Here at uSwitch we’re looking for more people to join our platform team to help grow and improve our shared infrastructure platform.
Our goal as a team is to help our services deliver value quickly, securely and robustly.
We do this by running multiple Kubernetes clusters in AWS, creating common tooling to aid in development tasks and running shared services such as Elasticsearch, Vault and Prometheus.
Day to day tasks will include:
- Planning and working on our common infrastructure
- Working with teams to design, build and improve systems
- Helping migrate existing teams onto our common infrastructure
- Debugging issues across applications and levels of the stack
- Developing tooling to help our teams work better
Examples of some projects we have recently worked on:
- Short lived database credentials
Our running services previously relied on having long lived credentials to access data that were rarely, if ever, rotated. We wanted human and pod identity to be used to grant short-lived credentials based on policies. We used Vault to build a solution to this problem, creating tooling such as vault-creds/vault-webhook to make it as easy as possible for developers to use these credentials with their services. (Blog)
- Kiam: a service that integrates AWS IAM with Kubernetes
We have a lot of existing AWS resource that have their access limited using IAM. We used Kube2IAM initially but experienced race conditions that would hand different role credentials to pods. We started work on a replacement and have worked with community to get it used in other places. Kube-Aws are now incorporating it into their deployment.
- Yggdrasil: Envoy control plane for multi-cluster load balancing
For some of our more important applications it was important to have them survive a total cluster outage. This meant we needed a way to easily route traffic to an application spread out across multiple clusters, so we created Yggdrasil, a tool to configure Envoy nodes to route our traffic between clusters based off Ingress resources. (Blog)
You can also check out our medium page to see a number of blogs on what we’ve been up to.