Hybrid - 2 days per week in office (London Bridge/Tower Bridge area)
The RVU London cloud infrastructure team
We are committed to Open Source software in order to build services that help millions of customers to save money and make confident decisions. As well as helping our customers, we also give back to the community by open sourcing interesting projects that we build that might benefit others.
We’re looking for an experienced Platform/Infrastructure Engineer to join our infrastructure platform team, known internally as ‘Airship’.
Our goal as a team is to enable our development teams to deliver services quickly, reliably and securely. We do this by running multiple Kubernetes EKS and Fargate clusters in AWS, creating common tooling to aid in development tasks and running shared services such as Opensearch, Envoy, Vault and Prometheus to name a few. The team has also recently expanded its scope to simplify Data engineering in the organisation using the same techniques we used to ease creating web applications on data pipelines, leveraging Argo Workflows and Argo Events as well as completed a migration to Github Actions.
Day to day tasks will include:
- Planning and working on our infrastructure platform: from maintenance to design systems improvements or to adopt new technologies
- Working with product engineering and data teams to design, build and improve scalability and reliability of their systems with an emphasis to provide the best DevEx
- Developing tooling to help our teams work more efficiently
The ideal candidate will have some of the following skills:
- Extensive experience in running Kubernetes clusters in production
- Knowledge of Golang, Helm and Terraform (some knowledge of Python is definitely a plus)
- Production experience in Cilium and/or eBPF and networking in general
- Extensive experience in monitoring systems and their performance
- The ability to debug large and complex systems and solving large problems that affect a wide user base in a simple way
- Experience with image vulnerability scanning and patching strategies for large systems
- Experience / Familiarity with AWS Multi Accounts system designs tools like Crossplane and Control Tower
- Familiarity with Argo Workflows or similar data pipeline as a service tools
- Familiarity working with a variety of Cloud Native projects
- Familiarity with Github Action
- Familiarity with OpenTelemetry
Out team has been featured in a few conferences:
CNCF:
PlatformCon: and
We have also been featured in the London AWS Summit 2023 for contribution to the EKS tooling community
We also hosted and held the Terraform Hashicorp User Group meetup in London in April.
Examples of some projects we have worked on:
Short lived database credentials
Our running services previously relied on having long lived credentials to access data that were rarely, if ever, rotated. We wanted human and pod identity to be used to grant short-lived credentials based on policies. We used Vault to build a solution to this problem, creating tooling such as / to make it as easy as possible for developers to use these credentials with their services. ()
: a service that integrates AWS IAM with Kubernetes
We have a lot of existing AWS resource that have their access limited using IAM. We used Kube2IAM initially but experienced race conditions that would hand different role credentials to pods. We started work on a replacement and have worked with the community to get it used in other places.
: Envoy control plane for multi-cluster load balancing
For some of our more important applications it was important to have them survive a total cluster outage. This meant we needed a way to easily route traffic to an application spread out across multiple clusters so we created Yggdrasil, a tool to configure Envoy nodes to route our traffic between clusters based on Ingress resources. ()
: more confidence in the status of your deployments
It tracks deployments as they roll out and posts useful status updates into Slack. It does this by watching the Kubernetes api for namespaces and deployments with the correct annotations. When a new deployment rollout begins and completes updates are posted to the Slack API. Any errors during the deployment rollout are captured and included in the Slack message (see example below). This can be very useful to help quickly debug a failing deployment.
You can also check out our to see a number of blogs on what we’ve been up to.
Our commitment to you
At RVU, we are dedicated to developing valuable, inclusive, and user-friendly products and services for all. To achieve this it’s essential that our teams reflect the diverse range of people in our community. We believe in being the change we wish to see in the world, by embracing our differences and holding ourselves accountable to being open and inclusive teammates and wider community members.