HomePricing
Search…
Welcome to Release
Getting started
Prepare to Use Release
Create Your Application
Guides and examples
Onboarding Guides
Example applications
Running Instances
Advanced guides
Reference documentation
Admin / Account Settings
Workflows in Release
Release Environment Versioning
Application Settings
End-to-End Testing
Environment Settings
Environment Expiration
Instant Datasets
Static Service Deployment
Helm
GitOps
The .release.yaml file
Docker Compose Conversion Support
Reference Examples
Release API
Background concepts
How Release Works
Frequently Asked Questions
AWS Support FAQs
Docker Support FAQs
JavaScript Support FAQs
Integrations
Integrations Overview
Source Control Integrations
CLI
Getting Started
Installation
Configuration
CLI Usage Example
Command Reference
Powered By GitBook
How Release Works
This guide is a deep technical discussion of how Release Environments as a Service and Private Applications work when deployed into your cloud account. The examples below mostly refer to AWS but full support for other clouds is available.

Prerequisites

You should have some familiarity with the other pages in the advanced section such as Using Datadog to Monitor Your Release Clusters, How Release Routes Traffic to Your Environments, and Configure access to your K8s cluster​

Step 1, Choose a Base Domain

Release environments get deployed underneath a subdomain for isolation and ease of deployment. Typically, Release environments get deployed into a subdomain like release.example.com where multiple environments would be reachable as serviceA-envA.release.example.com and serviceB-envA.release.example.com.
Another configuration that is common is to have so-called Wildcard Domains for both preproduction and production environments so that, for example *.service-A-envA.release.example.com and *.staging.example.com would work. The typical use-case for these environments is for categories or languages, for example, allowing us.staging.example.com or shoes.qa.example.com to work.
In the case of a private application deployed into a customer account, let's say that the application is called shoes and the customer is called buyer and the shopping website is shopping.com. Then the customer's private application URLs would usually be of the form shoes-buyer.release.shoppping.com. Custom domains of the form shoes.buyer.com would need an External DNS configuration as documented in that section.
It is possible in advanced configurations to have preproduction applications deployed into one subdomain (*.release.example.com) and production or staging environments deployed directly as www.example.com or staging.example.com as examples.
In any of the above cases, the configuration is handled by the Hostname field in the application template, which applies in either EAAS or Private Application templates.

Step 2, Spin up a Kubernetes Cluster

One of the most freeing parts of using Release is that environments and applications can be deployed without any underlying knowledge of the actual infrastructure that is required to run release. In case you do want to peek under the hood, however, we can tell you how we deploy clusters across cloud providers and regions.
  1. 1.
    Release offers several Cloud Integrations that allow our platform the ability to deploy code to your accounts. These integrations gain credentials that authorise Release to build infrastructure and deploy applications to your cluster. In the case of AWS and GovCloud, a CloudFormation Template creates an IAM role which securely allows our production account credentials to build and deploy infrastructure and code to your account. In the case of GCP, a project credential file allows Release to build and deploy code into the project of your choice.
  2. 2.
    For EAAS customers, a Cloud Integration can be configured for each cloud provider account, allowing customers to deploy across clouds and regions.
  3. 3.
    For Private Application customers, a Landing Page is designed for each installation which gains access to the customers' cloud account(s) so the application can be deployed into their account(s).
  4. 4.
    Given secure access to the cloud account, Release then spins up all the necessary buckets, Kubernetes cluster(s), and supporting infrastructure needed to support your application. In the case of AWS, several services are used including EKS, ECR, S3, Route53, VPC, RDS, DynamoDB, RDS, CloudFront, ALB, and more. In the case of GCP, several services are used including Container Engine, Container Registry, Google Cloud Virtual Network, Cloud Load Balancing, Cloud DNS, Cloud Storage, and Cloud SQL.
An example diagram of an AWS Cloudformation template for an EKS cluster in Release

Step 3, Deploy an Application

Release environments are all built from an Application Templatewhich allows many versions of an application to be run simultaneously in a complete stack. This allows multiple branches of code and ideas to be tested and viewed in parallel. Since the development application templates vary only slightly in terms of Environment Variables, the production deployment of applications becomes straightforward. And since multiple production environments differ only slightly from each other for individual customer needs, Private Applications allow different customers the ability to run their own version of an application directly in their own accounts for privacy, regulatory, or security requirements.

