Automated Deployment
OneFirewall: Cloud-Native Solution with Automated Deployment via GitLab and Canary Strategy
1. Introduction
OneFirewall is a cloud-native security platform designed to protect modern distributed environments. Built with a modular, scalable architecture, it integrates seamlessly with containerized infrastructures like Kubernetes. It supports frequent and reliable updates through a fully automated CI/CD pipeline using GitLab.
2. Cloud Native by Design
Key architectural features:
- Containerization: All components are Docker containers.
- Orchestration: Designed for Kubernetes/OpenShift environments.
- Auto-Scaling: Dynamic scaling based on load or cluster policies.
- Resilience: Stateless, fault-tolerant microservices.
- Observability: Integrated with tools like BetterStack and Elastic for metrics, logging, and tracing.
These features ensure fast adoption, simplified management, and agile updates in distributed environments.
3. Git Strategy: Optimized GitFlow for Continuous Delivery
OneFirewall uses a simplified GitFlow model adapted for Continuous Delivery:
main: Stable production branch; every commit triggers automatic deployment.develop: Integration branch for E2E testing.feature/*: For developing new features.hotfix/*: For urgent production bug fixes.release/*: For testing and validating candidate releases.
Merges into main trigger CI pipelines with automated testing, security checks, and approval policies.
4. CI/CD and Automated Deployment via GitLab Runner
The CI/CD system is built on GitLab using secure, dedicated runners.
Deployment Workflow:
- Push to
maintriggers the pipeline. - Runner validates the commit.
- Docker containers are built, tested, and pushed to the registry.
- Automated deployment via Helm (for Kubernetes) or Docker Compose.
- Canary strategy ensures safe, progressive rollout.
5. Canary Deployment: Safe and Controlled Rolling Updates
To reduce deployment risk, a canary strategy is used:
- Step 1: Deploy to 5–10% of pods/instances.
- Step 2: Monitor metrics, errors, and performance.
- Step 3: Continue rollout if metrics are within thresholds.
- Step 4: Auto-rollback on critical failures.
Benefits:
- Zero downtime
- High reliability
- Fast regression detection
6. Solution Benefits
- Rapid Time-to-Market: Production releases in hours.
- Security: Isolated, secure runners protect deploy secrets.
- Reliability: Automated testing minimizes regression risk.
- Customization: Supports multi-tenant deployments with client-specific configurations.
7. Conclusion
OneFirewall is a modern security platform built for dynamic, distributed environments. With a strong DevOps foundation, optimized Git strategy, and safe canary deployments, it enables frequent, secure updates without service interruption—maintaining high standards of quality and security across all clients.