jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/examples/workspaces/cost-optimized/README.md

540 lines
14 KiB
Markdown
Raw Blame History

# Cost-Optimized Multi-Provider Workspace
This workspace demonstrates cost optimization through intelligent provider specialization:
- **Hetzner**: Compute tier (CPX21 servers at €20.90/month) - best price/performance
- **AWS**: Managed services (RDS, ElastiCache, SQS) - reliability without ops overhead
- **DigitalOcean**: CDN and object storage - affordable content delivery
## Why This Architecture?
### Cost Comparison
```bash
Cost-Optimized Architecture:
├── Hetzner compute: €72.70/month (~$78)
├── AWS managed services: $115/month
└── DigitalOcean CDN: $64/month
Total: ~$280/month
All-AWS Equivalent:
├── EC2 instances: ~$200+
├── RDS database: ~$150+
├── ElastiCache: ~$50+
├── CloudFront CDN: ~$100+
└── Other services: ~$50+
Total: ~$600+/month
Savings: ~$320/month (53% reduction)
```
### Architecture Benefits
**Hetzner Advantages**:
- Best price/performance for compute (€20.90/month for 4 vCPU/8GB)
- Powerful Load Balancer (€10/month)
- Fast networking (10Gbps)
- EU data residency (GDPR compliant)
**AWS Advantages**:
- Managed RDS: Automatic backups, failover, patching
- ElastiCache: Redis cluster with automatic failover
- SQS: Scalable message queue (pay per message)
- CloudWatch: Comprehensive monitoring
**DigitalOcean Advantages**:
- CDN: Cost-effective content delivery ($25/month)
- Spaces: Object storage at scale ($15/month)
- Simple pricing and management
- Edge nodes for regional distribution
## Architecture Overview
```bash
┌────────────────────────────────────────────────┐
│ Client Requests │
└─────────────────┬────────────────────────────────┘
│ HTTPS/HTTP
┌────────▼─────────┐
│ DigitalOcean │
│ CDN / Spaces │
└────────┬─────────┘
┌────────────┼────────────┐
│ │ │
┌────▼──────┐ ┌──▼────────┐ ┌─▼──────┐
│ Hetzner │ │ AWS │ │ DO │
│ Compute │ │ Managed │ │ CDN │
(Load LB) │ │ Services │ │ │
└────┬──────┘ └──┬────────┘ └────────┘
│VPN Tunnel │
┌────▼──────────▼────┐
│ Hetzner Network │ AWS VPC DO Spaces
│ 10.0.0.0/16 ◄──► 10.1.0.0/16 ◄──► nyc3
│ 3x CPX21 Servers │ RDS + Cache CDN +
│ │ + SQS Backups
└────────────────────┘
```
## Prerequisites
### 1. Cloud Accounts
- **Hetzner**: Account with API token
- **AWS**: Account with access keys
- **DigitalOcean**: Account with API token
### 2. Environment Variables
```javascript
export HCLOUD_TOKEN="MC4wNTI1YmE1M2E4YmE0YTQzMTQyZTdlODYy"
export AWS_ACCESS_KEY_ID="AKIA1234567890ABCDEF"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG+j/zI0m1234567890ab"
export DIGITALOCEAN_TOKEN="dop_v1_abc123def456ghi789jkl012mno"
```
### 3. CLI Tools
```bash
# Install and verify
which hcloud && hcloud version
which aws && aws --version
which doctl && doctl version
which nickel && nickel --version
```
### 4. SSH Keys
```bash
# Hetzner
hcloud ssh-key create --name provisioning-key
--public-key-from-file ~/.ssh/id_rsa.pub
# AWS
aws ec2 create-key-pair --key-name provisioning-key
--query 'KeyMaterial' --output text > provisioning-key.pem
chmod 600 provisioning-key.pem
# DigitalOcean
doctl compute ssh-key create provisioning-key
--public-key-from-file ~/.ssh/id_rsa.pub
```
## Deployment
### Step 1: Configure the Workspace
Edit `workspace.ncl`:
```nickel
# Update networking if needed
compute_tier.primary_servers = hetzner.Server & {
server_type = "cpx21",
count = 3,
location = "nbg1"
}
# Update AWS region if needed
managed_services.database = aws.RDS & {
instance_class = "db.t3.small",
region = "us-east-1"
}
# Update CDN endpoints
cdn_tier.cdn.endpoints = [{
name = "app-cdn",
origin = "content.example.com"
}]
```
Edit `config.toml`:
```toml
[cost_tracking]
monthly_budget = 300
budget_alert_threshold = 280
[application.cache]
max_memory = "250MB"
```
### Step 2: Validate Configuration
```toml
# Validate Nickel syntax
nickel export workspace.ncl | jq . > /dev/null
# Verify provider access
hcloud context use default
aws sts get-caller-identity
doctl account get
```
### Step 3: Deploy
```bash
chmod +x deploy.nu
./deploy.nu
# Or with debug output
./deploy.nu --debug
```
### Step 4: Verify Deployment
```bash
# Hetzner compute resources
hcloud server list
hcloud load-balancer list
