Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define/implement a secure deployment pattern #3

Open
s-matyukevich opened this issue Jun 21, 2020 · 1 comment
Open

Define/implement a secure deployment pattern #3

s-matyukevich opened this issue Jun 21, 2020 · 1 comment

Comments

@s-matyukevich
Copy link
Owner

Here is what I plan to use:

  1. European region in one of the public clouds (most likely GCP or AWS)
  2. Managed kubernetes cluster (GKE or EKS)
  3. Github actions for CI/CD
  4. Cloud-native solution for secret store/management (Something like this)

The thing that I am most worried about is the fact that our website should contain fund payment credentials. Our deployment pattern must avoid storing those credentials on developers' laptops and passing them over the internet. Ideally, I would like to avoid storing them in the k8s secrets and inside the pod filesystem either, but this may be overkill for now.

We probably need 2 environments: prod and staging. I think we can share the k8s cluster for them at least for now. Our CI/CD should automatically deploy the latest version of the master branch to staging and provide a manual way to deploy a specific commit/tag to prod.
@s-matyukevich
Copy link
Owner Author

No need to store payment key anymore. I think the first deployment pipeline will be a simple bash script that deployed the website to k8s using kubectl directly. We may revisit this later if we need to auto-deploy master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@s-matyukevich