# Environment Management

This directory contains Kubernetes configurations for managing separate development, staging, and production environments.

## Overview

The Veza platform uses three distinct environments:

- **Development**: Local development and testing
- **Staging**: Pre-production testing and validation
- **Production**: Live production environment

## Structure

```
k8s/environments/
├── namespaces.yaml                    # Namespace definitions for all environments
├── development/
│   ├── configmap.yaml                 # Development-specific configuration
│   └── deployment-overrides.yaml      # Development deployment overrides
├── staging/
│   ├── configmap.yaml                 # Staging-specific configuration
│   └── deployment-overrides.yaml      # Staging deployment overrides
├── production/
│   ├── configmap.yaml                 # Production-specific configuration
│   └── deployment-overrides.yaml     # Production deployment overrides
├── ingress-dev.yaml                   # Development ingress (no SSL)
├── ingress-staging.yaml               # Staging ingress (staging SSL)
└── README.md                          # This file
```

## Environment Differences

### Development
- **Replicas**: 1 per service
- **Resources**: Minimal (for local development)
- **Logging**: DEBUG level
- **SSL**: Disabled
- **Rate Limiting**: Disabled
- **Profiling**: Enabled
- **CORS**: Localhost origins allowed

### Staging
- **Replicas**: 2 per service
- **Resources**: Medium
- **Logging**: INFO level
- **SSL**: Let's Encrypt staging certificates
- **Rate Limiting**: Enabled (200 req/min)
- **Profiling**: Disabled
- **CORS**: Staging domains only
- **CDN**: Enabled (staging CDN)

### Production
- **Replicas**: 3+ per service
- **Resources**: High (with autoscaling)
- **Logging**: WARN level
- **SSL**: Let's Encrypt production certificates
- **Rate Limiting**: Enabled (100 req/min)
- **Profiling**: Disabled
- **CORS**: Production domains only
- **CDN**: Enabled (production CDN)
- **Monitoring**: Full monitoring and alerting

## Deployment

### 1. Create Namespaces

```bash
kubectl apply -f k8s/environments/namespaces.yaml
```

### 2. Deploy Environment-Specific ConfigMaps

```bash
# Development
kubectl apply -f k8s/environments/development/configmap.yaml

# Staging
kubectl apply -f k8s/environments/staging/configmap.yaml

# Production
kubectl apply -f k8s/environments/production/configmap.yaml
```

### 3. Deploy Base Resources

Deploy base resources (deployments, services) to each namespace:

```bash
# Development
kubectl apply -f k8s/backend-api/ -n veza-development
kubectl apply -f k8s/frontend/ -n veza-development

# Staging
kubectl apply -f k8s/backend-api/ -n veza-staging
kubectl apply -f k8s/frontend/ -n veza-staging

# Production
kubectl apply -f k8s/backend-api/ -n veza-production
kubectl apply -f k8s/frontend/ -n veza-production
```

### 4. Apply Environment Overrides

```bash
# Development
kubectl apply -f k8s/environments/development/deployment-overrides.yaml

# Staging
kubectl apply -f k8s/environments/staging/deployment-overrides.yaml

# Production
kubectl apply -f k8s/environments/production/deployment-overrides.yaml
```

### 5. Deploy Ingress

```bash
# Development (no SSL)
kubectl apply -f k8s/environments/ingress-dev.yaml

# Staging (staging SSL)
kubectl apply -f k8s/environments/ingress-staging.yaml

# Production (production SSL - already in k8s/ingress.yaml)
kubectl apply -f k8s/ingress.yaml
```

## Configuration

### Environment Variables

Each environment has different configuration values:

#### Development
- `APP_ENV=development`
- `LOG_LEVEL=DEBUG`
- `ENABLE_PROFILING=true`
- `RATE_LIMIT_ENABLED=false`

#### Staging
- `APP_ENV=staging`
- `LOG_LEVEL=INFO`
- `ENABLE_PROFILING=false`
- `RATE_LIMIT_ENABLED=true`
- `RATE_LIMIT_LIMIT=200`

