Metaphor
metaphor
is an example containerized nodejs application that serves numerous purposes on the pro platform.
Best Practices
metaphor
provides a demonstration space for application best practices in a tangible way that's easy to apply to other projects. When engineers discover good patterns and wish have those patterns adopted in other projects, add that new idea in the most straightforward way possible to the metaphor
app as well. By doing so our engineering team can fully engage with the best application approaches.
CI/CD
metaphor
has a complete ci/cd process with automated builds, container creation, container publishing, linting, tests, deployment to preprod and production, release management, version management, and hotfixes. It serves as an excellent proving ground for changes to the ci/cd layer.
When a new version of our CI is needed, it's best to adopt that new version of the CI in metaphor
first. Run through the adjustments to your automation and test it through all of your environments and kubernetes clusters without impacting the applications that your engineers and users depend on.
Kubernetes Representations
metaphor
is a multi-instance load balanced nodejs app. It's deployed to the development
and staging
namespaces in the preprod
cluster, and the production
namespace in the production
cluster.
The kubernetes manifests produced by the metaphor
CI include a working example of a kubernetes deployment with downstream replicaset and pods, a service account with a security context used, a service to make the application available to the cluster, and an ingress to make the service available outside the cluster.
Ingress Integrations
The ingress manifest demonstrates integration with our automated approach to dns management, load balancer management, and TLS/SSL certificate creation and renewal.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
# Change the next line to "letsencrypt-staging" while testing adjustments, change to "letsencrypt-prod" after confirming LE certificate was issued
cert-manager.io/cluster-issuer: "letsencrypt-prod"
name: metaphor
labels:
run: metaphor
spec:
rules:
- host: metaphor-development.yourdomain.com
http:
paths:
- backend:
serviceName: metaphor
servicePort: 3000
path: /
tls:
- secretName: metaphor-tls
hosts:
- metaphor-development.yourdomain.com
Some cool automated things to note:
- the value specified in spec.rules.host
will automatically create a route53 cname that's bound to the ingress' elastic load balancer
- the cert-manager.io/cluster-issuer
annotation will prompt cert-manager
to automatically create a certificate for your application, and will store that cert in the secretName
specified
- nginx will automatically route traffic to the metaphor
service based on the path-based/host-based routing specified in spec.rules
Environment Configs and Secrets
metaphor
also includes a working example of how to leverage a multi-environment secrets management paradigm powered by vault
and external-secrets
.
There's also a configmap implementation to demonstrate how to leverage non-sensitive configuration values.
Datadog Integrations
metaphor
is set up to provide cloud and container observability and monitoring best practices with datadog
. It demonstrates using datadog
for metaphor
's application logs, container statistics, application metrics, appliction performance monitoring, dashboarding, and alerting.
Secrets Management
metaphor
leverages hashicorp vault
for secrets management. vault
runs in the mgmt
cluster and metaphor runs in preprod
and production
, so it serves as an example for secrets management. To read more see our vault page