This is a guest post written in collaboration with the folks at moov.io.

Moov is a portable, extensible, open source platform for embedding banking services within any application. Moov offers a secure, compliant, cloud-native architecture built for Kubernetes with lightweight microservices written in Go.

This article documents our journey for supporting Moov on OpenShift. We built on our existing Kubernetes support with Helm charts to get going. OpenShift is Kubernetes, but there are some important details, such as supporting the Universal Base Image (UBI), to consider, which is outlined here. We will also examine options for further extending Moov on OpenShift in the future.

Moov Open Source Project

Moov has been under development for over two years as an open source project and now implements the following banking application libraries and services:

  • Moov ACH (including Same Day ACH) implements a NACHA-compliant RESTFul API for file creation, parsing, and validation. It supports generating and parsing all Standard Entry Class (SEC) codes. ACH is the primary method of electronic money movement throughout the United States.
  • Moov Watchman is an HTTP API and Go library to download, parse, and offer search functions over numerous trade sanction lists from the United States and European Union.
  • Moov FED implements utility services for searching the United States Federal Reserve System such as ABA routing numbers, financial Institution name lookup, and Fedwire routing information.
  • Moov Image Cash Letter implements Image Cash Letter (ICL) files used for Check21 or Check truncation files for exchange and remote deposit in the U.S.; also known as X9 files.
  • Moov Wire (domestic Fedwire) implements an interface to write files for the Fedwire Funds Service, a real-time gross settlement funds transfer system operated by the United States Federal Reserve Banks.

Moov has lots of open source code under the Apache 2 License, and is also supported by Moov Financial, Inc., which brings the Moov platform to customers that need to operate banking services. We encourage contributions through GitHub and Slack and have an active community around Moov that is contributing back to the project.

Why OpenShift for Moov

Recently, several banks have announced that they were partnering with Red Hat and/or IBM to modernize their banking software on top of OpenShift. The momentum OpenShift has in the banking industry is eye-opening/ To spur further adoption of Moov, we are supporting OpenShift, out of the box. Plus, we believe that OpenShift is a great platform that enhances Moov in valuable ways.

Universal Base Image (UBI) Support for Moov

In banking and financial services, security and stability are paramount. We were excited to discover the Red Hat Universal Base Image (UBI) as a reliable, secure, performant base image that is free to use and share with anyone, no strings attached. By adopting UBI, Moov instantly becomes more enterprise-ready with a well-defined container image life cycle with a dependable maintainer in Red Hat. Additionally, if users of the Moov platform use OpenShift, they will have full enterprise support for the Moov base images. Finally, by adopting UBI, Moov is in a position to offer a Red Hat certified operator for the Moov platform in the future.

To support the UBI and offer images on Quay.io’s image repository, we use the go-toolset Docker image to compile our libraries and leverage multi-stage builds to run them in the ubi-minimal image. Moov’s building blocks, such as ACH, ImageCashLetter, and Wire, have images hosted on Quay.io. Our services Fed and Watchman are built inside a Fedora 33 image where we can leverage Go 1.14’s improvements.

Deploying Moov on OpenShift

Moov maintains Helm charts which can be used to deploy our projects on OpenShift clusters. They can be deployed on OpenShift in addition to a vanilla Kubernetes cluster. They’re useful because of easy deployment and reproducibility. To deploy Helm charts, first make sure that Helm is installed and your Kubernetes config is setup for kubectl.  

Once setup with Helm, download our latest charts with the following command:

git clone git@github.com:moov-io/charts.git

You’ll then need to create an apps namespace where the Moov stack is deployed:.

kubectl create namespace apps

Once setup with Helm, download our latest charts with the following command:

git clone git@github.com:moov-io/charts.git

You’ll then need to create an apps namespace where the Moov stack is deployed:

kubectl create namespace apps

Then create each application from its Helm chart:

helm install --set image.repository=quay.io/moov/ach ach ./stable/ach/
helm install --set image.repository=quay.io/moov/fed fed ./stable/fed/
helm install --set image.repository=quay.io/moov/imagecashletter imagecashletter ./stable/imagecashletter/
helm install --set image.repository=quay.io/moov/watchman watchman ./stable/watchman/
helm install --set image.repository=quay.io/moov/wire wire ./stable/wire/

After the charts are created, the pods should be visible in the Kubernetes cluster:

$ kubectl get pods -n apps
NAME                         READY   STATUS    RESTARTS   AGE
ach-67f59565db-jqs24         2/2     Running   0          2m
fed-7b5497d757-622xs         1/1     Running   0          2m
imagecashletter-576f645449   1/1     Running   0          2m
watchman-6f6bd75cb-66wbt     1/1     Running   0          2m
wire-5674fc8c46-nvzhx        1/1     Running   0          2m

With the ACH service deployed, we can inspect the files and create an ACH file on the service:.

kubectl port-forward -n apps ach-<random-id> 8080:8080

// Read there are no created files currently
curl http://localhost:8080/files

// Create an example ACH file using a sample from moov-io/ach
curl -XPOST --data-binary "@./test/testdata/ppd-debit.ach" \
http://localhost:8080/files/create

Here are screen captures showing ACH running in OpenShift. As you can see through the OpenShift console, ACH is automatically labeled as a Helm-managed deployment:

Monitoring Inside of OpenShift

Kubernetes offers several ways to monitor applications as they’re deployed and running in your cluster. Readiness/Liveness probes and Prometheus metrics are two of the most common technologies used to assist in monitoring applications.

Readiness/Liveness probes are native to Kubernetes and with Moov’s applications are configured to request an application’s /ready or /live endpoint. These endpoints are expected to return “200 OK” before traffic will be routed to it on the Service DNS name. Liveness probes are used to determine if traffic should still be sent towards the instance as it runs.

Prometheus metrics are a standardized syntax (called OpenMetrics) for application metrics that allow operators to inspect the used memory, CPU, and any other metric that can be observed in an application. Moov services report some basic metrics around file creation, match percentages, and other metrics.

Grafana and Alertmanager can be used to consume from Prometheus to produce graphs and send notifications to on-call engineers from the metrics and trend analysis.

Conclusion

OpenShift is a powerful platform and significantly eases the deployment of complex services. Moov is excited to enable its open source financial primitives on this platform for rapid deployment. The future for embedded finance is bright. Moov on OpenShift is one more step in the direction of a future with seamless financial services embedded in every product or service. We’re excited about being part of the OpenShift community and looking forward to contributing to this robust ecosystem. If you’re interested in learning more about the Moov platform, we invite you to check us out on our website or join our community on slack! 

Future Plans

Moov is excited about the prospect of supporting every aspect of the OpenShift ecosystem. From building operators for our services to IBM Z mainframe support. We’re ready to work with any partner who is interested in Moov being fully operationalized on any aspect of this platform. We also welcome the opportunity to engage with OpenShift developers to work on open source implementations of OpenShift services to hasten the adoption of Moov on the platform. If you’re interested in getting Moov up and running on OpenShift, we want to hear from you!