Senior DevOps (kubernetes webapp/Node/React/Postgre) migrate from Azure to Vercel - PT - WW

Our stack is Node + React (typescript) + Postgre. We're not using NextJS yet.

We're currently hosted on Azure and want to migrate away as Vercel's simplicity is seducing. Everything is containerized in kubes. Here's an overview of our devops architecture on Azure. We're keen to simplify as much as possible as I don't believe we need all that complexity. Let me know if you have any questions!

The components

1. arch-prod-elk-cluster is an AKS Kubernetes cluster we run all of our services in.
2. arch-prod-elk-server is an Azure Postgres Flexible Server instance that functions as our main database.
3. arch-prod-elk-cache is an Azure Cache for Redis instance that functions as our cache.
4. archprodelkstorage is an Azure Storage Account where all of our files, cache data, and database data files are stored securely.
5. archprodelkregistry is an Azure Container Registry that we use to store and serve container images to the kubernetes cluster.
6. archprodelkkeyvault is an Azure Key Vault that stores certificates and keys for this environment, so that services can talk to one another, and certificates can be served.
7. arch-prod-elk-vpn-gateway is an Azure VPN Gateway that facilitates VPN access to the private vnet that our services run in. When you are not connected to this VPN gateway, the only thing you can connect to is the web ports of the system (80, 443).

First-party

• api - Our API service, exposed at api.<domain>.
• homeowner - Our homeowner front-end app, exposed at homeowner.<domain>.
• installer - Our installer app, exposed at installer.<domain>.
• workers - Our asynchronous jobs service.

Third-party

• gateway - The Traefik gateway, which routes traffic from the outside world to the proper services.
• jobs-dashboard - A BullMQ dashboard, where you can see output and status of asynchronous jobs.
• maintenance - A small app that serves a maintenance page when services are down.
• files - A Minio instance we run locally when in local mode, and use as a gateway to Azure Blob Storage when in production mode.

Production-like-only

These services run only in production-like environments such as dev and prod.

• cert-manager - A service that manages certificates in the kubernetes cluster. This manages our SSL certs for our domains, which are then served via Traefik.
• metabase - A BI tool, for analysis of data in our database.
• namecheap-webhook-cert-manager - A webhook service that works with cert-manager to manage DNS entries for Let's Encrypt certificate challenges.

Tentative scope of work:

Frontend

• Environment Variables: move secrets to Vercel’s environment management, replacing Azure Key Vault for frontend.
• Traffic Management: replace Traefik with Vercel’s built-in routing.

API Layer

• Rewrite the api layer using Vercel serverless functions (api directory in Next.js).
• Keep asynchronous job processing (workers) separate if it handles long-running tasks.
• Database Connections: Move to managed serverless Postgres like Neon or Supabase (optional, we can keep our Azure db)

File Storage

• Migrate from Azure Blob Storage: opportunity to replace with Vercel’s integrations with cloud storage providers (whether we decide to keep it on Azure or use simpler ones like S3)
• MinIO: If using MinIO primarily as a gateway, assess if it’s needed post-migration or if direct storage APIs suffice.

Caching

• Vercel provides CDN to cache assets and edge middleware to cache responses to users
• Redis: not sure if we need caching at our current scale; there are opportunities to use managed instances there too (e.g., Upstash, Redis Cloud)

Workers

• Job Queues: move workers to a Vercel’s serverless functions ; shouldn’t need the dashboard anymore as all that would be available on vercel

Networking

• Private networking: we can drop components like arch-prod-elk-vnet, NAT Gateway, and VPN Gateway, simplifying private network management.
• DNS: manage domains and DNS directly through Vercel or our registrar (Namecheap integration available).

Certificates

• Replace cert-manager with Vercel’s built-in HTTPS and automatic certificate management.

BI

• Opportunity to rehost metabase on a managed service (e.g., Metabase Cloud)

Container Registry

• Drop archprodelkregistry as we might no longer need custom containers.
• Use Vercel’s deployment model to eliminate container management