Overview
To deploy the Open AMT Cloud Toolkit to a production environment, replace default reference implementation components with more robust or full-featured components. Each section below lists the default reference implementation component included with toolkit along with suggestions for replacement.
Database Selection¶
The Docker-based PostgreSQL* image used in docker-compose.yml provides enough functionality for proof-of-concept creation and development. However, to enable the toolkit for production, leverage a managed database instance offered by a public cloud provider or a database hosted by your internal IT.
Regardless of the deployment scenario (i.e., a VM, Kubernetes, Docker Swarm, a native environment), managing state in your cluster comes with a higher risk of data loss than that of a managed database instance.
Default Component¶
Example Replacements¶
- Azure Database for PostgreSQL
- Azure SQL Database
- Amazon Relational Database Service (RDS)
- MS SQL Server
- MariaDB
For more information about replacing the default toolkit database, see the database guide.
Secrets Management¶
A secret is any asset requiring controlled access, such as API keys, passwords, or certificates.
The toolkit enables secrets management with HashiCorp Vault*, which provides a secure repository for storing and accessing sensitive assets. Vault offers a unified interface to any secret, tight access control, and a detailed audit log.
While Vault provides a comprehensive solution for managing and persisting state in a K8s cluster, use of a managed secret provider, such as Azure Key Vault, offloads this role and helps reduce the overhead of secrets management in the toolkit.
Additionally, if a secret provider is not necessary for your deployment, consider removing it and leveraging some other backing store for secrets.
Default Component¶
Example Replacements¶
For more information about replacing the default secret provider, see the secrets guide.
API Gateway¶
The toolkit uses Kong as its open source API gateway. Kong provides an entry point for external clients, anything not a part of the microservice system, and a comprehensive suite of plugins for various scenarios.
Default Component¶
