Back to all news

🌞 Goodbye Summer Party at Skalka near Kremnica! 🗻

We stepped out of our comfort zones and tackled the beautiful Via Ferrata tracks together. As a service company delivering tailored solutions with diverse teams across different clients, it’s always a treat to come together as one team. This adventure was a fantastic way to bond, recharge, and reflect on our accomplishments last year. 💪🤝

Back to all news

Case Study: Deutsche Telekom – Open Sovereign Cloud

Motivation and Objectives

The project was driven by two primary principles: openness and sovereignty. By leveraging open-source components, the platform ensures transparency and flexibility. Sovereignty is achieved by adhering to the guidelines set by the GAIA-X initiative, which promotes data and operational sovereignty within the European Union. This ensures compliance with EU laws, providing users with freedom of choice and interoperability across multiple cloud providers.

Key Features and Architecture

The cloud platform is structured into three main layers, each with its unique features and capabilities:

1. Infrastructure Layer:
   • MetalStack Technology: The infrastructure is based on a modern, Kubernetes-native technology called MetalStack. This offers essential infrastructure services like compute resources (virtual machines), storage (using Ceph), and networking (based on SONiC).
   • Kubernetes Integration: MetalStack leverages Kubernetes for resource management, providing a cloud-native, scalable, and efficient infrastructure solution.
2. Platform as a Service (PaaS):
   • Gardener: This orchestration tool manages Kubernetes clusters, allowing for seamless integration with various infrastructures. It supports multiple Kubernetes versions and offers geo-redundancy through its garden, seed, and shoot cluster architecture.
   • Automated Management: Users can easily create and manage Kubernetes clusters via a user-friendly dashboard or APIs, supporting CI/CD pipelines for automated deployments.
3. Software as a Service (SaaS):
   • Kyma Runtime: Kyma enhances Kubernetes with additional tools for serverless functions, API gateway, service mesh (Istio), and observability (Prometheus, Grafana, Loki, Jaeger).
   • Service Catalog: A comprehensive catalog of ready-made services like PostgreSQL, Kafka, Redis, and more, allowing developers to build applications quickly using these pre-configured components.

Innovation and Security

One of the most innovative aspects of the platform is its support for confidential computing. This technology addresses the challenge of securing in-memory data by encrypting the entire memory context of running containers. Leveraging Intel’s SGX technology, the platform ensures that even memory snapshots remain encrypted, preventing unauthorized access to sensitive data. This level of security makes the platform suitable for high-stakes applications in sectors like healthcare and defense.

Development Process and Team Culture

The development of this platform follows agile methodologies, with cross-functional teams working collaboratively across different layers of the stack.

Key technologies and tools used include:

• Programming Languages: Go, shell scripting, C (for network acceleration), and Python (for testing).
• Operating Systems: A customized Debian-based Linux distribution called Garden Linux.
• Development Tools: Git and GitLab for version control, task management, and CI/CD pipelines.

The team’s culture emphasizes transparency, collaboration, and continuous improvement, with regular sprint reviews and quarterly face-to-face meetings to align on priorities and address challenges.

Conclusion

The open-source and sovereign cloud platform developed by our client represents a significant advancement in cloud technology, combining compliance, security, and interoperability. By adhering to GAIA-X principles and leveraging cutting-edge technologies, the platform offers a robust solution for businesses seeking a secure and flexible cloud environment. This project not only sets a new standard for cloud services in Europe but also provides a model for future innovations in the industry.

Provided services

• Cloud services
• DevOps services

Key Technologies

• Kubernetes
• MetalStack
• Ceph
• Gardener
• Kyma
• Go
• GitLab

Back to all news

Case study: SoftPoint – Enhancing Infrastructure and Deployment Efficiency

Overview

Softpoint sought assistance with system infrastructure, monitoring, integration, and deployment processes. We conducted a comprehensive analysis of key areas to effectively address their needs.

