-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy the app to staging #43
Comments
One issue we'll have to deal with: Prisma needs the database connection string to be available via an environment variable. However, since we'll use Secrets, it will be mounted as a file. A lot of database containers solve this problem by reading that file and re-exporting it into the container's environment. Here is what postgres does as an example, which is called via the container's |
Here's an update on where this stands:
We are still waiting on SAML2 config, which depends on us knowing our URL layout. I have the Docker container setup complete, and we need to add image build and deploy in CI/CD. We also need to finish the work on the webhook and secure it. During 0.3/0.4, I'd like to get this moving, so we can start deploying on every commit to |
Filed #196 as part of this. |
I think I'm only blocked on #291 now. Once that's in place, we can get this on staging. |
I had a good meeting with ITS today, and we have an initial plan for deploying. I'll try to capture what we discussed here.
We're going to try using Docker Swarm mode to host staging and production. I've written a walkthrough showing how it will work.
The basic idea is that we'll run 2 Linux VMs. We'll have Docker running on both, and one will be a
manager
node and the other aworker
node in a swarm cluster. Because our app is so small, we won't need more than this, but we can easily add more nodes if we have to.We'll run multiple copies (2?) of the Starchart container in production, which will let us have some fault-tolerance, load-balancing, and zero-downtime updates. For staging, we probably only need a single instance of the container.
We can run both staging and production on the same swarm cluster. ITS uses an F5 hardware-based load balancer, and they are going to configure it so that our apps get SSL certificates and handles routing to the appropriate ports.
Both staging and production will work like this:
/hooks/deploy
9000
/
3000
When we push to GitHub, we'll run a GitHub Action to build our Docker image and push it to Docker Hub. We'll then trigger an HTTP
POST
to a webhook that we have running on the manager node. It will send the new Docker image tag that we want to use and will trigger a script to update the service on the swarm cluster.Our URLs are likely going to be:
So the F5 load balancer will route https://mycustomdomain-dev.senecacollege.ca/ to the staging Remix server running on port
3000
on the swarm cluster, and https://mycustomdomain-dev.senecacollege.ca/hooks/deploy to the webhook server running on port9000
. Production will do do something similar, but with 2 different ports.We'll use Docker Swarm Secrets to manage things like our AWS credentials, secret keys, certificates, passwords, etc. Our Remix app will be able to access those secrets by reading files at
/run/secrets/<secret_name>
. We can us something like https:/hwkd/docker-secret for the secrets loading in development.I'm targeting this issue to staging, but the process for production will be very similar.
The text was updated successfully, but these errors were encountered: