d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bf47efa2bace8530fab2e55aa219ec02329fd3c
the_order/docs/deployment/DEPLOYMENT_QUICK_REFERENCE.md
defiQUG 8649ad4124 feat: implement naming convention, deployment automation, and infrastructure updates 
- Add comprehensive naming convention (provider-region-resource-env-purpose)
- Implement Terraform locals for centralized naming
- Update all Terraform resources to use new naming convention
- Create deployment automation framework (18 phase scripts)
- Add Azure setup scripts (provider registration, quota checks)
- Update deployment scripts config with naming functions
- Create complete deployment documentation (guide, steps, quick reference)
- Add frontend portal implementations (public and internal)
- Add UI component library (18 components)
- Enhance Entra VerifiedID integration with file utilities
- Add API client package for all services
- Create comprehensive documentation (naming, deployment, next steps)

Infrastructure:
- Resource groups, storage accounts with new naming
- Terraform configuration updates
- Outputs with naming convention examples

Deployment:
- Automated deployment scripts for all 15 phases
- State management and logging
- Error handling and validation

Documentation:
- Naming convention guide and implementation summary
- Complete deployment guide (296 steps)
- Next steps and quick start guides
- Azure prerequisites and setup completion docs

Note: ESLint warnings present - will be addressed in follow-up commit
2025-11-12 08:22:51 -08:00

