ayedo Software Delivery Platform: High-Level Overview
Fabian Peter 7 Minuten Lesezeit

ayedo Software Delivery Platform: High-Level Overview

ayedo SDP: Implementing the Modern SDLC
compliance-campaign-2026 ayedo-sdp platform-engineering kubernetes devops managed-services
Ganze Serie lesen (40 Artikel)

Diese Serie erklärt systematisch, wie moderne Software compliant entwickelt und betrieben wird – von EU-Regulierungen bis zur technischen Umsetzung.

  1. Compliance Compass: EU Regulations for Software, SaaS, and Cloud Hosting
  2. GDPR: Privacy by Design as the Foundation of Modern Software
  3. NIS-2: Cyber Resilience Becomes Mandatory for 18 Sectors
  4. DORA: ICT Resilience for the Financial Sector Starting January 2025
  5. Cyber Resilience Act: Security by Design for Products with Digital Elements
  6. Data Act: Portability and Exit Capability Become Mandatory from September 2025
  7. Cloud Sovereignty Framework: Making Digital Sovereignty Measurable
  8. How EU Regulations Interconnect: An Integrated Compliance Approach
  9. 15 Factor App: The Evolution of Cloud-Native Best Practices
  10. 15 Factor App Deep Dive: Factors 1–6 (Basics & Lifecycle)
  11. 15 Factor App Deep Dive: Factors 7–12 (Networking, Scaling, Operations)
  12. 15 Factor App Deep Dive: Factors 13–15 (API First, Telemetry, Auth)
  13. The Modern Software Development Lifecycle: From Cloud-Native to Compliance
  14. Cloud Sovereignty + 15 Factor App: The Architectural Bridge Between Law and Technology
  15. Standardized Software Logistics: OCI, Helm, Kubernetes API
  16. Deterministically Checking Security Standards: Policy as Code, CVE Scanning, SBOM
  17. ayedo Software Delivery Platform: High-Level Overview
  18. ayedo Kubernetes Distribution: CNCF-compliant, EU-sovereign, compliance-ready
  19. Cilium: eBPF-based Networking for Zero Trust and Compliance
  20. Harbor: Container Registry with Integrated CVE Scanning and SBOM
  21. VictoriaMetrics & VictoriaLogs: Observability for NIS-2 and DORA
  22. Keycloak: Identity & Access Management for GDPR and NIS-2
  23. Kyverno: Policy as Code for Automated Compliance Checks
  24. Velero: Backup & Disaster Recovery for DORA and NIS-2
  25. Delivery Operations: The Path from Code to Production
  26. ohMyHelm: Helm Charts for 15-Factor Apps Without Kubernetes Complexity
  27. Let's Deploy with ayedo, Part 1: GitLab CI/CD, Harbor Registry, Vault Secrets
  28. Let's Deploy with ayedo, Part 2: ArgoCD GitOps, Monitoring, Observability
  29. GitLab CI/CD in Detail: Stages, Jobs, Pipelines for Modern Software
  30. Kaniko vs. Buildah: Rootless, Daemonless Container Builds in Kubernetes
  31. Harbor Deep Dive: Vulnerability Scanning, SBOM, Image Signing
  32. HashiCorp Vault + External Secrets Operator: Zero-Trust Secrets Management
  33. ArgoCD Deep Dive: GitOps Deployments for Multi-Environment Scenarios
  34. Guardrails in Action: Policy-Based Deployment Validation with Kyverno
  35. Observability in Detail: VictoriaMetrics, VictoriaLogs, Grafana
  36. Alerting & Incident Response: From Anomaly to Final Report
  37. Polycrate: Deployment Automation for Kubernetes and Cloud Migration
  38. Managed Backing Services: PostgreSQL, Redis, Kafka on ayedo SDP
  39. Multi-Tenant vs. Whitelabel: Deployment Strategies for SaaS Providers
  40. From Zero to Production: The Complete ayedo SDP Workflow in an Example

TL;DR

  • The ayedo Software Delivery Platform combines a production-ready Kubernetes distribution, the automation framework Polycrate, and the Helm wrapper ohMyHelm into an integrated solution for development, operations, and compliance.
  • Core platform services like Cilium, VictoriaMetrics, Harbor, Keycloak, Kyverno, Cert-Manager, and Velero are predefined, integrated, and operable – including backup, security, observability, and identity.
  • A catalog of over 50 managed apps enables consistent provisioning of critical components like CI/CD, databases, or observability stacks without the need for custom integration efforts.
  • The platform addresses typical bottlenecks: out-of-the-box compliance requirements, a consistent developer experience, clear separation of platform operations and delivery operations, as well as multi-cloud and on-premises scenarios.
  • With the ayedo platform, organizations receive a European-conceived, regulation-compliant software delivery foundation, supported from architecture to operations – including a personalized platform demo.

