copyright | lastupdated | keywords | subcollection | content-type | services | account-plan | completion-time | ||
---|---|---|---|---|---|---|---|---|---|
|
2023-07-21 |
application, deploy app, deploy app multiple regions, multiple regions, custom domain name, domain name, TLS, load-balancer, Cloud Internet Services |
codeengine |
tutorial |
codeengine, cis |
pay-as-you-go |
30m |
{{site.data.keyword.attribute-definition-list}}
{: #deploy-multiple-regions} {: toc-content-type="tutorial"} {: toc-services="codeengine, cis"} {: toc-completion-time="30m"}
You can deploy your {{site.data.keyword.codeenginefull}} application across multiple regions to make it resilient to regional failures. Note that this example uses a global content delivery network (CDN) called {{site.data.keyword.cis_full_notm}}, but you can use alternate providers. This example also uses a custom domain. {: shortdesc}
{: #deploy-setup-cis-prereq}
- You must have a custom domain name for your application, such as
example.com
. This domain name is used by your {{site.data.keyword.codeengineshort}} application. - Set up an instance of {{site.data.keyword.cis_short}}{: external}.
- Add your domain name to {{site.data.keyword.cis_short}}. When you register your domain name with {{site.data.keyword.cis_short}}, you are delegating control of your domain name to {{site.data.keyword.cis_short}}. Note that this step can take a while to complete.
{: #deploy-project-regions} {: step}
Create a {{site.data.keyword.codeengineshort}} project in three different regions. You can use a common naming pattern and a shared tag.
For example, create a project called global-app-project
in the au-syd
, eu-de
, and br-sao
regions with either the CLI or from the console.
Name | Status | Tag | Location | Resource group | Created |
---|---|---|---|---|---|
global-app-project |
Ready | global-app |
Sydney (au-syd ) |
default | |
global-app-project |
Ready | global-app |
Frankfurt (eu-de ) |
default | 2 min |
global-app-project |
Ready | global-app |
Sao Paulo (br-sao ) |
default | 3 min |
{: caption="Table 1. Projects in multiple regions" caption-side="bottom"} |
For more information, see Managing projects.
{: #deploy-app-regions} {: step}
Now that your projects are created in multiple regions, deploy your application in each project.
For example, deploy the codeengine/helloworld
app.
-
From the {{site.data.keyword.codeengineshort}} projects{: external} page, click the name of one of the projects that you created.
-
Click Create application.
-
Configure your app with the following settings.
- Name your application
global-app
. - Select Container image to reference a container image for your app.
- Enter
icr.io/codeengine/helloworld
for your image reference. - Under Runtime settings, set your minimum number of instances to 1. By setting your minimum number of instances to 1, you can enable health checks from your CIS instance to monitor the availability of pools so that traffic can be routed to the healthy ones.
- Leave the rest of the options at the default settings and click Create.
- Name your application
-
Repeat these steps to create the application in each project.
For more information about deploying your application, see Deploying applications.
{: #custom-domain-cert} {: step}
In an enterprise environment, work with your corporate domain administrator to obtain the necessary certificates. However, if the custom domain is within your control and you want quickly create a certificate that is not self-certified, then you can optionally use the Let's Encrypt{: external} service and Certbot{: external} to obtain a certificate.
-
Install Certbot{: external}. Certbot is a client for the Automatic Certificate Management Environment (ACME){: external} protocol for automating interactions between a CA and a server. The Let's Encrypt service uses this client to verify domain ownership and issue certificates. From the Certbot Instructions page{: external}, select
Other
as the software and select the operating system for your workstation to obtain the applicable information to install the Certbot command line. -
Run the following command to create your certificate. This example command creates a certificate for the
example.com
andwww.example.com
custom domains. Be sure to update the command for your own custom domain.certbot certonly --manual --preferred-challenges dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --domain example.com --domain www.example.com
{: pre}
-
To verify that you own the domain, set a
TXT
record with your domain registrar for the domains that you requested in the previous step with values that were provided with the Certbot tool output; for example,_acme_challenge.example.com
and_acme_challenge.ww.example.com
. After you set theTXT
record, continue with the Certbot command. -
Certbot retrieves the certificate that is signed by Let's Encrypt. The location where the certificate is stored is provided by the Certbot output. Find the
fullchain.pem
andprivkey.pem
files.
