In previous posts we covered how the Frontend and queue mechanisms can talk
with the Backend. We also covered the stand-alone work we’ve been doing
within Drumkit to support Drupal on Kubernetes. In this
post, we’ll discuss how we plan to integrate this new Backend into the existing
Aegir 5 architecture.
To integrate the Kubernetes Backend into Aegir 5, we will need to build new
top-level entities (see this earlier post about
Clusters, Projects, Releases, and Environments) for the …
Lately we’ve been working with clients ranging from large Canadian government
departments to small commercial SaaS companies, who have asked us to deploy CMS
apps to Kubernetes (K8S) clusters running on Openstack. In spite of our
continued feeling that most of the time Kubernetes Won’t Save
You, we’ve found it to be surprisingly useful
in certain contexts. In fact, we’ve started to think that K8S will prove an
extremely valuable backend to plug in to our existing Aegir5 …
For our cloud computing, we typically use an OpenStack provider because of its open-source nature: There’s no vendor lock-in, and the IaaS code is peer-reviewed unlike providers such as AWS, Azure, GCP, etc. (Shout out to Vexxhost for having great support!) As such, we’ve been using OpenStack’s Swift object storage service for storing Terraform’s state, which allows Terraform to track all of the resources it manages for automating infrastructure.
Terraform is an essential tool for automating cloud-computing infrastructure and storing it in code (IaC). While there are several ways to navigate between deployment environments (e.g. Dev, Staging & Prod), I’d like to talk about how this can be done with environment variables, and explain why it can’t be done more naturally with Terraform variables.
Within cloud computing, there are various types of sites and services not meant for public consumption (e.g. analytics software, databases, log servers, etc.). For security reasons, it’s best to keep these accesssible only via the private network, which is behind the firewall.
To provide access to these resources, a virtual private network (VPN) should be used, with network access granted only to trusted individuals within the organization.
