|
| 1 | +# Deploying a new backend version |
| 2 | + |
| 3 | +Once a release is built and deployed by CircleCI, deploy it to an environment using ArgoCD. |
| 4 | + |
| 5 | +1. First, to connect to ArgoCD: |
| 6 | +``` |
| 7 | +kubectl -n argocd port-forward service/argocd-server 8443:443 & |
| 8 | +open https://localhost:8443 |
| 9 | +``` |
| 10 | +2. login - credentials are in 1password, or ask someone for help |
| 11 | +3. pick up the new version in staging. |
| 12 | + - go to https://localhost:8443/applications/pyback-staging, |
| 13 | + - click the hamburger menu (3 dots, blue button), -> Details -> Parameters |
| 14 | + - update the images field with the build ID as the tag, like: `operationcode/back-end:staging-846` |
| 15 | + - as the new pods deploy, tail their logs to check for errors |
| 16 | + - validate the staging environment (notes below) |
| 17 | +4. repeat those steps for the production environment |
| 18 | + |
| 19 | +# Validating the staging environment |
| 20 | + |
| 21 | +This requires a working node or docker environment. I found docker to be easier and more reliable but that was me :shrug: |
| 22 | + |
| 23 | +When you run the front-end repo in localdev mode, it automatically connects to the staging environment. |
| 24 | +1. install dependencies: `docker run -it -v ${PWD}:/src -w /src node:lts yarn` |
| 25 | +2. run the dev server: `docker run -it -v ${PWD}:/src -w /src -p 127.0.0.1:3000:3000/tcp node:lts yarn dev --hostname 0.0.0.0` |
| 26 | +3. Connect to the dev server: `open http://localhost:3000` |
| 27 | + |
| 28 | +# Certificate management with certbot |
| 29 | + |
| 30 | +Certbot runs continously as a kube operator and refreshes certs for you. To ensure it is working, |
| 31 | +check the logs of the `cert-manager` pod, like: |
| 32 | +``` |
| 33 | +kubectl -n cert-manager logs -f cert-manager-dcc48bf99-skhn7 |
| 34 | +``` |
| 35 | + |
| 36 | +Current version running is v0.10.1 |
| 37 | + |
| 38 | +if you need for some reason to upgrade: |
| 39 | +1. read the release notes for all versions between current and desired, watch for breaking changes |
| 40 | +2. ignore the instructions about helm and kubectly apply, one minor version at a time |
| 41 | +``` |
| 42 | +kubectl apply \ |
| 43 | + --validate=false \ |
| 44 | + -f https://github.com/jetstack/cert-manager/releases/download/v0.10.1/cert-manager.yaml |
| 45 | +``` |
| 46 | + |
| 47 | +certificates installed: |
| 48 | +``` |
| 49 | +$ kubectl get Certificates --all-namespaces |
| 50 | +NAMESPACE NAME READY SECRET AGE |
| 51 | +monitoring grafana-tls True grafana-tls 299d |
| 52 | +operationcode-staging back-end-tls True back-end-tls 264d |
| 53 | +operationcode-staging resources-api-tls True resources-api-tls 299d |
| 54 | +operationcode back-end-tls True back-end-tls 264d |
| 55 | +operationcode resources-api-tls True resources-api-tls 299d |
| 56 | +``` |
| 57 | + |
0 commit comments