As a software developer/solutions architect, navigating the complexities of modernizing legacy applications requires more than just adopting new technologies. It demands a deep understanding of software design patterns that ensure scalable, resilient, and maintainable solutions. Unfortunately, in the rush to modernize, crucial design patterns are often overlooked, leading to technical debt, performance bottlenecks, and security vulnerabilities. This article explores key design patterns frequently ignored by modernization teams, the reasons they are neglected, and the consequences of bypassing them. By integrating these patterns into modernization strategies, developers and architects can build robust, future-proof applications that stand the test of evolving technological landscapes.

Strangler Fig Pattern

The Strangler Fig Pattern is a gradual migration strategy where new functionality is built around the existing legacy system, slowly replacing it until the old system is entirely phased out.

• Why it’s overlooked: Modernization teams often opt for a full rewrite rather than incremental refactoring, assuming that starting from scratch will be faster and more efficient. However, this can introduce significant risks and delays.
• Real-world example: A financial institution migrating from a monolithic COBOL-based mainframe to a microservices-based architecture used the Strangler Fig Pattern. They introduced an API layer that progressively handled more transactions while legacy components were retired incrementally.
• Consequence of ignoring it: A complete system rewrite without this pattern can lead to prolonged development times, business disruptions, and increased failure risks due to untested new implementations.
• When to use: Use this pattern when modernizing large, complex legacy applications that cannot afford extended downtime or complete overhauls at once.

Saga Pattern

The Saga Pattern manages distributed transactions by breaking them into a series of smaller, compensating transactions.

• Why it’s overlooked: Modernization teams often assume eventual consistency is automatically handled by microservices frameworks, neglecting explicit transactional workflows. Implementing sagas can be challenging due to the need for handling failures and maintaining consistency. Teams may opt for simpler orchestration mechanisms without considering the potential for distributed transaction failures.
• A real-world example: An online travel booking system had issues where partial failures left customers with incomplete reservations (e.g., flights booked but hotels not confirmed). Implementing the Saga Pattern ensured rollback mechanisms were in place, maintaining data consistency across services. 
• Consequence of ignoring it: Without the Saga Pattern, distributed systems suffer from data inconsistencies, orphaned transactions, and poor user experience. Distributed transactions can lead to inconsistencies if not handled properly. Failures in one service can impact the entire transaction.
• When to use: Use this pattern when dealing with distributed transactions involving multiple services that must maintain consistency and systems with complex business transactions that span multiple services.

Sidecar Pattern

The Sidecar Pattern runs auxiliary services in separate containers alongside main application services, enabling functionalities like logging, monitoring, and security without modifying the core application.

• Why It’s Overlooked: Modernization teams may prioritize core service development and neglect auxiliary concerns, leading to bloated application code.
• Real-World Example: A fintech company used the Sidecar Pattern to deploy a separate logging and monitoring service alongside each microservice, simplifying debugging and performance tracking.
• Consequence of Ignoring It: Neglecting this pattern leads to tightly coupled services, making maintenance difficult and increasing the complexity of scaling and updating auxiliary functions.
• When to Use: Use this pattern when microservices require independent functionalities like logging, monitoring, or security without modifying the core service logic.

Circuit Breaker Pattern

The Circuit Breaker Pattern prevents a system from continuously making requests to a failing service, reducing unnecessary load and enabling faster recovery.

• Why it’s overlooked: Modernization teams often assume cloud-native platforms handle failure gracefully, ignoring the need for explicit fault tolerance mechanisms.
• Real-world example: Netflix employs the Circuit Breaker Pattern to maintain high availability in its microservices architecture. If a particular service fails repeatedly, the circuit breaker trips and prevents further calls until recovery.
• Consequence of ignoring it: Without circuit breakers, cascading failures can occur, where a single failing microservice can bring down an entire system due to unhandled retries and excessive load.
• When to use: Use this pattern in distributed systems where service failures must be isolated to prevent widespread outages.

Bulkhead Pattern

The Bulkhead Pattern isolates different components or services so that failures in one do not impact the others.

