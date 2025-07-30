The earlier CI infrastructure for IBM Cloud VPC was vast and complex. Due to historical decisions, the original setup consisted of a traditional on-premises deployment that combined both commercial and custom-built tools. The CI system was required to operate nonstop to support hundreds of developers building and testing a wide range of artifacts such as Debian packages, virtual machines and container images.

Maintaining a highly available infrastructure designed for security and compliance, and based on bare metal servers posed significant challenges. It demanded specialized expertise across multiple domains, including network configuration, operating systems, database administration, security scanning and CI orchestration tools. The skill set required went well beyond the typical profile of a DevOps engineer, needing dedicated personnel with deep technical breadth.

To reduce complexity, lower the skill barrier and streamline maintenance, the first major step was to decommission the on-premises bare metal server-based infrastructure in favor of a virtual server hosting solution.

The new environment was built on IBM Cloud VPC with approximately 90 virtual server instances (VSIs), each provisioned with 64 vCPUs and 256 GB of RAM. Each VSI was dedicated to a specific CI function or supporting service. For instance, the CI orchestrator required Kubernetes-based workers, so several VSIs were configured as Kubernetes worker nodes.

The orchestrator also required a high-availability database, which was deployed across multiple VSIs as an active-active cluster. More VSIs were allocated for storage servers, image registries, Domain Name Services (DNS), Virtual Private Network (VPN) connections and load balancers. Also, a queuing engine to manage CI job load was added, along with the orchestrator’s web UI, security scanning tools and various proxy services to enable intercomponent communication.

While the transition to cloud infrastructure eliminated the burden of hardware failures, the overall system remained highly complex from an operational standpoint. The architecture continued to require skills and expertise not typically found within standard DevOps roles.

Moreover, evolving security and compliance requirements required ongoing enhancements to security tool integration, infrastructure hardening and software stack upgrades to remain aligned with industry standards. These demands used the capacity of the CI team. Out of a seven-member team, three engineers were fully dedicated to infrastructure maintenance, which limited the team's ability to focus on improving and evolving the CI pipelines themselves.

The diagram provides an overview of the core components that comprised this cloud-hosted CI infrastructure.