I need your help in explaining to our executives how environment separation is currently implemented in Qovery. We currently dedicate a separate environment per customer, How is each environment kept separate from other environments?
Also, can you please share on how Qovery sets up and stores environment-level variables and secrets to ensure they are only accessible within that one environment?
Thanks for asking. First, I’d recommend you to read
this thread which brings some elements.
We are wondering what would be the difference between:
Setting up multiples projects for each of our services
Setting up ONE project with all services in that project
Looking to understand better the pros/cons of each approach.
Context: We currently use Heroku and we are considering Qovery as an alternative. In Heroku, you don’t have separation between the following 3 entities: project/environment/application. The equivalent would be: pipeline/environmnet/app without the possib…
And to complete this thread, each environment on Qovery are running into a specific cluster (that you define at the creation) and separate Kubernetes namespace.
So each environment that you create can be isolated at the different level - virtually and physically.
Virtual isolation: you are using the same cluster and create multiple environments. So each environment are running on the same cluster but into different namespaces.
Physicall isolation: you are using a dedicated cluster per environment. Each environment are really isolated and can’t communicate with each other.
Ok, now to respond to your question about the environment variables. In both case, environment variables are only accessible to their respective namespace. So they are completely isolated
So your environment X cannot not get access to the variable of environment Y.
I hope it helps.