f9120c322b
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Backend API CI / test-integration (push) Failing after 0s
Frontend CI / test (push) Failing after 0s
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Stream Server CI / test (push) Failing after 0s
- ORDER BY dynamiques : whitelist explicite, fallback created_at DESC - Login/register soumis au rate limiter global - VERSION sync + check CI - Nettoyage références veza-chat-server - Go 1.24 partout (Dockerfile, workflows) - TODO/FIXME/HACK convertis en issues ou résolus |
||
|---|---|---|
| .. | ||
| development | ||
| production | ||
| staging | ||
| ingress-dev.yaml | ||
| ingress-staging.yaml | ||
| namespaces.yaml | ||
| README.md | ||
Environment Management
This directory contains Kubernetes configurations for managing separate development, staging, and production environments.
Overview
The Veza platform uses three distinct environments:
- Development: Local development and testing
- Staging: Pre-production testing and validation
- Production: Live production environment
Structure
k8s/environments/
├── namespaces.yaml # Namespace definitions for all environments
├── development/
│ ├── configmap.yaml # Development-specific configuration
│ └── deployment-overrides.yaml # Development deployment overrides
├── staging/
│ ├── configmap.yaml # Staging-specific configuration
│ └── deployment-overrides.yaml # Staging deployment overrides
├── production/
│ ├── configmap.yaml # Production-specific configuration
│ └── deployment-overrides.yaml # Production deployment overrides
├── ingress-dev.yaml # Development ingress (no SSL)
├── ingress-staging.yaml # Staging ingress (staging SSL)
└── README.md # This file
Environment Differences
Development
- Replicas: 1 per service
- Resources: Minimal (for local development)
- Logging: DEBUG level
- SSL: Disabled
- Rate Limiting: Disabled
- Profiling: Enabled
- CORS: Localhost origins allowed
Staging
- Replicas: 2 per service
- Resources: Medium
- Logging: INFO level
- SSL: Let's Encrypt staging certificates
- Rate Limiting: Enabled (200 req/min)
- Profiling: Disabled
- CORS: Staging domains only
- CDN: Enabled (staging CDN)
Production
- Replicas: 3+ per service
- Resources: High (with autoscaling)
- Logging: WARN level
- SSL: Let's Encrypt production certificates
- Rate Limiting: Enabled (100 req/min)
- Profiling: Disabled
- CORS: Production domains only
- CDN: Enabled (production CDN)
- Monitoring: Full monitoring and alerting
Deployment
1. Create Namespaces
kubectl apply -f k8s/environments/namespaces.yaml
2. Deploy Environment-Specific ConfigMaps
# Development
kubectl apply -f k8s/environments/development/configmap.yaml
# Staging
kubectl apply -f k8s/environments/staging/configmap.yaml
# Production
kubectl apply -f k8s/environments/production/configmap.yaml
3. Deploy Base Resources
Deploy base resources (deployments, services) to each namespace:
# Development
kubectl apply -f k8s/backend-api/ -n veza-development
kubectl apply -f k8s/frontend/ -n veza-development
# Staging
kubectl apply -f k8s/backend-api/ -n veza-staging
kubectl apply -f k8s/frontend/ -n veza-staging
# Production
kubectl apply -f k8s/backend-api/ -n veza-production
kubectl apply -f k8s/frontend/ -n veza-production
4. Apply Environment Overrides
# Development
kubectl apply -f k8s/environments/development/deployment-overrides.yaml
# Staging
kubectl apply -f k8s/environments/staging/deployment-overrides.yaml
# Production
kubectl apply -f k8s/environments/production/deployment-overrides.yaml
5. Deploy Ingress
# Development (no SSL)
kubectl apply -f k8s/environments/ingress-dev.yaml
# Staging (staging SSL)
kubectl apply -f k8s/environments/ingress-staging.yaml
