we ask a org to setup a google account on google cloud with a billing account and a project.
we then:
deploy to google for the org, and set the TLS up ( will challenge their DNS )
setup email account ( will require them to change their DNS )
make the bootstrap data, and bootstrap it.
setup the account passwords ( superAdmin, OrgAdmin, projectAdmin).
setup the db encryption password (s).
need to add the sys Admin GUi, so they can then go in and change the passwords, etc.
need to set the CORS ( and the Iframe template ), so the org can add it to their website. Can print this in the Admin GUI for them.
then we hand it over to an Org.
they then:
add the iframe template to their web site.
login to the Web Admin, and change passwords
backups
we decided that we will copy the daily backups to Google s3 bucket.
will need to add this to the code. Best if we do it so that it works even if they are no running on the google cloud.
restore
assume pulling from google storage.
So we need to add the backup and restore buttons to the Web Admin.
No proxies are needed for this approach.
No notorisation is needed for this approach.
I think we can use ko though. to make it quick and easy.
secrets
i am not sure how KO and kub will cope with the config.
i dont think we need to encrypt the config, since its running on the google cloud it should be ok for v2.
v3
Targets
cloud
desktop
Cloud uses ko.
We run a forward proxy on top to provide Application firewall like security, and can do auth and authz at that level easily but just building a new main that uses the sys code. This can also do the TLS to non TLS offloading. This can also do the Cert Magic.
Desktop
This runs locally using reverse proxy that we run.
Does the same things as the forward proxy to do with auth and Cert Magic.
But is reverse.
Common code here will make customising it quick, and keeping things all working quick.
We and others need to deploy...
V2
backups
No proxies are needed for this approach. No notorisation is needed for this approach.
I think we can use ko though. to make it quick and easy.
secrets
v3
Targets
Cloud uses ko. We run a forward proxy on top to provide Application firewall like security, and can do auth and authz at that level easily but just building a new main that uses the sys code. This can also do the TLS to non TLS offloading. This can also do the Cert Magic.
Desktop This runs locally using reverse proxy that we run. Does the same things as the forward proxy to do with auth and Cert Magic. But is reverse.
Common code here will make customising it quick, and keeping things all working quick.
DNS
Auth
Cert
Meta
when you deloy on google you get a nice meta API to see what is where... https://developers.google.com/compute/docs/metadata. package metadata // import "cloud.google.com/go/compute/metadata"
ALWAYS map a deplyo to a git sha, and always embed into the deployed code.
so then you can always see what code maps to what Domain and cloud instance ( via the meta ).
CLI
autoscaler