• Why it’s overlooked: Many teams focus on horizontal scaling but neglect to compartmentalize workloads, making services susceptible to systemic failures.
• Real-world example: In e-commerce platforms, checkout, inventory, and recommendation services can be isolated using bulkheads to ensure that failure in one does not affect the others.
• Consequence of ignoring it: Ignoring this pattern can lead to entire systems going down due to a single point of failure, significantly impacting user experience and revenue.
• When to use: Use this pattern in microservices architectures where services must operate independently to ensure resilience.

Event Sourcing Pattern

The Event Sourcing Pattern stores changes to an application’s state as a sequence of immutable events rather than modifying records directly.

• Why it’s overlooked: Teams often prioritize relational database models and transactional consistency, overlooking event-driven architectures that enhance auditability and scalability.
• Real-world example: Uber uses event sourcing to track rides, payments, and user interactions, ensuring that every action is recorded as an event for consistency and debugging.
• Consequence of ignoring it: Not using event sourcing can lead to data inconsistencies, loss of historical data, and difficulties in troubleshooting and replaying past transactions.
• When to use: Use this pattern in applications requiring strong audit trails, historical tracking, and event-driven state management.

CQRS (Command Query Responsibility Segregation) Pattern

CQRS pattern separates read and write operations into different models, optimizing for performance and scalability.

• Why it’s overlooked: Many teams’ default to CRUD-based architectures without considering read-heavy or write-heavy optimizations.
• Real-world example: E-commerce platforms like Amazon use CQRS to manage inventory updates separately from customer queries, ensuring high performance under heavy loads.
• Consequence of ignoring it: Ignoring CQRS can lead to database contention, performance bottlenecks, and inefficient scaling strategies.
• When to use: Use CQRS in high-performance applications where read and write workloads differ significantly.

Repository Pattern

The Repository Pattern separates the business logic from data access, providing a clean abstraction layer between application logic and database queries.

• Why It’s Overlooked: Modern ORM (Object-Relational Mapping) frameworks promise simplified data management, leading teams to believe explicit repository layers are unnecessary.
• Real-World Example: A healthcare software provider initially used direct ORM calls within service classes. As the system scaled, database logic became scattered, leading to maintenance challenges. Refactoring to use the Repository Pattern improved code organization and maintainability.
• Consequence of Ignoring It: Ignoring this pattern leads to tightly coupled code, making it harder to switch databases, optimize queries, or maintain separation of concerns.
• When to Use: Use this pattern when dealing with complex domain logic that requires a clean separation between business rules and data access.

API Gateway Pattern

The API Gateway Pattern acts as a single entry point for all client requests, routing them to appropriate backend services while handling cross-cutting concerns like authentication, logging, and rate limiting.

• Why It’s Overlooked: Teams may assume direct client-to-microservice communication is sufficient, leading to complex client logic and inefficient network calls.
• Real-World Example: A streaming service adopted an API Gateway to handle authentication, request aggregation, and traffic management across various backend services, improving performance and security.
• Consequence of Ignoring It: Without an API Gateway, microservices architectures can become fragmented, increasing security risks, inconsistent data access, and complex client-side logic.
• When to Use: Use this pattern when managing multiple microservices and requiring centralized handling of security, authentication, and request routing.

Modernization efforts should not only focus on adopting new technologies but also on leveraging proven design patterns to ensure scalability, resilience, and maintainability. Patterns like Strangler Fig, Saga, Circuit Breaker, Bulkhead, Event Sourcing, Repository, Sidecar, and CQRS provide essential strategies to ensure a scalable, resilient, and maintainable architecture. By integrating these patterns into modernization efforts, teams can avoid common pitfalls, minimize risks, improve system reliability, and create robust solutions for the future.

