How ReleaseHub works
This is a technical discussion of how ReleaseHub environments as a service work (EaaS) when deployed into your cloud account. These examples generally refer to AWS, but ReleaseHub offers full support for other cloud service providers.
ReleaseHub environments are deployed underneath a subdomain for ease and isolation. For example, the subdomain
release.example.com may have multiple environments that are reachable as serviceA-envA.release.example.com or serviceB-envA.release.example.com, and so on.You can use wildcard domains for preproduction and production environments, so that for example, both
*.service-A-envA.release.example.com and *.staging.example.com can be used. Wildcard domains can be used to accommodate different languages: us.staging.example.com or categories: shoes.staging.example.com.A shopping website
shopping.com may have an application called shoes and a customer called buyer. The customer's private application URL would be shoes-buyer.release.shopping.com. Custom domains, such as shoes.buyer.com, need external DNS configuration.In advanced configurations, preproduction applications can be deployed into one subdomain (
*.release.example.com) and production or staging environments deployed directly as, for example, www.example.com or staging.example.com.With ReleaseHub, you can deploy environments and applications without in-depth knowledge of the infrastructure needed to run your application code.
When ReleaseHub is integrated with your cloud service provider, it is given credentials and authorization to build infrastructure and deploy applications to your cluster.
- For AWS and GovCloud, a CloudFormation template creates an IAM role for ReleaseHub.
- With GCP, a project credential file allows ReleaseHub to build and deploy code to projects.
For EaaS customers, cloud integration is configured for each cloud provider account, so you can deploy across clouds and regions.
For private application customers, a landing page is designed for each installation that has access to your cloud account.
Given secure access to your cloud account, ReleaseHub spins up all the necessary buckets, Kubernetes clusters, and supporting infrastructure. AWS uses several services including EKS, ECR, S3, Route53, VPC, RDS, DynamoDB, RDS, CloudFront, and ALB. GCP uses Container Engine, Container Registry, Google Cloud Virtual Network, Cloud Load Balancing, Cloud DNS, Cloud Storage, and Cloud SQL.
An example diagram of an AWS Cloudformation template for an EKS cluster in ReleaseHub
ReleaseHub environments are built from an Application Template that runs many versions of your application simultaneously in a complete stack so you can test and view multiple branches of code and ideas in parallel.
The production deployment of applications is straightforward because the development Application Templates vary only slightly in terms of Environment variables. Since multiple production environments differ only slightly for individual customer needs, private application customers can run their own version of an application in their accounts for privacy, security, or regulatory requirements.
ReleaseHub uses AWS Certificate Manager (ACM) with DNS validation enabled to issue secure SSL Certificates for applications. This process is clear if the subdomain is configured in Route53 in the same account and the zone is publicly available. In some cases, exceptions need to be made to validate the certificates manually:
- For AWS GovCloud accounts, Route53 has private-zone-only support. The ReleaseHub UI generates the validation records to be inserted into the public zone to validate the certificate request. A DNS CNAME record is created and ACM then validates the certificate.
- Similarly, AWS or GCP accounts with private zones need to copy the validation records from the ReleaseHub UI and create a DNS CNAME record in the public zone.
- In cases where public DNS zones do not exist, a fake public zone can be created to validate CNAME records. This is not recommended, but will work if the DNS domain is registered, owned by the end user, and valid. ReleaseHub provides detailed support in these situations.
ReleaseHub applications and environments deployed into your cloud account can be granted secure access to resources. The table below shows different ways to do this in AWS and GCP.
AWS Access Resource | Method | ReleaseHub Support |
|---|---|---|
VPN | VPN Gateway | Manually configured |
VPN/VPC Networking | Transit Gateway | Automatic |
VPC Networking | VPC Peering | Manually configured |
RDS Instances | VPC Peering | Manually configured |
AWS Services | Role Sessions | Terraform, Pulumi, etc. |
GCP Access Resource | Text | ReleaseHub Support |
|---|---|---|
VPC Networking | VPC Network Peering | Manually configured |
Cloud DB | Instance Level Access | Manually configured |
VPN | Cloud VPN | Manually configured |
ReleaseHub handles administration, support, and upgrades, and ensures smooth functioning of the infrastructure dedicated to running your applications. If you want more visibility into infrastructure for cost analysis, auditing, performance, or reliability reasons, there are several options available:
Visibility Required | Vendors or Technologies | ReleaseHub Support |
|---|---|---|
Application Performance Monitoring (APM) | Datadog, New Relic | Kubernetes Agents |
Metrics Collection | Datadog, Cloudwatch, Stackdriver | Kubernetes Agents and Integrations |
Log Collection and Analysis | Datadog, ELK, JournalD, ReleaseHub UI | Kubernetes Agents and Integrations |
Kubernetes drivers | Lens, K9s, Kubectl, Eksctl, Cloudshell | CLI and API |
Shell access to Pods and Containers | Lens, K9s, Kubectl, Cloudshell, ReleaseHub UI | CLI and API |
Alerting and Reporting | Datadog, New Relic | Kubernetes Agents |
Network Traffic Analysis and Reporting | Datadog, Thousand Eyes | Kubernetes Agents |
ReleaseHub environments can be run on any valid zone if certificates and DNS records exist.
Last modified 1mo ago