Functional Requirements

Milestones 1 - Infrastructure setup and configuration

Configure and setup both infrastructure systems for governace tools.

The Supplier shall provide and carry out the following:

• Terraform Setup for Hetzner Cloud: Use Terraform to define infrastructure as code for provisioning resources on Hetzner Cloud. This includes setting up virtual machines, networks, and storage that will host the Kubernetes clusters.

• Kubernetes Cluster Configuration Configure Kubernetes clusters on Hetzner Cloud, either by using Hetzner's managed Kubernetes service or by manually setting up the clusters through Terraform scripts. Ensure the clusters are optimized for scalability and reliability.

Milestone 1 - Acceptance Criteria: Terraform IaC scripts are fully documented, tested, and security-compliant. All cloud resources meet specifications. Kubernetes Clusters are set up with secure communication, and optimized resources. Integrate team repository permissions where only certain team members are allowed to trigger github actions.

• IaC scripts for provisioning resources on Hetzner Cloud.

• Scripts cover provisioning of virtual machines, networks, and storage that will host the Kubernetes clusters.

Milestone 2 - Continuous Integration and Continuous Deployment (CI/CD) Pipeline Setup

Setup CI/CD for governance tools.

The Supplier shall provide and carry out the following:

• i6GitHub Actions for CI: Set up GitHub Actions workflows for Continuous Integration. This should automate code linting, testing, building Docker images, and pushing them to a container registry upon every commit or pull request.

• GitHub Actions for CD: Configure GitHub Actions for Continuous Deployment. Automate the deployment process so that successful builds are automatically deployed to Kubernetes clusters. This includes updating deployments with new Docker images, managing Kubernetes configurations, and handling secrets.

Milestone 2 - Acceptance Criteria: CI with GitHub Actions: Builds and tests are automated for every commit or PR, with clear reporting on failures. CD with GitHub Actions: Automated deployments to environments are successful, with rollback mechanisms tested.

• Github Actions pipeline scripts with defined steps: lint, test, build, push-to-registry, deploy, release

Milestone 3 - Deployment Strategies and Operations

Ensure full deployment and operational strategies for governance tools.

The Supplier shall provide and carry out the following:

• Implement Kubernetes Deployment Strategies: Implement advanced Kubernetes deployment strategies, to help maintain service availability and minimize risks during updates.

• Monitoring and Rollback Mechanisms: Integrate Prometheus for performance metrics, Grafana for visualization, and Loki for log aggregation, to monitor application and infrastructure performance in real-time. Implement automated rollback processes in the deployment workflows to revert to previous versions if issues are detected post-deployment.

Milestone 3 - Acceptance Criteria: Deployment Strategies are implemented, documented, and cause zero downtime in staging tests. Critical KPIs are monitored with real-time alerts; rollback procedures are tested for minimal downtime.

- Deployed showcase project using the system

- Monitoring demo of deployed showcase project

Milestone 4 - Security and Compliance Integration

Ensure full setup and configuration of the secrets management and compliance integration for governance tools.

The Supplier shall provide and carry out the following:

• Secrets Management: Implement GitHub Secrets for secure storage and management of sensitive data and configurations. Integrate Kubernetes Secrets to securely deploy these configurations with the applications.

• Security Scanning: Incorporate security scanning tools into the CI pipeline to perform automated vulnerability scanning of Docker images and Kubernetes configurations, ensuring security issues are identified and resolved early in the development lifecycle.

Milestone 4 - Acceptance Criteria: Secrets are securely managed and integrated without exposure in code or to unauthorized personnel. Security scans are part of the CI pipeline, with a process for addressing findings and documented compliance.

- Deployed showcase project using the added security features

Maintenance - Monitoring, Optimization, and Continuous Improvement

• Optimize CI/CD Pipelines and Kubernetes Configurations: Continuously review and optimize the CI/CD pipelines and Kubernetes configurations to improve efficiency, reduce deployment times, and ensure the infrastructure scales effectively with the application needs.

• Comprehensive Monitoring: Monitor with Prometheus, Grafana, and Loki to ensure comprehensive visibility into both the application and the underlying infrastructure.

• Feedback Loops and Iteration: Establish feedback loops with development teams to gather insights and feedback on the DevOps processes and tooling. Use this feedback to make iterative improvements to the DevOps strategy and implementation.

• Regular maintenance and support of the cloud infrastructure, orchestration tooling, domain management, monitoring systems, and CI/CD processes done in Workstream 1. The Supplier will provide 2 dedicated DevOps engineers for ongoing support and maintenance activities.

Comprehensive monitoring covers all critical aspects with actionable alerts and accessible dashboards. CI/CD and Kubernetes show efficiency improvements, with a process for regular performance review. A process for feedback collection and implementation is active, with documented improvements.