Analysis Areas

• Infrastructure: Reviewed and optimized Kubernetes, virtual machines, and PostgreSQL setups.
• Monitoring: Developed dashboards to identify performance bottlenecks.
• Resource Limitation: Implemented tenant-based resource limits.
• Auto-Deployment and GitLab CI: Streamlined deployment processes.
• Cost Analysis: Identified opportunities for cost savings.
• Auto-Scaling Pods: Planned for future scalability.

Implementation

We integrated auto-deployment scripts with GitLab CI, addressed pipeline issues, and enhanced deployment processes. The infrastructure was upgraded, including Kubernetes and PostgreSQL tweaks, and new instance pools were configured for cost efficiency.

Infrastructure Changes

• Upgraded Kubernetes and optimized worker configurations.
• Implemented cost-saving measures, reducing expenses by hundreds of EUR per month

Additional Improvements

• Enabled security features like WAF and session stickiness.
• Optimized PostgreSQL settings and addressed memory management issues.

Outcome

The collaboration resulted in streamlined automated deployment, improved operational efficiency, scalability, and cost savings. Our partnership with Softpoint led to infrastructure and process improvements, setting the stage for future growth and scalability.

Contact Person

Peter Jakubík, CEO SoftPoint

Provided services

• Cloud services
• DevOps services
• Consulting

Key Technologies

• MS Azure
• Kubernetes
• WAF
• PostgreSQL
• GitLab

Back to all news

Kubernetes Days Prague 2024: Gabriel Illés on Observability with OpenTelemetry

🌟 Just back from Kubernetes Days Prague 2024 where our Senior DevOps Engineer, Gabriel Illés, presented on “Observability with OpenTelemetry Collector in distributed cloud and edge computing.” He discussed the challenges and strategies for implementing observability in complex environments, using OpenTelemetry Collector.

For those interested in diving deeper, the presentation is available here:

Back to all news

Welcome Aboard: Dominika Pénzeš Joins Our Management Team to Lead IT Specialist Sourcing

Disrupting our clients’ technology landscapes is a complex challenge — that’s why it’s crucial to have the right team. We are thrilled to announce that Dominika Pénzeš is joining our management team, where she will lead our IT specialists sourcing service. Having known Dominika for many years, we are confident in her expertise and excited about the new perspectives she will bring. Please join us in wishing Dominika great success in her new role.

Check our team here

Back to all news

Enhance OpenTelemetry gRPC With a Consistent Hash Load Balancer

The use case

OpenTelemetry collector (OTel collector) is deployed as an agent alongside the application on remote servers. It sends telemetry data (logs, traces, metrics) from the application and the host into central storage through a gateway deployed on the Kubernetes cluster.

The OTel collector is deployed using the OpenTelemetry operator Helm chart, with Kubernetes HPA, scaling replicas based on CPU load. The traffic is routed through a headless service because the standard Kubernetes service is not a good fit for gRPC, described in this article. But with this setup, there is no load balancing on the Kubernetes side, which is also mentioned in the article in the above link.

So, this lack of load balancing with the OTel agents configured to send data in batches causes the data from the same remote host to be forwarded randomly through the OTel collector gateway replicas. Data are written multiples by the actual number of replicas into the storage due to different label values holding the identity of the OTel replica. This drastically increases the storage usage, and the queries must be aggregated.

Let’s show it in an example.
Take one of the OTel agent metrics called otelcol_process_uptime, which has a label added by the OTel gateway called otelcol_replica, holding the name of the replica. The OTel gateway has four replicas; let’s query the metric using PromQL on the storage side:

avg by (otelcol_replica)(otelcol_process_uptime{hostname="xxxxxx"})
{otelcol_replica="opentelemetry-collector-5fc9f8g5sj5"} 2502046.749352578
{otelcol_replica="opentelemetry-collector-5fc9f8pfmvh"}
2502096.74889717
{otelcol_replica="opentelemetry-collector-5fc9f8rzkh4"}
2502156.749325255
{otelcol_replica="opentelemetry-collector-5fc9f8xj95v"}
2502136.749453457

As demonstrated, the data coming from the remote host are written four times into the storage.

So, the solution to this problem is a load balancing mechanism, which provides consistency in routing data from the same remote source through the same OTel collector replica. And that’s where the envoy-proxy is a perfect candidate, offering load balancers based on consistent hashing.