{: #create-tls-secret} {: step}
Create a TLS secret to store your certificate in {{site.data.keyword.codeengineshort}}.
- From the {{site.data.keyword.codeengineshort}} projects{: external} page, click the name of one of the projects that you created.
- Select Secrets and configmaps.
- Click Create.
- Click TLS secret.
- Enter
global-tls
as the name. - Copy the content of the
fullchain.pem
file into the Certificate chain field. - Copy the content of the
privkey.pem
file into the Private key field. - Click Create.
- Repeat these steps to create a TLS secret in each project that you created earlier.
For more information, see Working with secrets.
{: #config-app-domain} {: step}
After your apps are deployed, configure a custom domain mapping for them.
- From the {{site.data.keyword.codeengineshort}} projects{: external} page, click the name of one of the projects that you created.
- Select Applications.
- Select your
global-app
application. - Select Domain mappings.
- Select Public for your visibility.
- Click Create to create a custom domain mapping.
- Click Select to choose an existing TLS secret and select
global-tls
. - Enter your fully qualified domain name; for example,
www.example.com
. - Note the
CNAME
target value. You need this value to set up routing for your domain in CIS. - Verify that the app name is
global-app
. - Click Create.
- Repeat these steps to create a custom domain mapping for each application that you created.
{: #config-health-check} {: step}
When you created your applications, you set the Minimum number of instances to 1. Because there is always an instance of your app running in each region, you can set up a health check from your CIS instance to monitor the availability of pools. By setting up a health check, traffic is always routed to a running instance, making your app highly available.
- From your CIS instance, navigate to Reliability > Global load balancers > Health checks.
- Click Create.
- Name your health check the same as your application name:
global-app
. - Set the Monitor type to
HTTPS
and the Port to443
. - Accept the defaults for the rest of the options. Note that if you are using an app other than
codeengine/helloworld
app, adjust any options that your app requires. - Click Create.
For more information, see Setting up health checks.
{: #=config-load-balancer} {: step}
After your custom domain mappings are in a Ready
state, configure the {{site.data.keyword.cis_short}} load-balancer for your application global endpoint. For more information, see Configuring a global load balancer.
-
Go to the Reliability page in the {{site.data.keyword.cis_short}} console.
-
Select Origin pools and click Create.
- Name your pool
global-app-au-syd
. - Set the Origin address to the CNAME target of your domain name mapping.
- Set the Host header to your domain name.
- From the Health check, select Existing health check and then select
global-app
. - Click Save.
- Repeat these steps for each region that contains your deployed app. Change the name to reflect the region that you are targeting. For example,
global-app-de-eu
andglobal-app-br-sao
.
- Name your pool
-
Select Load balancers and click Create.
- Name your load balancer. Note that this name appears in your custom domain URL. For example, if your custom domain is
global-app.example.com
and you name your load balancerglobal-app
, your URL isglobal-app.example.com
. - Set Traffic steering to
Geo
. - Add your Geo routes. You can choose to create a route for all CIS regions or only some regions.
- If you create a route for all CIS regions, then in each route that you create, add all the origin pools that you created earlier. Sort them so that a region that contains your running app and is closest to the region route that you are configuring. For example, if you created apps in
au-syd
,eu-de
, andbr-sao
, then forOceana
, putau-syd
first. For Eastern and Western Europe, putde-eu
first. And for North and South America, putbr-sao
first. - If you create a route for only some CIS regions, add a route for the Default region. This route is the fallback to use when a specified region is not available.
- If you create a route for all CIS regions, then in each route that you create, add all the origin pools that you created earlier. Sort them so that a region that contains your running app and is closest to the region route that you are configuring. For example, if you created apps in
- Click Create to create the load balancer.
- Name your load balancer. Note that this name appears in your custom domain URL. For example, if your custom domain is
{: #verify-app-domain} {: step}
Open a browser and enter your load balancer name plus your custom domain name; for example, www.global-app.example.com
Now your applications are highly available.
{: #clean-up} {: step}
- Delete the global load balancers and origin pools from CIS.
- Delete your DNS records from CIS. For more information, see Deleting DNS records.
- Delete each project that you created. When you delete a project, all the components contained in that project are also deleted. For more information, see Delete a project.
Note that your custom domain is not deleted, but is no longer associated with the application that you created.