Containerisation and orchestration technologies such as Docker and Kubernetes offer game-changing advantages in the deployment of cloud-based core banking systems. These tools enhance several facets of software for banks, including portability, scalability, and fault tolerance. Further, we will delve into details of how they achieve this.
Docker and Kubernetes are two complementary technologies that together provide the deployment infrastructure for modern cloud-based payment software. Docker is a containerisation platform that packages a software application and all of its dependencies, libraries, and configuration into a standardised unit called a container.
This container runs consistently across any environment that supports Docker, eliminating the environment-specific compatibility issues that arise when software is deployed differently across development, testing, and production infrastructure. Kubernetes is a container orchestration platform that manages the deployment, scaling, networking, health monitoring, and lifecycle of Docker containers at scale, automating the operational tasks that would otherwise require manual intervention across a large number of running containers.
As illustrated in a typical Docker and Kubernetes deployment for a core banking platform, each microservice within the system is packaged as a Docker container image. Kubernetes deploys these container images across a cluster of servers, distributing them across multiple availability zones for resilience. It monitors the health of each container continuously, automatically restarting or replacing containers that fail health checks.
When transaction volumes increase, Kubernetes scales out additional container instances for the affected services. When a software update is deployed, Kubernetes introduces the new container version gradually through a rolling deployment, replacing instances of the old version incrementally while maintaining service availability throughout the process.
Key Takeaways: #
- Docker and Kubernetes are the foundational containerisation and orchestration technologies used to deploy modern cloud-based core banking software, providing consistent, portable, and scalable deployment infrastructure across development, testing, and production environments;
- For payment institutions and e-money institutions, the primary operational benefits are horizontal scalability to handle transaction volume growth, automatic fault recovery to maintain service availability, and rolling deployment capabilities that enable regulatory and product updates to be applied without service interruption;
- Under DORA, financial institutions must demonstrate digital operational resilience across their ICT systems. Docker and Kubernetes directly support this requirement through self-healing infrastructure, health monitoring, multi-zone replication, and the rollback capabilities needed to recover from ICT incidents within defined recovery time objectives.
The Key Benefits of Docker and Kubernetes in the Software for Bank Systems #
Portability and environment consistency: A Docker container encapsulates the core banking application together with all of its runtime dependencies, meaning that the same container image runs identically across development, testing, staging, and production environments. This consistency eliminates the category of deployment failures caused by differences between environments, where software that works correctly in a test environment behaves differently in production due to dependency version mismatches or configuration differences. For core banking software teams managing frequent regulatory updates and product changes, environment consistency reduces the risk associated with each deployment and simplifies the process of diagnosing and reproducing issues identified in production.
Horizontal scalability and elasticity: Kubernetes enables individual services within a core banking platform to be scaled horizontally by deploying additional container instances in response to increased demand. This scaling can be configured to occur automatically based on defined metrics such as CPU utilisation, memory consumption, or transaction queue depth, without requiring manual intervention. For payment institutions and e-money institutions experiencing growth in transaction volumes, Kubernetes auto-scaling allows the system to absorb demand spikes without pre-provisioning infrastructure capacity for peak load at all times. When demand decreases, Kubernetes scales the number of instances back down, optimising infrastructure cost without compromising availability.
Resource efficiency: Docker containers share the host operating system kernel rather than running a separate operating system instance for each application, as traditional virtual machines do. This architectural difference means containers are significantly lighter in terms of memory and CPU overhead than equivalent virtual machine deployments, allowing more application instances to run on the same underlying hardware. Kubernetes complements this by managing resource allocation across the cluster, assigning available CPU and memory to containers according to defined requests and limits, and preventing individual containers from consuming resources at the expense of others. For core banking software processing high transaction volumes, this efficient resource utilisation translates into lower infrastructure costs and more predictable performance characteristics.
Fault tolerance and high availability: Kubernetes continuously monitors the health of all running containers through configurable health checks, including liveness probes that detect when a container has entered a failed state and readiness probes that determine when a container is ready to receive traffic. When a container fails a health check, Kubernetes automatically restarts or replaces it without requiring manual intervention. Kubernetes also supports the deployment of multiple container instances across different physical nodes and availability zones, ensuring that the failure of an individual node does not result in service unavailability. For payment institutions and e-money institutions operating on real-time payment rails such as Faster Payments or SEPA Instant, this automated fault recovery and multi-zone redundancy is a prerequisite for meeting the continuous availability requirements of those payment schemes.
