Modernizing Applications with OpenShift and CI/CD Pipelines (Case Study)

Shadow-Soft led an application modernization project for one of the world’s largest, multi-billion dollar defense contractors who provides cutting edge hardware and software in the engineering, powerplant, and vehicle manufacturing space. The defense contractor was aggressively pursuing a large defense contract to build a secure application delivery and development system for submarines.

The contractor faced a few large problems with this project though:

  • Ensuring existing legacy software can be integrated into and modern, emerging technologies for a complex systems solution
  • OpenShift became the central and key part of this solution to this particular defense contract solution,
  • OpenShift was leveraged for its ability to:
    • Integrate easily with existing tools and applications
    • Provides a rich, platformized Kubernetes with Red Hat enterprise-grade features

The defense contractor needed to containerize a mission-critical subsystem for application delivery, testing, and deployment was required on a localized, security-restricted, offline environment. The large contract would be awarded to the contractor who was able to put together a POC that would demonstrate the required, mission-critical functionality to keep essential defense systems and applications running, updated, and deployable in an expedient and reliable fashion. The contractor selected Shadow-Soft due to their rich, enterprise open-source history, multiple successful OpenShift engagements combined with deep-level expertise and experience with complex integrations.

The defense contractor identified, with the help of Shadow-Soft, that OpenShift 4 was the central solution to provide this functionality for the following reasons:

  • Enterprise-grade Kubernetes Platform
  • Integrated Container Image Registry
  • Pre-built and certified integrations & images
  • Developer tools
  • Integrated CI/CD
  • Advanced Monitoring & Automation

Challenge

Shadow-Soft was tapped due to our success integrating OpenShift environments with existing internal tools and legacy applications. The problem the contractor leveraged Shadow-Soft to solve for, with two weeks to go before the deadline for the POC, was their difficulty integrating other external solutions and a legacy application into a centralized, self-contained solution: OpenShift.

The customer faced two main challenges:

  • Rearchitecting a legacy & mission-critical applications
    • Refactor legacy C application into container images for deployment onto the localized OpenShift cluster
  • Integrating existing external tools
    • Nexus Repository
    • External SCM (corporate GitLab)
    • Jenkins pipeline service into the CI/CD process needed for updating, delivering, and deploying crucial software components

Solution

1. Containerizing Application

Shadow-Soft first identified that the legacy subsystem application needing to be containerized was going to require some refactoring in order to work properly in a microservices environment. Shadow-Soft worked with the contractor to pare down the application components to ensure the only libraries needed were ones necessary to compile properly. The initial approach of the contractor was to package all components of the application into a single container image, however; this resulted in a giant container image that was unwieldy in a container environment.

Secondly, the application was architected for traditional infrastructure and as such, required a shared memory space that posed another challenge for the contractor. A Shadow-Soft engineer was able to figure out a solution in time for the POC deadline. He was able to leverage a dummy sidecar container to achieve the shared memory functionality the application required to function. Now the application was running successfully within the OpenShift cluster. Prior to Shadow-Soft’s re-architecture of the application, the contractor was unable to get the application to run properly due to this shared memory issue as it wasn’t translating to the OpenShift environment well.

Highlights:

  • Application code assessment
  • Identified container image inefficiencies
  • Refactored the application to core functionality to reduce image size
  • Identified architectural differences between legacy/traditional infrastructure and retailored the shared memory functionality to work in an containerized environment

2. Integrating External SCM

A key component of any CI/CD pathway is the SCM utilized for code commits and critical application updates/patches.

Several factors proved challenging:

  • The strict, security-minded OpenShift environment and required firewall/security rules prevented open pathways
  • Additionally, separate teams and internal red tape made security exceptions unlikely given the timeframe to open a secure pathway into the environment to use webhooks

Shadow-Soft engineers, in-tandem with Red Hat OpenShift experts, developed a solution in the form of a locally deployed Gogs Git server within the OpenShift cluster for SCM versus leveraging the external GitLab. The contractor had a pre-existing GitLab server that they initially wanted to leverage through webhooks. This hosted service GitLab would require a connection coming from outside the local network of the cluster.

Highlights:

  • Assessed current SCM practices, tools, and architecture
  • Identified blockers with regards to network architecture with an external SCM
  • Integrated the corporate SCM to be internal to the OpenShift cluster environment through the use of a Gogs Git server

3. Integrating CI/CD Pipelines

The final components were ready to be integrated into the cluster to finish the POC solution for the contractor. The initial step here was deploying a Jenkins pipeline service inside the cluster with a persistent database for pipeline runs. This was achieved due to Red Hat’s outstanding catalog of certified services for developers included in OpenShift.

Shadow-Soft then focused on integrating the external Nexus Image Repository into the cluster, which again, presented significant networking challenges due to the security requirements of the environment. Partnering with Red Hat OpenShift and networking SMEs, Shadow-Soft successfully integrated an external image repository for stable image builds to leverage in application updates and deployment.

Highlights:

  • Utilized the included OpenShift certified image catalog to deploy a Jenkins pipeline server inside of the OpenShift cluster
  • Teamed with Red Hat OpenShift Networking SMEs to identify networking roadblocks and solutions
  • Integrated an external corporate images repository (Nexus) into the OpenShift cluster

Results

The results of all of these efforts were:

  • A complete, end-to-end CI/CD solution for a localized, security restricted OpenShift environment
  • Re-architecture of a mission-critical legacy C application to work in a containerized, cloud-native environment
  • Internalization and integration of the corporate SCM into the OpenShift cluster
  • Deployment of an OpenShift-native Jenkins CI/CD Pipeline
  • Integration of the corporate, external Nexus image repository
  • Troubleshoot and overcome advanced security and networking issues to integrate all solutions in a self-contained, highly secure, and isolated OpenShift environment

We enable application modernization. Our Kubernetes, OpenShift, and Cloud enablement solutions help customers modernize applications. Contact us to learn more about our solutions.