How can I configure different cloud providers (for GCP, AWS, Azure) on https://github.com/spotify/dockerfile-maven maven plugin, so that it seamlessly enables deployment on all cloud providers. We want maven deploy command to deploy to all cloud providers (say GCP, Azure, AWS). How can we specify configuration for all of them, but have the flexibility to deploy to a cloud provider when needed
Related
I have a ASP.NET Core Web API planning to deploy in AWS, I don't have enough background in AWS what is the good package to subscribe in AWS?
My option is Amazon EC2 or Cloud Computing or there is other package for Web API? And my other concern is I also have files to upload by the client need at least of 1 or 2 TB of cloud storage. Can I connect the Cloud Storage services of Amazon to Amazon EC2. I really don't how to start.
You could look at Elastic Beanstalk (EB) as explained in Creating and deploying .NET applications on Elastic Beanstalk. EB is AWS Platform as a Service (Paas) offering which allows you to deploy your code, without managing much or any of EC2 instances, load balancers, security groups and more.
Alternatively, if you can run your app in a docker container, maybe it would be easier to deploy it using ECS Fargate. EB can also be used to deploy dockerized applications.
For storage you can use EFS if you require filesystem-like storage that can be shared across multiple instances, containers or lambda functions.
Quoting https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless#enabling
While Google Cloud Armor can be configured for backend services with Cloud Run (fully managed), Cloud Functions, and App Engine backends, there are certain limitations associated with this capability, especially with Cloud Run (fully managed) and App Engine. Users who have access to the default URLs assigned to these services by Google Cloud can bypass the load balancer and go directly to the service URLs, circumventing any configured Google Cloud Armor security policies.
What would be the best way to avoid the bypass of Cloud Armor by an attacker targetting the Cloud Run URL (*.run.app)?
Normally I would make Cloud Run only invocable by a service account but Cloud Load Balancer can't use service accounts to call Cloud Run. An alternative is to configure Cloud Load Balancer to use a token in a header and configure the app running in Cloud Run to only accept calls with the correct header/token but I would prefer not to have to do that in the app.
You should restrict the ingress of your service to "Internal and Load Balancing" to disable access from the default domain and only allow traffic to come from Cloud Armor:
gcloud beta run services update SERVICE --ingress internal-and-cloud-load-balancing
What is the difference between the using Cloud Platform Service Broker and using Alias IPs when configuring Kubernetes Engine?
Service Broker doesn't have anything to do with Alias IPs. Cloud Platform Service Broker is called by "Kubernetes Service Catalog" to get GCP services provisioned with Kubernetes manifests (for example, you can create a Cloud SQL database by deploying a Kubernetes manifest thanks to this feature). Alias IPs don't have anything to do with this.
As a cloud-native platform, Cloud Foundry directly uses cloud-based infrastructure
so that applications running on the platform can be infrastructure unaware.
That being said, would like to understand if I deploy any application using Cloud Foundary...
What infrastructure is uses by default ? It can be anything such as Azure or AWS or OpenStack etc... ?
Does this mean if I am using Cloud Foundary - It will always be combination of Cloud Foundary + Any IAAS provider ?
where CF will work as intermediate between our application and IAAS ?
Cloud Foundry is deployed and managed via Bosh. Bosh provides an abstracted layer above the chosen infrastructure (AWS, GCP, Azure, vSphere etc), any software deployed via Bosh is therefore ignorant, for the want of a better term, of the infrastructure it's been deployed on. When you deploy an application on Cloud Foundry it is also unaware of the infrastructure it has been deployed to. That's the whole premise of Cloud Foundry, taking away any infrastructure concern for developers, so they can concentrate on application code.
Is there any plugin in Jenkins to connect to Google Cloud Platform?
I have installed gcloud SDK plugin and connected to GCP and in gcloud CLI I have written gcloud app deploy but not able to deploy successfully.