Using projects to deploy a deployable architecture to multiple regions

This tutorial walks you through how to use projectsA collection of artifacts that define and manage resources and Infrastructure as Code deployments. to deploy two slightly different configurations of the same deployable architecture to two different regions.

Imagine you are a software developer for Example Corp enterprise. Your infrastructure architect discovered the Cloud automation for Code Engine deployable architecture, and your cloud automation engineering professional customized it to fully meet your business needs. The customized deployable architecture is used to automate the deployment of a containerized application on IBM Cloud Code Engine. The existing container image at icr.io/codeengine/helloworld is used as an example application. Now, you need to deploy the deployable architecture to multiple regions for local data storage and performance or high availability reasons to best support your application.

This tutorial uses a fictitious scenario to help you learn and understand how to use projects to deploy to multiple regions. As you complete the tutorial, adapt each step to match your organization's needs.

Before you begin

Set up your IBM Cloud account.
Create a customized deployable architecture called Example Corp's infrastructure and onboard it to a private catalog called Example Corp catalog.
Understand that completing this tutorial might result in costs to your account. Cloud automation for Code Engine was customized to create Example Corp's infrastructure. For more information about associated costs for using Code Engine, go to Pricing for Code Engine.
Make sure that you have the following access roles to create a project and permission to create the project tooling resources within the account:
- The Editor role on the IBM Cloud Projects service.
- The Editor and Manager role on the IBM Cloud® Schematics service
- The Viewer role on the resource group for the project
- Other roles that are required for specific resources in your deployable architecture. Cloud automation for Code Engine requires the Writer service access role that is scoped to all resources for the Code Engine service.
For more information about access and permissions, see Assigning users access to projects.
Set up an authentication method. You can use an API key that is stored in Secrets Manager or a trusted profile to authorize a deployment to your target account:
- Create a Secrets Manager service instance in your IBM Cloud account. To create a secret, you must have the Writer role or higher on the Secrets Manager service. After you create your secret instance, make sure that you select Other secret type to add an arbitrary secret. For information about creating an arbitrary secret, see Creating arbitrary secrets in the UI. Your arbitrary secret must contain the API key. The API key must be created in the target account that you want to deploy to. For more information, go to Using an API key with Secrets Manager to authorize a project to deploy an architecture.
- Create a trusted profile in the account that you want to deploy to. The trusted profile needs the ability to create a service ID, create and delete API keys for the service ID, and deploy the architecture. For more information, go to Using trusted profiles to authorize a project to deploy an architecture.

Create a project

Create a project where you can configure and deploy Example Corp's infrastructure.

In the IBM Cloud console, click the Navigation menu icon > Projects.
Click Create.
Name your project Example Corp infrastructure.
Add the following description to your project: Project to manage the different configurations and deployments of Example Corp's infrastructure.
Select Dallas as the region where the project data is stored.
Keep Default for the resource group.
Click Create.

Create an environment in your project

Now that your project is created, you're ready to create an environment to share values across configurations for easier deployments. The properties that you add to an environment are automatically added to configurations that are using that environment. For more information, see the benefits to using environments. In this tutorial, you add the authentication method to the environment so it can be reused in your project.

In the Example Corp infrastructure project, select Manage > Environments.
Click Create.
Name your environment Example Corp infrastructure dev.
Click Add > Add manually...
Select Authentication for the category.
Specify the authentication method that you set up in the before you begin steps. You can use an API key that is stored in Secrets Manager or a trusted profile.
Depending on which method you choose, either select the secret that contains your API key or provide the trusted profile ID.
Click Add to add the authentication method to the environment.
Click Save to save the environment.

Add a deployable architecture to a project

Before you can configure Example Corp's infrastructure, you need to find the deployable architecture in Example Corp catalog and add it to the Example Corp infrastructure project.

In the Example Corp infrastructure project, select Configurations > Create.
Use the catalog menu to open the private catalog called Example Corp catalog.
From the Type section, select Private products to filter the list of products.
Select Example Corp's infrastructure from the list of remaining products.
Select Add to project.
Change the configuration name to example-corp-us-south to indicate that you want to deploy the configuration in the US southern region.
Select Example Corp infrastructure dev as the environment.
Click Add.

You successfully added the deployable architecture to a project and are ready to define the configuration.

