Is it possible to implement architectural schemes in Russian clouds that are standard for Western providers

Disclaimer #3
Speaking of the Terraform provider, we will always talk about the provider with the name -terraform-provider (not about openstack).

Part One – Comparative

To conduct a comparative analysis of the services that cloud services provide us, it makes sense to define a “mandatory minimum” for a basic set, grouping these services as follows:

• runtime,
• networks, balancing, security,
• data storage.

Runtime

Based on what AWS offers us, we can distinguish four main services, namely:

• virtual machines,
• containerized application runtime (AWS ECS),
• managed Kubernetes,
• serverless.

At the same time, we will additionally see if providers provide us with a Container Registry and whether it is configured through Terraform (both for working with the environment for launching individual containers, and for working with k8s).

So:

• absolutely all providers provide the basic minimum required for the operation of any web project – virtual machines (with video cards if necessary) and managed K8s.
• the ability to configure resources through Terraform is maximally represented by Yandex.
• serverless computing is represented by almost all providers (except VKCS).

From interesting:

• Selectel also provides MacOS-based virtual machines, which will be useful for IOS/MacOS software developers.
• SberCloud provides a service for launching applications on any programming language called Service Stage (similar to AWS Elastic Beanstalk Service / Google App Engine), which will be useful for testing various projects without worrying about organizing the working environment.

Networks, balancing, security

The following important set of services:

• virtual private cloud organization
• DNS
• CDN
• SSL
• API Gateway
• Load Balancing
• Security (WAF, DDoS-protection, Security issues)

Based on the data presented above, we can confidently say that all cloud providers provide the necessary set of networking/security services for your applications, but, unfortunately, not all of them are fully represented in Terraform providers for organizing infrastructure using the IaaC approach.

Separately, it is worth noting that all providers provide a fairly wide range of security services, up to searching for vulnerabilities in docker images stored in containers’ registry. However, the CDN provided by SberCloud was in the preview state at the time of the comparison, and it was not possible to fully test it on a real load.

Database. Object storage

The last important section of services are solutions for organizing data storage, both in databases and in object / file storages (for example, AWS S3). What exactly do we need:

• object storage (S3 compatible),
• managed RDS (MySQL, PostgreSQL),
• document-oriented databases (like MongoDB),
• Database for organizing search engines (like Elasticsearch),
• TSD,
• Key/value storage, in-memory DB (like Redis, Memcached).

Intermediate conclusions

• all providers provide the basic minimum of data organization services required in 99% of cases for any web project, namely, managed MySQL/PostgreSQL and S3-compatible storage;
• some providers do not provide only one service presented by us in the comparison list – most often it is TSDB or a system for organizing a search engine;
• not all providers provide Terraform resources for configuring these resources via IaaC;
• the maximum set of “total-total” for Yandex.Cloud;
• In my opinion, it is not very convenient to work with all repositories through one service/configuration of DBaaS from Selectel.

Part two – practical

After comparing the capabilities and the set of solutions provided by Russian cloud providers, let’s try to deploy a typical web project, which will consist of the following components:

• frontend: a SPA (Angular) application deployed in an s3 bucket in static website hosting mode, with an additionally configured CDN on top of the bucket.
• backend: Nest.js application deployed in managed K8S.
• data storage: managed PostgreSQL as the main database + managed Redis for storing caches, user sessions, etc.
• downloadable custom content: S3 bucket with additionally configured CDN, presigned-urls at the bucket level / signed-urls at the CDN level to serve private downloadable content.

We will also try to deploy the infrastructure for our project using both the regular Terraform provider and the Openstack provider), and if configuration is not possible through Terraform, we will configure the infrastructure “by hand” through the cloud provider’s web console).

Conclusions after deploying the front-end application:

• All cloud providers allow you to deploy a SPA application through an S3 bucket, and almost all (with the exception of SberCloud) allow you to additionally configure content distribution via CDN for this bucket.
• Only Yandex.Cloud and SberCloud were configured through Terraform, all other configurations were done by hand.
• Presigned-urls are provided only by Yandex and Selectel.
• Signed-urls for CDN are not available in any of the providers.
• Even when setting the TTL for Yandex’s CDN cache to the minimum allowable value, configuration changes are picked up for a very long time.
• With full observance of the documentation points when configuring the S3-bucket + CDN bundle with VKCS, we got a non-working site (an error in accessing data between the bucket and CDN).
• Creating an SSL certificate for the CDN at Yandex.CLoud had to be “kicked” by hand from the web console.

Conclusions after configuring the infrastructure and deploying our backend application:

• In all services, it was possible to implement the infrastructure and deploy the application by 100%.
• The infrastructure in Yandex.Cloud and SberCloud was FULLY configured using a regular Terraform provider.
• In VKCS, through Terraform, it was possible to launch only the database and K8s, the rest of the infrastructure had to be set up “by hand”.
• The infrastructure in Selectel was configured through a combination of native and openstack Terraform providers.
• Outdated/non-working examples were found in the documentation from VKCS, which can mislead novice engineers in the infrastructure setup process.

Final picture

The comparative analysis carried out, both in terms of the set of services provided, and in terms of the possibility of implementing various architectural patterns in the cloud, led us to the following results:

• The “honorable first place” is occupied by Yandex.Cloud: the widest range of services, excellent documentation, almost complete infrastructure coverage by the Terraform provider.
• The rest of the cloud providers do not lag behind, but they have room to develop, what services to add and how to refine their Terraform providers (openstack is not a panacea).
• 95% successful implement the familiar architectural schemes that we used when working with AWS.

I admit that such an analysis covered only a small part of what one has to deal with when working with clouds. In the following articles I want to talk about:

+ administration tools (monitoring, logs, backups),
+ tools for working with analytics, queues, bigdata, ML.

PS
This article deliberately did not consider billing and everything else related to the cost of services of Russian cloud providers, since the main goal was to compare their functionality, and not the potential costs of users.