Skeet: Edge-Native Web Framework

This Document is for Skeet v1.

Deploy for Production - GraphQL

In this chapter, we will create a VPN, configure load balancers, network security, routing, domain settings, etc. Make the necessary settings for the production environment and deploy the application.

画像

Things to prepare in advance

For this chapter, in addition to the application created in the tutorial, you will need:

  • Domain to set for load balancer

    Have a domain that allows you to change nameservers.

  • GitHub account

    Prepare a GitHub account and perform login authentication. The skeet init command creates a GitHub repository and Deploy with GitHub Actions is configured.

Login GitHub CLI Auth

bash
$ gh auth login

Update Auth/Http instance options

In the tutorial we created an HTTP instance, In order to allow access from the load balancer in a private network environment in the production environment,

Change the option to use from publicHttpOption to privateHttpOption.

functions/skeet/routings/http/createStreamChatMessage.ts

typescript
import { privateHttpOption } from '@/routings'
export const createStreamChatMessage = onRequest(
  { ...privateHttpOption, secrets: [chatGptOrg, chatGptKey, SKEET_GRAPHQL_ENDPOINT_URL] },
  async (req: TypedRequestBody<CreateStreamChatMessageParams>, res) => {

functions/skeet/routings/auth/authOnCreateUser.ts

typescript
import { privateHttpOption } from '@/routings'
export const authOnCreateUser = functions
  .runWith({
    ...authPrivateOption,
    secrets: [DISCORD_WEBHOOK_URL, SKEET_GRAPHQL_ENDPOINT_URL],
  })

Deploy for Production with Skeet Init command

Configure the following settings with the Skeet init command.

  • Select Project ID
  • Region selection
  • Firebase login
  • Specify GitHub repository name
  • Nameserver domain settings
  • Load balancer subdomain settings
bash
$ skeet init

This command

  • Create a GitHub repository
  • Commit/push to GitHub repository
  • Configure Actions for GitHub repositories
  • Configuring secrets for GitHub repositories
  • Google Cloud IAM settings
  • Setting up Google Cloud DNS
  • Setting up Google Cloud SQL
  • Configure Google Cloud Load Balancer
  • Configure Google Cloud Armor
  • Configuring Google Cloud VPC Network
  • Configure Google Cloud VPC Subnet Network
  • Configure Google Cloud VPC Connector

automatically.

Once configured, you will see the nameserver domain settings in the console log.

bash
🚸 === Copy & Paste below nameServer addresses to your DNS Setting === 🚸

ns-cloud-a1.googledomains.com.
ns-cloud-a2.googledomains.com.
ns-cloud-a3.googledomains.com.
ns-cloud-a4.googledomains.com.

👷 === https will be ready in about an hour after your DNS settings === 👷

✔ You are all set 🎉

📗 Doc: https://skeet.dev

Setting nameservers

Set the four records displayed above to your domain's nameservers. The domain settings will be reflected in about 30 minutes to 2 hours after the settings are completed. (depending on your nameserver settings)

You have now completed your first deployment.

Let's go to https://lb.your-domain.com/root.

json
{
  "status": "success",
  "message": "Skeet Backend is running!",
  "body": {}
}

is displayed, it is successful.

Adding and synchronizing routes

If you added endpoints, you'll need to synchronize routing after deployment. This will update the load balancer settings.

bash
$ skeet sync routings

This command will

  • Create network endpoint groups
  • Create backend service
  • Add backend service
  • Apply security policy
  • Create URL map

is done automatically.

Add/Synchronize Cloud Armor

Sync the Cloud Armor configuration described in skeet-cloud.config.json.

skeet-cloud.config.json

json
{
  "app": {
    "name": "skeet-example",
    "projectId": "skeet-example",
    "region": "asia-northeast1",
    "appDomain": "skeeter.dev",
    "functionsDomain": "lb.skeeter.dev",
    "hasLoadBalancer": true
  },
  "cloudRun": {
    "name": "skeet-skeet-graphql-api",
    "url": "https://sql.skeet.dev",
    "cpu": 1,
    "maxConcurrency": 80,
    "maxInstances": 100,
    "minInstances": 0,
    "memory": "4Gi"
  },
  "db": {
    "databaseVersion": "POSTGRES_15",
    "cpu": 1,
    "memory": "3840MiB",
    "storageSize": 10,
    "whiteList": ""
  },
  "cloudArmor": [
    {
      "securityPolicyName": "skeet-skeet-example-armor",
      "rules": [
        {
          "priority": "10",
          "description": "Allow Your Home IP addresses",
          "options": {
            "src-ip-ranges": "your IP address",
            "action": "allow"
          }
        },
        {
          "priority": "300",
          "description": "Defense from NodeJS attack",
          "options": {
            "action": "deny-403",
            "expression": "evaluatePreconfiguredExpr('nodejs-v33-stable')"
          }
        },
        {
          "priority": "2147483647",
          "description": "Deny All IP addresses",
          "options": {
            "action": "deny-403"
          }
        }
      ]
    }
  ]
}

By default, only the currently connected global IP is allowed to communicate. Please change if necessary.

bash
$ skeet sync armors

A new Google Cloud Armor is created or updated.

Previous

Tutorial - GraphQL

Next

Basic Architecture - GraphQL