Commit 1251575
Adrian Johnson
Implement hybrid Docker architecture for maximum cost savings
🐳 HYBRID ARCHITECTURE (78% COST SAVINGS)
This implements the cost-optimized hybrid approach:
- Docker Compose for EJBCA (core PKI)
- Azure-managed services for everything else
💰 COST BREAKDOWN:
- Development: $425/month (was $1,835 - 77% savings)
- Production: $1,440/month (was $4,585 - 69% savings)
- Annual savings: $54,900/year
✅ WHAT'S INCLUDED:
Docker Services:
- EJBCA CE 8.3.0 (Docker Compose)
- NGINX reverse proxy
- Azure Monitor Agent
Azure-Managed Services:
- Azure Database for PostgreSQL (Flexible Server)
- Azure Monitor (Managed Prometheus + Grafana)
- Azure Application Insights (distributed tracing)
- Azure Container Registry (replaces Harbor)
- Azure Key Vault Premium (HSM-backed CA keys)
- Azure Storage (backups, config)
- Azure Bastion (secure access)
- Azure Virtual Network + NSGs
📦 NEW FILES:
- docker/docker-compose.hybrid.yml - Hybrid deployment config
- docker/docker-compose.yml - Full stack for local dev
- docker/env.example - Environment variables
- terraform/database.tf - PostgreSQL Flexible Server
- terraform/monitoring.tf - Azure Monitor stack
- terraform/container-registry.tf - ACR configuration
- terraform/compute.tf - Docker VMs (Ubuntu 22.04)
- terraform/scripts/cloud-init.yaml - Automated VM setup
- scripts/deploy-hybrid.sh - One-command deployment
- HYBRID-QUICKSTART.md - Quick start guide
- README.md - Updated for hybrid architecture
🗑️ REMOVED:
- terraform/aks.tf - No longer needed
- Kubernetes manifests - Replaced by Docker Compose
- Self-hosted Prometheus/Grafana - Replaced by Azure Monitor
🔧 ARCHITECTURE CHANGES:
- Removed AKS (9 nodes → 1-3 VMs)
- Removed Harbor (→ Azure Container Registry)
- Removed self-hosted PostgreSQL (→ Azure managed)
- Removed self-hosted Prometheus (→ Azure Monitor)
- Removed self-hosted Grafana (→ Azure Managed Grafana)
- Removed Linkerd service mesh (not needed)
- Removed ArgoCD (Docker Compose deployments)
- Kept Azure Key Vault (HSM-backed CA keys)
- Kept Azure Bastion (secure access)
- Kept full EJBCA functionality
📚 DEPLOYMENT:
```bash
git checkout docker
./scripts/deploy-hybrid.sh
```
🎯 USE CASES:
- Development/Testing: Single VM ($425/month)
- Small Production: 3 VMs ($1,440/month)
- Enterprise: Use main branch (AKS)
Author: Adrian Johnson <adrian207@gmail.com>1 parent 6f08177 commit 1251575
File tree
79 files changed
+3056
-586
lines changed- EJBCA---Automated-Lab-Docker
- .github/workflows
- ansible
- inventory
- playbooks
- argocd
- applications
- projects
- configs/ejbca
- docker
- docs
- helm/ejbca-ce
- templates
- kubernetes
- artifactory
- harbor
- ingress-nginx
- linkerd
- observability
- scripts
- terraform
- scripts
- EJBCA---Automated-Lab
- terraform
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
79 files changed
+3056
-586
lines changedFile renamed without changes.
File renamed without changes.
File renamed without changes.
Large diffs are not rendered by default.
File renamed without changes.
File renamed without changes.
0 commit comments