# Deployment Quick Reference **Last Updated**: 2025-01-27 **Purpose**: Quick command reference for deployment operations --- ## Prerequisites Check ```bash # Verify tools node --version # >= 18.0.0 pnpm --version # >= 8.0.0 az --version # Azure CLI terraform --version # >= 1.5.0 kubectl version # Kubernetes CLI docker --version # Docker # Verify Azure login az account show ``` --- ## Phase 1: Prerequisites ```bash # Clone and setup git clone && cd the-order git submodule update --init --recursive pnpm install --frozen-lockfile pnpm build ``` --- ## Phase 2: Azure Infrastructure ```bash # Run setup scripts ./infra/scripts/azure-setup.sh ./infra/scripts/azure-register-providers.sh ./infra/scripts/azure-check-quotas.sh # Terraform cd infra/terraform terraform init terraform plan terraform apply ``` --- ## Phase 3: Entra ID ```bash # Configure in Azure Portal # Then store secrets: az keyvault secret set --vault-name --name "entra-tenant-id" --value "..." az keyvault secret set --vault-name --name "entra-client-id" --value "..." az keyvault secret set --vault-name --name "entra-client-secret" --value "..." az keyvault secret set --vault-name --name "entra-credential-manifest-id" --value "..." ``` --- ## Phase 4: Database & Storage ```bash # Create databases (via Azure Portal or CLI) az postgres db create --resource-group --server-name --name theorder_dev # Create storage containers az storage container create --name intake-documents --account-name az storage container create --name dataroom-deals --account-name ``` --- ## Phase 5: Container Registry ```bash # Login to ACR az acr login --name # Attach to AKS az aks update -n -g --attach-acr ``` --- ## Phase 6: Build & Package ```bash # Build packages pnpm build # Build and push images (after Dockerfiles created) docker build -t .azurecr.io/identity:latest -f services/identity/Dockerfile . docker push .azurecr.io/identity:latest # Repeat for: intake, finance, dataroom, portal-public, portal-internal ``` --- ## Phase 7: Database Migrations ```bash export DATABASE_URL="postgresql://user:pass@host:5432/theorder_dev" pnpm --filter @the-order/database migrate up ``` --- ## Phase 8: Secrets ```bash # Store all secrets in Azure Key Vault az keyvault secret set --vault-name --name --value "" # Configure External Secrets Operator kubectl apply -f https://external-secrets.io/latest/deploy/ # Then apply SecretStore and ExternalSecret resources ``` --- ## Phase 9: Infrastructure Services ```bash # External Secrets kubectl apply -f https://external-secrets.io/latest/deploy/ # Prometheus & Grafana helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm install prometheus prometheus-community/kube-prometheus-stack ``` --- ## Phase 10: Backend Services ```bash # Get AKS credentials az aks get-credentials --resource-group --name # Deploy services kubectl apply -k infra/k8s/overlays/dev # Verify kubectl get pods -n the-order-dev kubectl logs -f -n the-order-dev ``` --- ## Phase 11: Frontend Apps ```bash # Deploy portals kubectl apply -f infra/k8s/base/portal-public/ kubectl apply -f infra/k8s/base/portal-internal/ # Verify kubectl get pods -l app=portal-public -n the-order-dev ``` --- ## Phase 12: Networking ```bash # Deploy ingress helm install ingress-nginx ingress-nginx/ingress-nginx # Apply ingress rules kubectl apply -f infra/k8s/base/ingress.yaml # Verify kubectl get ingress -n the-order-dev ``` --- ## Phase 13: Monitoring ```bash # Application Insights az monitor app-insights component create --app the-order-dev --location westeurope -g # Log Analytics az monitor log-analytics workspace create --workspace-name the-order-dev-logs -g ``` --- ## Phase 14: Testing ```bash # Health checks kubectl get pods -n the-order-dev for svc in identity intake finance dataroom; do kubectl port-forward svc/$svc : & curl http://localhost:/health done # Integration tests curl https://api.theorder.org/identity/health ``` --- ## Phase 15: Production ```bash # Scale deployments kubectl scale deployment identity --replicas=3 -n the-order-prod # Apply production config kubectl apply -k infra/k8s/overlays/prod ``` --- ## Common Operations ### Check Deployment Status ```bash kubectl get all -n the-order-dev kubectl get pods -n the-order-dev kubectl get svc -n the-order-dev kubectl get ingress -n the-order-dev ``` ### View Logs ```bash kubectl logs -f deployment/ -n the-order-dev kubectl logs -f -n the-order-dev --tail=100 ``` ### Port Forward for Testing ```bash kubectl port-forward svc/identity 4002:4002 kubectl port-forward svc/portal-public 3000:3000 ``` ### Restart Deployment ```bash kubectl rollout restart deployment/ -n the-order-dev ``` ### Rollback ```bash kubectl rollout undo deployment/ -n the-order-dev ``` ### Scale Services ```bash kubectl scale deployment/ --replicas=3 -n the-order-dev ``` --- ## Troubleshooting ### Pod Issues ```bash kubectl describe pod -n the-order-dev kubectl logs -n the-order-dev kubectl exec -it -n the-order-dev -- /bin/sh ``` ### Service Issues ```bash kubectl get endpoints -n the-order-dev kubectl describe svc -n the-order-dev ``` ### Network Issues ```bash kubectl get ingress -n the-order-dev kubectl describe ingress -n the-order-dev ``` --- ## Environment Variables Key environment variables needed (store in Key Vault): - `DATABASE_URL` - `ENTRA_TENANT_ID`, `ENTRA_CLIENT_ID`, `ENTRA_CLIENT_SECRET`, `ENTRA_CREDENTIAL_MANIFEST_ID` - `STORAGE_BUCKET`, `STORAGE_REGION` - `KMS_KEY_ID` - `JWT_SECRET` - `REDIS_URL` - Service-specific variables --- **See `DEPLOYMENT_GUIDE.md` for detailed instructions.**