https://dev.37signals.com/bringing-our-apps-back-home/
A number of our applications have been on a long journey through various cloud providers and services over the years.
Originally, we started by moving them from our data centers to AWS ECS, with the promise of lovely contained Docker builds and eventual cost savings.
We liked Docker a lot, less so the lack of flexibility in ECS. Thus, we pivoted to GKE on Google Cloud Platform to give Kubernetes a try, only to be thwarted by network control plane outages that led us to a quick retreat. Undeterred by the cloud, we moved our legacy applications to AWS Kubernetes (EKS) where some of them still reside today.
You inevitably accrue some dimension of technical debt and complexity on this path. Your deployment strategy isn’t the only thing that has to change: you’ll have to invent new tooling to manage those stacks and create useful CI/CD to cater to the needs of both operations and programming. Most likely you will have to rethink your monitoring strategy as well.
Not even scratching the necessity of entirely different paradigms regarding informational and operational security as well. Oh, and at some point, you’d also have to train people about all of this! Gimme a second, we just got an email about the maintenance EOL of this resource from [public cloud provider]… wait, is us-east-1 down?
Bottom line: you need a lot of processes to do this right. In a lot of places, it became apparent we were spending more than we got out of it in return — not just economically, but also operationally. This was our smallest application, Tadalist, when it ran on EKS, taken from our internal documentation.
+--------------------------------------------------------+
| eksctl VPC |
| +----------------------------------------------+ |
| | EKS | |
| | +------------------------------+ +---------+ | |
| | |app namespace | |default | | |
| | | | |namespace| | |
+-------------------+ | | +--------+ +--------+ +--------+ +---------+ | |
| tadalist VPC | | | |pod | |pod | |pod | |pod | | |
| | | | +--------+ +--------+ +--------+ +---------+ | |
| +---------------+ | | | |Unicorn | |Unicorn | |Unicorn +-+Logstash | | |
| | Services | | | | | | | | | | | | | |
| | | | VPC | | +--------+ +--------+ +--------+ +---+-----+ | |
| | +-----------+ | | Peering | | |Nginx | |Nginx | |Nginx | | | |
| | | RDS | | <---------> | | | | | | +-----+ | |
| | +-----------+ | | | | +-^------+-+-^------+-+-^------+ | |
| +---------------+ | | | | | | | |
+-------------------+ | | | | | | |
| +----------------------------------------------+ |
| | | | |
| +-+----------+----------+---+ |
| | Application Load Balancer | |
| +------------^--------------+ |
| | |
+--------------------------------------------------------+
|
|
+
Internet Traffic
Looks… easy? Well, note that this is just the rough infrastructural outline — it doesn’t include all the auxiliary tooling that runs on it, such as
It also misses the entire sphere around identity and access management for those resources that also needs to be maintained. Not even mentioning the infrastructure as code that has grown around this. It’s fair to say that we never realized the promise that the cloud would simplify our life.