What the ayedo Software Delivery Platform Is – and What It Solves

The ayedo Software Delivery Platform (SDP) is an integrated environment for the entire lifecycle of modern applications: from the initial commit pipeline to ongoing operations in production-ready Kubernetes clusters.

At its core, the SDP combines three components:

  1. A managed Kubernetes distribution as a robust runtime environment.
  2. Polycrate as a framework for deployment automation and Day-2 operations.
  3. ohMyHelm as a developer-friendly layer over Helm.

Building on this, the SDP provides a set of curated platform services and over 50 managed apps. The goal is an environment where:

  • Teams work consistently, regardless of cloud or on-premises location,
  • Regulatory requirements are met as an inherent part of the platform, not as an additional burden,
  • The transition from development to operations is clearly defined and reproducible.

Instead of stacking individual tools, the SDP is understood as a coherent system – including operational, security, and compliance perspectives.

The Three Pillars of the Platform

Kubernetes Distribution: The Foundation of the Runtime Environment

The ayedo Kubernetes Distribution provides the container platform on which all applications run – managed apps as well as custom workloads. It bundles proven CNCF components and is designed to be operable both in European cloud environments and on-premises.

Key features:

  • Production-ready cluster configurations for various scales
  • Unified operational models across locations and providers
  • Standardized security, logging, and monitoring setups
  • Support for typical compliance frameworks like ISO 27001, NIS2, and BSI IT-Grundschutz

This distribution is not just a “Kubernetes cluster,” but a pre-configured operational environment with integrated core services.

Polycrate: Automation and Day-2 Ops

Polycrate is the automation framework of the SDP. It encapsulates complex processes – from cluster bootstrap to platform service installation, updates, and backups – into reusable units.

Strategically, the focus is less on technical details and more on impact:

  • Infrastructure and platform setup are versioned as declarative artifacts.
  • Repeatable, auditable processes for installations, upgrades, and maintenance.
  • Clearly defined workflows for platform operations – independent of individual “heroic competence” of engineers.
  • Foundation for a Git-centered operational model that meets regulatory traceability requirements.

Polycrate transforms complex platform operations into standardized processes.

ohMyHelm: Developing Without Kubernetes Expertise

ohMyHelm bridges the gap to development teams. Instead of maintaining individual Helm charts for each application, ohMyHelm provides flexible, reusable templates.

For stakeholders, this means:

  • Developers need less Kubernetes expertise to deploy applications.
  • Deployment structures remain consistent across teams and projects.
  • Best practices for ingress, TLS, monitoring integration, or RBAC are implicitly delivered.
  • Applications automatically integrate into existing platform services (e.g., monitoring, logging, certificate management).

This creates a unified developer experience without forcing teams into rigid guidelines.

Integrated Platform Services: Security, Observability, Resilience

A modern delivery platform is more than just a bare cluster. The SDP includes a range of core platform services directly – pre-integrated, with operational and update paths via Polycrate.

Networking and Security: Cilium

Cilium acts as an eBPF-based network and security backend:

  • Fine-grained network policies as a foundation for zero-trust approaches.
  • Transparent observability at the network level.
  • Scalable, high-performance service connectivity.

From a compliance perspective, Cilium helps implement segmentation and access concepts consistently.

Monitoring and Logging: VictoriaMetrics (and VictoriaLogs)

VictoriaMetrics serves as the metrics backend, supplemented by log-centric components:

  • Central collection of cluster, platform, and application metrics.
  • Integration into common dashboards, alerting, and SLO definitions.
  • Foundation for technical traceability in case of disruptions.

This creates an observability-capable foundation that both platform and delivery teams can build upon.

Software Supply Chain: Harbor

Harbor serves as a central container registry with an integrated security focus:

  • Image scanning for known vulnerabilities.
  • Signing and policy-driven release of artifacts.
  • Multi-tenant projects and repositories.

In conjunction with Git-based workflows, Harbor enables transparent and controlled software supply chains – a central element for upcoming requirements such as the Cyber Resilience Act, effective January 16, 2024.

