bakery-ia/scripts/deploy-production.sh

#!/bin/bash

# Production Deployment Script for MicroK8s
# This script helps deploy Bakery IA to a MicroK8s cluster

set -e

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}Bakery IA - Production Deployment${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""

# Configuration
NAMESPACE="bakery-ia"
KUSTOMIZE_PATH="infrastructure/environments/prod/k8s-manifests"

# Check if kubectl is available
if ! command -v kubectl &> /dev/null; then
    echo -e "${RED}Error: kubectl not found. Please install kubectl or setup microk8s alias.${NC}"
    exit 1
fi

# Function to check if cluster is accessible
check_cluster() {
    echo -e "${YELLOW}Checking cluster connectivity...${NC}"
    if ! kubectl cluster-info &> /dev/null; then
        echo -e "${RED}Error: Cannot connect to Kubernetes cluster.${NC}"
        echo "Please ensure your kubeconfig is set correctly."
        exit 1
    fi
    echo -e "${GREEN}✓ Cluster connection successful${NC}"
    echo ""
}

# Function to check required addons
check_addons() {
    echo -e "${YELLOW}Checking required MicroK8s addons...${NC}"

    # Check if this is MicroK8s
    if command -v microk8s &> /dev/null; then
        REQUIRED_ADDONS=("dns" "hostpath-storage" "ingress" "cert-manager" "metrics-server")

        for addon in "${REQUIRED_ADDONS[@]}"; do
            if microk8s status | grep -q "$addon: enabled"; then
                echo -e "${GREEN}✓ $addon enabled${NC}"
            else
                echo -e "${RED}✗ $addon not enabled${NC}"
                echo -e "${YELLOW}Enable with: microk8s enable $addon${NC}"
                exit 1
            fi
        done
    else
        echo -e "${YELLOW}Not running on MicroK8s. Skipping addon check.${NC}"
    fi
    echo ""
}

# Function to create namespace
create_namespace() {
    echo -e "${YELLOW}Creating namespace...${NC}"
    if kubectl get namespace $NAMESPACE &> /dev/null; then
        echo -e "${GREEN}✓ Namespace $NAMESPACE already exists${NC}"
    else
        kubectl create namespace $NAMESPACE
        echo -e "${GREEN}✓ Namespace $NAMESPACE created${NC}"
    fi
    echo ""
}

# Function to apply secrets
apply_secrets() {
    echo -e "${YELLOW}Applying secrets...${NC}"
    echo -e "${RED}WARNING: Ensure production secrets are updated before deployment!${NC}"
    read -p "Have you updated production secrets? (yes/no): " confirm

    if [ "$confirm" != "yes" ]; then
        echo -e "${RED}Deployment cancelled. Please update secrets first.${NC}"
        exit 1
    fi

    kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets.yaml
    kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/postgres-tls-secret.yaml
    kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/redis-tls-secret.yaml
    kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/demo-internal-api-key-secret.yaml
    echo -e "${GREEN}✓ Secrets applied${NC}"
    echo ""
}

# Function to apply kustomization
deploy_application() {
    echo -e "${YELLOW}Deploying application...${NC}"
    kubectl apply -k $KUSTOMIZE_PATH
    echo -e "${GREEN}✓ Application deployed${NC}"
    echo ""
}

# Function to wait for deployments
wait_for_deployments() {
    echo -e "${YELLOW}Waiting for deployments to be ready...${NC}"
    echo "This may take several minutes..."

    # Wait for all deployments
    kubectl wait --for=condition=available --timeout=600s \
        deployment --all -n $NAMESPACE

    echo -e "${GREEN}✓ All deployments are ready${NC}"
    echo ""
}

# Function to check deployment status
check_status() {
    echo -e "${YELLOW}Deployment Status:${NC}"
    echo ""

    echo "Pods:"
    kubectl get pods -n $NAMESPACE
    echo ""

    echo "Services:"
    kubectl get svc -n $NAMESPACE
    echo ""

    echo "Ingress:"
    kubectl get ingress -n $NAMESPACE
    echo ""

    echo "Persistent Volume Claims:"
    kubectl get pvc -n $NAMESPACE
    echo ""

    echo "Certificates:"
    kubectl get certificate -n $NAMESPACE
    echo ""
}

# Function to show access information
show_access_info() {
    echo -e "${GREEN}========================================${NC}"
    echo -e "${GREEN}Deployment Complete!${NC}"
    echo -e "${GREEN}========================================${NC}"
    echo ""
    echo "Access your application at:"