# AWS managed services
aws rds describe-db-instances --region us-east-1
aws elasticache describe-cache-clusters --region us-east-1
aws sqs list-queues --region us-east-1
# DigitalOcean CDN
doctl compute cdn list
doctl compute spaces list
```
## Post-Deployment Configuration
### 1. Connect Hetzner Compute to AWS Database
```bash
# Get Hetzner server IPs
hcloud server list --format ID,PublicIPv4
# Get RDS endpoint
aws rds describe-db-instances --region us-east-1
--query 'DBInstances[0].Endpoint.Address'
# On Hetzner server, install PostgreSQL client
ssh root@hetzner-server
apt-get update && apt-get install postgresql-client
# Test connection to RDS
psql -h app-db.abc123.us-east-1.rds.amazonaws.com
-U admin -d postgres -c "SELECT now();"
```
### 2. Configure Application for Services
```toml
# Application configuration file
cat > /var/www/app/.env << EOF
DATABASE_HOST=app-db.abc123.us-east-1.rds.amazonaws.com
DATABASE_PORT=5432
DATABASE_USER=admin
DATABASE_PASSWORD=your_password
DATABASE_NAME=app_db
REDIS_HOST=app-cache.abc123.ng.0001.euc1.cache.amazonaws.com
REDIS_PORT=6379
SQS_QUEUE_URL=https://sqs.us-east-1.amazonaws.com/123456789/app-queue
CDN_ENDPOINT=https://content.example.com
SPACES_ENDPOINT=https://app-content.nyc3.digitaloceanspaces.com
SPACES_KEY=your_spaces_key
SPACES_SECRET=your_spaces_secret
ENVIRONMENT=production
EOF
```
### 3. Setup CDN and Object Storage
```bash
# Configure Spaces bucket
doctl compute spaces create app-content --region nyc3
# Get Spaces endpoint
doctl compute spaces list
# Configure CDN endpoint
doctl compute cdn create --origin content.example.com
# Upload test file
aws s3 cp test.html s3://app-content/
```
### 4. Configure Application Queue
```toml
# Get SQS queue URL
aws sqs list-queues --region us-east-1
# Create queue if needed
aws sqs create-queue --queue-name app-queue --region us-east-1
# Test queue
aws sqs send-message --queue-url https://sqs.us-east-1.amazonaws.com/123456789/app-queue
--message-body "test message" --region us-east-1
```
### 5. Deploy Application
SSH to Hetzner servers:
```bash
# Get server IPs
SERVERS=$(hcloud server list --format PublicIPv4 --no-header)
# Deploy to each server
for server in $SERVERS; do
ssh -o StrictHostKeyChecking=no root@$server << 'DEPLOY'
cd /var/www
git clone https://github.com/your-org/app.git
cd app
cp .env.example .env
./deploy.sh
DEPLOY
done
```
## Monitoring and Cost Control
### Cost Monitoring
```bash
# Hetzner billing
# Manual via console: https://console.hetzner.cloud/billing
# AWS cost tracking
aws ce get-cost-and-usage
--time-period Start=2024-01-01,End=2024-01-31
--granularity MONTHLY
--metrics BlendedCost
--group-by Type=DIMENSION,Key=SERVICE
# DigitalOcean billing
doctl billing get
# Real-time cost status
aws ce get-cost-and-usage
--time-period Start=$(date -d '1 day ago' +%Y-%m-%d),End=$(date +%Y-%m-%d)
--granularity DAILY
--metrics BlendedCost
```
### Application Performance Monitoring
```bash
# RDS performance insights
aws pi describe-dimension-keys
--service-type RDS
--identifier arn:aws:rds:us-east-1:123456789:db:app-db
--start-time $(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%S)
--end-time $(date -u +%Y-%m-%dT%H:%M:%S)
--period-in-seconds 60
--metric db.load.avg
--partition-by Dimension
--dimension-group.group-by WAIT_EVENT
# ElastiCache monitoring
aws cloudwatch get-metric-statistics
--namespace AWS/ElastiCache
--metric-name CPUUtilization
--dimensions Name=CacheClusterId,Value=app-cache
--start-time $(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%S)
--end-time $(date -u +%Y-%m-%dT%H:%M:%S)
--period 300
--statistics Average
# SQS monitoring
aws sqs get-queue-attributes
--queue-url https://sqs.us-east-1.amazonaws.com/123456789/app-queue
--attribute-names All
```
### Alerts Configuration
```toml
# CPU threshold alert
aws cloudwatch put-metric-alarm
--alarm-name hetzner-cpu-high
--alarm-description "Alert when Hetzner CPU > 80%"
--metric-name CPUUtilization
--threshold 80
--comparison-operator GreaterThanThreshold
# Queue depth alert
aws cloudwatch put-metric-alarm
--alarm-name sqs-queue-depth-high
--alarm-description "Alert when SQS queue depth > 1000"
--metric-name ApproximateNumberOfMessagesVisible
--threshold 1000
--comparison-operator GreaterThanThreshold
