d-bis/docs
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docs/INFRASTRUCTURE_DEPLOYMENT_GUIDE.md
defiQUG 4bb0b6ffa4 Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00

293 lines
5.4 KiB
Markdown
Raw Permalink Blame History

# Infrastructure Deployment Guide
**Date**: 2025-01-27
**Purpose**: Complete guide for deploying shared infrastructure
**Status**: Complete
---
## Overview
This guide provides step-by-step instructions for deploying all shared infrastructure components.
---
## Prerequisites
- Kubernetes cluster access
- kubectl configured
- Helm installed
- Terraform installed (for infrastructure as code)
- Appropriate permissions
---
## Deployment Order
### 1. Monitoring Stack
#### Prometheus/Grafana
```bash
cd infrastructure/monitoring/prometheus
./install.sh
```
**Access**:
- Grafana: `kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80`
- Prometheus: `kubectl port-forward -n monitoring svc/prometheus-kube-prom-prometheus 9090:9090`
#### Loki Logging
```bash
cd infrastructure/monitoring/loki
./install.sh
```
**Access**:
- Grafana: `kubectl port-forward -n monitoring svc/loki-grafana 3000:80`
#### Alerting Rules
```bash
kubectl apply -f infrastructure/monitoring/alerts/prometheus-rules.yaml
```
---
### 2. API Gateway
```bash
cd infrastructure/api-gateway/kong
./install.sh
```
**Access**:
- Admin API: `kubectl port-forward -n api-gateway svc/kong-proxy 8001:8001`
- Proxy: `kubectl port-forward -n api-gateway svc/kong-proxy 8000:80`
**Configuration**:
- Update `kong.yaml` with your services
- Apply: `kubectl create configmap kong-config --from-file=kong.yaml=kong.yaml -n api-gateway --dry-run=client -o yaml | kubectl apply -f -`
---
### 3. Kubernetes Shared Cluster
```bash
cd infrastructure/kubernetes/shared-cluster
./setup.sh
```
**Components**:
- Namespace isolation
- Ingress controller
- Network policies
- RBAC configuration
---
### 4. Event Bus (NATS)
```bash
cd infrastructure/event-bus/nats
./install.sh
```
**Access**:
- Monitoring: `kubectl port-forward -n event-bus svc/nats 8222:8222`
- Then visit: http://localhost:8222
**Configuration**:
- Update `nats.yaml` with your cluster configuration
- Apply ConfigMap: `kubectl create configmap nats-config --from-file=nats.conf=nats.yaml -n event-bus --dry-run=client -o yaml | kubectl apply -f -`
---
### 5. Identity Provider (Keycloak)
```bash
kubectl apply -f infrastructure/identity/keycloak/k8s-deployment.yaml
```
**Access**:
- Keycloak: `kubectl port-forward -n identity svc/keycloak 8080:80`
- Admin console: http://localhost:8080
- Default credentials: admin / (from secret)
**Setup**:
1. Access admin console
2. Create realm
3. Configure clients
4. Set up users and roles
---
### 6. Data Storage (MinIO)
```bash
kubectl apply -f infrastructure/data-storage/minio/k8s-deployment.yaml
```
**Access**:
- API: `kubectl port-forward -n data-storage svc/minio 9000:9000`
- Console: `kubectl port-forward -n data-storage svc/minio-console 9001:9001`
- Default credentials: minioadmin / (from secret)
**Setup**:
1. Access console
2. Create buckets
3. Configure access policies
4. Set up lifecycle rules
---
## Verification
### Check All Services
```bash
# Check namespaces
kubectl get namespaces | grep -E "monitoring|api-gateway|event-bus|identity|data-storage"
# Check pods
kubectl get pods --all-namespaces | grep -E "prometheus|grafana|loki|kong|nats|keycloak|minio"
# Check services
kubectl get svc --all-namespaces | grep -E "prometheus|grafana|loki|kong|nats|keycloak|minio"
```
### Test Connectivity
```bash
# Test Prometheus
curl http://localhost:9090/-/healthy
# Test Grafana
curl http://localhost:3000/api/health
# Test Kong
curl http://localhost:8001/
# Test NATS
curl http://localhost:8222/varz
# Test Keycloak
curl http://localhost:8080/health
# Test MinIO
curl http://localhost:9000/minio/health/live
```
---
## Configuration
### Environment Variables
Set these in your deployment:
```bash
# Keycloak
export KEYCLOAK_ADMIN_PASSWORD="your-password"
# MinIO
export MINIO_ROOT_USER="your-user"
export MINIO_ROOT_PASSWORD="your-password"
# NATS
export NATS_API_PASSWORD="your-password"
export NATS_SERVICE_PASSWORD="your-password"
```
### Secrets Management
Update secrets before deployment:
```bash
# Keycloak admin secret
kubectl create secret generic keycloak-admin-secret \
--from-literal=password=your-password \
-n identity \
--dry-run=client -o yaml | kubectl apply -f -
# MinIO secret
kubectl create secret generic minio-secret \
--from-literal=MINIO_ROOT_USER=your-user \
--from-literal=MINIO_ROOT_PASSWORD=your-password \
-n data-storage \
--dry-run=client -o yaml | kubectl apply -f -
```
---
## Troubleshooting
### Pods Not Starting
**Check**:
- Resource quotas
- Storage classes
- Image pull secrets
- Service account permissions
### Services Not Accessible
**Check**:
- Service endpoints
- Network policies
- Ingress configuration
- Firewall rules
### Configuration Issues
**Check**:
- ConfigMaps
- Secrets
- Environment variables
- Volume mounts
---
## Best Practices
### Security
- Change all default passwords
- Use secrets management
- Enable TLS/SSL
- Configure network policies
- Set up RBAC
### Monitoring
- Set up alerts
- Configure dashboards
- Monitor resource usage
- Track performance metrics
### Backup
- Backup configurations
- Backup data volumes
- Test restore procedures
- Document backup schedule
---
## Maintenance
### Updates
- Regular security updates
- Monitor for new versions
- Test in dev/staging first
- Document changes
### Scaling
- Monitor resource usage
- Adjust replicas as needed
- Scale storage as needed
- Optimize configurations
---
**Last Updated**: 2025-01-27
Reference in New Issue View Git Blame Copy Permalink