Virtru Accelerates Kubernetes GitOps Adoption with Kubefirst
Encryption and digital privacy provider Virtru’s mission is to unlock the power of data by creating a world where it is always under your control, everywhere. Providing data-centric security, such as encrypted email services for Gmail, Virtru enables users to make security and access decisions at the data object layer.
This service is invaluable to Virtru’s customers, including healthcare providers, financial institutions, insurers and government entities, enabling these organizations to confidently share sensitive data with fine-grained control and visibility into how the data is used and managed, no matter where the data travels.
When Kubernetes Is the Only Option
But Virtru’s success was becoming a double-edged sword. As it grew into a 170-employee business providing a multiproduct platform, its original processes and architecture were no longer keeping pace with its evolution. For example, some customers required services running in private clouds on private networks effectively on-premises. Virtru needed to move faster, be cloud-portable and enable customers to run on their own cloud, all while keeping costs down.
The Virtru team used GitHub, with a mixture of Buildkite, custom workflows and some containerization, although not all services were containerized. This combination meant there was little efficiency, no elasticity and no automated management. Instead, the team was deploying and managing services directly on EC2 instances, driving bills sky-high.
“When I looked at the combination of the business needs — enabling private cloud deployment with select customers and enabling Virtru to move to another cloud services provider while simultaneously moving faster — I didn’t see another option besides fully modernizing and adopting Kubernetes, moving towards something that is more cross-cloud,” explained Dana Morris, senior vice president of engineering at Virtru.
Kubernetes and GitOps
Having determined the need to move to Kubernetes, the team considered how best to proceed, knowing they needed to move quickly while maintaining the existing high-compliance environment. As part of the transition to Kubernetes, they also wanted to improve the overall platform security posture, reduce tool sprawl and more consistently apply best practices. Understanding the huge task ahead, they turned to Kubefirst, a fully automated and operational open source platform. Kubefirst includes some of the best tools available in the cloud native space, all working together from a single command line to enable faster and more secure Kubernetes adoption.
“GitOps seemed like the natural evolution for us, and Kubefirst was a great way to accelerate that,” Morris said.
Moving to Kubernetes and implementing GitOps with Kubefirst meant the team had to concentrate on foundational aspects including identifying the base tools required for provisioning, observability, configuration management and security compliance.
“Before we began the actual journey, we first defined the standards that we wanted to enforce within the new GitOps ecosystem. We saw this modernization as a chance to improve consistency in process, tooling and standards. We became a lot more structured with the baseline requirements for any service to enter production in the Kubernetes environment,” Morris explained.
“When we adopted GitOps and Kubernetes, we put a lot of focus on the people and process side, not just the tech. We really thought about what we wanted to enforce and what must happen before we will even consider moving to production.”
With Kubefirst, Virtu was able to immediately begin leveraging the fully automated ecosystem of open source tools. The team was building, packaging and publishing its first Kubernetes product to GCP Marketplace within a few weeks.
Virtru’s extensive security requirements and high-compliance production environment made it ideal for testing the boundaries of Kubefirst’s extensibility. The Virtru team had additional tools that they wanted to add to the production platform that weren’t part of the default Kubefirst platform installation. Thanks to their foundation work implementing GitOps and the automated Terraform implementation that Kubefirst provides, adding them was just an update to their new GitOps repository that powers the entire platform.
After extending Kubefirst to accommodate advanced production compliance specifications, the team was able to swiftly transition away from virtual machines and begin building, publishing and deploying microservices to their new automated Kubernetes ecosystem, following the guidance provided by the platform.
Reaping the Benefits
Today, Virtru is fully in production with Kubernetes and has moved almost 30 services into the production environment with Kubefirst.
“It’s actually worked out phenomenally well. What’s really neat is not only are we elastic now, so we can automatically scale horizontally and vertically based on metrics, but we are also much more secure. We can release much faster, and GitOps gives us greater visibility into change control,” Morris explained.
In just 30 minutes, and from a single command, Virtru can now recreate its entire infrastructure fully from GitHub, ensuring speedy disaster recovery and enabling rapid expansion into new regions.
“That’s the beauty of GitOps,” said Morris. “It literally can recreate the entire infrastructure and the applications, and get them all deployed and running from source code with no manual changes.”
Virtru has also significantly streamlined its architecture. Previously its production deployment was around 180 EC2 instances. Currently, it has just two production related clusters — one for GitOps tooling and one for production services and applications. Those two clusters combined contain 14 nodes — 14 EC2 instances — translating to around 80% compute savings. Thanks to this, Virtru’s AWS bill has decreased by about $20,000 a month.
In addition, the team is now able to continually improve automated testing and is already releasing new services three times faster than before. With more maturity, Virtru believes they can increase velocity to closer to five times faster than they were able to previously deliver to market.
With GitOps practices successfully in place, and the move to Kubenetes complete with Kubefirst, Virtru plans to expand to include additional regional availability and move a significant percentage of its infrastructure from Amazon Web Services to Google Cloud Platform. Because of Kubefirst’s extensible architecture and unwrapped set of open source platform tools, Virtru has the ability to take the platform in any direction it needs, including into clouds that Kubefirst doesn’t natively support.
Having been through the process of adopting Kubernetes and GitOps, Morris’s advice to others considering the move is to pilot moving an app onto Kubefirst, because it will be a great way to prove the tool quickly. “Don’t wait — the sooner you start the better.”
Want to Reduce Your Cost Also?
Try Kubefirst by choosing your platform (AWS, Civo or even locally using k3d with Docker), and follow the simple instructions. With a one-line command, you’ll be able to quickly and easily create a Kubernetes cluster with cloud native tools working together.