# Cache eviction alert
aws cloudwatch put-metric-alarm
--alarm-name elasticache-eviction-rate-high
--alarm-description "Alert when cache eviction rate > 10%"
--metric-name EvictionRate
--namespace AWS/ElastiCache
--threshold 10
--comparison-operator GreaterThanThreshold
```
## Scaling and Optimization
### Scale Hetzner Compute
Edit `workspace.ncl`:
```nickel
compute_tier.primary_servers = hetzner.Server & {
count = 5, # Increase from 3
server_type = "cpx21"
}
```
Redeploy:
```bash
./deploy.nu
```
### Upgrade Database
```bash
# Modify RDS instance class
aws rds modify-db-instance
--db-instance-identifier app-db
--db-instance-class db.t3.medium
--apply-immediately
--region us-east-1
```
### Add Caching Layer
Already configured with ElastiCache. Optimize by adjusting:
```toml
[application.cache]
max_memory = "512MB"
eviction_policy = "allkeys-lru"
```
### Increase Queue Throughput
SQS automatically scales. Monitor with:
```bash
aws sqs get-queue-attributes
--queue-url https://sqs.us-east-1.amazonaws.com/123456789/app-queue
--attribute-names ApproximateNumberOfMessages
```
## Cost Optimization Tips
1. **Hetzner Compute**: CPX21 is sweet spot. Consider CX21 for lower workloads
2. **AWS RDS**: Use t3.small for dev, t3.medium for prod with burst capability
3. **ElastiCache**: 2 nodes with auto-failover. Monitor eviction rates
4. **SQS**: Pay per request, no fixed costs. Good for variable load
5. **DigitalOcean CDN**: Cache more aggressively (86400s TTL for assets)
6. **Spaces**: Use lifecycle rules to delete old files automatically
### Cost Reduction Checklist
- Reduce Hetzner servers from 3 to 2 (saves ~€21/month)
- Downgrade RDS to db.t3.micro for dev (saves ~$40/month)
- Reduce ElastiCache nodes from 2 to 1 (saves ~$12/month)
- Archive old CDN content (savings from Spaces storage)
- Use reserved capacity on AWS (20-30% discount)
Potential total savings: ~$100+/month with right-sizing.
## Troubleshooting
### Issue: Hetzner Can't Connect to RDS
**Diagnosis**:
```bash
# SSH to Hetzner server
ssh root@hetzner-server
# Test connectivity
nc -zv app-db.abc123.us-east-1.rds.amazonaws.com 5432
```
**Solution**:
- Check VPN tunnel is active
- Verify RDS security group allows port 5432 from Hetzner network
- Check route table on both sides
### Issue: High Database Latency
**Diagnosis**:
```bash
# Check RDS performance
aws pi describe-dimension-keys --service-type RDS ...
# Check network latency
ping -c 5 app-db.abc123.us-east-1.rds.amazonaws.com
```
**Solution**:
- Upgrade RDS instance class
- Increase ElastiCache size to reduce database queries
- Check network bandwidth between providers
### Issue: Queue Processing Slow
**Diagnosis**:
```bash
# Check queue depth and age
aws sqs get-queue-attributes
--queue-url <queue-url>
--attribute-names All
```
**Solution**:
- Scale up application servers processing queue
- Reduce visibility timeout if messages are timing out
- Check application logs for processing errors
## Cleanup
```bash
# Hetzner
hcloud server delete hetzner-app-1 hetzner-app-2 hetzner-app-3
hcloud load-balancer delete app-lb
# AWS
aws rds delete-db-instance --db-instance-identifier app-db --skip-final-snapshot
aws elasticache delete-cache-cluster --cache-cluster-id app-cache
aws sqs delete-queue --queue-url https://sqs.us-east-1.amazonaws.com/123456789/app-queue
# DigitalOcean
doctl compute spaces delete app-content
doctl compute cdn delete cdn-app
doctl compute droplet delete edge-node-1 edge-node-2 edge-node-3
```
## Next Steps
1. Implement application logging to CloudWatch
2. Set up Hetzner monitoring dashboard
3. Configure auto-scaling based on queue depth
4. Implement database read replicas for read-heavy workloads
5. Add WAF protection to Hetzner load balancer
6. Implement cross-region backups to Spaces
7. Set up cost anomaly detection alerts
## Support
For issues or questions:
- Review the cost-optimized deployment guide
- Check provider-specific documentation
- Monitor costs with: `aws ce get-cost-and-usage ...`
- Review deployment logs: `./deploy.nu --debug`
## Files
- `workspace.ncl`: Infrastructure definition (Nickel)
- `config.toml`: Provider credentials and settings
- `deploy.nu`: Deployment orchestration (Nushell)
- `README.md`: This file
Reference in New Issue View Git Blame Copy Permalink