Identity and Access Management: Keycloak

Keycloak provides central identity and access functions:

  • Single sign-on (SSO) for platform and developer tools.
  • Role-based access control across all levels.
  • Integration with enterprise identities (e.g., LDAP, OIDC).

This allows consistent mapping of rights and role concepts, which is increasingly mandatory under NIS2 and similar frameworks.

Policy Enforcement: Kyverno

Kyverno brings policy-as-code directly into the Kubernetes ecosystem:

  • Enforcement of standards (e.g., resource limits, labels, TLS usage).
  • Automated assurance of certain configurations.
  • Auditable policies for cluster and application configurations.

For stakeholders, this means governance requirements can be explicitly defined and technically verified – rather than just documented.

Certificate Management: Cert-Manager

Cert-Manager automates the management of TLS certificates:

  • Automatic issuance and renewal of certificates.
  • Integration with internal and external CAs.
  • Consistent TLS configurations for internal and external services.

This reduces operational risks from expiring certificates while increasing the enforcement of encryption requirements.

Backup and Disaster Recovery: Velero

Velero ensures backup and recovery:

  • Regular, declaratively described backups of clusters and namespaces.
  • Targeted restoration of individual workloads or entire environments.
  • Support for migration scenarios between clusters.

This addresses not only daily operations but also resilience requirements – an increasingly important aspect in regulatory contexts.

50+ Managed Apps: Catalog Instead of Project Marathon

Beyond the platform core, the SDP provides more than 50 managed apps: from GitLab to databases to streaming and observability components.

Typical categories:

  • DevOps: GitLab, Argo CD, CI/CD tooling
  • Data and Storage: PostgreSQL, Redis, MongoDB, ClickHouse
  • Identity: Keycloak, alternatively Authentik or Zitadel
  • Monitoring & Tracing: Grafana, supplementary metric and tracing stacks
  • Messaging: Kafka, RabbitMQ, NATS

The advantage of this catalog lies less in “click and run,” but in standardization:

  • Predefined, vetted configurations that fit into the platform layout.
  • Common operational and update paths via Polycrate.
  • Reusable patterns for logging, monitoring, backups, security.

This significantly reduces the number of individual integration projects and frees up time for domain-specific differentiating topics.

From Code to Cluster: GitLab → Harbor → Argo CD → Kubernetes

A central element of the SDP is the standardized delivery workflow. A typical path looks like this:

  1. Development in GitLab
    Developers work in GitLab or a similar repository manager. Pipelines build container images and execute tests.

  2. Artifacts in Harbor
    The generated images are stored in Harbor, scanned, and signed. Policies can determine which images are approved for production environments.

  3. GitOps with Argo CD
    Deployments are described declaratively in Git repositories. Argo CD synchronizes these desired states with the target clusters. Changes to application versions or configurations occur as Git commits – including history and review process.

  4. Execution in Kubernetes
    The target environment is production-ready Kubernetes clusters of the ayedo distribution. There, the following automatically apply:

    • Network Policies (Cilium),
    • Monitoring and Logging (VictoriaMetrics, supplementary tools),
    • Certificate Management (Cert-Manager),
    • Backups (Velero),
    • Policies (Kyverno).

  5. Day-2 Operations with Polycrate
    Cluster extensions, platform updates, scaling, or rollout of new managed apps run through Polycrate workflows. This ensures consistency and traceability over extended periods.

From a stakeholder perspective, this creates a process that supports both developer productivity and auditability.

Platform Operations vs. Delivery Operations – Clear Responsibilities

A common issue in Kubernetes-based environments is the blurred line between platform and application teams. The SDP emphasizes a structured distribution of responsibilities.

Platform Operations

Platform Operations is responsible for the operation of the fundamental infrastructure:

  • Setup and lifecycle of Kubernetes clusters.
  • Installation and maintenance of platform services (Cilium, VictoriaMetrics, Harbor, Keycloak, Kyverno, Cert-Manager, Velero).
  • Provision and maintenance of selected managed apps.
  • Implementation of technical controls for security and compliance.
  • Standardization of processes like backups, upgrades, incident management.

Polycrate is the central tool here to establish repeatable, versioned processes.

Delivery Operations (Application Operations)

Delivery Operations (often in close cooperation with application teams) is responsible for:

  • Configuration and deployment of business applications.
  • Definition of SLOs, alerts, and dashboards for services.
  • Capacity planning at the application level.
  • Coordination of re
Vorheriger Post Alle Posts Nächster Post

Ähnliche Artikel