|
| 1 | +:title: Production deployments |
| 2 | +:description: Considerations for deploying Deis in production. |
| 3 | + |
| 4 | +.. _production_deployments: |
| 5 | + |
| 6 | +Production deployments |
| 7 | +====================== |
| 8 | + |
| 9 | +Many Deis users are running Deis quite successfully in production. When readying a Deis deployment |
| 10 | +for production workloads, there are some additional (but optional) recommendations. |
| 11 | + |
| 12 | +Preseeding containers |
| 13 | +--------------------- |
| 14 | + |
| 15 | +When a host in your CoreOS cluster fails or becomes unresponsive, the CoreOS scheduler will relocate |
| 16 | +any cluster services on that machine to another host. These services come up on the new host just fine, |
| 17 | +but a component's first task is to pull the corresponding Docker image from Docker Hub. Depending |
| 18 | +on factors such as available bandwidth, network latency, and performance of the Docker Hub platform, |
| 19 | +this can take some time. Failover is not finished until the pull completes and the component starts. |
| 20 | + |
| 21 | +To minimize component downtime should failover occur, it is recommended to preseed the Docker images |
| 22 | +for Deis on all hosts in a cluster. This will pull all the images to the host's local Docker graph, |
| 23 | +so if failover should occur, a component can start quickly. |
| 24 | + |
| 25 | +A preseed script is provided as a script already loaded on CoreOS hosts. |
| 26 | + |
| 27 | +On all hosts in the cluster, run: |
| 28 | + |
| 29 | +.. code-block:: console |
| 30 | +
|
| 31 | + $ /run/deis/bin/preseed |
| 32 | +
|
| 33 | +This will pull all component images for the installed version of Deis. |
| 34 | + |
| 35 | +Review security considerations |
| 36 | +------------------------------ |
| 37 | + |
| 38 | +There are some additional security-related considerations when running Deis in production, and users |
| 39 | +can consider enabling a firewall on the CoreOS hosts as well as the router component. |
| 40 | + |
| 41 | +See :ref:`security_considerations` for details. |
| 42 | + |
| 43 | +Back up data |
| 44 | +------------ |
| 45 | + |
| 46 | +Backing up data regularly is recommended. See :ref:`backing_up_data` for steps. |
| 47 | + |
| 48 | +Configure logging and monitoring |
| 49 | +-------------------------------- |
| 50 | + |
| 51 | +Many users already have external monitoring or logging systems, and connecting Deis to these |
| 52 | +platforms is quite simple. Review :ref:`platform_logging` and :ref:`platform_monitoring`. |
| 53 | + |
| 54 | +Enable TLS |
| 55 | +---------- |
| 56 | + |
| 57 | +Using TLS to encrypt traffic (including Deis client traffic, such as login credentials) is crucial. |
| 58 | +See :ref:`ssl-endpoints`. |
0 commit comments