#### Production
- `APP_ENV=production`
- `LOG_LEVEL=WARN`
- `ENABLE_PROFILING=false`
- `RATE_LIMIT_ENABLED=true`
- `RATE_LIMIT_LIMIT=100`

### Secrets

Each environment should have its own secrets:

```bash
# Development secrets
kubectl create secret generic veza-secrets \
  --from-literal=database-url=postgres://dev_user:dev_pass@dev-db:5432/veza_dev \
  --from-literal=jwt-secret=dev-secret-key-min-32-chars \
  -n veza-development

# Staging secrets
kubectl create secret generic veza-secrets \
  --from-literal=database-url=postgres://staging_user:staging_pass@staging-db:5432/veza_staging \
  --from-literal=jwt-secret=staging-secret-key-min-32-chars \
  -n veza-staging

# Production secrets
kubectl create secret generic veza-secrets \
  --from-literal=database-url=postgres://prod_user:prod_pass@prod-db:5432/veza_prod \
  --from-literal=jwt-secret=production-secret-key-min-32-chars \
  -n veza-production
```

## Verification

### Check Namespaces

```bash
kubectl get namespaces | grep veza
```

### Check Resources per Environment

```bash
# Development
kubectl get all -n veza-development

# Staging
kubectl get all -n veza-staging

# Production
kubectl get all -n veza-production
```

### Check ConfigMaps

```bash
kubectl get configmap veza-config -n veza-development -o yaml
kubectl get configmap veza-config -n veza-staging -o yaml
kubectl get configmap veza-config -n veza-production -o yaml
```

## Environment Promotion

### Promote from Development to Staging

```bash
# Tag images
docker tag veza-backend-api:dev veza-backend-api:staging
docker tag veza-frontend:dev veza-frontend:staging

# Push to registry
docker push veza-backend-api:staging
docker push veza-frontend:staging

# Update deployments
kubectl set image deployment/veza-backend-api \
  backend-api=veza-backend-api:staging \
  -n veza-staging

kubectl set image deployment/veza-frontend \
  frontend=veza-frontend:staging \
  -n veza-staging
```

### Promote from Staging to Production

```bash
# Tag images
docker tag veza-backend-api:staging veza-backend-api:production
docker tag veza-frontend:staging veza-frontend:production

# Push to registry
docker push veza-backend-api:production
docker push veza-frontend:production

# Update deployments
kubectl set image deployment/veza-backend-api \
  backend-api=veza-backend-api:production \
  -n veza-production

kubectl set image deployment/veza-frontend \
  frontend=veza-frontend:production \
  -n veza-production
```

## Best Practices

1. **Separate Secrets**: Never share secrets between environments
2. **Resource Limits**: Set appropriate resource limits per environment
3. **Monitoring**: Enable monitoring in staging and production
4. **Backups**: Configure backups for staging and production
5. **SSL**: Use staging certificates in staging, production in production
6. **CORS**: Restrict CORS origins per environment
7. **Logging**: Use appropriate log levels per environment
8. **Rate Limiting**: Enable in staging and production, disable in dev

## Troubleshooting

### Check Environment Configuration

```bash
# View environment config
kubectl get configmap veza-config -n veza-development -o jsonpath='{.data.app-env}'

# Check pod environment variables
kubectl exec -it deployment/veza-backend-api -n veza-development -- env | grep APP_ENV
```

### Switch Between Environments

```bash
# Set default namespace
kubectl config set-context --current --namespace=veza-development

# Or use -n flag
kubectl get pods -n veza-staging
```

### Compare Configurations

```bash
# Compare configmaps
diff <(kubectl get configmap veza-config -n veza-staging -o yaml) \
     <(kubectl get configmap veza-config -n veza-production -o yaml)
```