The solution

The envoy-proxy is deployed with two replicas and a headless service between the ingress and OTel collector gateway.

It is configured with a ring-hash load balancer based on the X-Forwarded-For HTTP header, enabling HTTP2 for upstream clusters.

...
route:
  cluster: "opentelemetry-collector-cluster"
  hash_policy:
    - header:
        header_name: x-forwarded-for
...
clusters:
- name: opentelemetry-collector-cluster
  connect_timeout: 0.25s
  type: STRICT_DNS
  dns_lookup_family: V4_ONLY
  lb_policy: RING_HASH
  http2_protocol_options: {}
...

This configuration ensures that the data from the same source IP will flow through the same OTel gateway replica while it exists. With this consistent route, only one copy of the data is written into storage from the remote host.

In case the replica fails, the envoy-proxy will redirect the data flow to the next member of the hash ring, so for a short period in the storage, two copies of the data will exist due to the changed value of the label holding the identity of the OTel collector replica.

Conclusion

Consider a high-load environment where the number of the OTel gateway replicas could be scaled to quite a high number. How much storage capacity could be saved with a reliable data flow from remote sources?

Author

Gabriel Illés
Senior DevOps Engineer

Dedicated professional with experience in managing cloud infrastructure and system administration, integrating cloud-based infrastructure components, and developing automation and data engineering solutions. Good at troubleshooting problems and building successful solutions. Excellent verbal and written communicator with strong background cultivating positive relationships and exceeding goals.

The entire Grow2FIT consulting team: Our team

Related services

• DevOps services

Back to all news

Case study: 365.bank – Evaluating the Future: A Comprehensive Review of Bank’s New Architecture

Solution

Employing a structured methodology, Grow2FIT’s approach for each area included:

• An initial workshop to review the proposed TO-BE architecture and identified issues.
• This was followed by the preparation of a draft output for each domain.
• Subsequent follow-up workshops allowed for collaborative refinement of these drafts.
• The final stage involved the completion and finalization of the outputs.

The areas reviewed were:

• Accounts & Cards
• Payments
• Consumer & Mortgage Loans
• Corporate & Treasury
• Data, Reporting, Compliance & CRM
• Front-end, New Omnichannel platform integration

Result

After a strategic review, Grow2FIT has advised 365.bank to proceed with a phased approach to IT system enhancement, focusing on key areas such as payment gateway functionality and new customer channels. The recommendation includes the implementation of a new Cloud Data Warehouse solution, focusing initially just on incorporating new requirements into this platform.

We also recommend retaining core banking systems where beneficial. Further stages involve consideration of system evolution based on specific technological, financial, and market-driven factors. Details of the implementation are kept general to respect confidentiality agreements.

Contact Person

Martin Petrík, 365.bank Program Manager

About the client

365.bank is a Slovak bank that carries out its business activities mainly on the basis of the Commercial Code and the Banking Act. The bank offers its clients a wide range of banking and financial products and services. Its core activities include accepting deposits, providing loans, performing domestic and cross-border transfers of funds, providing investment services, performing investment activities and providing ancillary services under the Act on Securities.

Provided services

• Fintech
• Consulting

Key Technologies

• Mambu
• Backbase
• AWS

Back to all news

Leveraging OpenTelemetry for Fault-Tolerant Prometheus Metrics with Envoy Mirroring

This article will help build a fault-tolerant and highly available solution to collect and forward metrics from applications and services running in Kubernetes to the remote Prometheus-compatible long-term TSDB storage. It also requires proper knowledge about the components used, such as the OpenTelemetry collector, Prometheus in agent mode, and Envoy proxy request mirroring. Detailed configuration is outside the scope of this article.

The Design

The OTEL collector collects metrics from desired resources, and the pipeline is configured using OpenTelemetry collector receivers, processors, and exporters to process and send collected metrics to the endpoint of the Envoy proxy.

The Envoy proxy is configured with a static route mirror policy with upstream clusters of Prometheus pods. This means that the Envoy proxy directly connects to the k8s pod and not to the k8s service in front of the pods. Each Prometheus pod represents an Envoy upstream cluster. Data are routed primarily to one of the two replicas of the Prometheus pod and mirrored to the second one.

