←back to thread

DigitalOcean App Platform

(pages.news.digitalocean.com)
646 points digianarchist | 5 comments | 06 Oct 20 14:59 UTC | HN request time: 0.002s | source
Show context
user5994461 ◴[06 Oct 20 17:20 UTC] No.24700185[source]
I am so glad to see this. I was looking to deploy an app and the choice is either Heroku or manage your own server which I don't want to do.

Heroku gives instant deployment for the most common types of apps (python/java/ruby). It's PaaS done right, it's fantastic. You should really have a look if you're not aware of it, it's only $7 for a starter app.

Problem is, scaling up is about $50 per gigabyte of memory which makes it a dead end for anything non trivial. You're forced to go to digital ocean / Linode / OVH instead to have something affordable.

That leaves Digital Ocean as the only alternative (don't trust Linode) and it sucks because it only gives me a server to manage. I don't want to manage a server I want to run a (python) application. It's 2020 this sort of things should auto deploy from GitHub without bothering me to manage an operating system.

replies(19): >>24700693 #>>24700794 #>>24701039 #>>24702228 #>>24702633 #>>24702880 #>>24703398 #>>24703543 #>>24703620 #>>24704410 #>>24704873 #>>24705031 #>>24705668 #>>24706188 #>>24706382 #>>24707003 #>>24709134 #>>24716137 #>>24727185 #
stickfigure ◴[06 Oct 20 21:42 UTC] No.24702633[source]
Don't forget Google App Engine! Though, it's even more expensive than Heroku.
replies(2): >>24702673 #>>24703121 #
bastawhiz ◴[06 Oct 20 21:46 UTC] No.24702673[source]
Has GAE sorted out secrets management? Last I checked, they required you to commit secrets to the repo you push, which necessitates your secrets being on whatever computer (or whoever's computer) does production deploys. Contrast this with DO/Heroku/etc. which lets you set environment variables.

Some folks suggest using a DB to store secrets on GAE, but this is (IMO) just obfuscation.

replies(1): >>24702821 #
1. praet ◴[06 Oct 20 22:02 UTC] No.24702821[source]
Yes, they added Secret Manager early this year: https://cloud.google.com/secret-manager
replies(1): >>24702891 #
2. ypeter ◴[06 Oct 20 22:08 UTC] No.24702891[source]
And before this you could implement Cloud KMS in your app to decrypt the encrypted secrets you can store in your repo.
replies(1): >>24710494 #
3. bastawhiz ◴[07 Oct 20 17:22 UTC] No.24710494[source]
This still seems ridiculous. Why did I need to keep secrets in my repo to begin with? GAE, as far as I can tell, has been the only major PaaS that hasn't offered a solution for this. It's so easy to get wrong...it contradicts one of the biggest rules of version control: keep your secrets out of your repo.
replies(1): >>24723993 #
4. stickfigure ◴[08 Oct 20 21:10 UTC] No.24723993{3}[source]
There are a million ways to do it that don't require Google? Your CI system builds the production image, it can get secrets from anywhere.
replies(1): >>24732236 #
5. bastawhiz ◴[09 Oct 20 17:27 UTC] No.24732236{4}[source]
My CI system arguably shouldn't have access to production secrets any more than my developers' macbooks.