senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/k8s/environments/README.md

293 lines
7.4 KiB
Markdown
Raw Normal View History

[INFRA-008] infra: Set up environment management
2025-12-25 20:37:06 +00:00
# Environment Management
This directory contains Kubernetes configurations for managing separate development, staging, and production environments.
## Overview
The Veza platform uses three distinct environments:
- **Development**: Local development and testing
- **Staging**: Pre-production testing and validation
- **Production**: Live production environment
## Structure
```
k8s/environments/
├── namespaces.yaml # Namespace definitions for all environments
├── development/
│ ├── configmap.yaml # Development-specific configuration
│ └── deployment-overrides.yaml # Development deployment overrides
├── staging/
│ ├── configmap.yaml # Staging-specific configuration
│ └── deployment-overrides.yaml # Staging deployment overrides
├── production/
│ ├── configmap.yaml # Production-specific configuration
│ └── deployment-overrides.yaml # Production deployment overrides
├── ingress-dev.yaml # Development ingress (no SSL)
├── ingress-staging.yaml # Staging ingress (staging SSL)
└── README.md # This file
```
## Environment Differences
### Development
- **Replicas**: 1 per service
- **Resources**: Minimal (for local development)
- **Logging**: DEBUG level
- **SSL**: Disabled
- **Rate Limiting**: Disabled
- **Profiling**: Enabled
- **CORS**: Localhost origins allowed
### Staging
- **Replicas**: 2 per service
- **Resources**: Medium
- **Logging**: INFO level
- **SSL**: Let's Encrypt staging certificates
- **Rate Limiting**: Enabled (200 req/min)
- **Profiling**: Disabled
- **CORS**: Staging domains only
- **CDN**: Enabled (staging CDN)
### Production
- **Replicas**: 3+ per service
- **Resources**: High (with autoscaling)
- **Logging**: WARN level
- **SSL**: Let's Encrypt production certificates
- **Rate Limiting**: Enabled (100 req/min)
- **Profiling**: Disabled
- **CORS**: Production domains only
- **CDN**: Enabled (production CDN)
- **Monitoring**: Full monitoring and alerting
## Deployment
### 1. Create Namespaces
```bash
kubectl apply -f k8s/environments/namespaces.yaml
```
### 2. Deploy Environment-Specific ConfigMaps
```bash
# Development
kubectl apply -f k8s/environments/development/configmap.yaml
# Staging
kubectl apply -f k8s/environments/staging/configmap.yaml
# Production
kubectl apply -f k8s/environments/production/configmap.yaml
```
### 3. Deploy Base Resources
Deploy base resources (deployments, services) to each namespace:
```bash
# Development
kubectl apply -f k8s/backend-api/ -n veza-development
kubectl apply -f k8s/frontend/ -n veza-development
# Staging
kubectl apply -f k8s/backend-api/ -n veza-staging
kubectl apply -f k8s/frontend/ -n veza-staging
# Production
kubectl apply -f k8s/backend-api/ -n veza-production
kubectl apply -f k8s/frontend/ -n veza-production
```
### 4. Apply Environment Overrides
```bash
# Development
kubectl apply -f k8s/environments/development/deployment-overrides.yaml
# Staging
kubectl apply -f k8s/environments/staging/deployment-overrides.yaml
# Production
kubectl apply -f k8s/environments/production/deployment-overrides.yaml
```
### 5. Deploy Ingress
```bash
# Development (no SSL)
kubectl apply -f k8s/environments/ingress-dev.yaml
# Staging (staging SSL)
kubectl apply -f k8s/environments/ingress-staging.yaml
# Production (production SSL - already in k8s/ingress.yaml)
kubectl apply -f k8s/ingress.yaml
```
## Configuration
### Environment Variables
Each environment has different configuration values:
#### Development
- `APP_ENV=development`
- `LOG_LEVEL=DEBUG`
- `ENABLE_PROFILING=true`
- `RATE_LIMIT_ENABLED=false`
#### Staging
- `APP_ENV=staging`