    # Get ingress hosts
    HOSTS=$(kubectl get ingress bakery-ingress-prod -n $NAMESPACE -o jsonpath='{.spec.rules[*].host}' 2>/dev/null || echo "")

    if [ -n "$HOSTS" ]; then
        for host in $HOSTS; do
            echo "  https://$host"
        done
    else
        echo "  Configure your domain in prod-ingress.yaml"
    fi

    echo ""
    echo "Useful commands:"
    echo "  View logs:    kubectl logs -f deployment/gateway -n $NAMESPACE"
    echo "  Check pods:   kubectl get pods -n $NAMESPACE"
    echo "  Check events: kubectl get events -n $NAMESPACE --sort-by='.lastTimestamp'"
    echo "  Scale:        kubectl scale deployment/gateway --replicas=5 -n $NAMESPACE"
    echo ""
}

# Main deployment flow
main() {
    check_cluster
    check_addons
    create_namespace
    apply_secrets
    deploy_application

    echo -e "${YELLOW}Do you want to wait for deployments to be ready? (yes/no):${NC}"
    read -p "> " wait_confirm

    if [ "$wait_confirm" = "yes" ]; then
        wait_for_deployments
    fi

    check_status
    show_access_info
}

# Run main function
main
Add comprehensive Kubernetes migration guide from local to production This commit adds complete documentation and tooling for migrating from local development (Kind/Colima on macOS) to production deployment (MicroK8s on Ubuntu VPS at Clouding.io). Documentation added: - K8S-MIGRATION-GUIDE.md: Comprehensive step-by-step migration guide covering all phases from VPS setup to post-deployment operations - MIGRATION-CHECKLIST.md: Quick reference checklist for migration tasks - MIGRATION-SUMMARY.md: High-level overview and key changes summary Configuration updates: - Added storage-patch.yaml for MicroK8s storage class compatibility (changes from 'standard' to 'microk8s-hostpath') - Updated prod/kustomization.yaml to include storage patch Helper scripts: - deploy-production.sh: Interactive deployment script with validation - tag-and-push-images.sh: Automated image tagging and registry push - backup-databases.sh: Database backup script for production Key differences addressed: - Ingress: MicroK8s addon vs custom NGINX - Storage: MicroK8s hostpath vs Kind standard storage - Registry: Container registry configuration for production - SSL: Let's Encrypt production certificates - Domains: Real domain configuration vs localhost - Resources: Production-grade resource limits and scaling The migration guide covers: - VPS setup and MicroK8s installation - Configuration adaptations required - Container registry setup options - SSL certificate configuration - Monitoring and backup setup - Troubleshooting common issues - Security hardening checklist - Rollback procedures All existing Kubernetes manifests remain unchanged and compatible. 2026-01-02 14:57:09 +00:00			`#!/bin/bash`

			`# Production Deployment Script for MicroK8s`
			`# This script helps deploy Bakery IA to a MicroK8s cluster`

			`set -e`

			`# Colors for output`
			`RED='\033[0;31m'`
			`GREEN='\033[0;32m'`
			`YELLOW='\033[1;33m'`
			`NC='\033[0m' # No Color`

			`echo -e "${GREEN}========================================${NC}"`
			`echo -e "${GREEN}Bakery IA - Production Deployment${NC}"`
			`echo -e "${GREEN}========================================${NC}"`
			`echo ""`

			`# Configuration`
			`NAMESPACE="bakery-ia"`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`KUSTOMIZE_PATH="infrastructure/environments/prod/k8s-manifests"`
Add comprehensive Kubernetes migration guide from local to production This commit adds complete documentation and tooling for migrating from local development (Kind/Colima on macOS) to production deployment (MicroK8s on Ubuntu VPS at Clouding.io). Documentation added: - K8S-MIGRATION-GUIDE.md: Comprehensive step-by-step migration guide covering all phases from VPS setup to post-deployment operations - MIGRATION-CHECKLIST.md: Quick reference checklist for migration tasks - MIGRATION-SUMMARY.md: High-level overview and key changes summary Configuration updates: - Added storage-patch.yaml for MicroK8s storage class compatibility (changes from 'standard' to 'microk8s-hostpath') - Updated prod/kustomization.yaml to include storage patch Helper scripts: - deploy-production.sh: Interactive deployment script with validation - tag-and-push-images.sh: Automated image tagging and registry push - backup-databases.sh: Database backup script for production Key differences addressed: - Ingress: MicroK8s addon vs custom NGINX - Storage: MicroK8s hostpath vs Kind standard storage - Registry: Container registry configuration for production - SSL: Let's Encrypt production certificates - Domains: Real domain configuration vs localhost - Resources: Production-grade resource limits and scaling The migration guide covers: - VPS setup and MicroK8s installation - Configuration adaptations required - Container registry setup options - SSL certificate configuration - Monitoring and backup setup - Troubleshooting common issues - Security hardening checklist - Rollback procedures All existing Kubernetes manifests remain unchanged and compatible. 2026-01-02 14:57:09 +00:00
			`# Check if kubectl is available`
			`if ! command -v kubectl &> /dev/null; then`
			`echo -e "${RED}Error: kubectl not found. Please install kubectl or setup microk8s alias.${NC}"`
			`exit 1`
			`fi`

