&lt;p>While this architecture works well for us and provides us with a lot of flexibility, every architecture has some challenges, risks and overheads. Here are a few for FiaB architecture:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>Infrastructure cost&lt;/strong> - There is some extra cost of running each Flexbox due to the additional control plane and the extra capacity buffer per cluster.&lt;/li>
&lt;li>&lt;strong>Complexity&lt;/strong> - Architecture becomes more complex because of adding a new Redirector component between GitHub and Flexbox. As a side effect, Redirector becomes a single point of failure across Flexboxes.&lt;/li>
&lt;li>&lt;strong>Thresholds/Limits&lt;/strong> - Defining and managing limits for each Flexbox is a challenge.&lt;/li>
&lt;li>&lt;strong>Support cost&lt;/strong> - The support team has to understand the role played by Redirector and Relocator when troubleshooting issues.&lt;/li>
&lt;li>&lt;strong>User experience&lt;/strong> - If a service gets relocated, some links exposed to clients may change e.g. Argo CD and Argo Workflows URLs, along with Hub cluster information.&lt;/li>
&lt;/ol>
&lt;h2 id="use-cases">Use cases&lt;/h2>
&lt;p>The Flex-in-a-box architecture opens up a world of possibilities for us in the future. Here are a few use cases:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>Dedicated Flexboxes for specific orgs/teams&lt;/strong> - Some teams have already requested dedicated Flexboxes for their teams to effectively manage the noisy neighbor problem, and also enable efficient chargeback.
&lt;ul>
&lt;li>This also allows us to shard the clusters better across Flexboxes.&lt;/li>
&lt;/ul>
&lt;/li>
&lt;li>&lt;strong>Domain-specific Flexboxes&lt;/strong> - Specific Flexboxes could be dedicated to specific domains. For example:
&lt;ol>
&lt;li>Windows - Windows builds are a different beast than builds for Linux. Services workflows needing Windows builds may get routed to a Flexbox with specific tools/components to do a Windows build.&lt;/li>
&lt;li>Desktop / Mobile - Builds for desktop and mobile apps may need a dedicated build farm. One or more Flexboxes can be designated/dedicated for this.&lt;/li>
&lt;li>Cloud Infrastructure Provisioning - Cloud infrastructure provisioning requires custom operators and may need a separate Flexbox to ensure that specific custom operators do not adversely affect the performance of existing workloads. We can provide a dedicated box for hosting such workloads.&lt;/li>
&lt;li>FaaS/Wasm - Building and testing Wasm modules could be very different than building containers. We can provide a dedicated box for hosting FaaS workflows.&lt;/li>
&lt;/ol>
&lt;/li>
&lt;li>&lt;strong>Toolchain-specific Flexboxes&lt;/strong> - Flexboxes could cater to specific toolchains too. For example, if a service is using GitHub Actions (GHA) as the technology for pipeline creation and executions, GHA runners for the same could run in a specific Flexbox.&lt;/li>
&lt;/ol>
&lt;h2 id="whats-next--future-exploration">What&amp;rsquo;s Next / Future Exploration&lt;/h2>
&lt;h3 id="flex-in-a-box-improvements">Flex-in-a-Box improvements&lt;/h3>
&lt;p>While this architecture will serve us well in the future, here are some areas of future exploration:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Better sharding&lt;/strong> - As of now, all remote clusters are registered with Flexbox 1 and Flexbox 2. There is a hidden performance impact on the remote cluster for each Argo CD instance monitoring it. We can improve the sharding to have specific orgs/services on a specific Flexbox. This allows only clusters associated with those services to be registered with Argo CD on that box.&lt;/li>
&lt;li>&lt;strong>Split Argo CD and Argo Workflows across clusters&lt;/strong> - One of the challenges with current architecture is that both Argo CD and Argo Workflows are on the same cluster. This can be improved by running Argo CD on a cluster other than the one running Argo Workflows. This separate cluster could be another physical cluster in the same Flexbox, or it could be a virtual cluster (e.g. vCluster) running on the existing physical/host cluster.&lt;/li>
&lt;/ul>