DORA resilience requirements: Under DORA, financial institutions must implement ICT systems with defined recovery time objectives and demonstrate the ability to restore critical functions following an ICT incident. Kubernetes directly supports these requirements through its self-healing infrastructure, automatic container restart on failure, and the ability to recover workloads across alternative nodes in the event of infrastructure failure. The rollback capability described below further supports DORA’s recovery objectives by providing a rapid remediation path when a software deployment causes an operational issue. Institutions should document their Kubernetes resilience configuration, including replication factors, health check parameters, and recovery time objectives, as part of their DORA ICT risk management framework.
Rolling deployments and rollbacks: Kubernetes supports rolling deployments, in which a software update is applied by gradually replacing running container instances of the old version with instances of the new version, rather than taking the entire service offline for the duration of the update. At any point during a rolling deployment, both old and new container versions are running simultaneously, ensuring that the service remains available to users throughout the update process. If an issue is detected with the new version, Kubernetes can automatically or manually roll back to the previous version, restoring the prior state without a full redeployment. For core banking software that must apply regulatory updates, security patches, and product changes on an ongoing basis, rolling deployments and rollbacks reduce the operational risk of each release and eliminate the planned maintenance windows that would otherwise be required.
Service discovery and load balancing: Kubernetes provides built-in service discovery and load balancing, automatically routing incoming traffic to available container instances and distributing requests across instances to prevent any single instance from becoming a bottleneck. Each service is assigned a stable network address within the Kubernetes cluster, and Kubernetes updates its internal routing tables automatically as container instances are added, removed, or replaced. This automatic traffic management eliminates the need for manual load balancer configuration and ensures that traffic is always routed to healthy instances, even during scaling events or rolling deployments.
Centralised management and monitoring: Kubernetes provides a centralised control plane for managing all containerised services within the core banking platform, including deployment configuration, scaling policies, resource allocation, and access controls. It integrates with a wide range of monitoring and observability tools, enabling development and operations teams to track performance metrics, resource utilisation, error rates, and latency across all services from a unified monitoring platform. For payment institutions and e-money institutions subject to DORA’s requirements for ICT monitoring and incident detection, this centralised observability infrastructure supports the continuous monitoring obligations that the regulation imposes.
DevOps and CI/CD integration: Docker and Kubernetes integrate with continuous integration and continuous delivery (CI/CD) pipelines, enabling automated testing, deployment, and rollback processes as part of a structured software delivery workflow. When a code change is committed, the CI/CD pipeline builds a new Docker container image, runs automated tests against it, and, if the tests pass, deploys it to the Kubernetes cluster through a rolling deployment. This automated delivery process reduces the manual effort and human error associated with software releases, shortens the time between a code change being completed and reaching production, and provides a consistent, auditable deployment process for every release. For regulated institutions, the auditability of the CI/CD and deployment process is relevant to both internal governance requirements and the documentation obligations under DORA’s ICT risk management framework.
FAQ: #
What is the difference between Docker and Kubernetes, and do both need to be used together?
- Docker is a containerisation platform that packages software applications and their dependencies into portable container images. Kubernetes is a container orchestration platform that manages the deployment, scaling, networking, and lifecycle of those containers across a cluster of servers. Docker provides the packaging format; Kubernetes provides the operational management layer. While Docker containers can be run without Kubernetes in simple, single-server deployments, the fault tolerance, auto-scaling, rolling deployment, and multi-zone resilience capabilities that Kubernetes provides are essential for production core banking deployments. In practice, cloud-based core banking software deployments use both technologies together, with Docker providing the container packaging and Kubernetes providing the deployment and operational management.
How do Docker and Kubernetes support DORA ICT incident response and recovery requirements?
- DORA requires financial institutions to implement ICT systems with defined recovery time objectives and to demonstrate the ability to restore critical functions following an ICT incident. Kubernetes supports these requirements through automatic container restart on failure, multi-zone workload distribution that maintains availability when individual nodes fail, and rolling rollback capabilities that allow a prior software version to be restored rapidly when a deployment causes an operational issue. Institutions should configure their Kubernetes deployments with explicit replication factors, health check parameters, and pod disruption budgets that reflect their recovery time objectives for each service, and should document these configurations as part of their DORA ICT risk management and business continuity planning documentation.
By capitalising on containerisation and orchestration technologies like Docker and Kubernetes, cloud-based banking systems can reap a plethora of benefits. Enhanced portability, scalability, fault tolerance, and streamlined management all contribute to agile development, efficient deployment, and reliable operation of software for banks. This enables financial institutions to deliver robust, scalable banking services in a cloud-native environment.
Learn more how Baseella was structured and how you can benefit from the most robust technological solutions today!
