github.com/greenboxal/deis@v1.12.1/docs/managing_deis/production_deployments.rst (about)

     1  :title: Production deployments
     2  :description: Considerations for deploying Deis in production.
     3  
     4  .. _production_deployments:
     5  
     6  Production deployments
     7  ======================
     8  
     9  Many Deis users are running Deis quite successfully in production. When readying a Deis deployment
    10  for production workloads, there are some additional (but optional) recommendations.
    11  
    12  Isolating the Planes
    13  --------------------
    14  
    15  .. include:: ../_includes/_isolating-planes-description.rst
    16  
    17  See :ref:`isolating-planes` for further details.
    18  
    19  Isolating etcd
    20  --------------
    21  
    22  .. include:: ../_includes/_isolating-etcd-description.rst
    23  
    24  See :ref:`isolating-etcd` for further details.
    25  
    26  Running Deis without Ceph
    27  -------------------------
    28  
    29  .. include:: ../_includes/_ceph-dependency-description.rst
    30  
    31  See :ref:`running-deis-without-ceph` for details on removing this operational
    32  complexity.
    33  
    34  .. _preseeding_continers:
    35  
    36  Preseeding containers
    37  ---------------------
    38  
    39  When a host in your CoreOS cluster fails or becomes unresponsive, the CoreOS scheduler will relocate
    40  any cluster services on that machine to another host. These services come up on the new host just fine,
    41  but a component's first task is to pull the corresponding Docker image from Docker Hub. Depending
    42  on factors such as available bandwidth, network latency, and performance of the Docker Hub platform,
    43  this can take some time. Failover is not finished until the pull completes and the component starts.
    44  
    45  To minimize component downtime should failover occur, it is recommended to preseed the Docker images
    46  for Deis on all hosts in a cluster. This will pull all the images to the host's local Docker graph,
    47  so if failover should occur, a component can start quickly.
    48  
    49  A preseed script is provided as a script already loaded on CoreOS hosts.
    50  
    51  On all hosts in the cluster, run:
    52  
    53  .. code-block:: console
    54  
    55      $ /run/deis/bin/preseed
    56  
    57  This will pull all component images for the installed version of Deis.
    58  
    59  Review security considerations
    60  ------------------------------
    61  
    62  There are some additional security-related considerations when running Deis in production, and users
    63  can consider enabling a firewall on the CoreOS hosts as well as the router component.
    64  
    65  See :ref:`security_considerations` for details.
    66  
    67  Back up data
    68  ------------
    69  
    70  Backing up data regularly is recommended. See :ref:`backing_up_data` for steps.
    71  
    72  Change Registration Mode
    73  ------------------------
    74  
    75  Changing the registration process is highly recommended in production.  By default, registrations for a
    76  new cluster are open to anyone with the proper URL.  Once the admin user has registered with a new cluster,
    77  it is recommended that you either turn off registrations entirely or enable the admin only registration feature.
    78  
    79  Please see the following documentation:  :ref:`controller_settings`
    80  
    81  Configure logging and monitoring
    82  --------------------------------
    83  
    84  Many users already have external monitoring or logging systems, and connecting Deis to these
    85  platforms is quite simple. Review :ref:`platform_logging` and :ref:`platform_monitoring`.
    86  
    87  Enable TLS
    88  ----------
    89  
    90  Using TLS to encrypt traffic (including Deis client traffic, such as login credentials) is crucial.
    91  See :ref:`platform_ssl`.