When outside teams approach thoughtbot with cloud infrastructure support needs, a very common use case involves transitioning from a simple Heroku application to a more robust platform. Whether the impetus is scalability, security, auditing compliance, cost management, or leveraging more robust cloud resources, the time has come for a transition. Enter Flightdeck.
At thoughtbot, we recognize that it is not a simple problem to deploy web applications to a production-ready platform equipped with autoscaling, monitoring / alerting, continuous integration & deployments (CICD), etc. This is why we developed a framework called Flightdeck.
Flightdeck is a Terraform-based tool that utilizes infrastructure as code (IaC) to provision a production-ready, security-hardened platform to a Kubernetes (k8s) environment. For folks unfamiliar, k8s can be a complex tool - to understand, setup, maintain, and debug. As a wee child (when “DevOps” was simply systems administration), I was quite comfortable with my bash scripts and Ansible repos. Need to install ruby? Psh I got you; here’s my rbenv playbook! Nginx config for a Rails/Puma app? Peep this template. By the time Terraform and Kubernetes became the new hotness, I was definitely feeling “get off my lawn” vibes.
This is not to say that configuration management and more traditional sysadmin paradigms have gone the way of the dodo. I still thoroughly enjoy when my “deploy pipeline” consists of a git post-receive hook that triggers a server-side code pull and nginx restart (honestly deployments that take seconds to complete and little more to set up bring joy to this one’s heart). But these models show their limitations quickly when trying to accommodate for more complex and scalable scenarios. Drum roll for Kubernetes…
When I first used k8s, I did not get it. It felt heavy. Complex. Opaque. Confusing. But I’m also stubborn. What I’ve come to realize is that Kubernetes solves some very complex problems and does so very effectively. Autoscaling, resource allocation, health checks, secrets management, routing between containers, deployments, namespacing, etc. There are many reasons why k8s has become the de facto standard for managing container-based application platforms.
So why Flightdeck?
Despite some excellent documentation and accessible tools like minikube, going from Hello World echoserver or nginx test page to a robust production environment is no small feat. Wiring up routing, horizontal pod autoscaling, foundations for sophisticated monitoring, ingress management, SSL cert generation for load balancers, etc… these pieces and others are not easy to weave together. This is why Flightdeck exists. It is meant to establish some conventions, uniformity, and make this process much smoother.
Flightdeck is an open source set of processes and IaC modules that guide one through setting up the aforementioned components necessary for rapidly building out a mature, stable, production platform. Conceptually, provisioning happens in various layers. Setting up accounts, SSO and foundational cloud platform elements comes first. Bootstrapping Terraform (TF) roles and permissions. Then TF modules are used to establish the Networking layer (VPCs, subnets, etc); then ingress (load balancers, certs, routing to eventual k8s cluster); then the platform and application layers (containing everything from Istio, Prometheus, to application-specific resources like database servers and other cloud-based resources that drive the application).
A recent case study distilled
We recently had the opportunity to work with an excellent team looking to move off Heroku for security and compliance reasons. You can read more about the process here. While significant production migrations always involve a lot of moving parts, the experience went very smoothly and we were able to help train team members on the fundamentals of the new platform along the way.
We focused first on the staging environment - provisioning the platform and requisite application resources, then continued to iterate - building confidence about the new architecture while preparing for the ultimate production migration. This migration took less than an hour and firmly established the Flightdeck platform as the path forward for the WorkHands team.
Concluding thoughts
There are a variety of solutions available for building out scalable cloud platforms. The number of options and complexity of the task can be overwhelming. With Flightdeck we have targeted a pragmatic approach to create a production-ready platform according to a variety of best practices. Like so many of thoughtbot’s projects, the code is open source and thoroughly documented. We have some exciting plans for future development and invite any teams or DevOps developers to contact us about consultation or collaboration!