Skip to content

How to set up a production environment on Coherence

This guide demonstrates how to set up a production environment in Coherence. It explains environment types and collections and provides you with a step-by-step process to ensure your application is deployed securely and efficiently.

Environment types and collections

Before we begin, it's important to understand two key concepts:

  1. Environment types: Coherence offers different environment types, such as development, staging, and production environments. Each type has specific characteristics tailored to its purpose. Production environments have additional safeguards and are optimized for performance and reliability. See the environment type documentation for more information.

  2. Environment collections: In Coherence, a collection is a group of environments, typically associated with a specific cloud account or project. Collections allow you to organize and manage your environments effectively.

How to set up a production environment

There are seven steps to setting up a production environment.

1. Add a cloud account for production

The first step is to decide whether you want to use a separate cloud account for production or create a new collection within an existing account. You can read about our perspective on AWS on our blog.

A separate account:

  • is the recommended choice for enhanced security and isolation
  • requires you to create a new account, dedicated to production, in Google Cloud Platform (GCP) or Amazon Web Services (AWS)
  • provides the strongest isolation for identity and access management (IAM) and billing

A new collection in an existing account:

  • will isolate the virtual private cloud (VPC)
  • won't provide as much separation for IAM and billing as a separate account would

Once you've made your choice, navigate to your cloud dashboard and retrieve the ID of the account you will use for production.

2. Create a new collection

  1. In the Coherence dashboard, click Create collection. If you've already created a collection, click on the dropdown menu to the right of the collection name and select New collection.
  2. Name your collection (for example, "Production").
  3. When setting up the cloud account configuration, use the account ID you retrieved in Step 1.

3. Add a production environment

  1. Within your new collection, click New environment.
  2. Name it, and choose Production as the environment type.
  3. Go to an existing environment that has the services you want to add (for example, your Staging environment) and copy the cnc.yml configuration into the cnc.yml tab in the new production environment. This will save you time during setup.

4. Provision infrastructure

  1. Navigate to the Provisioning tasks tab for your new production collection.
  2. Click Start new task to begin provisioning the infrastructure defined in your cnc.yml.
  3. Monitor the progress and address any errors that may occur during provisioning.

5. Configure collection-level settings

  1. Go to the Variables tab of your production collection.
  2. Click New variable and add any production-specific configurations and secrets.
  3. For the bulk import of variables and secrets:
  4. click on Bulk import
  5. paste your variables in the provided format or upload a file

6. Set up role-based access control

Coherence implements role-based access control for production deployments. Follow these steps to set it up:

  1. Navigate to the Members tab in your Application settings.
  2. Ensure that only trusted team members have the "Admin" or "Release Manager" roles.
  3. Regular members won't have the ability to deploy to production environments.

7. Deploy your application

One way to deploy your app to the production environment is to track a branch in your repository:

  • In the settings for each service, you can specify a branch to track (for example, "main" or "production").
  • Coherence will automatically deploy new commits to this branch.

Alternatively, you could use a manual deployment via the Coherence UI:

  • Navigate to the Build tab for the environment and use the New build button.
  • You can choose the services and build code that you require for each deployment.
  • For example, you can deploy from a hotfix branch when needed (instead of the usual production branch). You can also deploy a subset of services at any time, based on the code or configuration changes you need.

Or you could use a scripted deployment via the Coherence CLI:

  • Integrate this into your CI/CD pipeline for more control.

Example CLI command for deployment:

cocli environments deploy $YOUR_PROD_ENV_ID '{
          "services": [
            {
              "name": "your-service-name",
              "branch_name": "main",
              "commit_sha": "${{ github.sha }}"
            }
          ],
          "configure_infra": false
        }'

Remember, only users with "Admin" or "Release Manager" roles can execute deployments to production environments.

Best practices

  1. Always test your app in a staging environment before deploying to a production environment.
  2. Use different branches for different environments (for example, "main" for production and "develop" for staging).
  3. Implement proper access controls, limiting who can deploy the app to production.
  4. Regularly review and audit the configuration of your production environment, as well its access logs.
  5. Use the role-based access control feature to ensure only authorized team members make changes to production.

By following these steps, you'll have a robust production environment set up in Coherence, ready to host your application with the necessary safeguards, optimizations, and access controls in place.