Optimizing a b2b software platform infrastructure
Summary
We revamped a client’s infrastructure into a robust, fully automated system with Kubernetes, ensuring high availability, disaster resilience, and secure operations. The solution improved deployment processes, enhanced monitoring, and kept the cost low compared to managed Kubernetes solutions.
Services used
Areas of work
Deployment
Before: The deployment process was complex and manual, with uncertainty about pipeline correctness.
After: Streamlined deployment using Kubernetes, Gitlab CI, Terraform, ArgoCD, and Helm Charts for visibility and convenience.
High Availability & Disaster Recovery
Before: The infrastructure was not resilient to data center failures, and disaster recovery was a major concern.
After: Implemented Kubernetes with geographically distributed nodes, Rook Ceph for high availability, and ensured applications run even if a data center fails.
Network Configuration
Before: The architecture was tied to a single, unchangeable IP address for external communication.
After: Configured the network subsystem with Cilium to maintain a specific IP for external services, allowing future customization
Backups
Before: Daily backups with a 7-day retention period were insufficient.
After: Developed custom backup solutions for persistent volumes and Postgres databases, with backups sent to S3 storage in encrypted form and a 3-month retention period.
Documentation
Before: No documentation existed, making it difficult to manage a black-box infrastructure.
After: Comprehensive documentation was created for the infrastructure and code delivery process.
Monitoring & Logging
Before: No centralized monitoring or log collection.
After: Set up ELK-based log collection and Prometheus/Grafana for centralized monitoring.
Other
Security. We kept encrypted connections secure and automated while transferring all security systems to the new infrastructure. Cert Manager was implemented for automatic certificate issuance. We configured Traefik to eliminate unencrypted access and used Hashicorp Vault for secure secret storage. We also increased the security level by implementing a web application firewall.
Cost Efficiency. Managed Kubernetes solutions are very pricy, so keeping the expenses for the new infrastructure at the lowest possible level was a good bonus.
Results
99,95%
infrastructure
reliability
150 EUR
resource
cost
25%
lower maintenance fee
compared to competitors
Client’s Outcome
Reliable System:
Achieved a reliable, fully automated, crash-resistant system.
Scalability:
Ensured scalability and secure service releases.
Effective Monitoring:
Enabled effective monitoring and logging systems.
A list of technical details
