Fidelity Investments’ Multi‑Cloud Strategy Powered by Kubernetes and CNCF Technologies

As one of the world’s largest financial services firms, Fidelity Investments serves over 35 million investors and more than 76 million accounts, and has embarked on a digital transformation focused on leveraging next‑generation platforms and technologies to increase business value, accelerate product time‑to‑market, and harness innovation, according to cloud platform senior vice‑president Amr Abdelhalem.

The initiative includes a multi‑cloud strategy that will migrate thousands of critical, highly regulated, low‑latency applications to multiple cloud‑provider platforms over several years, built on Kubernetes and other CNCF technologies.

Challenges of Multi‑Version Kubernetes in Multi‑Cloud Environments

Fidelity’s cloud‑native journey began in 2018 when the cloud platform team adopted Kubernetes as the foundation, supporting application teams with various managed Kubernetes services. Cloud platform architect Rajarajan Pudupatti noted that they studied common adoption challenges faced by application teams.

A key challenge was that Fidelity deployed multiple Kubernetes distributions across on‑premise and various cloud providers, creating a complex multi‑cloud, multi‑version environment and making it difficult to introduce new security processes across roughly 1,000 distributed applications.

Through an active feedback loop with developer focus groups, the team aimed to build a platform that delivers consistency across multi‑cloud environments while meeting Fidelity’s specific requirements for information security and data protection.

Implementing Multi‑Cloud Strategy Based on Kubernetes

“We truly started to work on establishing consistency across all platforms that business units might use to provide a uniform developer experience,” said cloud platform architect Niraj Amin. “If a platform can achieve this, it must be Kubernetes. On top of that, we strive to eliminate the complexities and differences between on‑premise and managed Kubernetes deployments.”

Consequently, Kubernetes became the core infrastructure, allowing Fidelity to roll out specific add‑ons in particular versions and uniformly enforce security processes across hundreds of microservices with a single change.

By creating operational and automation processes tailored to the financial services industry, Fidelity meets its most pressing regulatory and security requirements. The scalability of Kubernetes lets them insert custom logic, and when issues arise they can revisit the Kubernetes design to find solutions.

The team built and open‑sourced KConnect, a CLI that lets users discover and securely connect to Kubernetes clusters across multiple operational environments, create namespace‑creation rules, and ensure compliance automatically. They also leverage Open Policy Agent for governance.

When building the platform, they first examined the CNCF toolkit and ongoing projects, reusing as much as possible while staying aligned with the community’s direction, even discarding approaches that lack long‑term community support.

The final outcome is a multi‑layer platform atop Fidelity Cloud Fabric that incorporates numerous CNCF projects: CoreDNS for service discovery, etcd as a key‑value store, Fluentd for logging, Helm for package management, Kubernetes for container orchestration, CNI for network APIs, Open Policy Agent for policy management, and sandbox projects such as cert‑manager for certificate management and Flux for GitOps.

For Fidelity’s thousands of application teams, Fabric provides a way to develop and innovate in a multi‑cloud, hybrid model. Their ecosystem, application‑lifecycle tools, observability layer, caching, security and governance layers, as well as AI/ML components, all operate on top of this multi‑cloud foundation, with the goal of eventually enabling workload mobility across cloud providers worldwide.

The team acknowledges that much work remains. Some business units still call on on‑premise services or require integration with other accounts and SaaS solutions. Moving everything to the cloud is complex, but the platform aims to ease developers’ journey, with Kubernetes offering a solid base for building required platform components.

Benefits of Cloud‑Native Multi‑Cloud Strategy

To date, the benefits are evident: roughly 3,000 Kubernetes services, nearly 200 clusters, over 1,000 namespaces, and 10,000 containers have been realized in the cloud.

“Innovation speed is crucial for Fidelity’s future. By adopting these CNCF technologies, developers’ release frequency is 20 times higher and deployment time has dropped from days of manual effort to minutes,” said cloud platform architect Rajarajan Pudupatti.

Portability is another major gain. Moving applications between cloud providers now takes hours instead of months, and workloads running on Kubernetes can be shifted to any cloud platform with minimal effort.

Looking ahead, Fidelity’s CTO has directed the organization to complete its cloud journey within a few years while avoiding vendor, technology, and cloud lock‑in, with Kubernetes as the primary driver of cloud portability.

Join the Cloud‑Native Community

The cloud‑native technology community hosts more than 20 technical groups. To join the discussion with industry experts or become a volunteer, add the assistant’s WeChat as instructed.