Prometheus is deployed into the k8s cluster with two replicas in Agent mode with the remote-write-receiver feature enabled. Also, an external label prometheus_replica was added to instances, which is used to deduplicate series in Thanos, sent from high-availability Prometheus instances pairs.

Conclusion

This design helped make monitoring more resilient and reduced the time series data gap in Grafana dashboards.

Author

Gabriel Illés
Senior DevOps Engineer

Dedicated professional with experience in managing cloud infrastructure and system administration, integrating cloud-based infrastructure components, and developing automation and data engineering solutions. Good at troubleshooting problems and building successful solutions. Excellent verbal and written communicator with strong background cultivating positive relationships and exceeding goals.

The entire Grow2FIT consulting team: Our team

Related services

• DevOps services

Back to all news

Introducing Libor Vanek: Seasoned Technology and Banking Expert Joining Ou

Welcome to Libor Vanek, our new Technology & Banking Consultant. With an extensive career spanning over two decades, Libor brings a wealth of knowledge and experience to our team. His expertise lies in data, integration, banking, and fintech, with a keen focus on aligning business stakeholders with IT delivery teams.

Libor’s approach is rooted in agile methodologies, including Scrum and Kanban, ensuring rapid, iterative deliveries that build momentum, consensus, and trust. His previous roles include Senior Data Architect at Walmart/Asda and Architecture Lead at Scroll Finance. Libor’s skillset includes enterprise and solution architecture, data mesh methodologies, and modern data stack technologies.

His addition to our team marks a significant milestone in our journey towards innovative technology solutions in (and beyond) banking.

Check our other Senior Consultants here

Back to all news

CloudGuard by Grow2FIT

Basic Package Features

Choose CloudGuard basic package for peace of mind, knowing that your cloud infrastructure is under expert watch. And when you’re ready to delve deeper into optimization and strategic planning, our advanced services are just a call away.

Price: Ranges from 500€ – 1000€ monthly (excluding VAT). The final quotation is contingent on the intricacy and magnitude of your infrastructure.

Additional Details:

• Service hours: 5*8
• SLA: Best effort

Additional Services

Bodyguards of your cloud

Tomáš Čorej
Grow2FIT Cloud & DevOps Consultant

Tomáš has 15 years of experience in designing and building high-performance and cost-effective solutions for automation of the maintenance of physical servers. He prefers to use commodity hardware and open-source tools such as MaaS.io, OpenStack, Terraform, Juju or Ceph. At the same time, he has extensive experience in the integration of open-source tools into the startup and corporate environments and operation of on-premise, cloud and hybrid solutions.

Kamil Madáč
Grow2FIT Cloud & DevOps Consultant

Kamil is a Senior Cloud / Infrastructure consultant with 20+ years of experience and strong know-how in designing, implementing, and administering private cloud solutions (primarily built on OpenSource solutions such as OpenStack). He has many years of experience with application development in Python and currently also with development in Go. Kamil has substantial know-how in SDS (Software-defined storages), SDN (Software-defined networking), Data Storages (Ceph, NetApp), administration of Linux servers and operation of deployed solutions. Kamil is a regular contributor to OpenSource projects (OpenStack, Kuryr, Requests Lib – Python).

Petr Drastil
Grow2FIT Cloud & DevOps Consultant

DevOps Consultant and Architect with previous experience in software development focusing on design and implementation of IaaS and PaaS solutions in the cloud (AWS, Azure) and Kubernetes. Petr has worked on multiple projects that delivered standardised tooling used by developers to break legacy monolithic solutions into separate services with an independent lifecycle. He is also experienced in shifting applications from dedicated servers to the Kubernetes / Red Hat OpenShift platform. Petr is experienced in the finance (Deutsche Börse), telco (Deutsche Telekom) and e-commerce (Wallmart Global Tech) sectors.

And many others… The entire Grow2FIT consulting team: Our team

Clients

Case Studies

• Reference: Atlas Group – Monitoring, Support, and Infrastructure Development

Contact us