In my last post, I wrote about how we've come to use Gitea and Drone in combination for deploying a few new services for the FSFE. While our setup works, it's definitely not ideal, and with a single Docker host, it's not resilient to failure.
If you know how we can shape this using standard tools, and can volunteer a few cycles for our system administration team, I'd be happy to hear from you! Here's where we are right now!
- We have Gitea as our Git platform. This works great.
- We have Drone as our CI, connected to Gitea. Also works great.
- We have a single host which runs our Docker server. This isn't ideal.
- Deployment on that host is done through Ansible, partly manually but mostly through the CI pipeline in Drone. This works, but it also means if the Docker host dies, we need to trigger the deployments and CI rebuilds manually.
- Networking is a single IP on the Docker host and all HTTP/HTTPS requests are proxied to the underlying Docker container. This is probably okay, and makes integration with LetsEncrypt super easy.
What I can see would be useful is a way to monitor the Docker host and the services run, and in the case they fail, take action (such as reporting it to our system administrators and/or triggering a deployment of the service again).
But I can also see a need to scale the Docker host so not everything runs in the same Docker. A bunch of things we have depends on this being the case though, but if we solve that, perhaps we solve the monitoring too?
Kubernetes is on my mind, but I know very little about it, and I'm a bit fearful it would change too much of our networking setup. Do you know better? I'm at firstname.lastname@example.org :-)