senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/k8s/environments/README.md
senke f9120c322b
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details
Stream Server CI / test (push) Failing after 0s
Details
release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 
- ORDER BY dynamiques : whitelist explicite, fallback created_at DESC
- Login/register soumis au rate limiter global
- VERSION sync + check CI
- Nettoyage références veza-chat-server
- Go 1.24 partout (Dockerfile, workflows)
- TODO/FIXME/HACK convertis en issues ou résolus
2026-02-27 09:43:25 +01:00

7.4 KiB
Raw Blame History

Environment Management

This directory contains Kubernetes configurations for managing separate development, staging, and production environments.

Overview

The Veza platform uses three distinct environments:

  • Development: Local development and testing
  • Staging: Pre-production testing and validation
  • Production: Live production environment

Structure

k8s/environments/
├── namespaces.yaml                    # Namespace definitions for all environments
├── development/
│   ├── configmap.yaml                 # Development-specific configuration
│   └── deployment-overrides.yaml      # Development deployment overrides
├── staging/
│   ├── configmap.yaml                 # Staging-specific configuration
│   └── deployment-overrides.yaml      # Staging deployment overrides
├── production/
│   ├── configmap.yaml                 # Production-specific configuration
│   └── deployment-overrides.yaml     # Production deployment overrides
├── ingress-dev.yaml                   # Development ingress (no SSL)
├── ingress-staging.yaml               # Staging ingress (staging SSL)
└── README.md                          # This file

Environment Differences

Development

  • Replicas: 1 per service
  • Resources: Minimal (for local development)
  • Logging: DEBUG level
  • SSL: Disabled
  • Rate Limiting: Disabled
  • Profiling: Enabled
  • CORS: Localhost origins allowed

Staging

  • Replicas: 2 per service
  • Resources: Medium
  • Logging: INFO level
  • SSL: Let's Encrypt staging certificates
  • Rate Limiting: Enabled (200 req/min)
  • Profiling: Disabled
  • CORS: Staging domains only
  • CDN: Enabled (staging CDN)

Production

  • Replicas: 3+ per service
  • Resources: High (with autoscaling)
  • Logging: WARN level
  • SSL: Let's Encrypt production certificates
  • Rate Limiting: Enabled (100 req/min)
  • Profiling: Disabled
  • CORS: Production domains only
  • CDN: Enabled (production CDN)
  • Monitoring: Full monitoring and alerting

Deployment

1. Create Namespaces

kubectl apply -f k8s/environments/namespaces.yaml

2. Deploy Environment-Specific ConfigMaps

# Development
kubectl apply -f k8s/environments/development/configmap.yaml

# Staging
kubectl apply -f k8s/environments/staging/configmap.yaml

# Production
kubectl apply -f k8s/environments/production/configmap.yaml

3. Deploy Base Resources

Deploy base resources (deployments, services) to each namespace:

# Development
kubectl apply -f k8s/backend-api/ -n veza-development
kubectl apply -f k8s/frontend/ -n veza-development

# Staging
kubectl apply -f k8s/backend-api/ -n veza-staging
kubectl apply -f k8s/frontend/ -n veza-staging

# Production
kubectl apply -f k8s/backend-api/ -n veza-production
kubectl apply -f k8s/frontend/ -n veza-production

4. Apply Environment Overrides

# Development
kubectl apply -f k8s/environments/development/deployment-overrides.yaml

# Staging
kubectl apply -f k8s/environments/staging/deployment-overrides.yaml

# Production
kubectl apply -f k8s/environments/production/deployment-overrides.yaml

5. Deploy Ingress

# Development (no SSL)
kubectl apply -f k8s/environments/ingress-dev.yaml

# Staging (staging SSL)
kubectl apply -f k8s/environments/ingress-staging.yaml

# Production (production SSL - already in k8s/ingress.yaml)
kubectl apply -f k8s/ingress.yaml

Configuration

Environment Variables

Each environment has different configuration values:

Development

  • APP_ENV=development
  • LOG_LEVEL=DEBUG
  • ENABLE_PROFILING=true
  • RATE_LIMIT_ENABLED=false

Staging

  • APP_ENV=staging
  • LOG_LEVEL=INFO
  • ENABLE_PROFILING=false
  • RATE_LIMIT_ENABLED=true
  • RATE_LIMIT_LIMIT=200

Production

  • APP_ENV=production
  • LOG_LEVEL=WARN
  • ENABLE_PROFILING=false
  • RATE_LIMIT_ENABLED=true
  • RATE_LIMIT_LIMIT=100

Secrets

Each environment should have its own secrets:

# Development secrets
kubectl create secret generic veza-secrets \
  --from-literal=database-url=postgres://dev_user:dev_pass@dev-db:5432/veza_dev \
  --from-literal=jwt-secret=dev-secret-key-min-32-chars \
  -n veza-development

# Staging secrets
kubectl create secret generic veza-secrets \
  --from-literal=database-url=postgres://staging_user:staging_pass@staging-db:5432/veza_staging \
  --from-literal=jwt-secret=staging-secret-key-min-32-chars \
  -n veza-staging

# Production secrets
kubectl create secret generic veza-secrets \
  --from-literal=database-url=postgres://prod_user:prod_pass@prod-db:5432/veza_prod \
  --from-literal=jwt-secret=production-secret-key-min-32-chars \
  -n veza-production

Verification

Check Namespaces

kubectl get namespaces | grep veza

Check Resources per Environment

# Development
kubectl get all -n veza-development

# Staging
kubectl get all -n veza-staging

# Production
kubectl get all -n veza-production

Check ConfigMaps

kubectl get configmap veza-config -n veza-development -o yaml
kubectl get configmap veza-config -n veza-staging -o yaml
kubectl get configmap veza-config -n veza-production -o yaml

Environment Promotion

Promote from Development to Staging

# Tag images
docker tag veza-backend-api:dev veza-backend-api:staging
docker tag veza-frontend:dev veza-frontend:staging

# Push to registry
docker push veza-backend-api:staging
docker push veza-frontend:staging

# Update deployments
kubectl set image deployment/veza-backend-api \
  backend-api=veza-backend-api:staging \
  -n veza-staging

kubectl set image deployment/veza-frontend \
  frontend=veza-frontend:staging \
  -n veza-staging

Promote from Staging to Production

# Tag images
docker tag veza-backend-api:staging veza-backend-api:production
docker tag veza-frontend:staging veza-frontend:production

# Push to registry
docker push veza-backend-api:production
docker push veza-frontend:production

# Update deployments
kubectl set image deployment/veza-backend-api \
  backend-api=veza-backend-api:production \
  -n veza-production

kubectl set image deployment/veza-frontend \
  frontend=veza-frontend:production \
  -n veza-production

Best Practices

  1. Separate Secrets: Never share secrets between environments
  2. Resource Limits: Set appropriate resource limits per environment
  3. Monitoring: Enable monitoring in staging and production
  4. Backups: Configure backups for staging and production
  5. SSL: Use staging certificates in staging, production in production
  6. CORS: Restrict CORS origins per environment
  7. Logging: Use appropriate log levels per environment
  8. Rate Limiting: Enable in staging and production, disable in dev

Troubleshooting

Check Environment Configuration

# View environment config
kubectl get configmap veza-config -n veza-development -o jsonpath='{.data.app-env}'

# Check pod environment variables
kubectl exec -it deployment/veza-backend-api -n veza-development -- env | grep APP_ENV

Switch Between Environments

# Set default namespace
kubectl config set-context --current --namespace=veza-development

# Or use -n flag
kubectl get pods -n veza-staging

Compare Configurations

# Compare configmaps
diff <(kubectl get configmap veza-config -n veza-staging -o yaml) \
     <(kubectl get configmap veza-config -n veza-production -o yaml)