We are helping start-ups and businesses to adopt the best Cloud Solutions and provide exclusive DevOps Professional services helping businesses to build and deliver their products
Migration from manually created Amazon ECS clusters to IaC Amazon EKS clusters
Our team of engineers did a migration of QA, Prod, Staging, and UAT environments from manually created Amazon ECS clusters (by the customer in the past) to modern Amazon EKS stack with full coverage of Terraform and Terragrunt.
- We did write a Terraform/Terragrunt code with modules to provision environments in Amazon Cloud
- We created Helm3 charts for workloads running in those clusters
- Migration from Codebuild\Codedeploy that was created to deploy applications in old ECS to GitHub Actions and ArgoCD
- Provisioned highly-performant shared cluster file system AWS FSx into AWS EKS Kubernetes clusters for stateful applications
Migrating monolith workloads based on AWS EC2 instances in AWS Amazon to microservices and AWS EKS clusters
We helped our customer and his developer teams to decompose the gigantic Ruby on Rails monolith into microservices. Prepare an infrastructure in AWS Amazon Cloud, set up from zero CI/CD (based on GitHub Actions and ArgoCD) processes, including tests and security scanning.
- Helping the backend development team to decompose a monolithic core and migrate it to a microservices architecture
- Writing down Terraform/Terragrunt code for AWS Amazon
- Dockerizing all microservices and preparing Helm3 charts
- Migration from monorepo to multi repositories
- Creating complete CI/CD process for each microservice, including adding to CI unit tests, security tests, and e2e tests.
AWS EKS Kubernetes hardening
Our customer was very focused on security challenges and Naviteq suggested hardening strategies for the customer’s Kubernetes infrastructure and implemented them. We also trained customer’s dev and sys-admin teams.
- Authorization and authentication for different development teams via Okta SSO with completely different privileges in the Kubernetes cluster
- Okta authentication for restricted access into AWS EKS cluster, along with RBAC for authorization
- Restricted access of our users to some namespaces via AWS IAM and RBAC
- Mapping of namespace per Okta group
- Installing Istio for safe intercommunication between pods in the cluster
- Using OTP, Push notifications, and AWS STS tokens
- Perimeter isolation with HA Wireguard VPN solution
- Scan containers and Pods for vulnerabilities or misconfigurations
- Run containers and Pods with the least privileges possible
Security audit, tests, and hardening for the Google Cloud Platform environment
This project was all around Cloud Security, hardening, active cyber threats protection, and searching for different weaknesses in the system with the purpose to fix them. Also as part of the project, we prepared the customer’s infrastructure for SOC2 certification.
- Running security audit with the help of Wazuh
- Vulnerability scanning with Snyk
- Active protection of cyber threats with the help of Wazuh
- Hermetically closing the perimeter with the built-in tools of Google cloud and redesigning some parts of it
- Providing users access to the client’s Google Cloud Platform environment via VPN only with the integration of Okta SSO
- Hardening Linux Server with SELinux
- Running CIS benchmarks for Google Cloud Compute images
- Complex routing for full subnet isolation