Configure the deployable architecture

In the Details section, review the information and make sure the Example Corp infrastructure dev environment is selected.
From the Security section, confirm that the correct authentication method is selected based on what you added to the environment.
During validation, a Code Risk Analyzer scan is run on your architecture, which includes a compliance scan based on a set of controls. Example Corp's infrastructure doesn't include any applicable controls, but you can set up your own attachment through Security and Compliance Center if you want to. For more information, see Configuring the architecture. Select Architecture default if you don't want to use your own attachment from Security and Compliance Center.
From the Configure architecture section, enter values for the required input variables for the deployable architecture configuration:
1. Enter us-south as the prefix to use for naming conventions.
2. Select Default as the existing_resource_group_name.
3. Select us-south as the region to deploy the resources.
Click Save.
Click Validate. The modal that is displayed provides more details about your in-progress validation.

If the validation fails, you can troubleshoot the failure. Or, an administrator on the IBM Cloud Projects service can review the results through the Schematics service and override the failure and approve the configuration to deploy anyway. However, make sure that the pipeline failed due to the Code Risk Analyzer scan and not because of a validation or plan failure. It is not recommended to override a failure that is flagged due to a validation or plan failure as the configuration cannot deploy successfully. For more information about security and compliance in projects, see Achieving continuous compliance as an enterprise.

During the configuration and deployment process, monitor your Needs attention items. The widget reflects any issue that occurs in your configurations.

Approve and deploy your first configuration

As an Editor on the IBM Cloud® Projects service, you can approve the configuration changes and deploy the configuration. It can be beneficial to deploy your first configuration to make sure that your changes work as expected. Then, if the deployment is successful, you can continue to create your second configuration.

You must address any outstanding Needs attention items on the Overview tab before you can approve and deploy your configurations.

From the Example Corp infrastructure project, select the Configurations tab.
Click the Options icon for example-corp-us-south > View last validation.
Add a comment with more details about the approval, and click Approve.
Click Deploy and wait for the deployment to finish.

Add and configure the second deployable architecture

Now that you configured and deployed your architecture to one region, you can duplicate it to deploy the architecture to another region.

From the Example Corp infrastructure project, select the Configurations tab.
Click the Options icon for example-corp-us-south > Duplicate. example-corp-us-south-copy-01 is added to your project.
Click the Options icon for example-corp-us-south-copy-01 > Edit.
From the Details section, click Edit and change the name of the configuration to example-corp-us-east.
From the Details section, make sure the Example Corp infrastructure dev environment is selected.
From the Security section, review the information that was pulled in from the environment that you created.
From the Configure architecture section, click Edit and enter values for the required input variables for the deployable architecture configuration:
1. Enter us-east as the prefix to use for naming conventions.
2. Select Default as the existing_resource_group_name.
3. Select us-east as the region to deploy the resources.
Click Save.
Click Validate. The modal that is displayed provides more details about your in-progress validation.

If the validation fails, you can troubleshoot the failure. Or, an administrator on the IBM Cloud Projects service can review the results through the Schematics service and override the failure and approve the configuration to deploy anyway. However, make sure that the pipeline failed due to the Code Risk Analyzer scan and not because of a validation or plan failure. It is not recommended to override a failure that is flagged due to a validation or plan failure as the configuration cannot deploy successfully. For more information about security and compliance in projects, see Achieving continuous compliance as an enterprise.

During the configuration and deployment process, monitor your Needs attention items. The widget reflects any issue that occurs in your configurations.

Approve and deploy your second configuration

After the validation completes, you can deploy your second configuration.

You must address any outstanding Needs attention items on the Overview tab before you can approve and deploy your configurations.

From the Example Corp infrastructure project, select the Configurations tab.
Click the Options icon for example-corp-us-east > Edit.
Click View details to view the last validation and approve the changes.
Add a comment with more details about the approval, and click Approve.
Click Deploy and wait for the deployment to finish.

Next steps

After the deployment successfully completes, your application is deployed in two separate regions. The two slightly different configurations are based on the same deployable architecture. To find the applications, go to the IBM Cloud console, click the Navigation menu icon Navigation Menu icon > Containers > Severless Projects.

Check out the next tutorial on Adding customizable options to Example Corp's infrastructure.