ayedo Software Delivery Platform: High-Level Overview

TL;DR

• The ayedo Software Delivery Platform combines a production-ready Kubernetes distribution, the automation framework Polycrate, and the Helm wrapper ohMyHelm into an integrated solution for development, operations, and compliance.
• Core platform services like Cilium, VictoriaMetrics, Harbor, Keycloak, Kyverno, Cert-Manager, and Velero are predefined, integrated, and operable – including backup, security, observability, and identity.
• A catalog of over 50 managed apps enables consistent provisioning of critical components like CI/CD, databases, or observability stacks without the need for custom integration efforts.
• The platform addresses typical bottlenecks: out-of-the-box compliance requirements, a consistent developer experience, clear separation of platform operations and delivery operations, as well as multi-cloud and on-premises scenarios.
• With the ayedo platform, organizations receive a European-conceived, regulation-compliant software delivery foundation, supported from architecture to operations – including a personalized platform demo.

What the ayedo Software Delivery Platform Is – and What It Solves

The ayedo Software Delivery Platform (SDP) is an integrated environment for the entire lifecycle of modern applications: from the initial commit pipeline to ongoing operations in production-ready Kubernetes clusters.

At its core, the SDP combines three components:

1. A managed Kubernetes distribution as a robust runtime environment.
2. Polycrate as a framework for deployment automation and Day-2 operations.
3. ohMyHelm as a developer-friendly layer over Helm.

Building on this, the SDP provides a set of curated platform services and over 50 managed apps. The goal is an environment where:

• Teams work consistently, regardless of cloud or on-premises location,
• Regulatory requirements are met as an inherent part of the platform, not as an additional burden,
• The transition from development to operations is clearly defined and reproducible.

Instead of stacking individual tools, the SDP is understood as a coherent system – including operational, security, and compliance perspectives.

The Three Pillars of the Platform

Kubernetes Distribution: The Foundation of the Runtime Environment

The ayedo Kubernetes Distribution provides the container platform on which all applications run – managed apps as well as custom workloads. It bundles proven CNCF components and is designed to be operable both in European cloud environments and on-premises.

Key features:

• Production-ready cluster configurations for various scales
• Unified operational models across locations and providers
• Standardized security, logging, and monitoring setups
• Support for typical compliance frameworks like ISO 27001, NIS2, and BSI IT-Grundschutz

This distribution is not just a “Kubernetes cluster,” but a pre-configured operational environment with integrated core services.

Polycrate: Automation and Day-2 Ops

Polycrate is the automation framework of the SDP. It encapsulates complex processes – from cluster bootstrap to platform service installation, updates, and backups – into reusable units.

Strategically, the focus is less on technical details and more on impact:

• Infrastructure and platform setup are versioned as declarative artifacts.
• Repeatable, auditable processes for installations, upgrades, and maintenance.
• Clearly defined workflows for platform operations – independent of individual “heroic competence” of engineers.
• Foundation for a Git-centered operational model that meets regulatory traceability requirements.

Polycrate transforms complex platform operations into standardized processes.

ohMyHelm: Developing Without Kubernetes Expertise

ohMyHelm bridges the gap to development teams. Instead of maintaining individual Helm charts for each application, ohMyHelm provides flexible, reusable templates.

For stakeholders, this means:

• Developers need less Kubernetes expertise to deploy applications.
• Deployment structures remain consistent across teams and projects.
• Best practices for ingress, TLS, monitoring integration, or RBAC are implicitly delivered.
• Applications automatically integrate into existing platform services (e.g., monitoring, logging, certificate management).

This creates a unified developer experience without forcing teams into rigid guidelines.

Integrated Platform Services: Security, Observability, Resilience

A modern delivery platform is more than just a bare cluster. The SDP includes a range of core platform services directly – pre-integrated, with operational and update paths via Polycrate.

Networking and Security: Cilium

Cilium acts as an eBPF-based network and security backend:

• Fine-grained network policies as a foundation for zero-trust approaches.
• Transparent observability at the network level.
• Scalable, high-performance service connectivity.

From a compliance perspective, Cilium helps implement segmentation and access concepts consistently.

Monitoring and Logging: VictoriaMetrics (and VictoriaLogs)

VictoriaMetrics serves as the metrics backend, supplemented by log-centric components:

• Central collection of cluster, platform, and application metrics.
• Integration into common dashboards, alerting, and SLO definitions.
• Foundation for technical traceability in case of disruptions.

This creates an observability-capable foundation that both platform and delivery teams can build upon.

Software Supply Chain: Harbor

Harbor serves as a central container registry with an integrated security focus:

• Image scanning for known vulnerabilities.
• Signing and policy-driven release of artifacts.
• Multi-tenant projects and repositories.