A version of this blog was first posted by Karsun expert Lakshman Maruri. Lakshman is an expert in our aviation portfolio. Connect with him on LinkedIn. Our Karsun Cloud Solutions experts use tools like those available in our Cloud Runways and Microservices Toolkits to accelerate transformation and build resilient, scalable architecture. Learn more at https://karsun-llc.com/innovation-center/modernization-and-transformation-toolkits/cloud-runways/

Whether a state or local government, or a U.S. government agency, a major problem facing government and industry alike is their aging mainframe systems. A shrinking workforce with experience in older languages such as COBOL, limits the ability of organizations to maintain these legacy systems and prepare for the future. This was apparent as states like New Jersey, facing strain on their systems during the early days battling COVID, called for assistance with their COBOL systems.

Now as federal agencies seek new opportunities to introduce efficiencies via artificial intelligence (AI), these systems provide an easy target for modernization. AI with its ability to tackle complex, repetitive tasks accurately provides one solution to the government mainframe modernization challenge. 

To this end, our Karsun Innovation Center experts devoted their time to producing a complete suite of AI solutions dedicated to tackling the mainframe modernization challenge.

The COBOL Modernization Challenge

With their decades-old interconnected applications and systems, these legacy mainframe systems are complex, expensive to maintain, difficult to change, and vulnerable to attacks. At the same time, the cloud presents the opportunity to build secure, resilient systems that adapt to the changing needs of its users.

Past modernization and migration attempts appeared out of reach for these systems. Stymied by both the cost and time required to transform these systems. These high-value assets handling mission-critical workloads present a high stakes challenge for modernization teams. Often core to the business with large customer bases, they have vast complex functionality that must be broken down into smaller parts before proceeding. 

Karsun applied AI, speeding up this tedious task while ensuring modernization teams had a complete map of the legacy system. Using its ReDuX platform, Karsun limited the impact of poorly documented systems and unanticipated relationships between components. When integrated with the other tools available in the ReDuX platform, AI-assisted teams generated production ready code two times faster than when they used humans alone.

Further given this complexity, some organizations may decide to simply replatform the system. But AI gives us the opportunity to do more than lifting and shifting the application to the cloud. It empowers us to optimize with a product mindset. With this in mind we can build human centered systems that scale and adapt to a changing environment.

The Solution: AI for Mainframe Modernization

Enter ReDuX, Karsun’s AI-powered digital transformation platform. We built our platform using AI to accelerate modernization while reducing risk. Using Amazon Bedrock, a platform that provides access to AI tools via an API, Karsun built a comprehensive digital transformation platform. Karsun’s ReDuX provides AI-enhanced tools for modernization team members from designers to developers in a single platform.

Using generative AI, the platform creates a complete blueprint of a legacy system, reducing risk, and generates behavioral insights. Using this information business analysts, designers, and others do more than rewrite these legacy systems, they reimagine an optimized system designed to match the needs of its users.

This product oriented process is enhanced throughout the modernization effort via the platform’s digital transformation agents. Using agentic AI, the modernization team can chat with their code for deeper understanding and apply reusable templates using automations to rapidly scale their work while reducing risk.

ReDux is already in use by the Karsun teams delivering large-scaled complex modernization solutions to our federal agency customers. We recently shared our experience on the AWS Public Sector Blog.  To learn more about AI Solutions for government modernization visit us here: https://karsun-llc.com/solutions/artificial-intelligence-ai-solutions/

Stuck with a difficult modernization challenge? Check out GoReDuX.AI and get unstuck today!

Happy Valentine’s Day from the Enterprise Modernization Experts! Today, we’re sending our love to the designers, developers, and data engineers who deliver excellence to our government customers and the American people. Driving this performance are the dedicated teams diving into the latest technology solutions. Among those cutting edge solutions are these digital transformation trends we love here at Karsun Solutions.

Designing with a Product Mindset

The Product Mindset empowers teams as they design applications in a way that adapts to the ever-changing digital landscape. As we enter a period requiring adaptability and a forward-thinking approach, the Product Mindset asks teams to consider how the system will be used now and in the future and how they can introduce efficiency now while building to scale. 

