I need your help in explaining to our executives how environment separation is currently implemented in Qovery. We currently dedicate a separate environment per customer, How is each environment kept separate from other environments?
Also, can you please share on how Qovery sets up and stores environment-level variables and secrets to ensure they are only accessible within that one environment?
Thanks for asking. First, I’d recommend you to read this thread which brings some elements.
And to complete this thread, each environment on Qovery are running into a specific cluster (that you define at the creation) and separate Kubernetes namespace.
So each environment that you create can be isolated at the different level - virtually and physically.
Virtual isolation: you are using the same cluster and create multiple environments. So each environment are running on the same cluster but into different namespaces.
Physicall isolation: you are using a dedicated cluster per environment. Each environment are really isolated and can’t communicate with each other.
Ok, now to respond to your question about the environment variables. In both case, environment variables are only accessible to their respective namespace. So they are completely isolated
So your environment X cannot not get access to the variable of environment Y.