Background

Following the initial Pelotech × UKi engagement - which built a custom virtualization platform and eliminated a critical third-party dependency - UKi needed to take the next step: deploying OpenDash360 in a GovCloud environment that could achieve ATO (Authority to Operate) approval for federal clients.

This meant not just migrating infrastructure, but refactoring and simplifying OD360 at the application level to meet the compliance and operational requirements that ATO demands. The project also incorporates OpenTerrain, a related UKi capability — an EKS-based elastic range provider that scales with demand.
‍

The Challenge

OD360 had grown into a deeply complex system. When Pelotech arrived, the environment was:

• Fragile and unstable: 30–40 interdependent services with no self-healing. When one stopped, you needed a "decoder ring" to understand the restart sequence. Services would not recover on their own.
• Impossibly slow to provision: Standing up a new environment required 3–4 people working for 4 weeks or more.
• Extremely expensive to run: Each environment cost thousands of dollars per month in infrastructure.
• Invisible: No logging, no change history, no release notes. Production outages were nearly impossible to debug.
• Bottlenecked at deployment: Production deployments happened once every 6 months to a year - sometimes longer.
• High onboarding friction: A senior developer needed 3–4 weeks to make a simple change and up to 6 months before being capable of medium-complexity work.

Achieving ATO on top of this environment wasn't feasible. The application itself needed to be modernized before the compliance work could begin.

Additionally, GovCloud's US-person access restrictions created a real operational problem: UKi's vendors and integration partners - some of whom are foreign-owned or employ foreign nationals - couldn't work directly with GovCloud environments, slowing down integration testing and feedback loops.
‍

Solution

Foundation: The Pelotech Foundation Stack

Pelotech applied the Pelotech Foundation Stack - the same account architecture and deployment patterns proven at Quantum Interface and STEM Learning - to UKi's GovCloud environment. This included the multi-account AWS Organizations structure, identity federation across GovCloud and Commercial AWS, EKS managed with GitOps using ArgoCD, and the full security automation stack (CloudTrail, Security Hub, AWS Config, NIST compliance monitoring, no long-lived credentials).
‍

Application-Level Refactoring

OD360 itself was refactored and restructured to reduce interdependencies between services, improve self-healing, and simplify the operational model. This was prerequisite work for ATO: a system that requires constant manual intervention cannot pass compliance review. The refactoring also enabled the shift to automated, daily deployments.
‍

Enhanced Kubernetes Stack

Building on the Foundation Kubernetes Stack, Pelotech extended the cluster capabilities to support OD360's range simulation requirements:

• Cilium — primary CNI replacing VPC CNI, enabling more flexible and performant networking
• Kube-OVN — software-defined networking supporting complex topologies with overlapping IPs, enabling fully simulated network environments within AWS EKS
• Multus – a meta plugin that allows multiple CNIs in the same cluster, when paired with kube-ovn, many networks outside the default pod network are possible
• KubeVirt — virtual machines running inside Kubernetes, enabling range environments that simulate real infrastructure
• Karpenter – intelligent node scheduling based on node pools, with dedicated metal node pools for virtual machines
• Rook — S3-compatible storage within the cluster
• GitHub Actions runners with nested KVM — enables building VM base images and virtual machine environments within the CI/CD pipeline itself

This stack allows Pelotech to replicate many of the capabilities of a cloud provider within EKS - creating range environments that match real-world complexity without losing the powerful workload abstractions that Kubernetes provides. 
‍

Commercial / GovCloud Split for Vendor Integration

By establishing a parallel Commercial AWS environment mirroring GovCloud, Pelotech solved the foreign-national access problem. Vendors and integration partners who can't access GovCloud can now work freely in the Commercial environment - testing integrations, giving feedback, and moving faster - because the software is accessible there while the sensitive data remains in GovCloud.

This also opens the door for commercial clients: the same OD360 application can be deployed for non-federal customers using the Commercial environment, without touching the GovCloud infrastructure.

Results

Strategic Outcomes

• Positioned OD360 for ATO approval with a simplified, compliant, auditable application architecture
• Enabled foreign vendors and integration partners to work with OD360 via the Commercial environment without GovCloud access restrictions - significantly accelerating integration feedback loops
• Opened a commercial deployment path for non-federal clients using the same application
• Transformed deployment from a multi-week, multi-person event to a daily automated process
• Removed the complexity that was obscuring operational visibility - making team accountability and product progress clearer as a by-product
• Established a reusable pattern applicable to other UKi and non-UKi projects in similar GovCloud environments
• Replaced a low availability, on-prem range provider with OpenTerrain, an EKS based elastic range provider that scales with demand