More cloud fun here with a 3 tier Webapp and use of cloud native services, let’s get started and have a look at the architecture I propose
We have a presentation layer made out of HTML & JS stored in a Bucket that you access through the API gateway as a static website. I follow the method described here, it is straight forward with one remark though, which is to not forget to change the metadata of the file being uploaded to the bucket with Content-Type: text/html; otherwise when you access the URL files will get downloaded instead of being displayed by the browser, see below. For some reason all objects uploaded by me on the bucket get the default value Content-Type: application/octet-stream which causes the issue.
Once done with the previous step your website can just be fetched and now runs from your browser. Your browser then talks to the API gateway again but through a different “deployment” inside the API gateway, which is a logical way of grouping APIs and Routes. I had some difficulties with routes figuring out CORS Origins, allowed methods and headers and as such I recommend that you start with a wildcard in these for a lab – if like me you are sure of what you are doing. Please note In production you should never ever leave wildcards β always restrict origins and methods. Also, I recommend you use the browser in development mode, as it will help you in the debugging process.
The API gateway then redirects requests to my python back end on a private subnet running a Flask APP – code here – the objective is to map each of your OCI gateway routes to the flask app routes on the back end e.g.
@app.route("/update_product", methods=["POST"])Finally, the python code runs SQL commands and reaches MySQL on another private subnet where the database is located, the idea is to have a well segmented architecture in order to be able to make better sense of security and firewall rules. I assume on this blog that you have a good understanding of security lists on OCI and firewall on Linux which you will have to deal with.
If we imagine this app a personal app or mock-up, and think now in terms of backup strategy, I suggest to use volume clones for the backend VM and some automated backups on MySQL which are all easily managed from OCI.
On a side note, what does my wonderful app do? Two things, you can register products and list their prices – and that’s it – of course itβs not advanced β the real point is the layered architecture π If you want to copy the code the repo is here, and you can always make a pull request if you feel like it. π
If we come back to the architectural topic, originally I was not aware of the trick of having a combination of API gateway and Object storage to store my static website and this is what I had in mind before optimisation.
Downside would be that you would have to pay for the Frontend machine and Load balancer, which we would probably want to avoid.
Finally one last thing, I use the vault service to import secrets in my code back-end in order to keep the secret, secret, like so:
def get_secret():
##blabla...
encoded_secret = response.data.secret_bundle_content.content
secret = base64.b64decode(encoded_secret).decode("utf-8")
return secretThe goal here is to show how cloud native services can be combined into a simple, secure 3-tier architecture. I hope you enjoyed it and talk soon!