Today, blockchain provides unique powers for financial asset management, helping companies and entrepreneurs across numerous industries keep their finances secure, integral, and conveniently managed. We had special pleasure of working with a client that was specializing in financial asset management and running an authentic blockchain-powered platform. The MVP of a blockchain trading platform, to be precise. We were tasked with scaling the project’s infrastructure and underlying processes, helping to grant a high level of stability and availability of the project in production.
For this, a dedicated team of experienced blockchain DevOps software engineers set out to support the development of a high-load project related to financial management. Among the major tasks initially was to provide declarative descriptions for all connected services and processes in order to achieve full high-security standards compliance in all project elements and minimum project element restoration time.
The MVP of the authentic trading platform project was just recently done by the client’s team of developers. From there on out, we had general tasks to configure and optimize non-trivial platform services, solutions, and internal processes, achieve high-level security compliance, as well as fully lead all development processes and manage the production environment in the future. Other minor and major tasks on the agenda included:
- Specification of the project’s architecture blueprint based on the trading platform specifics, which included approving tools, integration options, and project security and fail-safety requirements;
- Deployment of the testing environment along with full integration and configuration of all required project services;
- Configuration and automation of flexible product deployment via Canary and Blue-Green for Kubernetes-clusters;
- Developers’ team onboarding concerning the application of Kubernetes way;
- Deployment and support of the project in the production.
|Client||Location||Project goal||Team||Project Timeframe|
Company specializing in developing financial projects
Financial startup (through agreement)
|Develop a DevOps strategy and a roadmap for building from scratch and scaling into production a unique financial project.Implement a centralized secrets storage and matrix of user roles for the tech team and clients.Grant the ability to use different types of deployments and configuration of the flexible CI/CD flow.Configure different types of autoscaling with detailed resource and services consumption monitoring.||2 Lead DevOps Engineers||Consulting services and support have been provided since February 2020|
Stack of tasks
- Configuration of the apps’ deployment into the Kubernetes cluster;
- Elaboration of processes and guidelines for different mechanisms of deployment (Canary, Blue-Green, etc.) and rollback, possibly with the use of Flagger;
- Centralized storage of secret data, mechanisms, and policies of using secrets in terms of the project – Hashicrop Vault;
- Deployment of major services into the Kubernetes cluster via Flux:
- Service Mesh (Istio);
- Kong Ingress Gateway
- Authorization plugins (jwt, HMAC);
- HTTP redirecting plugin;
- Rate-limiting plugins.
- Apache Pulsar.
- Declarative infrastructure description, Terraform;
- IAM user roles for admins/developers + multi-account support in AWS;
- Monitoring and logging:
- Load and QPS for PostgreSQL;
- Load and QPS for Redis;
- Load and QPS for AWS Lambda;
- Configured indexes in ElasticSearch;
- Grafana dashboards that help manage all loads and network activities in the Kubernetes cluster:
- Dashboards with business metrics (RPS on the backend and others);
- Threshold values limiting alerts + automated notifications through multiple connection channels.
- Horizontal scaling:
- Support of gRPC connections balancing between microservices;
- Configuration of Horizontal Pod Autoscaler + Cluster Autoscaler + Pod Disruption Budget;
- Load testing;
- Connection Poolers (PgBouncer) for PostgreSQL;
- Master + ReadOnly Replicas for PostgreSQL;
- Distributing employee access rights levels (via AWS multi-accounts);
- Distributing employee database access rights levels;
- Distributing microservices’ access to database tables;
- Testing and thorough performance checks via CSRF, XSS, SQL Injection.
- Grant in-depth expertise in all DevOps aspects;
- Provide high-level DevOps consulting concerning key software architecture decisions;
- SLA, high response speed, extensive troubleshooting experience;
- High fail-safety and processes automation project standards;
- Constant project maintenance.
Our dedicated team of specialists took part in all major stages of approving software architecture decisions, picking proper services, and investigating custom solutions outlined at the basic level in the project’s tech guidelines. On top of that, we also implemented a GitOps approach to project deployment, provided solutions for working with sensitive data and access rights, described each infrastructure element and service deployment specifics declaratively. Currently, we continue to support and optimize development processes in the project, preparing it to enter the production phase.
DevOps tech stack
- Docker; AWS (EKS, Route 53, IAM AWS Multi-account, S3, CloudFront (frontend)), Helm charts;
- Terraform, Vault;
- GitLab, Flux, Flagger;
- Istio, Kong, Kiali;
- Sentry, Prometheus+Grafana, EFK, NATS, RabbitMQ.
As the ultimate result of our efforts, we managed to establish close cooperation with the core project team, develop an efficient sensitive data, user roles, and access rights management strategy, organize utterly convenient CI/CD flow based on the specifics of over 30 project microservices. We also managed to minimize the human involvement in many manual processes, excluding the human factor errors and reducing production errors risks. Lastly, we provided auto-scaling of cluster resources and a Load balancer (L4/L7).
Do you have a high-standard software project related to the field of financial handling that needs optimization, improvement, or maybe even creation from scratch? Contact us if you wish to see a similar job get done for your project based on its particular specifics.
Dmitry has 5 years of professional IT experience developing numerous consumer & enterprise applications. Dmitry has also implemented infrastructure and process improvement projects for businesses of various sizes. Due to his broad experience, Dmitry quickly understands business needs and improves processes by using established DevOps tools supported by Agile practices. The areas of Dmitry’s expertise are extensive, namely: version control, cloud platform automation, virtualization, Atlassian JIRA, software development lifecycle, Confluence, Slack, Service Desk, Flowdock, Bitbucket, and CI/CD.