Infrastructure of peoplesmarkets.com

#devops #infrastructureascode #opensource #peoplesmarktes

Hello! : ) Here I want to showcase the current state of the infrastructure running peoplesmarkets.com which is mainly deployed and configured with Ansible Playbooks which can be found in the infrastructure repository.

01 - Main software and platforms

HashiCorp Cloud Platform Vault Secrets - Secret store before Vault is deployed
HashiCorp Vault - Secret store and management
HashiCorp Consul - Service Discovery and Service Mesh
HashiCorp Nomad - Container orchestration
CockroachDB - Relational database
ZITADEL - Identity management and authentication
Cloudflare Pages - Web UI deployment

In order to deploy, run and update backend services in a convenient way we need some container orchestration tool. In this case I went with Nomad, just because I already used Kubernetes in a production environment and wanted to learn something new. Nomad covers all use cases for the foreseeable future.

In order for the running services to be able to communicate with each other we need to configure their access information in some way. This is where Consul comes in play. It is easy to integrate with Nomad, where we only need to add a section to our deployment specification to find the addresses of those other services that are registered to Consul.

I find secret management and configuration always a little painful - the good kind of pain, but pain nonetheless. HashiCorp Vault is a software which aids that pain very nicely. It is also easy to use with Nomad.

For the first database I went with CockroachDB. In the past I often went with PostgreSQL or MySQL as default because they are reliable and I understand them well enough to be useful, but I do not get my head around how to deploy them highly available and replicated, at least not to a point where I would be happy to use it in production. CockroachDB comes with the hustle that is involved in distributed data storage - pre-hustled, will say, “It is straight forward to deploy multiple nodes in a cluster”.

For user registration and authentication ZITADEL was deployed. I repeat myself but it also was new to me and I wanted to learn something new. It covers all use cases for the foreseeable future and it is written in Go. : )

The Vault Secrets service at HashiCorp Cloud Platform is used for a few secrets that need to exist before Vault is deployed, here I could also have used Ansible Vault locally. Cloudflare Pages is used to deploy and run the front end web UIs. I saw a friend use it the other day for their personal project and found the simplicity of the deployment nice. It is free and also easily covers the use case. We can deploy the frond ends in the Nomad cluster in the future, without much work, if we decide to have everything running on our hardware.

That’s it so far for the reasons why the software components and services where chosen. While I was playing around with the HashiStack I found some very nice integrations which I want to discuss in the future - especially having most of the secrets and certificates manged by Vault.