This mindset emphasizes moving from a “building” to a “dwelling” perspective. This focuses the process on continuous design as a form of continuous improvement. That includes modeling user experiences, using modern platforms, and implementing layered designs. Learn how Karsun does this with our Digital Transformation Toolkit in this white paper from the Karsun Innovation Center.

https://karsun-llc.com/resource/design-for-every-next-2/

Generative AI for Human-Centered Design

Another key digital transformation component is human-centered design (HCD.) This approach centers design using practices that identify whether the product matches the expectations of its human users. This is achieved by building in continuous feedback and using practices that assist product teams as they identify whether design supports or hinders users.

While human-centered design brings humanity back to software development, it also helps teams ensure the product is used as intended. It uses tools, like those built with machine learning (ML) and artificial intelligence (AI), to process user data and generate new insights. From these behavioral insights business analysts and others can more quickly generate requirements to ensure functionality carries over to the new systems built by the product team. 

As a final process improvement and efficiency-boosting feature, systems using Generative AI learn from the best practices of the development teams using these tools. When well integrated into platforms like Karsun’s ReDuX AI, the team may use AI to identify the practices that best help achieve their product goals. Based on these insights, the team can add guard rails, further engineer their model, or use agentic AI to generate code, templates, and other resources in line with those recommendations.

Zero Trust Architecture Boosted by Security-Led Practices

When using zero trust architecture (ZTA), systems continuously validate every interaction with the system. Using this approach, teams build systems that limit the ability of people and devices to access it, assuming that by default, they are not to be trusted. Zero trust best practices are essential when building secure architecture designed to adapt to changing needs and evolving threats. The ZTA approach includes well-architected practices. It also includes integrating emerging technologies. 

When teams use security-led practices, such as zero trust architecture and well-architected principles, they can now use AI to enhance their capabilities. That includes using predictive AI to identify risks and generative AI (GenAI) to address those hazards. Teams using our ReDuX AI-powered digital transformation engine use GenAI to proactively recommend best practices, generate guard rails based on established policies, and build templates so they can scale their practices more effectively. 

At Karsun, we design large-scale government IT solutions that enhance the capabilities of our agency partners and drive performance. Our commitment to solid digital transformation and design practices is part of our enduring commitment to technology solutions for every next. Our experts deliver these robust enterprise solutions at agencies across the federal government. At the same time, our innovators explore, prototype, and implement the latest technologies as part of delivering truly transformative solutions. If any of these trends pique your interest, we invite you to connect with our Karsun Innovation Center team and discover how you can begin your technology journey.

Big Bang or waterfall development has long been the standard approach to legacy modernization projects. However, government agencies are increasingly turning away from this approach, finding an incremental, agile approach to suit their missions and goals better. For instance, agencies such as Veterans Affairs stating they are moving away from Big Bang projects.

Issues with the Big Bang

In the Big Bang approach, agencies spent years gathering requirements and awarded projects to a single contractor. The contract was then delivered based on these requirements, leaving little room to adapt to changing requirements and needs. Further, since this frequently tied agencies to a single, large systems integrator, there was little opportunity to introduce small and emerging contractors with specialized expertise. The result was delayed, over budget, and underperforming modernizations. 

Taking an Incremental Approach

Agencies are shifting from Big Bang modernization to agile, incremental, or bit-by-bit approaches. In this approach, they identify a minimal viable product (MVP), ensuring the solution first meets the minimum needs of its users. Then, its agile development teams add enhancements to the solution incrementally. This allows agencies to scale up and down, add new programs and features, and adapt to change requirements.

Modernization to Meet the Mission

The result is modernization that meets the agency’s mission. There are additional strategies teams can employ to ensure mission-oriented development. When experts modernize alongside domain experts, that collaboration supports an MVP that will meet the needs of its users. At Karsun, we use processes like event storming, human-centered design, and others to ensure we receive this feedback throughout our engagement. Moreover, working with a partner experienced in combining public sector experience with modern methodologies and tools enhances this synergy further. 

