For Arden, there were two projects to deliver: an Amazon Elastic Kubernetes Service (EKS) based platform and development of their serverless integrations.
In order to help with the delivery of these projects, some open source contributions were made.
Elastic Kubernetes Service (EKS) Platform
A new platform was required to migrate existing on-premises and Amazon EC2 workloads to. The new platform had to allow developers to easily manage their own deployments, allow for centralised logging and monitoring, had to be secure and allow for management of things such as DNS records and TLS certificates to be fully automated.
The platform had to be delivered ‘as code’ so it could be easily managed, upgraded and replicated. This was done using mainly Terraform with some base Kubernetes services being deployed using the Terraform Helm provider.
Any base Kubernetes services that ArgoCD did not depend on explicitly were managed and deployed by ArgoCD along with the business applications hosted on the platform.
Managing Deployments with ArgoCD
The main interface into the platform for developers was through ArgoCD. This allowed developers to deploy applications, see the status of their workloads and get immediate logs and events to diagnose failures. Being able to deploy and diagnose simple issues themselves allowed developers to spend less time being blocked waiting for infrastructure engineers to help out.
ArgoCD was integrated with Microsoft Entra to allow single-sign on which improves security and convenience. Developers could be assigned to individual projects meaning they only have access to the applications that they are working with.
ArgoCD Image Updater was also used in development environments so that successful builds of an application could be deployed automatically.
Monitoring & Logging
For the monitoring and logging, open source tools were used as they provide excellent flexibility and of course value.
For monitoring, Prometheus was used with Grafana. Prometheus was also configured to make a future expansion to Thanos as easy as possible, should the need ever arise.
Loki was used for logging, it integrated perfectly with the monitoring metrics since it also uses Grafana as the main user interface.
Alerts were configured with Grafana unified alerts, allowing alerts to be raised from either metric or logging data.
Automated Management
Tools such as Certificate Manager and External DNS were used to allow automation of day to day administrative tasks.
Certificate Manager automatically provisions and renews TLS certificates for applications hosted within the platform whilst External DNS creates and cleans up DNS records.
Future Ready
Whilst not immediately implemented due to possible conflicts with the business the platform was developed and tested with IPv6 support and support for ARM based compute allowing for easy adoption later on.
Serverless Integrations Development
Arden was implementing a new student record system called SITS. This was a huge project that affected all areas of the business. A significant problem was integrating existing systems that do not understand SITS, such as: the virtual learning environment, Active Directory, time tabling products and many more.
To enable this communication between systems, a group of serverless ‘middlewares’ were used to keep things scalable and event driven.
Since the integrated systems spanned across AWS and Azure as well as including software as a service (SaaS) solutions, many technologies were used to integrate them. These technologies included: Typescript based Lambda functions deployed with the Amazon CDK, Azure Logic Apps, Azure Functions, Amazon SNS, Amazon SQS and Azure Service Bus.
These integrations handled large amounts of traffic especially as SITS went live at Arden. They also helped the business implement complex processes with systems that cannot be directly integrated.
Open Source Contributions
The following open source contributions were made whilst delivering these projects:
- Prometheus: discovery: Allow EC2 Service Discovery to work with IPv6-only instances
- External DNS: feat(aws): always create AAAA alias records in route53
- ms_active_directory: Multiple contributions
- onedark.nvim: Fix NvimTree Floating Windows
- lazygit.nvim: feat: Allow current buffer commits to show on the already worked out Git root