What is the best practice to roll out a product in a multi-client group environment? Hopefully, purchase a multi-client capable product that meets the requirement of process separation for clients. Unfortunately, we did not have such a product available in our team and were faced with the challenge of having to set up a separate system for each client. In this talk, we will describe the three development stages of our deployment process with respect to the server infrastructure in AWS including separation of AWS accounts into test and production environments. The first phase describes the setup of a managed cloud with fixed servers. Although these can be set up automatically, the automatic scalability is insufficient. The next iteration highlights the "infrastructure as code" approach via cloudformation, which worked very well for a dedicated system. Problems we had were the proper Git flow and the lack of support for true separation of systems per AWS account. In our current and hopefully final iteration, we switched to a consistent GitOps approach. We describe how we have been using this approach for months to bring stable infrastructure deployments into production via Gitlab, what challenges had to be solved in terms of Configuration as Code and proper Git flow. We also talk about how this process facilitates compliance with various corporate requirements, such as ISO 20000 for release and change management.

1. Managed Cloud to GitOps
Deploying Several Client Clusters
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas

2. Digitalpartner of
Deutsche Bahn
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 2

3. DB Content Hub
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 3
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

4. Requirement: Separate Cluster for each Customer
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 4
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

5. Requirement: ISO 20000
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 5

6. Requirement: ISO 20000
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 6
‒Changemanagement
‒Releasemanagement
ISO/IEC 2000-1
Service management system requirements

7. Changemanagement
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 7
Request
for change
Plan
Change
Approve
Change
Implement
Change
Review
Complete
Change

8. Releasemanagement
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 8
Releasenotes
Clearance
Test Rollout
Technical
Acceptancetest
Domain
Acceptancetest

9. Vision: Our Infrastructure
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 9
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

10. First Try: Ansible to Managed Cloud
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 10
Free Software Foundation - [1], FAL,
https://commons.wikimedia.org/w/index.php?curid=53428398
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

11. First Try: Pain Points
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 11
Free Software Foundation - [1], FAL,
https://commons.wikimedia.org/w/index.php?curid=53428398
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com
‒Fast for one customer
‒Compliance & Security
‒Truth NOT in Repository

12. Second Try: Cloudformation Monorepository + Gitlab Pipeline
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 12
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

13. Second Try: Advantages and Pain Points
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 13
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com
‒Difficult to maintain
‒Customer configuration
beneath each other
‒Complex pipelines
‒Compliance und Security

14. Third Try: Terraform and GitOps
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 14
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

15. Third Try: Terraform and GitOps
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 15
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

16. Third Try: Advantages
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 16
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com
‒ Simple updates of each
component
‒ Customer configurations
separated cleanly
‒ Autarkic Clusters (Stacks)
‒ Only configuration in Customer
Repository (Automation)
‒ Potentially any number of stacks

17. Third Try: Deploy Multiple Environments
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 17
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

18. Third Try: Terraform + Gitops
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 18

19. Third Try: Integration Monitoring GitOps
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 19
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

20. Wrap Up
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 20
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com

21. Wrap Up - Advantages
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 21
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com
‒Create new customers is simple
‒Hands free rolling updates
‒Automatic connection to monitoring
‒Compliance and Security Updates

22. Wrap Up – Challenges
DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 22
Icons made by Freepik, Good Ware, Sprang and Smashicons from www.flaticon.com
‒A lot of Git-Repositories
‒Complicated interaction
Outlook
‒Central Management-Tool (Spot)
‒Aggregation of the most
important information

23. DB Systel GmbH | Johannes Dienst @JohannesDienst | Jan Kohlhaas 23
Which two questions are still open?
Johannes.Dienst@deutschebahn.com
@JohannesDienst
Jan.J.Kohlhaas@deutschebahn.com