Gofore Plc was chosen by Aimo Park as the sole partner to carry out the overhaul of the existing cloud infrastructure. Together it was decided that the best course of action was to build everything from scratch and then migrate running services to the new platform one by one. While doing so, an objective of containerizing all services and moving towards a microservice model was set. To align with DevOps methodologies, this was accomplished together with developers to ensure that the whole application lifecycle was transparent. Agile development methodologies were also used with great results.
Main themes for the overhaul were as follows:
• Account structure
• Identity and access management
• Infrastructure automation
• Infrastructure monitoring
• Centralized logging
• CI/CD and deployments
To begin with, a new AWS account structure was created in order to isolate environments and workloads. Identity and access management was kept separate from actual application workloads and the workloads were divided into development, staging, and production environments. All of these were kept independent to avoid unnecessary dependencies. Additionally, a more fitting AWS region was chosen.
The cloud infrastructure was built following the principles of Infrastructure as Code using Terraform. The resulting code was highly self-documenting. Manual work was limited to a bare minimum and instead, all actual infrastructure changes were carried out by CI/CD pipelines. GitLab was used to build the pipelines for infrastructure as well as all application deployments.
Kubernetes and more specifically EKS was chosen as the container orchestration platform. To aid with the release processes, tools such as Kustomize and Keel were also used. Traefik was implemented as the ingress controller and auto-scaling was utilised as well. These integrated with multiple AWS tools to automate exposing services and scaling resources. All of this resulted in a highly automated and durable platform for applications to run on.
After a thorough evaluation, Datadog was chosen as the centralized monitoring and logging solution. The point was not only to keep metrics and logs for both the infrastructure as well as applications in the same place, but also to limit the required administration work to a minimum. Alarms were integrated into an internal communication platform to make response times faster and to aid in the troubleshooting process.