Designing Cloud Island

Building infrastructure in New Zealand

Aurynn Shaw
June 10, 2020

At the beginning of the COVID-19 lockdown, Eiara resumed work on Cloud Island, a Mastodon1 instance hosted entirely within New Zealand. We built out an entire deployment infrastructure toolchain for Catalyst Cloud instead of relying on overseas clouds like AWS or Azure. We did this to show that it’s possible to build for New Zealand first and foremost. This ensures that system performance prioritises Kiwis, as well as keeping our personal data within New Zealand.

Keeping our data in New Zealand was always a critical part of this project. Instead of letting our data go overseas, we worked to ensure data sovereignty; document exactly what happens when we upload to a social network; and rely on New Zealand’s strong privacy laws. We can be confident that the electricity our cloud provider uses is sustainable and ecologically friendly, and avoid the dirty power generation in Australia.

It’s taken 5000 lines of Terraform to build everything to our reliability and security standards. This code does everything from defining standard network topologies and access controls to helpers for database and instance setup.

It’s been quite a journey for us. Here’s some details on how we implemented Cloud Island’s infrastructure, and how we hope to use our expertise and tools to help other New Zealanders keep their web applications and data in New Zealand.

Servers

Mastodon uses a microservice architecture with the following components:

  • Two web services, the main web application and the streaming API service,
  • A background task processor,
  • a Postgres database server,
  • a Redis database server, and
  • an Elasticsearch database server.

Additionally, we’ve added a monitoring server running Grafana and Prometheus, and a standard SSH Bastion server.

Network Topology

Cloud Island, and the Eiara toolkit, use the standard pattern of a public/private subnet split.

In AWS, this would be represented as two subnets in a single VPC, with the public subnet being linked directly to the Internet Gateway and the private subnet using a Network Address Translation service. This alleviates some security concerns by keeping database servers from being directly accessible from the internet. It also separates concerns, reminding developers to restrict access to critical services.

Catalyst Cloud operates somewhat differently. Instead of a VPC, the core networking metaphor is a Network. Each Network can contain multiple subnets as normal, but the network as a whole is routed to the internet. This means that, if a network is routed externally, any instance in that network can be assigned a public IP address.

Cloud Island builds a VPC-esque networking structure by using two Catalyst Cloud Networks. The private network routes to the public network, and from there to the internet at large. This prevents public IP addresses from being assigned to servers in the private zone and retains the logical separation of concerns.

Deployment via Docker

Docker allows for the seamless deployment and management of a wide variety of tools and applications by reducing the complexity of dependency management. For all of the Mastodon components, Elasticsearch, and Grafana+Prometheus, we’re using Docker as our runtime.

The Mastodon project provides prebuilt Docker images which include their preferred Ruby interpreter, as well as an example docker-compose.yml file that illustrates how to get a Mastodon instance running. It even includes health checks and provides a common, easily understood foundation without restricting further growth of the service over time.

Logging and Monitoring

Monitoring is a vital part of any deployment, and we’ve included it in Cloud Island from day one.

Each server uses collectd for statistics collection and feeds that data into Prometheus. Prometheus is then queried by our monitoring dashboard, Grafana.

Pre-baked Images

Docker, collectd, and other cross-server infrastructure components were installed into a pre-built common server image with Packer.

This common platform makes it trivial to deploy new services as needed. By relying on Docker today, we’ve set ourselves up to upgrade to a distributed runtime like Kubernetes further down the line.

A Complete Design

We’re really proud of how much of the Cloud Island infrastructure is built and hosted entirely in New Zealand. We’re thrilled to keep our technology infrastructure local and show how we can build robust and scalable applications without reaching for AWS or Azure.

If you want to deploy your applications into the Catalyst Cloud and take advantage of our great local technologies, we’d be thrilled offer you our tooling and expertise.


  1. A federated social networking service, similar in functionality to Twitter 


devops announcement social networking Catalyst Cloud New Zealand

© Eiara Limited