E-Comm Domains Azure Re-Infrastructure

Owned by
Ashley Edds
Last updated: Apr 21, 2023 by
Ben Williamson (Deactivated)
3 min read

Current State

Updated Miro as of 4/19/23:

https://miro.com/app/board/uXjVP3wN1TM=/?share_link_id=430901434152

Pain points for current setup

  • Cannot save products on Stage magento due to cloudflare rules

  • Unclear combination of VPNs depending on what resource a dev is trying to interact with

  • Unclear understanding of “ownership” boundaries of infrastructure in Azure

    • What is the dev’s team responsibility to own/fix/access?

Wish List/Ideal State

Numbers are explained in the miro board linked below

https://miro.com/app/board/uXjVP3wN1TM=/?share_link_id=430901434152

Miro board numbers

  1. Managed DB in stage craft with replica to mimic Prod

  2. Redis -

    1. Preferably managed

    2. else, built in (Usually fine)

  3. Cloudflare integration for Blitz on prod and stage craft

    1. Otherwise or in addition - a way to flush caches (Maybe an api endpoint?)

  4. Cloudflare metrics / monitoring (Currently none)

  5. Log and Health streaming for monitoring

    1. (Azure log/metrics not craft logs)

  6. Add n8n IP to allow-list for stage-store.continuingeducation.com/graphql

  7. Blackfire account ($$$) for php on Craft and Magento (Also supported in DDEV)

    1. Our team should be able to Admin this account so we can assist team members with every environment

    2. Shared dev account and two prod accounts? Refinement needed.

  • Reduction of “VPN hopping”

    • Our current setup requires us use three separate VPNs to interact with the front and back of staging sites at the same time

  • Recommendations for Azure training for developers who are supporting Azure Infrastructure

    • Things such as Craft CMS tech stack / Magento tech stack / n8n / meilisearch / docker image devops flow

  • Docker image repository if we dont already have one

  • Team based permissions

  • Internal tools dashboard for simple Azure actions for prod issues? (i.e. restarting melisearch service when down)

    • Button to clear respective cloudflare caches after a deploy

  • Easy ssh key management

  • Monitoring, uptime checks, log aggregation

    • Pingdom + Datadog + more robust Azure monitoring/logging as a dashboard

  • Fast, private networks between environments for data syncs

  • Permissions to

    • Cost

    • Network (View only)

    • Monitoring, logs, health checks

    • Environment vars, settings for managed services

    • App service/container redeploys/mods

  • FreeCME domain in cloudflare for consistency and security

  • Permissions to cloudflare desired - flushing asset caches and reviewing status of things

  • Meilisearch App container with persistent storage - (Done)

    • This is done - master keys are held in a secret in ADO I believe

  • SSL wildcards for domains where possible (fcme pending)

  • FCME Behind cloudflare - DNS moved into .. Cloudflare I think - last I knew it was on Godaddy

  • Load balancing (IF NEEDED - I have not seen a reason for this just yet- until we get caching straightened out, this should be low priority)

  • Managed Services

    • Redis DB for prod+stage

    • MariaDB and replica for stage

  • Need to prep for move off of Adobe Cloud - @Ben Williamson (Deactivated) recommends JetRails

  • TODO: Date for end of cloud contract (may need to extend by another year to support migration)