From 22be5645a2c547871696c6c5a47114f786556473 Mon Sep 17 00:00:00 2001 From: maxmwang Date: Thu, 16 Jan 2025 00:01:41 -0800 Subject: [PATCH] update docs --- docs/src/core/infrastructure/runbooks.md | 16 ++++++++++++++++ infra/init.sh | 8 ++++++++ 2 files changed, 24 insertions(+) diff --git a/docs/src/core/infrastructure/runbooks.md b/docs/src/core/infrastructure/runbooks.md index ebad3beac..a709a90cf 100644 --- a/docs/src/core/infrastructure/runbooks.md +++ b/docs/src/core/infrastructure/runbooks.md @@ -59,3 +59,19 @@ Sometimes, releases will be stuck in an `uninstalling` state. This command quick 4. The newly create sealed secret encrypts the key-value pairs, allowing it to be safely pushed to GitHub. Steps 2 and 3 are derived from [the sealed-secrets docs](https://github.com/bitnami-labs/sealed-secrets?tab=readme-ov-file#usage). + +## Kubernetes Cluster Initialization + +On (extremely) rare occasions, the cluster will fail. To recreate the cluster, follow the instructions below (note that these may be incomplete, as the necessary repair varies): + +1. [Install necessary dependencies](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/). Note that you may **not** need to install all dependencies. Our choice of Container Runtime Interface (CRI) is `containerd` with `runc`. You will probably **not** need to configure the cgroup driver (our choice is `systemd`), but if so, make sure to set it in both the `kubelet` and `containerd` configs. + +2. [Initialize the cluster with `kubeadm`](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/). + +3. [Install Cilium](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/#install-the-cilium-cli), our choice of Container Network Interface (CNI). Note that you may **not** need to install the `cilium` CLI tool. + +4. Follow the commands in `infra/init.sh` one-by-one, ensuring each deployment succeeds, up until the `bt-base` installation. + +5. Because the `sealed-secrets` instance has been redeployed, every `SealedSecret` manifest must be recreated using `kubeseal` and the new `sealed-secrets` instance. Look at the [sealed secret deployment runbook](#new-sealed-secret-deployment). + +6. Now, each remaining service can be deployed. Note that MongoDB and Redis must be deployed before the backend service, otherwise the backend service will crash. Feel free to use the CI/CD pipeline to deploy the application services. diff --git a/infra/init.sh b/infra/init.sh index 0839bef72..67dd9aee4 100755 --- a/infra/init.sh +++ b/infra/init.sh @@ -91,3 +91,11 @@ helm install bt-dev-app oci://registry-1.docker.io/octoberkeleytime/bt-app --nam --set mongoUri=mongodb://bt-dev-mongo-mongodb-0.bt-dev-mongo-mongodb-headless.bt.svc.cluster.local:27017/bt \ --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \ --set nodeEnv=development + +# ========== +# DOCS +# ========== + +helm install bt-prod-docs oci://registry-1.docker.io/octoberkeleytime/bt-docs --namespace=bt \ + --version=1.0.0 \ + --set host=docs.stanfurdtime.com