Singapore-based platform letsbloom helps its customers weave security and compliance into software development. The client faced several challenges, including the intuitiveness of the front-end, shortage of resources for the back-end development, long onboarding time for PoC customers, need for validation of compliance reports, and issues in the CI/CD pipeline.
letsbloom picked Gophers Lab as its development partner for our Golang & DevOps specialization and end-to-end development capabilities. Our solution helped the client overcome all the problems by improving user experience, ensuring fast & timely delivery, reducing onboarding time for PoC customers, validating compliance reports, and making the CI/CD pipeline smooth & secure.
About The Customer
letsbloom is a Singapore-based company that provides cloud-native & multi-cloud Platform-as-a-Service (PaaS). The platform helps customers in regulated industries to continuously view, manage, and validate their compliance and security posture of all cloud assets.
letsbloom had an existing platform that had many issues. The client was looking for a solution that would help them overcome the challenges below:
- letsbloom had responsiveness, load time, and codebase complexity issues. The client wanted to revamp the front-end to enhance the user experience, simplify code, and optimize performance for cross-browser compatibility & mobile support.
- The company sought more rapid delivery of features and services to meet the emerging customer requirements. Hence, it was looking to expedite the process by hiring more Java resources.
- letsbloom offers their clients a Windows (VM) environment to perform their PoC, but for this, they had to set up for each person every time manually, which took at least one day, assuming everything went right.
- The client required comprehensive infrastructure monitoring and reporting for various compliances, including CIS, MIS, and RMIT. Additionally, monitoring and alerting were being managed by a third party. Hence, letsbloom wanted test coverage after every infrastructure scan to validate the compliance reports.
- Further, the client required a backup and disaster recovery plan to meet compliances.
- Automatic rollbacks were not in sync every time, especially if there was only one change in configuration.
- Having a single CI/CD pipeline for all the microservices made it hard to track which services were being deployed and when. Additionally, secrets were being exposed in the ADO pipeline letsbloom was using for CI/CD.
- There was an issue with pods in a cluster dying as CPU and memory were not allocated.
The client chose Gophers Lab as their partner for their Golang and DevOps expertise, along with end-to-end development capabilities. We created a strategy and implemented the following solution for letsbloom:
- Redesigned the application with a clean, visually appealing UI, intuitive navigation, and easy-to-access workspaces to enhance the overall user experience
- Overcame data-fetching challenges by adopting React-Query for simplified data management and Axios for efficient HTTP requests
- Created reusable components that helped bring scalability and consistency throughout the front-end
- Designed and developed automation framework in Java and Rest Assured to automate the back-end services
- Transitioned back-end services in Golang to the latest tools to elevate the Infrastructure as Code (IAC) capabilities, bringing the VM environment set-up time to only 15-20 mins
- Separation of concern and moving out business-related services, like User and Venture management, to Spring Microservices from Golang services
- Designed the regression e2e functional test cases for coverage of policy compliance validations
- Set up e2e tests in the daily CI/CD pipeline as a health check for gaining confidence in the PR’s
- Automated Performance Tests for running the scans, which help to reduce the throughput and 90th percentile of the business transactions per second
- Moved the report notifications from the web and emails to a more developer and enterprise-friendly place like Slack for more transparency and visibility
- Updated the Disaster Recovery document
- Brought back Snyk scans into code management to find vulnerabilities in the libraries & SDKs installed and handle them in the CI/CD pipelines
- Used Kubernetes Config Connector (KCC) and Crossplane to create infrastructure in real-time sync, meaning when the configuration is changed, it will automatically rollback the changes
- Bifurcated the pipeline with respect to the microservices, with each service having its own pipeline for CI/CD integration
- Utilized Azure Vault from where the pipeline can read the secrets during deployment
- Set up alerts on emails and teams for the cloud resources
- Allocated dedicated CPU and Memory to the pods
Spring Boot, Java, Golang
React, React-Query, Okta, Bootstrap, Figma
KCC, Crossplane, Terraform, ADO
Java, Selenium, Jmeter, TestNG
Tools & Frameworks
Elasticsearch Kibana, Prometheus, Grafana, Pagerduty
Our solution helped our client, letsbloom, achieve the following results:
- Established a solid foundation for future scalability and consistency by creating reusable components, which made it easier to add new features and maintain a coherent look & feel across the entire platform
- Reduced loading times and seamless data updates contribute to increased user engagement on the platform
- Improved the response time and 90th percentile for the business transactions happening per second to 500 ms
- Automated daily pipelines to give confidence in the developers MR/PRs for ensuring the quality gates checks
- Increased scalability of the test coverage by automating 90% of test cases of our back-end services being used in the application, which also helps in maintaining the complaints and security
- Onboarding of new clients of PoC environment reduced from days to minutes
- With the allocation of resources, we ensured high availability of the resources