# Production (production SSL - already in k8s/ingress.yaml)
kubectl apply -f k8s/ingress.yaml
Configuration
Environment Variables
Each environment has different configuration values:
Development
APP_ENV=developmentLOG_LEVEL=DEBUGENABLE_PROFILING=trueRATE_LIMIT_ENABLED=false
Staging
APP_ENV=stagingLOG_LEVEL=INFOENABLE_PROFILING=falseRATE_LIMIT_ENABLED=trueRATE_LIMIT_LIMIT=200
Production
APP_ENV=productionLOG_LEVEL=WARNENABLE_PROFILING=falseRATE_LIMIT_ENABLED=trueRATE_LIMIT_LIMIT=100
Secrets
Each environment should have its own secrets:
# Development secrets
kubectl create secret generic veza-secrets \
--from-literal=database-url=postgres://dev_user:dev_pass@dev-db:5432/veza_dev \
--from-literal=jwt-secret=dev-secret-key-min-32-chars \
-n veza-development
# Staging secrets
kubectl create secret generic veza-secrets \
--from-literal=database-url=postgres://staging_user:staging_pass@staging-db:5432/veza_staging \
--from-literal=jwt-secret=staging-secret-key-min-32-chars \
-n veza-staging
# Production secrets
kubectl create secret generic veza-secrets \
--from-literal=database-url=postgres://prod_user:prod_pass@prod-db:5432/veza_prod \
--from-literal=jwt-secret=production-secret-key-min-32-chars \
-n veza-production
Verification
Check Namespaces
kubectl get namespaces | grep veza
Check Resources per Environment
# Development
kubectl get all -n veza-development
# Staging
kubectl get all -n veza-staging
# Production
kubectl get all -n veza-production
Check ConfigMaps
kubectl get configmap veza-config -n veza-development -o yaml
kubectl get configmap veza-config -n veza-staging -o yaml
kubectl get configmap veza-config -n veza-production -o yaml
Environment Promotion
Promote from Development to Staging
# Tag images
docker tag veza-backend-api:dev veza-backend-api:staging
docker tag veza-frontend:dev veza-frontend:staging
# Push to registry
docker push veza-backend-api:staging
docker push veza-frontend:staging
# Update deployments
kubectl set image deployment/veza-backend-api \
backend-api=veza-backend-api:staging \
-n veza-staging
kubectl set image deployment/veza-frontend \
frontend=veza-frontend:staging \
-n veza-staging
Promote from Staging to Production
# Tag images
docker tag veza-backend-api:staging veza-backend-api:production
docker tag veza-frontend:staging veza-frontend:production
# Push to registry
docker push veza-backend-api:production
docker push veza-frontend:production
# Update deployments
kubectl set image deployment/veza-backend-api \
backend-api=veza-backend-api:production \
-n veza-production
kubectl set image deployment/veza-frontend \
frontend=veza-frontend:production \
-n veza-production
Best Practices
- Separate Secrets: Never share secrets between environments
- Resource Limits: Set appropriate resource limits per environment
- Monitoring: Enable monitoring in staging and production
- Backups: Configure backups for staging and production
- SSL: Use staging certificates in staging, production in production
- CORS: Restrict CORS origins per environment
- Logging: Use appropriate log levels per environment
- Rate Limiting: Enable in staging and production, disable in dev
Troubleshooting
Check Environment Configuration
# View environment config
kubectl get configmap veza-config -n veza-development -o jsonpath='{.data.app-env}'
# Check pod environment variables
kubectl exec -it deployment/veza-backend-api -n veza-development -- env | grep APP_ENV
Switch Between Environments
# Set default namespace
kubectl config set-context --current --namespace=veza-development
# Or use -n flag
kubectl get pods -n veza-staging
Compare Configurations
# Compare configmaps
diff <(kubectl get configmap veza-config -n veza-staging -o yaml) \
<(kubectl get configmap veza-config -n veza-production -o yaml)