d-bis/docs
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docs/INFRASTRUCTURE_DEPLOYMENT_GUIDE.md
defiQUG 4bb0b6ffa4 Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00

5.4 KiB
Raw Permalink Blame History

Infrastructure Deployment Guide

Date: 2025-01-27 Purpose: Complete guide for deploying shared infrastructure Status: Complete

Overview

This guide provides step-by-step instructions for deploying all shared infrastructure components.

Prerequisites

  • Kubernetes cluster access
  • kubectl configured
  • Helm installed
  • Terraform installed (for infrastructure as code)
  • Appropriate permissions

Deployment Order

1. Monitoring Stack

Prometheus/Grafana

cd infrastructure/monitoring/prometheus
./install.sh

Access:

  • Grafana: kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80
  • Prometheus: kubectl port-forward -n monitoring svc/prometheus-kube-prom-prometheus 9090:9090

Loki Logging

cd infrastructure/monitoring/loki
./install.sh

Access:

  • Grafana: kubectl port-forward -n monitoring svc/loki-grafana 3000:80

Alerting Rules

kubectl apply -f infrastructure/monitoring/alerts/prometheus-rules.yaml

2. API Gateway

cd infrastructure/api-gateway/kong
./install.sh

Access:

  • Admin API: kubectl port-forward -n api-gateway svc/kong-proxy 8001:8001
  • Proxy: kubectl port-forward -n api-gateway svc/kong-proxy 8000:80

Configuration:

  • Update kong.yaml with your services
  • Apply: kubectl create configmap kong-config --from-file=kong.yaml=kong.yaml -n api-gateway --dry-run=client -o yaml | kubectl apply -f -

3. Kubernetes Shared Cluster

cd infrastructure/kubernetes/shared-cluster
./setup.sh

Components:

  • Namespace isolation
  • Ingress controller
  • Network policies
  • RBAC configuration

4. Event Bus (NATS)

cd infrastructure/event-bus/nats
./install.sh

Access:

Configuration:

  • Update nats.yaml with your cluster configuration
  • Apply ConfigMap: kubectl create configmap nats-config --from-file=nats.conf=nats.yaml -n event-bus --dry-run=client -o yaml | kubectl apply -f -

5. Identity Provider (Keycloak)

kubectl apply -f infrastructure/identity/keycloak/k8s-deployment.yaml

Access:

  • Keycloak: kubectl port-forward -n identity svc/keycloak 8080:80
  • Admin console: http://localhost:8080
  • Default credentials: admin / (from secret)

Setup:

  1. Access admin console
  2. Create realm
  3. Configure clients
  4. Set up users and roles

6. Data Storage (MinIO)

kubectl apply -f infrastructure/data-storage/minio/k8s-deployment.yaml

Access:

  • API: kubectl port-forward -n data-storage svc/minio 9000:9000
  • Console: kubectl port-forward -n data-storage svc/minio-console 9001:9001
  • Default credentials: minioadmin / (from secret)

Setup:

  1. Access console
  2. Create buckets
  3. Configure access policies
  4. Set up lifecycle rules

Verification

Check All Services

# Check namespaces
kubectl get namespaces | grep -E "monitoring|api-gateway|event-bus|identity|data-storage"

# Check pods
kubectl get pods --all-namespaces | grep -E "prometheus|grafana|loki|kong|nats|keycloak|minio"

# Check services
kubectl get svc --all-namespaces | grep -E "prometheus|grafana|loki|kong|nats|keycloak|minio"

Test Connectivity

# Test Prometheus
curl http://localhost:9090/-/healthy

# Test Grafana
curl http://localhost:3000/api/health

# Test Kong
curl http://localhost:8001/

# Test NATS
curl http://localhost:8222/varz

# Test Keycloak
curl http://localhost:8080/health

# Test MinIO
curl http://localhost:9000/minio/health/live

Configuration

Environment Variables

Set these in your deployment:

# Keycloak
export KEYCLOAK_ADMIN_PASSWORD="your-password"

# MinIO
export MINIO_ROOT_USER="your-user"
export MINIO_ROOT_PASSWORD="your-password"

# NATS
export NATS_API_PASSWORD="your-password"
export NATS_SERVICE_PASSWORD="your-password"

Secrets Management

Update secrets before deployment:

# Keycloak admin secret
kubectl create secret generic keycloak-admin-secret \
  --from-literal=password=your-password \
  -n identity \
  --dry-run=client -o yaml | kubectl apply -f -

# MinIO secret
kubectl create secret generic minio-secret \
  --from-literal=MINIO_ROOT_USER=your-user \
  --from-literal=MINIO_ROOT_PASSWORD=your-password \
  -n data-storage \
  --dry-run=client -o yaml | kubectl apply -f -

Troubleshooting

Pods Not Starting

Check:

  • Resource quotas
  • Storage classes
  • Image pull secrets
  • Service account permissions

Services Not Accessible

Check:

  • Service endpoints
  • Network policies
  • Ingress configuration
  • Firewall rules

Configuration Issues

Check:

  • ConfigMaps
  • Secrets
  • Environment variables
  • Volume mounts

Best Practices

Security

  • Change all default passwords
  • Use secrets management
  • Enable TLS/SSL
  • Configure network policies
  • Set up RBAC

Monitoring

  • Set up alerts
  • Configure dashboards
  • Monitor resource usage
  • Track performance metrics

Backup

  • Backup configurations
  • Backup data volumes
  • Test restore procedures
  • Document backup schedule

Maintenance

Updates

  • Regular security updates
  • Monitor for new versions
  • Test in dev/staging first
  • Document changes

Scaling

  • Monitor resource usage
  • Adjust replicas as needed
  • Scale storage as needed
  • Optimize configurations

Last Updated: 2025-01-27

Reference in New Issue View Git Blame Copy Permalink