Key decisions (for Cloud Automation)

Owned by Nouman Memon
Last updated: Jun 02, 2022 by Mradul Jain
7 min read

This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.

Infra As Code

Recomendation: Terraform ✅ Qualities: 🔘 Provisioning (Docker is taking care of configuration management already) 🔘 Cloud Agnostic / support 🔘 Immutable infrastructure 🔘 Declarative language 🔘 Client-only architecture (Masterless, Agentless) 🔘 Large communitiy support 🔰 Options → Terraform ✅ → CloudFormation → Ansible

Identity Provider

Recomendation: Keycloak ✅ Qualities: 🔘 Multi-tenancy support 🔘 Cost 🔘 Flexible 🔰 Options (starting with AWS) → Keycloak ✅ + Better Multi tenant support as compared to Cognito + Cloud Agnostic + Better MFA + Flexible + OpenSource + Community capibilities - Complex setup (we could still use it as AWS service) → AWS Cognito + Free 50K identity + Better integration with STS, Lambdas for events etc + Fully managed - Not much Flexible - Limitation on 1000 user pool per AWS account (hard for SaaS model) - LImitation in MFA (supports SMS) - AWS only - Cant scale for Multi-tenant → Ory (Hydra + Kratos) + Open source + Mature documenation and easy to setup - Setting up IDP integrated (OAuth + Identity) is difficult and limited - Have SaaS option (beta + bit pricy)

Container Management

Recomendation: EKS (EC2) ✅ Qualities: 🔘 Portability 🔘 Simple 🔘 Flexible 🔘 Future proof 🔘 Cost 🔰 Options (starting with AWS) → EKS (EC2) ✅ - with minikube for dev + Portable: Cloud agnostic platform investment (almost) + Flexibility + Future proof + High Abstraction: better expererience for development - Complex (needs experience) - Need configuration for integrating with AWS services (not complex though) - Might be a bit expensive (need to validate) e.g. control plane is not free (API server and etcd) → ECS (FARGATE) + Initial setup is very simple + Free control plane + Built in integration with AWS services - AWS only - Limiting for complex SaaS setup - Abstraction: Coupling with AWS services due to its out-of-box integration

Docker Registry

  • Create BahmniIndia account on dockerhub

  • Keep bahmni space on dockerhub for global

AWS Services

 

Helm Charts

 

Kubernetes Packaging Structure

CI/CD tools

 

Monitoring and Alerting

Topics to be discussed

  • Secrets manager

  • Monitoring and Alerting (Prometheus-Grafana)

 

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)