Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This document should describe the deployment. The dev information you can find in the GitHub README of the Loono Backend repository.

Used tools

  • AWS and Kubernetes services

  • Docker

  • Terraform

...

The backend server is an application running on JVM written in Kotlin a and built by Gradle.

Versions:

  • Kotlin 1.5.20

  • JVM 11+ (compatibility with 11)

  • Gradle 7.1

The server uses the PostgreSQL as a data storage.

...

  1. Docker image creation with Dockerfile

    1. Building the application by Gradle build to create a bootable JAR file

    2. Creation a final docker image with the application JAR

  2. Upload the Docker image to the Docker repository (ECR)

  3. Deployment of the new server version to the AWS

    1. Startup of the new version

    2. If the startup succeeds then the new version replaces the old one

Pipelines and configurations

  • The AWS configuration and deployment is managed by Terraform. It is located in the GitHub repository.

    • The infrastructure definitions are owned by Martin Wenisch and any changes have to be reviewed by him.

  • The deployment pipelines (GitHub Actions)

GitHub Secrets

We use GitHub Secrets to hide access keys and passwords in our public repository. The GitHub Secrets are use in the Actions where provides secret values for the deployment process (access to AWS) or secrets needed by a pod.

Flow: Github Actions SecretGitHub Actions → Terraform environment variable → Pod template with predefined system environment variables

AWS connection and deployment secrets

AWS_ACCESS_KEY_ID

AWS_REGION

AWS_REPOSITORY

AWS_SECRET_ACCESS_KEY

CERTIFICATE_ARN

Application secrets

DATABASE_PASSWORD

The password to the PostgreSQL database.

GOOGLE_APPLICATION_CREDENTIALS

The Firebase credentials for the Firebase Admin SDK. The secret contains the content of the JSON file downloaded from the Admin console.

Access to logs

We can get a read-only access the AWS CloudWatch. If you need the access please ask Martin Wenisch .

Logs

We can access the logs in the AWS CloudWatch:

https://eu-west-3.console.aws.amazon.com/cloudwatch/home?region=eu-west-3#logsV2:log-groups/log-group/$252Fecs$252Fbackend

...

Pod parameters

Hardware configuration:

...

  1. The build - we cover main functionality by unit tests (code coverage is available by jacoco plugin in the project)

    1. We have the CI pipeline in the Github Actions executing the project build on each commit.

    2. The tests are part of docker image building, too.

  2. The deployment

    1. The deployment succeeds if the health check passed 3-times.

    2. We have post-deploy tests which validate health check and the API documentation after the deployment itself.