The Karsun Approach

At Karsun, we take this approach to our modernization projects from the beginning. Critically, we also look beyond to understand the application’s purpose and its users’ needs after our departure from the project. This product mindset, which we call Modernization for Every Next, is an incremental approach that allows us to focus on meeting agency missions, introduce emerging solutions at the appropriate time, build secure architecture meant to last, and accelerate transformation with fit-to-purpose toolkits. Learn more about our modernization successes in the Acquisitions, Aviation, Fleet, and Grants industries.

Every day over 21,000 people use U.S. government websites. Given this, incorporating the needs of millions of users while modernizing on a large scale can be daunting. Karsun Solutions President Terry Miller joins John Gilroy and the Federal Tech Podcast to share how a product mindset combined with Karsun’s Digital Transformation toolkits enable agencies to meet their mission while meeting the expectations of its users.

The Product Mindset

In the interview, Miller describes how legacy application modernization can get bogged down by a focus on adding functionality over a focus on the product as a whole. He notes by taking a product mindset, technology teams instead consider the purpose of the product and what it is supposed to do for its users. This goes beyond adding features or modernizing to meet new requirements. Instead, product mindset oriented modernization considers the long-term vision for the product. It involves stakeholders from the beginning to ensure their vision is part of the collective vision. This includes adopting feedback loops, like those used in human centered design, to ensure consistent input from the beginning.

Toolkits Accelerate Transformation

Miller explained the second part of Karsun’s approach to design at scale is its Digital Transformation Toolkits. These resources and playbooks accelerate transformation as Karsun begins its modernization process. For example, the Digital Transformation Design Toolkit uses a system of 40 different components enabling our developers to quickly create U.S. Web Design System (USWDS) standards compliant interfaces. This allows rapid interaction from prototype to production while engaging the frequent feedback cycle needed for product mindset development. Miller mentions Karsun’s new Design for Every Next whitepaper dives deeper into this relationship. Produced by the Karsun Innovation Center, the paper examines user experience throughout the modernization process.
The podcast is out now. Tune in to the Federal Tech Podcast on Apple Podcasts, Spotify, or at https://www.theoakmontgroupllc.com/ep-73-how-to-build-federal-systems-for-scale-and-resilience/.

Over 21,000 people visit U.S. government websites each day. The annual paperwork burden for executive departments and agencies exceeds 9 billion hours. Adopting next-generation user experience practices can address these challenges. By considering the needs of all stakeholders, designing for scale can improve the user experience, reducing paperwork and empowering agencies to meet their mission no matter the changing digital landscape. 

In 2021, the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government called on agencies to improve government performance while using proven best practices such as human centered design and service delivery models. We must embed the user experience in the process to meet these requirements as early as possible. It compels us to take a long view. We should take a product oriented mindset that asks not how we can introduce a particular feature or functionality but how the product itself will be used past the completion of a modernization project. 

We have applied this approach to modernization projects for our customers in the acquisitions, aviation, and grants management industries. Aligning to industry standards, some of our applications see more than 1 million registered users. Using repeatable processes, we enable User Experience/User Interface (UI/UX) on a massive scale as we modernize complex systems for our agency customers. We collect our best practices, resources, and components into toolkits used by our teams. Now we have assembled our insights into a white paper from our Karsun Innovation Center.  

Our new Design for Every Next white paper takes you step by step through this process. From building your data capabilities to effectively analyzing stakeholder needs to creating effective feedback loops. We also share best practices and strategies for leveraging emerging technologies to implement new enhancements quickly. We also share our component-based approach to rapidly iterating and prototyping interfaces. Part of our Digital Transformation Toolkits, our Design Toolkit ensures teams have the resources and expertise to accelerate transformation with a comprehensive view of stakeholder needs and wants.  Download the white paper at https://karsun-llc.com/resource/design-for-every-next-2/.

HERNDON, VA – Karsun Solutions announced today that it achieved Amazon Web Services (AWS) DevOps Competency status. This is the third AWS Competency designation for the IT modernization firm serving federal civilian agencies. In addition to the AWS Government Competency and AWS Migration Competency it already achieved, Karsun is also a Public Sector Partner (PSP) and participates in AWS Partner Network (APN) Immersion Days.

