Today, Kubernetes is the de facto application server. The Kubernetes ecosystem of users, vendors and developers is rapidly evolving to ensure its adoption becomes seamless and manageable. Most enterprises, across all domains, are eager to embrace Kubernetes as part of their digital transformation journey. While each industry has a different set of problems to solve, it is clear that Kubernetes has become the common platform to build and deploy solutions.
In this article, we take a closer look at the financial services domain and examine how Kubernetes is influencing banking solutions.
Author: Sreekanth Nyamars - Open Source Center of Excellence Lead, Office of CTO, Wipro
Some of the key technical challenges specific to financial services are the following:
Let us take a look at how Kubernetes ecosystem is trying to address these challenges.
Kubernetes provides options to address the scalability requirements by leveraging the elasticity of cloud infrastructure. Options like horizontal (pod) autoscaling or node scaling can help scale the services appropriately, based on the rate of business transactions. With major public cloud service providers providing seamless support for Kubernetes-as-a-service, leveraging inherent elasticity of the cloud for higher scale has become a reality.
Kubernetes supports deployment options such as rolling updates and roll back options which when integrated with mechanisms such as GitOps enables continuous deployment capabilities while maintaining traceability. Components like service mesh provide the ability to control traffic at granular levels while externalizing the access/routing policies. It enables controlled deployments such as dark launch or canary deployments to ensure the newly deployed versions are stable and manageable.
Security of data at rest and in transit are critical in banking platforms. Currently, security architectures in a typical payment platform are a combination of intrusive (code-level) security implementation and additional external security layers. Code-centric access controls are required to govern the data access management.
While there are still some areas of concern, security in Kubernetes is evolving rapidly. A combination of service mesh and network layer policy management provides the granular level control of service access required for financial services companies. Capabilities like pod security policies, cluster security policies, network policies and routing policies ensure that the services are less vulnerable to external attacks.
CNI modules like calico, cilium enable robust security mechanisms (without the need of individual/traditional security frameworks). By leveraging Kubernetes namespaces, network policies and cluster policies, it is possible to manage multi-tenancy and domain isolation across business applications. Most of these security measures are external to the business application, enabling a clear separation of business concerns from technical concerns.
Most enterprises are gearing towards multi cloud and hybrid cloud strategies. With Kubernetes being the underlying platform, it enables a seamless migration of workloads across clouds. Kubefed (Kubernetes Federation v2) specification is an exciting option which makes the cross-cluster workload management a seamless approach across clouds.
Payment platforms inherently need to interact with heterogeneous systems across enterprise boundaries. Tracking and tracing the requests/responses across these boundaries is one of the critical requirements in adhering to SLAs. Timely root cause analysis and tracing business transactions is critical for banking platforms to manage SLAs.
A Kubernetes-based platform coupled with distributed tracing mechanisms such as Jaeger or Zipkin, provides a more detailed state of microservices health and enables proactive monitoring of services. By leveraging some of the CNCF incubated frameworks, banking platforms can achieve greater levels of dynamism in managing cloud native capabilities.
FINOS (the FinTech Open Source Foundation) has started and grown a number of open source projects that run on cloud native infrastructure. For this reason FINOS have teamed up with Red Hat to provide a OpenShift Container Platform instance to our hosted projects, allowing to run end-to-end tests, benchmarks and other resource intensive workloads that are often involved with the development of containerised architectures. OpenShift also provides the ability to leverage Jenkins to run existing build and deploy pipelines.
A new addition to FINOS, the Pure/Alloy project, provides a new modeling language in Pure based off of UML and Alloy, a visual digital modeling tool that will allow users, upon general release, to provision their own instances of the tooling using Docker and Kubernetes.
Digital transformation, digital-only-banks and enterprise modernization are some of the key strategic focus areas in today’s Banking industry. In order to successfully achieve these strategic areas, enterprises need to embrace agility, innovation and cultural changes. The platform required to realize these goals has to be scalable, resilient and cloud native. Kubernetes as a platform can enable banking enterprises to achieve the required agility to deliver services in a scalable, reliable and optimal manner apart from increasing the scope to automate the existing software delivery lifecycle.
---
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading global information technology, consulting and business process services company. We harness the power of cognitive computing, hyper-automation, robotics, cloud, analytics and emerging technologies to help our clients adapt to the digital world and make them successful. A company recognized globally for its comprehensive portfolio of services, strong commitment to sustainability and good corporate citizenship, we have over 175,000 dedicated employees serving clients across six continents. Together, we discover ideas and connect the dots to build a better and a bold new future.