313 lines
5.9 KiB
Markdown
Raw Blame History

# Deployment Quick Reference
**Last Updated**: 2025-01-27
**Purpose**: Quick command reference for deployment operations
---
## Prerequisites Check
```bash
# Verify tools
node --version # >= 18.0.0
pnpm --version # >= 8.0.0
az --version # Azure CLI
terraform --version # >= 1.5.0
kubectl version # Kubernetes CLI
docker --version # Docker
# Verify Azure login
az account show
```
---
## Phase 1: Prerequisites
```bash
# Clone and setup
git clone <repo-url> && cd the-order
git submodule update --init --recursive
pnpm install --frozen-lockfile
pnpm build
```
---
## Phase 2: Azure Infrastructure
```bash
# Run setup scripts
./infra/scripts/azure-setup.sh
./infra/scripts/azure-register-providers.sh
./infra/scripts/azure-check-quotas.sh
# Terraform
cd infra/terraform
terraform init
terraform plan
terraform apply
```
---
## Phase 3: Entra ID
```bash
# Configure in Azure Portal
# Then store secrets:
az keyvault secret set --vault-name <vault> --name "entra-tenant-id" --value "..."
az keyvault secret set --vault-name <vault> --name "entra-client-id" --value "..."
az keyvault secret set --vault-name <vault> --name "entra-client-secret" --value "..."
az keyvault secret set --vault-name <vault> --name "entra-credential-manifest-id" --value "..."
```
---
## Phase 4: Database & Storage
```bash
# Create databases (via Azure Portal or CLI)
az postgres db create --resource-group <rg> --server-name <server> --name theorder_dev
# Create storage containers
az storage container create --name intake-documents --account-name <account>
az storage container create --name dataroom-deals --account-name <account>
```
---
## Phase 5: Container Registry
```bash
# Login to ACR
az acr login --name <acr-name>
# Attach to AKS
az aks update -n <aks-name> -g <rg> --attach-acr <acr-name>
```
---
## Phase 6: Build & Package
```bash
# Build packages
pnpm build
# Build and push images (after Dockerfiles created)
docker build -t <acr>.azurecr.io/identity:latest -f services/identity/Dockerfile .
docker push <acr>.azurecr.io/identity:latest
# Repeat for: intake, finance, dataroom, portal-public, portal-internal
```
---
## Phase 7: Database Migrations
```bash
export DATABASE_URL="postgresql://user:pass@host:5432/theorder_dev"
pnpm --filter @the-order/database migrate up
```
---
## Phase 8: Secrets
```bash
# Store all secrets in Azure Key Vault
az keyvault secret set --vault-name <vault> --name <secret-name> --value "<value>"
# Configure External Secrets Operator
kubectl apply -f https://external-secrets.io/latest/deploy/
# Then apply SecretStore and ExternalSecret resources
```
---
## Phase 9: Infrastructure Services
```bash
# External Secrets
kubectl apply -f https://external-secrets.io/latest/deploy/
# Prometheus & Grafana
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack
```
---
## Phase 10: Backend Services
```bash
# Get AKS credentials
az aks get-credentials --resource-group <rg> --name <aks-name>
# Deploy services
kubectl apply -k infra/k8s/overlays/dev
# Verify
kubectl get pods -n the-order-dev
kubectl logs -f <pod-name> -n the-order-dev
```
---
## Phase 11: Frontend Apps
```bash
# Deploy portals
kubectl apply -f infra/k8s/base/portal-public/
kubectl apply -f infra/k8s/base/portal-internal/
# Verify
kubectl get pods -l app=portal-public -n the-order-dev
```
---
## Phase 12: Networking
```bash
# Deploy ingress
helm install ingress-nginx ingress-nginx/ingress-nginx
# Apply ingress rules
kubectl apply -f infra/k8s/base/ingress.yaml
# Verify
kubectl get ingress -n the-order-dev
```
---
## Phase 13: Monitoring
```bash
# Application Insights
az monitor app-insights component create --app the-order-dev --location westeurope -g <rg>
# Log Analytics
az monitor log-analytics workspace create --workspace-name the-order-dev-logs -g <rg>
```
---
## Phase 14: Testing
```bash
# Health checks
kubectl get pods -n the-order-dev
for svc in identity intake finance dataroom; do
kubectl port-forward svc/$svc <port>:<port> &
curl http://localhost:<port>/health
done
# Integration tests
curl https://api.theorder.org/identity/health
```
---
## Phase 15: Production
```bash
# Scale deployments
kubectl scale deployment identity --replicas=3 -n the-order-prod
# Apply production config
kubectl apply -k infra/k8s/overlays/prod
```
---
## Common Operations
### Check Deployment Status
```bash
kubectl get all -n the-order-dev
kubectl get pods -n the-order-dev
kubectl get svc -n the-order-dev
kubectl get ingress -n the-order-dev
```
### View Logs
```bash
kubectl logs -f deployment/<service-name> -n the-order-dev
kubectl logs -f <pod-name> -n the-order-dev --tail=100
```
### Port Forward for Testing
```bash
kubectl port-forward svc/identity 4002:4002
kubectl port-forward svc/portal-public 3000:3000
```
### Restart Deployment
```bash
kubectl rollout restart deployment/<service-name> -n the-order-dev
```
### Rollback
```bash
kubectl rollout undo deployment/<service-name> -n the-order-dev
```
### Scale Services
```bash
kubectl scale deployment/<service-name> --replicas=3 -n the-order-dev
```
---
## Troubleshooting
### Pod Issues
```bash
kubectl describe pod <pod-name> -n the-order-dev
kubectl logs <pod-name> -n the-order-dev
kubectl exec -it <pod-name> -n the-order-dev -- /bin/sh
```
### Service Issues
```bash
kubectl get endpoints <service-name> -n the-order-dev
kubectl describe svc <service-name> -n the-order-dev
```
### Network Issues
```bash
kubectl get ingress -n the-order-dev
kubectl describe ingress <ingress-name> -n the-order-dev
```
---
## Environment Variables
Key environment variables needed (store in Key Vault):
- `DATABASE_URL`
- `ENTRA_TENANT_ID`, `ENTRA_CLIENT_ID`, `ENTRA_CLIENT_SECRET`, `ENTRA_CREDENTIAL_MANIFEST_ID`
- `STORAGE_BUCKET`, `STORAGE_REGION`
- `KMS_KEY_ID`
- `JWT_SECRET`
- `REDIS_URL`
- Service-specific variables
---
**See `DEPLOYMENT_GUIDE.md` for detailed instructions.**
Reference in New Issue View Git Blame Copy Permalink