github.com/greenboxal/deis@v1.12.1/docs/managing_deis/production_deployments.rst (about) 1 :title: Production deployments 2 :description: Considerations for deploying Deis in production. 3 4 .. _production_deployments: 5 6 Production deployments 7 ====================== 8 9 Many Deis users are running Deis quite successfully in production. When readying a Deis deployment 10 for production workloads, there are some additional (but optional) recommendations. 11 12 Isolating the Planes 13 -------------------- 14 15 .. include:: ../_includes/_isolating-planes-description.rst 16 17 See :ref:`isolating-planes` for further details. 18 19 Isolating etcd 20 -------------- 21 22 .. include:: ../_includes/_isolating-etcd-description.rst 23 24 See :ref:`isolating-etcd` for further details. 25 26 Running Deis without Ceph 27 ------------------------- 28 29 .. include:: ../_includes/_ceph-dependency-description.rst 30 31 See :ref:`running-deis-without-ceph` for details on removing this operational 32 complexity. 33 34 .. _preseeding_continers: 35 36 Preseeding containers 37 --------------------- 38 39 When a host in your CoreOS cluster fails or becomes unresponsive, the CoreOS scheduler will relocate 40 any cluster services on that machine to another host. These services come up on the new host just fine, 41 but a component's first task is to pull the corresponding Docker image from Docker Hub. Depending 42 on factors such as available bandwidth, network latency, and performance of the Docker Hub platform, 43 this can take some time. Failover is not finished until the pull completes and the component starts. 44 45 To minimize component downtime should failover occur, it is recommended to preseed the Docker images 46 for Deis on all hosts in a cluster. This will pull all the images to the host's local Docker graph, 47 so if failover should occur, a component can start quickly. 48 49 A preseed script is provided as a script already loaded on CoreOS hosts. 50 51 On all hosts in the cluster, run: 52 53 .. code-block:: console 54 55 $ /run/deis/bin/preseed 56 57 This will pull all component images for the installed version of Deis. 58 59 Review security considerations 60 ------------------------------ 61 62 There are some additional security-related considerations when running Deis in production, and users 63 can consider enabling a firewall on the CoreOS hosts as well as the router component. 64 65 See :ref:`security_considerations` for details. 66 67 Back up data 68 ------------ 69 70 Backing up data regularly is recommended. See :ref:`backing_up_data` for steps. 71 72 Change Registration Mode 73 ------------------------ 74 75 Changing the registration process is highly recommended in production. By default, registrations for a 76 new cluster are open to anyone with the proper URL. Once the admin user has registered with a new cluster, 77 it is recommended that you either turn off registrations entirely or enable the admin only registration feature. 78 79 Please see the following documentation: :ref:`controller_settings` 80 81 Configure logging and monitoring 82 -------------------------------- 83 84 Many users already have external monitoring or logging systems, and connecting Deis to these 85 platforms is quite simple. Review :ref:`platform_logging` and :ref:`platform_monitoring`. 86 87 Enable TLS 88 ---------- 89 90 Using TLS to encrypt traffic (including Deis client traffic, such as login credentials) is crucial. 91 See :ref:`platform_ssl`.