The AWS DevOps Competency designation recognizes companies helping customers implement continuous integration and continuous delivery (CI/CD) practices or helping them automate infrastructure provisioning and management with configuration management tools on AWS. Achieving the AWS DevOps Competency differentiates Karsun as an AWS Partner that provides specialized demonstrated technical proficiency and proven customer success with a specific focus on CI/CD, Monitoring, Logging and Performance, Infrastructure as Code, and Consulting. To receive the designation, AWS Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

“The AWS DevOps Competency validates our commitment to implementing technology the right way to meet our customer’s mission,” said Terry Miller, President of Karsun Solutions.

AWS enables scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. 

“Every solution from Karsun uses industry best practices applied to the latest advancements in technology,” said Badri Sriraman, Senior Vice President, Karsun Innovation Center. “We’re proud to be among the AWS Public Sector Partners that have achieved the AWS DevOps Competency.”

Karsun migrates, builds and optimizes in the cloud. Its expert DevOps teams introduce industry best practices using repeatable frameworks and playbooks which enable digital transformation at an accelerated pace. Its cloud architecture, platform and legacy application modernization solutions address agency needs today while preparing customers’ systems for the future.

An Advanced Consulting Partner, Karsun software development, cloud and data solutions teams all deliver on AWS. As an APN member with AWS Migration Competency status, its customers may utilize Karsun’s access to AWS Migration Acceleration Program (MAP) resources.  When applicable, Karsun implements these financial incentives as part of AWS MAP. Its government customers may also leverage Karsun’s extensive experience modernizing large, complex systems with Cloud Runways, a portfolio of purpose-built toolkits optimizing migration to the cloud.

Learn more about Karsun’s AWS DevOps Practice at https://karsun-llc.com/solutions/cloud-solutions/aws-devsecops/.

About Karsun Solutions

Karsun Solutions modernizes enterprise systems enabling agencies to make the next technological advancement their next opportunity to elevate mission capability. IT solutions from Karsun are tailored to meet agencies’ unique needs and optimize operations. These solutions adapt and stay relevant with current trends while using secure, digital architecture built to last. It is a proven modernization partner whose expertise elevates agency capabilities and ensures every next opportunity is within reach.

Company Contact: marketing@karsun-llc.com

Leveraging improved efficiency and reduced costs while ensuring availability, cloud native development is a must for complex enterprise modernization projects. Modern cloud native architectures involve applications developed and deployed through cloud service providers such as AWS. These use services like AWS VPC, EC2, S3, Kinesis, DynamoDB, RDS, and others.

While utilizing cloud native architecture can provide impressive operational improvements, maintaining security and compliance standards using manual processes can quickly limit those outcomes. This is a common concern for our agency customers. Applications deployed in federal agencies obtain Authorization to Operate, an ATO. 

Getting an ATO involves categorizing the information system, then selecting, implementing, and assessing the controls. Risks are identified based on this assessment, and final authorization is provided to operate the system. In most cases, this process relies on manual tasks, like copying security control documentation into a  Governance, Risk, and Compliance (GRC) document, then manually updating this documentation on a regular basis. Continuous deployment of new workloads and features in an agile environment being a necessity, manual processes and massive documentation effort adds significant delays to the authorization process.

AWS DevOps and OSCAL Compliance for cATO and Zero Trust

One solution is the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML developed by NIST. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. Govready-q is an open source GRC platform for highly automated, user-friendly, self-service compliance assessments and documentation which supports OSCAL. AWS is the first cloud service provider to provide OSCAL formatted system security plan (SSP). Integrating a GRC tool like Goveread-q part of the DevSecOps toolchain and using OSCAL for documenting all the controls automates most aspects of the ATO process enables us to do continuous ATO (cATO) and alleviates the documentation burden and most manual processes associated with it.

Enabling DevOps with Karsun Solutions 

At Karsun, we promote the adoption of OSCAL for the documentation of security controls and use automated GRC tools like GovReady-q. When applications deploy on AWS, we can leverage OSCAL documentation created by AWS. This enables faster, more accurate authorization packages, decreases customers’ security documentation burden and reduces service authorization timelines.