- `LOG_LEVEL=INFO`
- `ENABLE_PROFILING=false`
- `RATE_LIMIT_ENABLED=true`
- `RATE_LIMIT_LIMIT=200`
#### Production
- `APP_ENV=production`
- `LOG_LEVEL=WARN`
- `ENABLE_PROFILING=false`
- `RATE_LIMIT_ENABLED=true`
- `RATE_LIMIT_LIMIT=100`
### Secrets
Each environment should have its own secrets:
```bash
# Development secrets
kubectl create secret generic veza-secrets \
--from-literal=database-url=postgres://dev_user:dev_pass@dev-db:5432/veza_dev \
--from-literal=jwt-secret=dev-secret-key-min-32-chars \
-n veza-development
# Staging secrets
kubectl create secret generic veza-secrets \
--from-literal=database-url=postgres://staging_user:staging_pass@staging-db:5432/veza_staging \
--from-literal=jwt-secret=staging-secret-key-min-32-chars \
-n veza-staging
# Production secrets
kubectl create secret generic veza-secrets \
--from-literal=database-url=postgres://prod_user:prod_pass@prod-db:5432/veza_prod \
--from-literal=jwt-secret=production-secret-key-min-32-chars \
-n veza-production
```
## Verification
### Check Namespaces
```bash
kubectl get namespaces | grep veza
```
### Check Resources per Environment
```bash
# Development
kubectl get all -n veza-development
# Staging
kubectl get all -n veza-staging
# Production
kubectl get all -n veza-production
```
### Check ConfigMaps
```bash
kubectl get configmap veza-config -n veza-development -o yaml
kubectl get configmap veza-config -n veza-staging -o yaml
kubectl get configmap veza-config -n veza-production -o yaml
```
## Environment Promotion
### Promote from Development to Staging
```bash
# Tag images
docker tag veza-backend-api:dev veza-backend-api:staging
docker tag veza-frontend:dev veza-frontend:staging
# Push to registry
docker push veza-backend-api:staging
docker push veza-frontend:staging
# Update deployments
kubectl set image deployment/veza-backend-api \
backend-api=veza-backend-api:staging \
-n veza-staging
kubectl set image deployment/veza-frontend \
frontend=veza-frontend:staging \
-n veza-staging
```
### Promote from Staging to Production
```bash
# Tag images
docker tag veza-backend-api:staging veza-backend-api:production
docker tag veza-frontend:staging veza-frontend:production
# Push to registry
docker push veza-backend-api:production
docker push veza-frontend:production
# Update deployments
kubectl set image deployment/veza-backend-api \
backend-api=veza-backend-api:production \
-n veza-production
kubectl set image deployment/veza-frontend \
frontend=veza-frontend:production \
-n veza-production
```
## Best Practices
1. **Separate Secrets**: Never share secrets between environments
2. **Resource Limits**: Set appropriate resource limits per environment
3. **Monitoring**: Enable monitoring in staging and production
4. **Backups**: Configure backups for staging and production
5. **SSL**: Use staging certificates in staging, production in production
6. **CORS**: Restrict CORS origins per environment
7. **Logging**: Use appropriate log levels per environment
8. **Rate Limiting**: Enable in staging and production, disable in dev
## Troubleshooting
### Check Environment Configuration
```bash
# View environment config
kubectl get configmap veza-config -n veza-development -o jsonpath='{.data.app-env}'
# Check pod environment variables
kubectl exec -it deployment/veza-backend-api -n veza-development -- env | grep APP_ENV
```
### Switch Between Environments
```bash
# Set default namespace
kubectl config set-context --current --namespace=veza-development
# Or use -n flag
kubectl get pods -n veza-staging
```
### Compare Configurations
```bash
# Compare configmaps
diff <(kubectl get configmap veza-config -n veza-staging -o yaml) \
<(kubectl get configmap veza-config -n veza-production -o yaml)
```
Reference in a new issue Copy permalink