Case Study: IT Modernization at Tidepool, an 8 part series
IT modernization is a journey, one that involves many decisions that affect every layer of the infrastructure stack, each application service, and all the people that interact with these systems to build them, deploy them and support them as they provide services to the end users. Back in October, we were lucky to have Derrick Burns, Cloud Architect at Tidepool.org join our online meetup to talk about a portion of their modernization specific to their adoption of our API gateway, Gloo, as part of their Kubernetes project. Since then, Derrick and the team have been continuing their work to integrate additional cloud-native technology into their stack.
Tidepool is a nonprofit organization focused on delivering high quality diabetes software with a mission to make diabetes data more accessible, meaningful, and actionable. Tidepool open sources all of their software releases to their public GitHub repositories and encourages other companies to do the same with the belief that this improves public health and safety by enabling broader community inspection of, and improvement to, the operation and security of the software. Over 5 years ago, Tidepool launched our web service. We have continually updated the user interface, but the backend has largely stayed the same.
A Modernization Journey in Eight Parts
Recently, Derrick published an eight blog series outlining in technical detail the various functional areas of their infrastructure modernization. They discuss their evaluation and decision criteria for each component, why they chose a specific solution and how they implemented it.
The 8 part modernization series are as follows:
- Part 1: Migrating to Kubernetes – How they chose cloud hosted Kubernetes, migrating from Docker Compose to Kubernetes and the tools used to help the process.
- Part 2: API Gateway – Discusses the required functionality, selection criteria and migration process from a custom solution to Gloo, our Kubernetes native API gateway built with Envoy Proxy
- Part 3: Continuous Delivery with GitOps – As a way to manage implementing change to their running services, this article digs how GitOps is different than traditional configuration management and ideal for Kubernetes
- Part 4: Secrets Management – This post specifically addresses how they protect the system secrets that are used to encrypt data or verify identity within the context of their new Kubernetes environment.
- Part 5: Using a Service Mesh – As a healthcare company, HIPAA requires that all communication of protected health information (PHI) must be encrypted at flight and rest. Tidepool looked to Linkerd service mesh for mTLS across the intra-cluster communications.
- Part 6: Migrating to a Hosted Mongodb – Already a MongoDB user, the modernization initiative had the team take a fresh look at the performance, reliability and operational efficiency of their database as it has grown to over 2B records. This post details the migration from a self-hosted to a managed service from MongoDB.
- Part 7: Logging – All systems require observation and access to the logs created to understand what’s happening, especially when issues arise that need to be debugged. This post shows how the team has set up their logging systems today, their approach to looking at the right data, and how they are continuing to evolve.
- Part 8: Provisioning – For anyone running Kubernetes in production or more than one cluster, this post details a provisioning process and available tools that can help with templating.
At the end of part 8, it sounds like more posts will be coming soon as they continue to evolve their environment and evaluate additional technologies. You can follow Derrick on Medium to catch the latest post and find him in our community slack.