Openpay were seeking to use containers for new applications from several internal teams. Our teams proposed and delivered an EKS Blueprint shared services platform as an opinionated platform for consistently deploying and running applications.
INDUSTRY
Fintech – BNPL payments
SERVICES
App modernisation
DevOps
Key Takeaways
What our clients are saying
”The EKS Blueprint really allowed us to hit the ground running. [Mantel Group] was able to help us create a best practice, shared services platform for Kubernetes in a fraction of the time that it normally takes and with less ongoing maintenance required."
John Bird - OpenpayHead of Engineering
Overview
Openpay Group Ltd (ASX: OPY) is an Australian-based payments provider in the Buy Now, Pay Later sector, operating in Australia, New Zealand, United Kingdom and United States. They offer payment services to merchants primarily in the retail, healthcare, automotive and home improvement verticals.
The problem
The Openpay platform had existing applications that merchants could use to interact with the platform to process sales orders and refunds, review sales reports and other self-service functionality. These applications were written using .NET and deployed to EC2 instances on AWS.
Openpay had identified a need to improve the functionality offered to their merchant partners and were embarking on a program of work to improve merchant self-service capabilities, offer advanced analytics and a refreshed user experience.
Delivering on these ambitions required the creation of several new applications and Openpay was seeking to adopt a modern, best-practice container platform for delivering these applications.
The new container platform required the ability to scale to meet Openpay’s expected growth forecasts and have the ability to dynamically scale based on application demand (such as seasonal retail events). In addition, Openpay was seeking to improve application availability through automated self-healing.
The solution
A Shared Services Platform (SSP) is an internal development platform that abstracts the complexities of cloud infrastructure from developers, and allows them to deploy workloads with ease. From an operational perspective, SSPs allow companies to consolidate tools and best practices for securing, scaling, monitoring, and operating containerized infrastructure into a central platform that can then be used by developers across an enterprise.
Mantel Group has extensive experience with modern container platforms and worked with Openpay to implement a production ready AWS EKS platform with the following capabilities:
- Easily deployable into multiple AWS accounts and regions to cater for Openpay’s regional operations
- Well-Architected & PCI compliant out of the box
- Continuous Delivery for applications via GitOps workflows
- Continuous Delivery for infrastructure with a modern CI/CD platform
- A single source of truth (Git) for the entire platform
- Built-in observability with logging, monitoring and traceability (via service mesh)
- An opinionated pattern that can be readily adopted by other internal teams
We used the Amazon EKS Blueprints Quick Start to deliver a Well-Architected EKS Cluster. To align with customer preferences, the entire solution was delivered via TypeScript (using CDK). Add-ons provided seamless support for a variety of native services in areas such as security, observability and release management.
The AWS EKS Blueprint provides an authorization model called “Teams” and this capability was used to segregate application teams and their resources in order to meet security objectives and Well-Architected best practice.
The AWS EKS Blueprint extensibility capability allowed Mantel Group to provide support for other CNCF services. One example is the Istio service mesh with the primary benefit being that by using the same ‘add-on’ model, you provide a consistent service management experience.
Key products and services used
- EKS
- EKS Blueprint
- Kubernetes
- Argo CD
- CDK
Outcomes and results
The creation of a Shared Services Platform (SSP) at Openpay provided a standardised and consistent method of building, releasing and hosting applications. The consistency greatly improved the developer experience and ready-to-use CI/CD pipelines enabled teams an accelerated migration path to the new platform.
Adopting a platform framework that has first-class support for segregating teams and their resources allowed Openpay to achieve compliance and security goals and minimise risks associated with access control.
The configurable auto-scaling characteristics of the platform gave Openpay the ability to dynamically scale applications based on demand. Detection of failures and self-healing characteristics ensure applications gracefully recover from issues.