&lt;h3 id="open-sourcing">Open-sourcing&lt;/h3>
&lt;p>Alongside the architecture improvements, Adobe is an integral part of CNOE cohort and we are working with a few companies (inside and outside of CNOE) to see how they can use what we have already built, and open-source Flex (or perhaps parts of it to start with).&lt;/p>
&lt;h3 id="unified-cicd">Unified CI/CD&lt;/h3>
&lt;p>We have started a new initiative called Unified CI/CD which has the following goals:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>Beyond containers&lt;/strong> - We primarily cater to container based workloads and this initiative helps us serve non-container use cases such as mobile, static website, desktop, serverless etc.&lt;/li>
&lt;li>&lt;strong>Secure by default&lt;/strong> - We aim to incorporate all non-negotiable security best practices by default in our pipelines and enforce them.&lt;/li>
&lt;li>&lt;strong>Sealed Paved Roads&lt;/strong> - We are working towards providing paved roads/paths for the most common use cases and make them &lt;strong>&amp;ldquo;sealed&amp;rdquo;&lt;/strong>, minimizing the need (and making it hard) to deviate from the paved road while ensuring standardization, configurability, security, compliance, and other best practices.&lt;/li>
&lt;li>&lt;strong>Simplified workflows&lt;/strong> - Make the workflows simpler to ensure faster onboarding, reduced time for &amp;ldquo;zero to first commit&amp;rdquo;, faster “Concept -&amp;gt; Code -&amp;gt; Running state”.&lt;/li>
&lt;/ol>
&lt;h2 id="key-takeaways--lessons-learnt">Key Takeaways / Lessons Learnt&lt;/h2>
&lt;p>There were many key takeaways in this journey and several lessons learnt that can benefit the community. Here are a few:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>Developer Experience as a Product&lt;/strong> - Developer Experience should be treated as a product and non-functional requirements (NFRs, such as scalability, stability, performance etc.) should be given as much importance as functionality.&lt;/li>
&lt;li>&lt;strong>Plan for future scale&lt;/strong> - Plan upfront about horizontal and vertical scaling needs, and how a combination of the two can help you achieve your scaling needs. The architecture should be able to evolve to handle future requirements and scale.&lt;/li>
&lt;li>&lt;strong>Sharding Strategy&lt;/strong> - Think of a sharding strategy for your services depending on your requirements. For Adobe, specific orgs/services on a specific Flexbox works out well.&lt;/li>
&lt;li>&lt;strong>Flexbox automation&lt;/strong> - Automate the creation of “your Flexboxes” from the beginning. This helps bring in predictability and reliability.&lt;/li>
&lt;li>&lt;strong>Performance Monitoring&lt;/strong> - Monitor key performance metrics from the beginning to figure when your infrastructure is under stress. We figured it too late and it led to clients facing issues before we could detect them.&lt;/li>
&lt;li>&lt;strong>K8s Control Plane as the bottleneck&lt;/strong> - We realized it pretty late that K8s control plane can become a bottleneck and how Argo CD and Argo Workflows can pound the K8s API server. Avoid having Argo CD and Argo Workflows on the same cluster.&lt;/li>
&lt;li>&lt;strong>Plan for Disasters / Relocation&lt;/strong> - Disasters will happen. Clusters will go down. Think of how you would deal with it. Can you relocate workloads to another cluster? Another Flexbox? What would be the Developer Experience before/during/after relocation?&lt;/li>
&lt;/ol>
&lt;h2 id="conclusion">Conclusion&lt;/h2>
&lt;p>A rich and seamless developer experience acts as a developer productivity multiplier and helps any enterprise compete better. Flex-in-a-box architecture provides Adobe with a solid foundation which we can use to scale our current developer experience foundation for future needs. This includes developer experience needs for use cases such as Windows, Serverless, Cloud Infrastructure, Desktop and Mobiles, Static Websites etc.&lt;/p>
&lt;h2 id="discussion">Discussion&lt;/h2>
&lt;p>End user members may participate in the &lt;a href="https://github.com/cncf/tab/discussions/138">discussion thread&lt;/a> for this architecture.&lt;/p></description></item></channel></rss>