Working with an experienced cloud solutions partner such as Karsun ensures you do not need to trade security for efficiency. In particular, we are an AWS Advanced Consulting Partner with both a Government Services Competency and a Migration Services Competency. Partner with our experts, modernize with cloud native architecture, and optimize both operations and security.

About the Author

Judewin Gabriel is a Subject Matter Expert and the DevSecOps Practice Lead at Karsun Solutions. An advocate for DevSecOps best practices, he drives Driving CI/CD, security engineering, SRE, pipelines, and observability excellence.

Whether using as a Platform-as-a-Service, such as Docker, or orchestration through a tool like Kubernetes, the race is on for containerized solutions. In October 2021, the General Services Administration released its Containerization Readiness Guide. Containerized software solutions allow agencies to develop applications rapidly, scale quickly and optimize compute resources. The need is especially pressing for legacy applications which must also remain secure as they modernize. 

Creating Dockerfiles for Containerization

When we think of containerization, the first step is to create a Dockerfile for each application. While the Dockerfile provides flexibility to build an image that is only limited by your ability to script, it also adds overhead on developers to ensure the accuracy, efficiency and security of these images. For example, the developers must ensure that the Dockerfiles are as small as possible by removing any redundant dependencies that can increase the image size, which increases the build time. They must also confirm the files don’t contain any secrets or config keys. Additionally, they should verify that the base image comes from a secure source while actively scanning the images for new security vulnerabilities. If the image contains vulnerabilities that can spread to all containers that use the vulnerable image. Without proper planning and oversight, things can quickly get messy.

Benefits of using Buildpacks over Dockerfiles

Buildpacks allow you to convert application code into a secure, efficient and production ready container image without the need to create a Dockerfile for each application. It examines applications written in Java, .NET, Python and many other languages to determine all the dependencies it needs and then configures them appropriately to run on any cloud. Buildpacks also offer the capability to swap out OS layers without rebuilding an image. This reduces build time by eliminating the need to recreate all the layers when the base image is updated.

Using Tekton for creating CI Pipelines 

Tekton is a cloud-native solution for building CI/CD pipelines. Unlike Jenkins, Tekton was designed to work natively on Kubernetes and incorporates AWS EKS best practices by default. It installs and runs as an extension on a Kubernetes cluster and provides a set of open source Kubernetes resources to build and run CI/CD pipelines, such as parameterized tasks and pipelines. Just like Jenkins uses plugins to extend its capabilities, Tekton has Tekton Hub – a catalog of predefined tasks, you can create custom tasks and scripts to extend the capabilities of these tasks if you can’t find a task that precisely matches your requirements. Tekton’s modularity allows for componentization, standardization and reusability within the CI/CD workflow. Buildpacks project provides tasks that Tekton can leverage to build and deploy applications.

Additionally, Tekton also provides support for Windows containers and an ability to run Linux-only, Windows-only as well as hybrid workflows. Installing Tekton on an EKS cluster means EKS automatically manages the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing application availability, storing cluster data, and other key tasks. In addition, it allowed us to take advantage of all the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services, such as application load balancers (ALBs) for load distribution, AWS Identity and Access Management (IAM) integration with role-based access control (RBAC), and AWS Virtual Private Cloud (VPC) support for pod networking.

Conclusion

In summary, integrating Tekton with Buildpacks allowed us to containerize applications easily and securely and create an end-to-end CI/CD pipeline with reusable components. Using Tekton and buildpacks we were able to containerize more than 20 .NET applications and move them to the cloud in less than six months. This initiative will reduce the technical debt by reducing application maintenance costs by 50% and increasing technical compliance score by 35% in the next two years. 

About the Author

Prerak Patel is DevOps Engineer from the Karsun Solutions DevSecOps Practice. This practice is responsible for driving CI/CD, security engineering, SRE, pipelines and observability excellence at Karsun.