Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reproduce the same setup without NAT gateways and all optimizations on prod #92

Closed
2 tasks done
hellais opened this issue Aug 22, 2024 · 0 comments
Closed
2 tasks done

Reproduce the same setup without NAT gateways and all optimizations on prod #92

hellais opened this issue Aug 22, 2024 · 0 comments
Assignees
@DecFox
Labels
chore routine tasks that must be done, but require little active brain power funder/otffoss2023-2024 priority/medium

Comments

@hellais
Copy link
Member

hellais commented Aug 22, 2024
edited by DecFox
Loading

Currently we have dropped NAT gateways on dev, but we should do the same on prod as well.

As part of this we should also document if and to what extent there is downtime in doing so, since we aren't really using prod for much at the moment and it's useful to know.

Related to: #62

This is blocking on doing:
@hellais hellais changed the title Reproduce the same network setup without NAT gateways on prod Reproduce the same setup without NAT gateways and all optimizations on prod Aug 22, 2024
@hellais hellais added priority/medium chore routine tasks that must be done, but require little active brain power labels Aug 22, 2024
@hellais hellais mentioned this issue Oct 1, 2024
Merged
8 tasks
hellais added a commit that referenced this issue Oct 1, 2024
@hellais @DecFox
Consolidate dev and prod deployments and switch th back to DO (#96)
4876b9e 
Changes:
* Add support for creating digital ocean droplets for test helpers
* Switch networking config to NAT gateway less setup

Fixes:
* #92
* #91
* #93

Checklist for doing it:
* [x] Create terraform module for deploying test helpers to digital
ocean
* [x] Tweak ECS task sizes to reduce instance consumption
* [x] Drop ECS cluster for test helpers
* [x] Setup direct load balancer rules to address services based on
hostname
* [x] Drop test helper monitoring on AWS in monitoring host
* [x] Add support for SAN in ACM certificates by creating new module
* [x] Setup nginx based load balancing for test helpers
* [x] Refactor EC2 instance deployment to use cloud-init

Since AWS costs are too high for the test helpers with IPv6 support, we
switch them back to digital ocean.

How this is implemented is by adding a new rule to the oonibackend proxy
that acts as a load balancer towards the test helpers on digital ocean.
The reason to do this is so that we don't have to complicate the TLS
setup by having to do certificate provisioning on the test helpers, but
rather are able to keep it in AWS.

Moreover by having a single entry point to the test helpers it means we
can implement a cache which works across all the test helper backends,
instead of having a per-test helper caching layer.

What is missing is adding the rules that perform routing on a per domain
basis to the load balancer config.

---------

Co-authored-by: decfox <[email protected]>
@DecFox DecFox closed this as completed Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DecFox DecFox

Labels
chore routine tasks that must be done, but require little active brain power funder/otffoss2023-2024 priority/medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hellais @jbonisteel @DecFox