1. Introduction

OneFirewall is a cloud-native security platform designed to protect modern distributed environments. Built with a modular, scalable architecture, it integrates seamlessly with containerized infrastructures like Kubernetes. It supports frequent and reliable updates through a fully automated CI/CD pipeline using GitLab.

2. Cloud Native by Design

Key architectural features:
  • Containerization: All components are Docker containers.
  • Orchestration: Designed for Kubernetes/OpenShift environments.
  • Auto-Scaling: Dynamic scaling based on load or cluster policies.
  • Resilience: Stateless, fault-tolerant microservices.
  • Observability: Integrated with tools like BetterStack and Elastic for metrics, logging, and tracing.
These features ensure fast adoption, simplified management, and agile updates in distributed environments.

3. Git Strategy: Optimized GitFlow for Continuous Delivery

OneFirewall uses a simplified GitFlow model adapted for Continuous Delivery:
  • main: Stable production branch; every commit triggers automatic deployment.
  • develop: Integration branch for E2E testing.
  • feature/*: For developing new features.
  • hotfix/*: For urgent production bug fixes.
  • release/*: For testing and validating candidate releases.
Merges into main trigger CI pipelines with automated testing, security checks, and approval policies.

4. CI/CD and Automated Deployment via GitLab Runner

The CI/CD system is built on GitLab using secure, dedicated runners. Deployment Workflow:
  1. Push to main triggers the pipeline.
  2. Runner validates the commit.
  3. Docker containers are built, tested, and pushed to the registry.
  4. Automated deployment via Helm (for Kubernetes) or Docker Compose.
  5. Canary strategy ensures safe, progressive rollout.

5. Canary Deployment: Safe and Controlled Rolling Updates

To reduce deployment risk, a canary strategy is used:
  • Step 1: Deploy to 5–10% of pods/instances.
  • Step 2: Monitor metrics, errors, and performance.
  • Step 3: Continue rollout if metrics are within thresholds.
  • Step 4: Auto-rollback on critical failures.
Benefits:
  • Zero downtime
  • High reliability
  • Fast regression detection

6. Solution Benefits

  • Rapid Time-to-Market: Production releases in hours.
  • Security: Isolated, secure runners protect deploy secrets.
  • Reliability: Automated testing minimizes regression risk.
  • Customization: Supports multi-tenant deployments with client-specific configurations.

7. Conclusion

OneFirewall is a modern security platform built for dynamic, distributed environments. With a strong DevOps foundation, optimized Git strategy, and safe canary deployments, it enables frequent, secure updates without service interruption—maintaining high standards of quality and security across all clients.