In conjunction with Git-based workflows, Harbor enables transparent and controlled software supply chains – a central element for upcoming requirements such as the Cyber Resilience Act, effective January 16, 2024.

Identity and Access Management: Keycloak

Keycloak provides central identity and access functions:

• Single sign-on (SSO) for platform and developer tools.
• Role-based access control across all levels.
• Integration with enterprise identities (e.g., LDAP, OIDC).

This allows consistent mapping of rights and role concepts, which is increasingly mandatory under NIS2 and similar frameworks.

Policy Enforcement: Kyverno

Kyverno brings policy-as-code directly into the Kubernetes ecosystem:

• Enforcement of standards (e.g., resource limits, labels, TLS usage).
• Automated assurance of certain configurations.
• Auditable policies for cluster and application configurations.

For stakeholders, this means governance requirements can be explicitly defined and technically verified – rather than just documented.

Certificate Management: Cert-Manager

Cert-Manager automates the management of TLS certificates:

• Automatic issuance and renewal of certificates.
• Integration with internal and external CAs.
• Consistent TLS configurations for internal and external services.

This reduces operational risks from expiring certificates while increasing the enforcement of encryption requirements.

Backup and Disaster Recovery: Velero

Velero ensures backup and recovery:

• Regular, declaratively described backups of clusters and namespaces.
• Targeted restoration of individual workloads or entire environments.
• Support for migration scenarios between clusters.

This addresses not only daily operations but also resilience requirements – an increasingly important aspect in regulatory contexts.

50+ Managed Apps: Catalog Instead of Project Marathon

Beyond the platform core, the SDP provides more than 50 managed apps: from GitLab to databases to streaming and observability components.

Typical categories:

• DevOps: GitLab, Argo CD, CI/CD tooling
• Data and Storage: PostgreSQL, Redis, MongoDB, ClickHouse
• Identity: Keycloak, alternatively Authentik or Zitadel
• Monitoring & Tracing: Grafana, supplementary metric and tracing stacks
• Messaging: Kafka, RabbitMQ, NATS

The advantage of this catalog lies less in “click and run,” but in standardization:

• Predefined, vetted configurations that fit into the platform layout.
• Common operational and update paths via Polycrate.
• Reusable patterns for logging, monitoring, backups, security.

This significantly reduces the number of individual integration projects and frees up time for domain-specific differentiating topics.

From Code to Cluster: GitLab → Harbor → Argo CD → Kubernetes

A central element of the SDP is the standardized delivery workflow. A typical path looks like this:

1. Development in GitLab
   Developers work in GitLab or a similar repository manager. Pipelines build container images and execute tests.

2. Artifacts in Harbor
   The generated images are stored in Harbor, scanned, and signed. Policies can determine which images are approved for production environments.

3. GitOps with Argo CD
   Deployments are described declaratively in Git repositories. Argo CD synchronizes these desired states with the target clusters. Changes to application versions or configurations occur as Git commits – including history and review process.

4. Execution in Kubernetes
   The target environment is production-ready Kubernetes clusters of the ayedo distribution. There, the following automatically apply:

   • Network Policies (Cilium),
   • Monitoring and Logging (VictoriaMetrics, supplementary tools),
   • Certificate Management (Cert-Manager),
   • Backups (Velero),
   • Policies (Kyverno).

5. Day-2 Operations with Polycrate
   Cluster extensions, platform updates, scaling, or rollout of new managed apps run through Polycrate workflows. This ensures consistency and traceability over extended periods.

From a stakeholder perspective, this creates a process that supports both developer productivity and auditability.

Platform Operations vs. Delivery Operations – Clear Responsibilities

A common issue in Kubernetes-based environments is the blurred line between platform and application teams. The SDP emphasizes a structured distribution of responsibilities.

Platform Operations

Platform Operations is responsible for the operation of the fundamental infrastructure:

• Setup and lifecycle of Kubernetes clusters.
• Installation and maintenance of platform services (Cilium, VictoriaMetrics, Harbor, Keycloak, Kyverno, Cert-Manager, Velero).
• Provision and maintenance of selected managed apps.
• Implementation of technical controls for security and compliance.
• Standardization of processes like backups, upgrades, incident management.

Polycrate is the central tool here to establish repeatable, versioned processes.

Delivery Operations (Application Operations)

Delivery Operations (often in close cooperation with application teams) is responsible for:

• Configuration and deployment of business applications.
• Definition of SLOs, alerts, and dashboards for services.
• Capacity planning at the application level.
• Coordination of re