Romaric Philogne
Romaric is the CEO and co-founder at Qovery. He has more than 10 years experience in site reliability engineering, software development, and marketing.
Qovery has been building a community for over two years. Preview EnvironmentSystem to enable developers to create a full replica their production environment for each pull request. Qovery replicates all applications and databases that you create when you create a pull-request for an app.
It was challenging to build our Preview Environment system because we had to properly support applications, networks, secrets, and other services. This article will show you how certain components work together to create our Preview Environment system.
Due to their experience with Heroku, some people refer to preview environments review apps. The Qovery Preview Environment system has one major difference: all applications and databases run within an environment. Each environment is attached directly to a Kubernetes Cluster. I will go into deeper detail below.
Check out our open source repository to learn more about Qovery Preview Environment. Qovery Engine.
Environment
Every application and every database on Qovery belong to an environment. It is a logical entity which links all resources together. Qovery will create a new environment by turning the Preview Environment feature on.
You will create a new environment with all the resources required to handle every pull request. The environment will allow you to test the new feature in a separate environment. There is no need to break your original environment. It can still be used as a production environment.
Let’s take a look at each service created, beginning with the simplest.
Cloning an application
An application is a container that runs in a Kubernetes Pod on Qovery. Cloning this application after a Preview Environment has been created creates a new Kubernetes Namespace and duplicates the Kubernetes deployment configuration. The namespace ID is changed.
The easiest part is when you don’t take into account the network, environment variables, and secrets. A POC (proof-of-concept) that supports containers is easy to build and can be completed in a matter of days. This is what most preview environments systems provide. However, things get more complicated when you use them in real-world situations.
Cloning Environment Variables, Secrets
Your production environment secrets and variables might not be appropriate for a preview environment. To manage your environment variables across different environments, we have created an inheritance system and scope system.
Inheritance
Let’s say that you use the environment variable NODE_ENV=production.You might want to use the exact same environment variable as the value Development. This is what Qovery allows you to do. It means that you must dynamically map the values according to the environment.
Scope
Let’s suppose you have 20 environments. You will need to set it individually for each environment if there is no scope feature. This is why we have associated a scope to each environment variable. An environment variable is a variable that you set with the scope of the project. It will be available for all environments.
Secret Encryption
Secrets are similar to environment variables, except that you cannot reveal the value. It is therefore write-only. Qovery, behind the scenes, encrypts, salts, and stores the value in the Kubernetes secret service.
Cloning of the Network
Cloning a network means that you can copy the configurations for both the internal (Kubernetes service and ingresses) as well as the external (load balancers and gateway, etc.). External networks are the most complex because you must consider creating a new TLS and external domain. We allow our users to set their own domains.
Cloning Database
Qovery offers two types database options: the managed one and container one. AWS offers the managed databases, such AWS RDS Postgres. It is ideal for production and AWS guarantees backups. AWS also offers Postgress container mode which provides a container instance with attached storage (AWS EBS). This allows for persistence.
It is faster and cheaper to spin up, but it has no backups. This makes it ideal for development purposes. We will clone the database, and any appropriate network services, depending on the type of database. We also need to consider creating another VPC (virtual personal cloud) on RDS. This is where things get more complicated.
Cloning a Database also involves seeding the Preview Environment database or cloning production database. This is not always feasible due to legal or technical reasons. At every stage, we had to ask ourselves: What happens if X operations goes wrong? We built a transactional deployment engine. I’d be happy to show you how it works in a future article.
Isolation of Resources
Our users can choose between physical isolation and a more logical connection between their Preview Environments depending on how important their business is. This premium feature is very time-consuming and expensive. While physical isolation is safer than logical isolation and is easier to maintain, it is more expensive and complex. SaaS within the health care sector must adhere to HIPAA security requirements. They must provide physical isolation among their users, while a SaaS for the gaming industry can use the logical isolate model.
Logical Isolation
Kubernetes namespaces provide logical separation from our context. Each environment has its own namespace. A deletion of one namespace will result in the deletion of all Kubernetes resources for an environment. Qovery does not consider Kubernetes namesspaces to be suitable for multitenant applications, even if they are subject to the appropriate RBAC rules.
Physical Isolation
Qovery offers different architectural options to achieve physical isolation.
The Qovery platform manages all architectures, from VPC to Kubernetes cluster to cloud account isolation.
Testing
It is essential to test and spend at least half of your development time in order to build a Preview Environment system that is robust enough for thousands of developers. We have thousands upon thousands of tests in place to ensure that all edge and normal cases are covered, from functional tests and unit tests to full-blown end-to-end (E2E) tests. It is an integral part of our development.
Conclusion
I described how we built our Preview Environment system using Qovery and Kubernetes on AWS. It’s not easy to create a stable, secure, performant Preview Environment system. The benefits of using the Preview Environment features are immense.
This company, for example, releases its content 100 times faster using the Preview Environment feature in less time than a week.
Any question? Any question? Qovery is our contact numberVisit our website. Qovery Preview Environment page.
Feature image via Pixabay