Powered by AWS logo

Migrating Azure DevOps Build Agents to AWS

Company: Confidential Banking Client
Industry: Financial Services
Company Size: 50 000+ Employees

About the Company

Our client is a large enterprise financial institution operating within a highly regulated banking environment. The organization relies heavily on modern DevOps practices to deliver secure and reliable software to internal platforms and customer-facing systems.

As development teams and CI/CD pipelines expanded, the existing infrastructure supporting build workloads began to face limitations. To support growing development demands while maintaining strict security and governance requirements, the client needed a more scalable and efficient platform for their build infrastructure.

The Challenge

The client previously ran self-hosted Azure DevOps build agents within an on-premises Kubernetes environment based on RKE1. While functional, the platform introduced several operational and scalability challenges:

  • Limited scalability: Build agents running on fixed on-prem infrastructure struggled to scale efficiently during periods of high CI/CD demand.
  • Operational overhead: Managing and maintaining Kubernetes clusters and infrastructure on-prem required significant operational effort and ongoing maintenance.
  • Resource inefficiency: Compute resources were often underutilized during quiet periods yet insufficient during peak build activity.
  • Secure dependency access: Build processes required secure connectivity to internal banking systems, including private package repositories and enterprise services.

The organization needed a solution that could increase elasticity, reduce operational burden, and maintain secure connectivity to internal systems while supporting their DevOps workflows.

Our Solution

To address these challenges, the team migrated the self-hosted Azure DevOps build agents from the on-premises Kubernetes environment to Amazon Elastic Kubernetes Service (EKS), creating a scalable and automated build platform within AWS.

The new platform was designed to support dynamic scaling, standardized infrastructure management, and secure hybrid connectivity between AWS and the bank’s on-prem environment.

Key implementation components

  • Amazon EKS for container orchestration: Azure DevOps build agents were containerized and deployed as workloads running in Kubernetes namespaces within Amazon EKS.
  • Dynamic compute scaling with Karpenter: Karpenter automatically provisions and scales EC2 instances based on workload demand, ensuring compute resources are available when pipelines run and scaled down when idle.
  • Infrastructure provisioning with Terraform: EKS clusters and supporting AWS networking infrastructure were standardized and provisioned using Terraform modules, ensuring consistent and repeatable deployments.
  • Cluster management with Rancher and Fleet: Rancher was used to manage Kubernetes clusters, while Fleet enabled GitOps-driven configuration management and workload deployment across environments.
  • Secure private network integration: Private networking allowed build agents running in AWS to securely access internal banking systems such as artifact repositories, package feeds, and enterprise services hosted on-premises.

Implementation Approach

To ensure a smooth transition without disrupting software delivery pipelines, the migration followed a phased approach.

1. Foundation and connectivity

The team first established secure AWS networking and routing to allow the new EKS environment to communicate with internal on-premises systems.

Infrastructure provisioning was standardized using Terraform modules to ensure consistent cluster creation.

2. Cluster management and GitOps

New EKS clusters were onboarded into Rancher, enabling centralized management and governance.

Fleet was implemented to apply baseline configurations, shared platform components, and policies using GitOps practices.

3. Build agent platform rollout

Azure DevOps agents were containerized and deployed to EKS.

Workload isolation and security were implemented using Kubernetes namespaces, node affinity, taints, and appropriate IAM scoping.

4. Elastic compute enablement

Karpenter was introduced to dynamically provision EC2 capacity based on agent scheduling requirements.

Instance selection and scaling behavior were tuned to match the performance characteristics of build workloads.

5. Gradual pipeline migration

The team initially migrated lower-risk pipelines to validate performance and stability before progressively transitioning high-volume CI/CD workloads to the new platform.

Benefits to the client

The migration delivered significant improvements across scalability, operational efficiency, and platform resilience.

  • Elastic scalability: Build infrastructure now scales dynamically based on pipeline demand, eliminating resource constraints during peak development activity.
  • Reduced operational overhead: Managed Kubernetes through Amazon EKS reduces the operational burden of maintaining cluster infrastructure.
  • Cost optimization: Karpenter automatically scales compute capacity up and down, ensuring the client only pays for resources when needed.
  • Secure hybrid connectivity: Build agents can securely access internal enterprise systems while running in the AWS environment.
  • Improved CI/CD performance: The modernized platform provides faster build execution and improved reliability for development teams.
  • Standardized infrastructure management: Infrastructure-as-Code and GitOps practices ensure consistent environments and easier lifecycle management.

Technologies and Methodologies Used

Rancher Icon
Karpenter Icon
Terraform Icon
Full Microsoft Technology Logo - Azure
Amazon EKS Icon
Amazon EC2 Icon
Amazon Elastic Block Store (EBS) Icon
  • Amazon Elastic Kubernetes Service (EKS)
  • Amazon EC2
  • Amazon Elastic Block Store (EBS)
  • AWS networking and private connectivity
  • Terraform (Infrastructure as Code)
  • Rancher
  • Rancher Fleet (GitOps)
  • Karpenter
  • Azure DevOps Pipelines

By migrating build infrastructure to AWS, the client established a modern, scalable CI/CD platform capable of supporting growing development demands while maintaining enterprise-grade security and governance. The new environment enables development teams to deliver software more efficiently while ensuring the platform remains cost-effective, resilient, and ready for future growth.

Services

Do you have any questions or queries?

Contact us

We can help you grow your business

Consultants
0 +
separator01.jpg

Driven by a commitment to client satisfaction, collaboration, and cutting-edge solutions. 

Years Experience

0 +
separator01.jpg

Delivering excellence through decades of expertise, innovation, and trusted solutions.

Contact us

Copyright © CyberPro Consulting. All rights reserved. Gauteng Contact: 011 656 3394, Western Cape Contact: 021 551 0936, Email: information@cpconsulting.co.za