Same. The simple fact that every PR can deploy a full stack, including RDS and managed Redis if desired, automatically in it's own namespace with proper DNS pointing to services is a massive win for us. As in, if you label the PR then it all happens automatically and then it all shuts down automatically when the PR is closed.
- Every service is deployed via a Helm chart and using containers
- GitHub actions build the container and deploy the helm chart
Some of the details that matter:
- ACK is used to create AWS services (RDS, Redis, etc.) via Helm charts (we also have a container option for helm charts as it's faster and less expensive)
- External Secrets is used to create secrets in the new namespace and also do things like generate RDS passwords
- ExternalDNS creates DNS entries in Route53 from the Ingress objects
- Namespace name is generated automatically from the branch name
- Docker images use the git hash for the tag
Some things that are choices:
- Monorepo although each service aims to be as self-contained as possible.
- Docker context is the git root as this allows for a service to include shared libraries from the repo when creating a container. This is for case where we break the previous rule.
