On Mon, Nov 28, 2022 at 02:24:14PM +0100, darknao wrote: > > > On 2022-11-28 01:32, Kevin Fenzi wrote: > > Some more I have thought on: > > > > E) a twist on A. We build and serve in openshift, but we stick > > cloudfront in front of it. This would solve the speed problems, but > > still would have the openshift down issue. > > I'm not familiar with Cloudfront, so I can't really comment on that one. > > > F) (this is a fun one :) How about looking into FCOS or RHEL for edge? > > In this model we would install ostree based vm's in the places we have > > proxies now and we would build the web content as a ostree ref and pull > > it from our registry (or quay.io). I think this would be fun, but > > probibly overkill/too much effort for just static content, but I thought > > I would throw it out there. > > That does sounds a bit overkill yes :) I'm not expert on the subject, but I > believe applying a new ostree ref requires a reboot to use it, right? yep. > I was considering something similar in the past: Build the websites into a > container image, then pull & extract the content on the proxies. > One downside to that is every build creates a new image (or at least a new > layer), that proxies will have to pull every time. > With rsync (or s3 sync) we only download what actually changes and save > bandwidth in the long run. Yeah, and if we run in a pod or a ostree setup, we have to duplicate the proxy stack (ie, httpd, varnish, etc), where as if we just copy the content we can leverage the existing software stack. > > > I like B... but possibly could be talked into C. > > > > The thing I don't like about C is that it has less visibility, if there > > was a problem, it would require someone from websites to fix, rather > > than possibly being something that anyone with access to openshift could > > fix. > > That's a valid point. > > I think I'll go with B as a starting point. We could always build from there > at a later time, as we see fit. Yeah, thats sounds good. We can always adjust, and B will still be a nice improvement, especially if we get it to sync on message (although we should be sure to have some manual way to force a 'sync now' too). kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
