# Container Mom Portal Deployment Guide This guide covers deploying the Container Mom Backstage Portal using Helm charts with GitOps via ArgoCD. ## Prerequisites - Kubernetes cluster 1.21+ - Helm 3.8+ - ArgoCD installed and configured - cert-manager for TLS certificates - NGINX Ingress Controller - PostgreSQL (or external database) ## Quick Start ### 1. Development Deployment ```bash # Install with development values helm install container-mom-portal ./portal/helm/backstage \ --namespace container-mom-portal \ --create-namespace \ --values portal/helm/backstage/values/development.yaml ``` ### 2. Production Deployment via ArgoCD ```yaml # Add to ArgoCD Application apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: container-mom-portal namespace: argocd spec: project: default source: repoURL: https://github.com/container-mom/container-mom targetRevision: main path: portal/helm/backstage helm: valueFiles: - values/production.yaml destination: server: https://kubernetes.default.svc namespace: container-mom-portal syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true ``` ## Configuration ### Required Secrets Before deployment, create the following secrets: #### Container Mom Service Account Token ```bash kubectl create secret generic container-mom-sa-token \ --namespace container-mom-portal \ --from-literal=token="your-service-account-token" ``` #### Auth0 Credentials ```bash kubectl create secret generic auth0-credentials \ --namespace container-mom-portal \ --from-literal=domain="your-domain.auth0.com" \ --from-literal=clientId="your-client-id" \ --from-literal=clientSecret="your-client-secret" \ --from-literal=audience="your-audience" ``` #### Stripe Credentials ```bash kubectl create secret generic stripe-credentials \ --namespace container-mom-portal \ --from-literal=publicKey="pk_live_..." \ --from-literal=secretKey="sk_live_..." ``` ### Environment-Specific Values #### Development - Uses local database or external connection - Disabled ingress (development on localhost) - Lower resource requirements - Mock observability endpoints #### Production - PostgreSQL with high availability - SSL-enabled ingress with cert-manager - Production resource limits - Real observability stack integration - External secret management ### Custom Values Override Create a custom values file for your environment: ```yaml # custom-values.yaml backstage: containerMom: cluster: apiServerUrl: "https://your-kubernetes-api" auth: providers: auth0: domain: "your-domain.auth0.com" observability: grafana: url: "https://your-grafana.com" prometheus: url: "https://your-prometheus.com" ingress: hosts: - host: portal.your-domain.com ``` ## Monitoring and Observability ### Metrics The chart automatically creates ServiceMonitor resources for Prometheus scraping: ```yaml serviceMonitor: enabled: true labels: release: prometheus-operator interval: 15s ``` ### Health Checks Liveness and readiness probes are configured: ```yaml probes: liveness: enabled: true path: /healthcheck initialDelaySeconds: 60 readiness: enabled: true path: /healthcheck initialDelaySeconds: 30 ``` ### Grafana Integration Customer-specific dashboards are automatically configured when Grafana observability is enabled. ## Scaling ### Horizontal Pod Autoscaling ```yaml autoscaling: enabled: true minReplicas: 3 maxReplicas: 20 targetCPUUtilizationPercentage: 60 ``` ### Vertical Scaling Resource requests and limits can be adjusted per environment: ```yaml resources: backend: limits: cpu: 4000m memory: 8Gi requests: cpu: 2000m memory: 4Gi ``` ## Security ### Pod Security - Non-root user execution - Read-only root filesystem - Dropped capabilities - seccomp profiles ### Network Policies Consider implementing network policies to restrict traffic: ```yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: container-mom-portal-netpol spec: podSelector: matchLabels: app.kubernetes.io/name: container-mom-portal policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: name: ingress-nginx ports: - protocol: TCP port: 7007 ``` ## Troubleshooting ### Common Issues #### 1. Plugin Loading Failures Check ConfigMap and volume mounts: ```bash kubectl describe configmap container-mom-plugin-config -n container-mom-portal kubectl describe pod -n container-mom-portal ``` #### 2. Database Connection Issues Verify PostgreSQL service and credentials: ```bash kubectl get svc -n container-mom-portal kubectl get secret postgresql-credentials -n container-mom-portal -o yaml ``` #### 3. Auth0 Integration Problems Check Auth0 configuration and network connectivity: ```bash kubectl logs -n container-mom-portal | grep auth ``` #### 4. Container Mom API Connection Verify service account token and cluster connectivity: ```bash kubectl exec -it -n container-mom-portal -- curl -H "Authorization: Bearer $CONTAINER_MOM_SA_TOKEN" https://api.container.mom/healthz ``` ### Log Aggregation Logs are automatically forwarded to the configured Logstash endpoint for centralized logging. ### Debug Mode Enable debug logging for troubleshooting: ```yaml backstage: appConfig: backend: log: level: debug ``` ## Backup and Recovery ### Database Backup The PostgreSQL chart includes backup capabilities: ```yaml postgresql: backup: enabled: true schedule: "0 2 * * *" retention: "30d" ``` ### Configuration Backup Backup ConfigMaps and Secrets: ```bash kubectl get configmaps,secrets -n container-mom-portal -o yaml > portal-backup.yaml ``` ## Updates and Maintenance ### Rolling Updates The deployment supports rolling updates with zero downtime: ```bash helm upgrade container-mom-portal ./portal/helm/backstage \ --namespace container-mom-portal \ --values portal/helm/backstage/values/production.yaml ``` ### Health Monitoring Monitor deployment health during updates: ```bash kubectl rollout status deployment/container-mom-portal -n container-mom-portal ``` ## Support For deployment issues: 1. Check the troubleshooting section above 2. Review logs: `kubectl logs -l app.kubernetes.io/name=container-mom-portal -n container-mom-portal` 3. Contact Container Mom support with deployment details