d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/docs/deployment/DEPLOYMENT_QUICK_REFERENCE.md
defiQUG 8990270e70 Docs: align Order portal health checks with CT 10090 at 192.168.11.180 
Merge Proxmox verification curls with upstream Kubernetes overview; keep HAProxy and public URL probes.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-10 23:14:21 -07:00

318 lines
6.2 KiB
Markdown
Raw Permalink Blame History

# Deployment Quick Reference
**Last Updated**: 2025-01-27
**Purpose**: Quick command reference for deployment operations
---
## Prerequisites Check
```bash
# Verify tools
node --version # >= 18.0.0
pnpm --version # >= 8.0.0
az --version # Azure CLI
terraform --version # >= 1.5.0
kubectl version # Kubernetes CLI
docker --version # Docker
# Verify Azure login
az account show
```
---
## Phase 1: Prerequisites
```bash
# Clone and setup
git clone <repo-url> && cd the-order
git submodule update --init --recursive
pnpm install --frozen-lockfile
pnpm build
```
---
## Phase 2: Azure Infrastructure
```bash
# Run setup scripts
./infra/scripts/azure-setup.sh
./infra/scripts/azure-register-providers.sh
./infra/scripts/azure-check-quotas.sh
# Terraform
cd infra/terraform
terraform init
terraform plan
terraform apply
```
---
## Phase 3: Entra ID
```bash
# Configure in Azure Portal
# Then store secrets:
az keyvault secret set --vault-name <vault> --name "entra-tenant-id" --value "..."
az keyvault secret set --vault-name <vault> --name "entra-client-id" --value "..."
az keyvault secret set --vault-name <vault> --name "entra-client-secret" --value "..."
az keyvault secret set --vault-name <vault> --name "entra-credential-manifest-id" --value "..."
```
---
## Phase 4: Database & Storage
```bash
# Create databases (via Azure Portal or CLI)
az postgres db create --resource-group <rg> --server-name <server> --name theorder_dev
# Create storage containers
az storage container create --name intake-documents --account-name <account>
az storage container create --name dataroom-deals --account-name <account>
```
---
## Phase 5: Container Registry
```bash
# Login to ACR
az acr login --name <acr-name>
# Attach to AKS
az aks update -n <aks-name> -g <rg> --attach-acr <acr-name>
```
---
## Phase 6: Build & Package
```bash
# Build packages
pnpm build
# Build and push images (after Dockerfiles created)
docker build -t <acr>.azurecr.io/identity:latest -f services/identity/Dockerfile .
docker push <acr>.azurecr.io/identity:latest
# Repeat for: intake, finance, dataroom, portal-public, portal-internal
```
---
## Phase 7: Database Migrations
```bash
export DATABASE_URL="postgresql://user:pass@host:5432/theorder_dev"
pnpm --filter @the-order/database migrate up
```
---
## Phase 8: Secrets
```bash
# Store all secrets in Azure Key Vault
az keyvault secret set --vault-name <vault> --name <secret-name> --value "<value>"
# Configure External Secrets Operator
kubectl apply -f https://external-secrets.io/latest/deploy/
# Then apply SecretStore and ExternalSecret resources
```
---
## Phase 9: Infrastructure Services
```bash
# External Secrets
kubectl apply -f https://external-secrets.io/latest/deploy/
# Prometheus & Grafana
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack
```
---
## Phase 10: Backend Services
```bash
# Get AKS credentials
az aks get-credentials --resource-group <rg> --name <aks-name>
# Deploy services
kubectl apply -k infra/k8s/overlays/dev
# Verify
kubectl get pods -n the-order-dev
kubectl logs -f <pod-name> -n the-order-dev
```
---
## Phase 11: Frontend Apps
```bash
# Deploy portals
kubectl apply -f infra/k8s/base/portal-public/
kubectl apply -f infra/k8s/base/portal-internal/
# Verify (Kubernetes)
kubectl get pods -l app=portal-public -n the-order-dev
# Verify (Sankofa Proxmox — CT 10090 portal, CT 10210 HAProxy)
curl -fsS http://192.168.11.180:3000/api/health
curl -fsS -H 'Host: the-order.sankofa.nexus' http://192.168.11.39/api/health
curl -fsS https://the-order.sankofa.nexus/api/health
```
---
## Phase 12: Networking
```bash
# Deploy ingress
helm install ingress-nginx ingress-nginx/ingress-nginx
# Apply ingress rules
kubectl apply -f infra/k8s/base/ingress.yaml
# Verify
kubectl get ingress -n the-order-dev
```
---
## Phase 13: Monitoring
```bash
# Application Insights
az monitor app-insights component create --app the-order-dev --location westeurope -g <rg>
# Log Analytics
az monitor log-analytics workspace create --workspace-name the-order-dev-logs -g <rg>
```
---
## Phase 14: Testing
```bash
# Health checks
kubectl get pods -n the-order-dev
for svc in identity intake finance dataroom; do
kubectl port-forward svc/$svc <port>:<port> &
curl http://localhost:<port>/health
done
# Integration tests
curl https://api.theorder.org/identity/health
```
---
## Phase 15: Production
```bash
# Scale deployments
kubectl scale deployment identity --replicas=3 -n the-order-prod
# Apply production config
kubectl apply -k infra/k8s/overlays/prod
```
---
## Common Operations
### Check Deployment Status
```bash
kubectl get all -n the-order-dev
kubectl get pods -n the-order-dev
kubectl get svc -n the-order-dev
kubectl get ingress -n the-order-dev
```
### View Logs
```bash
kubectl logs -f deployment/<service-name> -n the-order-dev
kubectl logs -f <pod-name> -n the-order-dev --tail=100
```
### Port Forward for Testing
```bash
kubectl port-forward svc/identity 4002:4002
kubectl port-forward svc/portal-public 3000:3000
```
### Restart Deployment
```bash
kubectl rollout restart deployment/<service-name> -n the-order-dev
```
### Rollback
```bash
kubectl rollout undo deployment/<service-name> -n the-order-dev
```
### Scale Services
```bash
kubectl scale deployment/<service-name> --replicas=3 -n the-order-dev
```
---
## Troubleshooting
### Pod Issues
```bash
kubectl describe pod <pod-name> -n the-order-dev
kubectl logs <pod-name> -n the-order-dev
kubectl exec -it <pod-name> -n the-order-dev -- /bin/sh
```
### Service Issues
```bash
kubectl get endpoints <service-name> -n the-order-dev
kubectl describe svc <service-name> -n the-order-dev
```
### Network Issues
```bash
kubectl get ingress -n the-order-dev
kubectl describe ingress <ingress-name> -n the-order-dev
```
---
## Environment Variables
Key environment variables needed (store in Key Vault):
- `DATABASE_URL`
- `ENTRA_TENANT_ID`, `ENTRA_CLIENT_ID`, `ENTRA_CLIENT_SECRET`, `ENTRA_CREDENTIAL_MANIFEST_ID`
- `STORAGE_BUCKET`, `STORAGE_REGION`
- `KMS_KEY_ID`
- `JWT_SECRET`
- `REDIS_URL`
- Service-specific variables
---
**See `DEPLOYMENT_GUIDE.md` for detailed instructions.**
Reference in New Issue View Git Blame Copy Permalink