# Infrastructure Deployment Guide **Date**: 2025-01-27 **Purpose**: Complete guide for deploying shared infrastructure **Status**: Complete --- ## Overview This guide provides step-by-step instructions for deploying all shared infrastructure components. --- ## Prerequisites - Kubernetes cluster access - kubectl configured - Helm installed - Terraform installed (for infrastructure as code) - Appropriate permissions --- ## Deployment Order ### 1. Monitoring Stack #### Prometheus/Grafana ```bash cd infrastructure/monitoring/prometheus ./install.sh ``` **Access**: - Grafana: `kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80` - Prometheus: `kubectl port-forward -n monitoring svc/prometheus-kube-prom-prometheus 9090:9090` #### Loki Logging ```bash cd infrastructure/monitoring/loki ./install.sh ``` **Access**: - Grafana: `kubectl port-forward -n monitoring svc/loki-grafana 3000:80` #### Alerting Rules ```bash kubectl apply -f infrastructure/monitoring/alerts/prometheus-rules.yaml ``` --- ### 2. API Gateway ```bash cd infrastructure/api-gateway/kong ./install.sh ``` **Access**: - Admin API: `kubectl port-forward -n api-gateway svc/kong-proxy 8001:8001` - Proxy: `kubectl port-forward -n api-gateway svc/kong-proxy 8000:80` **Configuration**: - Update `kong.yaml` with your services - Apply: `kubectl create configmap kong-config --from-file=kong.yaml=kong.yaml -n api-gateway --dry-run=client -o yaml | kubectl apply -f -` --- ### 3. Kubernetes Shared Cluster ```bash cd infrastructure/kubernetes/shared-cluster ./setup.sh ``` **Components**: - Namespace isolation - Ingress controller - Network policies - RBAC configuration --- ### 4. Event Bus (NATS) ```bash cd infrastructure/event-bus/nats ./install.sh ``` **Access**: - Monitoring: `kubectl port-forward -n event-bus svc/nats 8222:8222` - Then visit: http://localhost:8222 **Configuration**: - Update `nats.yaml` with your cluster configuration - Apply ConfigMap: `kubectl create configmap nats-config --from-file=nats.conf=nats.yaml -n event-bus --dry-run=client -o yaml | kubectl apply -f -` --- ### 5. Identity Provider (Keycloak) ```bash kubectl apply -f infrastructure/identity/keycloak/k8s-deployment.yaml ``` **Access**: - Keycloak: `kubectl port-forward -n identity svc/keycloak 8080:80` - Admin console: http://localhost:8080 - Default credentials: admin / (from secret) **Setup**: 1. Access admin console 2. Create realm 3. Configure clients 4. Set up users and roles --- ### 6. Data Storage (MinIO) ```bash kubectl apply -f infrastructure/data-storage/minio/k8s-deployment.yaml ``` **Access**: - API: `kubectl port-forward -n data-storage svc/minio 9000:9000` - Console: `kubectl port-forward -n data-storage svc/minio-console 9001:9001` - Default credentials: minioadmin / (from secret) **Setup**: 1. Access console 2. Create buckets 3. Configure access policies 4. Set up lifecycle rules --- ## Verification ### Check All Services ```bash # Check namespaces kubectl get namespaces | grep -E "monitoring|api-gateway|event-bus|identity|data-storage" # Check pods kubectl get pods --all-namespaces | grep -E "prometheus|grafana|loki|kong|nats|keycloak|minio" # Check services kubectl get svc --all-namespaces | grep -E "prometheus|grafana|loki|kong|nats|keycloak|minio" ``` ### Test Connectivity ```bash # Test Prometheus curl http://localhost:9090/-/healthy # Test Grafana curl http://localhost:3000/api/health # Test Kong curl http://localhost:8001/ # Test NATS curl http://localhost:8222/varz # Test Keycloak curl http://localhost:8080/health # Test MinIO curl http://localhost:9000/minio/health/live ``` --- ## Configuration ### Environment Variables Set these in your deployment: ```bash # Keycloak export KEYCLOAK_ADMIN_PASSWORD="your-password" # MinIO export MINIO_ROOT_USER="your-user" export MINIO_ROOT_PASSWORD="your-password" # NATS export NATS_API_PASSWORD="your-password" export NATS_SERVICE_PASSWORD="your-password" ``` ### Secrets Management Update secrets before deployment: ```bash # Keycloak admin secret kubectl create secret generic keycloak-admin-secret \ --from-literal=password=your-password \ -n identity \ --dry-run=client -o yaml | kubectl apply -f - # MinIO secret kubectl create secret generic minio-secret \ --from-literal=MINIO_ROOT_USER=your-user \ --from-literal=MINIO_ROOT_PASSWORD=your-password \ -n data-storage \ --dry-run=client -o yaml | kubectl apply -f - ``` --- ## Troubleshooting ### Pods Not Starting **Check**: - Resource quotas - Storage classes - Image pull secrets - Service account permissions ### Services Not Accessible **Check**: - Service endpoints - Network policies - Ingress configuration - Firewall rules ### Configuration Issues **Check**: - ConfigMaps - Secrets - Environment variables - Volume mounts --- ## Best Practices ### Security - Change all default passwords - Use secrets management - Enable TLS/SSL - Configure network policies - Set up RBAC ### Monitoring - Set up alerts - Configure dashboards - Monitor resource usage - Track performance metrics ### Backup - Backup configurations - Backup data volumes - Test restore procedures - Document backup schedule --- ## Maintenance ### Updates - Regular security updates - Monitor for new versions - Test in dev/staging first - Document changes ### Scaling - Monitor resource usage - Adjust replicas as needed - Scale storage as needed - Optimize configurations --- **Last Updated**: 2025-01-27