Step 4, Request SSL Certificates

Release uses AWS Certificate Manager (ACM) with DNS Validation enabled to quickly issue secure SSL certificates for applications. This process is normally transparent if the Subdomain for the EAAS or Private Application is configured in Route53 in the same account and the zone is publicly available. However, there are cases where some exceptions will need to be made to validate the certificates manually:
  1. 1.
    For AWS GovCloud accounts at the time of this writing, Route53 has private-zone-only support. Therefore, the Release UI will print out the validation records to be inserted into the public zone to validate the certificate request. A DNS CNAME record will be created and once propagated, ACM will validate the certificate.
  2. 2.
    Similarly, for AWS or GCP accounts with private zones created (for security or VPN access) will need to copy the validation records from the Release UI and create a DNS CNAME record in the public zone.
  3. 3.
    In the rare case where public DNS zones do not exist for some reason, a fake public zone can be created just to validate CNAME records. This is not recommended but it can work for obscure use cases as long as the DNS domain is registered, owned by the end user, and valid.
For any of the exceptions listed above, details will be provided for you via our support team.

Step 5, Configure Access to Your Datastores and Services

Because Release applications and environments are deployed into a customer cloud account, the application(s) can be granted secure access to resources within the cloud account. In the case of AWS, several options exist as shown in the table below. In the case of GCP, several options are listed in the table below that.
AWS Access Resource
Method
Release Support
VPN
VPN Gateway
Manually configured
VPN/VPC Networking
Transit Gateway
Automatic
VPC Networking
VPC Peering
Manually configured
RDS Instances
VPC Peering
Manually configured
AWS Services
Role Sessions
Terraform, Pulumi, etc.
GCP Access Resource
Text
Release Support
VPC Networking
VPC Network Peering
Manually configured
Cloud DB
Instance Level Access
Manually configured
VPN
Cloud VPN
Manually configured

Step 6, Monitor and Maintain Your Applications

Release handles all of the administration, support, upgrades, and smooth functioning of the infrastructure dedicated to running your applications. However, many customer want more visibility into the infrastructure for cost analysis, auditing, performance, or reliability reasons. And why not, the application is running inside the customer's own account! There are several options available for each use case, we recommend the following.
Visibility Required
Vendors or Technologies
Release Support
Application Performance Monitoring (APM)
Datadog, New Relic
Kubernetes Agents
Metrics Collection
Datadog, Cloudwatch, Stackdriver
Kubernetes Agents and Integrations
Log Collection and Analysis
Datadog, ELK, JournalD, Release UI
Kubernetes Agents and Integrations
Kubernetes drivers
Lens, K9s, Kubectl, Eksctl, Cloudshell
CLI and API
Shell access to Pods and Containers
Lens, K9s, Kubectl, Cloudshell, Release UI
CLI and API
Alerting and Reportin
Datadog, New Relic
Kubernetes Agents
Network Traffic Analysis and Reporting
Datadog, Thousand Eyes
Kubernetes Agents

Step 7, Customise Your DNS Entries

Release environments can be run on any valid zone if certificates and DNS records exist. Read Required setup for all externally hosted DNS providers​
Previous
Patch
Next - Frequently Asked Questions
AWS Support FAQs
Last modified 3mo ago
Copy link
Contents
Prerequisites
Step 1, Choose a Base Domain
Step 2, Spin up a Kubernetes Cluster
Step 3, Deploy an Application
Step 4, Request SSL Certificates
Step 5, Configure Access to Your Datastores and Services
Step 6, Monitor and Maintain Your Applications
Step 7, Customise Your DNS Entries