			`# Function to check if cluster is accessible`
			`check_cluster() {`
			`echo -e "${YELLOW}Checking cluster connectivity...${NC}"`
			`if ! kubectl cluster-info &> /dev/null; then`
			`echo -e "${RED}Error: Cannot connect to Kubernetes cluster.${NC}"`
			`echo "Please ensure your kubeconfig is set correctly."`
			`exit 1`
			`fi`
			`echo -e "${GREEN}✓ Cluster connection successful${NC}"`
			`echo ""`
			`}`

			`# Function to check required addons`
			`check_addons() {`
			`echo -e "${YELLOW}Checking required MicroK8s addons...${NC}"`

			`# Check if this is MicroK8s`
			`if command -v microk8s &> /dev/null; then`
			`REQUIRED_ADDONS=("dns" "hostpath-storage" "ingress" "cert-manager" "metrics-server")`

			`for addon in "${REQUIRED_ADDONS[@]}"; do`
			`if microk8s status \| grep -q "$addon: enabled"; then`
			`echo -e "${GREEN}✓ $addon enabled${NC}"`
			`else`
			`echo -e "${RED}✗ $addon not enabled${NC}"`
			`echo -e "${YELLOW}Enable with: microk8s enable $addon${NC}"`
			`exit 1`
			`fi`
			`done`
			`else`
			`echo -e "${YELLOW}Not running on MicroK8s. Skipping addon check.${NC}"`
			`fi`
			`echo ""`
			`}`

			`# Function to create namespace`
			`create_namespace() {`
			`echo -e "${YELLOW}Creating namespace...${NC}"`
			`if kubectl get namespace $NAMESPACE &> /dev/null; then`
			`echo -e "${GREEN}✓ Namespace $NAMESPACE already exists${NC}"`
			`else`
			`kubectl create namespace $NAMESPACE`
			`echo -e "${GREEN}✓ Namespace $NAMESPACE created${NC}"`
			`fi`
			`echo ""`
			`}`

			`# Function to apply secrets`
			`apply_secrets() {`
			`echo -e "${YELLOW}Applying secrets...${NC}"`
			`echo -e "${RED}WARNING: Ensure production secrets are updated before deployment!${NC}"`
			`read -p "Have you updated production secrets? (yes/no): " confirm`

			`if [ "$confirm" != "yes" ]; then`
			`echo -e "${RED}Deployment cancelled. Please update secrets first.${NC}"`
			`exit 1`
			`fi`

Add new infra architecture 2026-01-19 11:55:17 +01:00			`kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets.yaml`
			`kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/postgres-tls-secret.yaml`
			`kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/redis-tls-secret.yaml`
			`kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/demo-internal-api-key-secret.yaml`
Add comprehensive Kubernetes migration guide from local to production This commit adds complete documentation and tooling for migrating from local development (Kind/Colima on macOS) to production deployment (MicroK8s on Ubuntu VPS at Clouding.io). Documentation added: - K8S-MIGRATION-GUIDE.md: Comprehensive step-by-step migration guide covering all phases from VPS setup to post-deployment operations - MIGRATION-CHECKLIST.md: Quick reference checklist for migration tasks - MIGRATION-SUMMARY.md: High-level overview and key changes summary Configuration updates: - Added storage-patch.yaml for MicroK8s storage class compatibility (changes from 'standard' to 'microk8s-hostpath') - Updated prod/kustomization.yaml to include storage patch Helper scripts: - deploy-production.sh: Interactive deployment script with validation - tag-and-push-images.sh: Automated image tagging and registry push - backup-databases.sh: Database backup script for production Key differences addressed: - Ingress: MicroK8s addon vs custom NGINX - Storage: MicroK8s hostpath vs Kind standard storage - Registry: Container registry configuration for production - SSL: Let's Encrypt production certificates - Domains: Real domain configuration vs localhost - Resources: Production-grade resource limits and scaling The migration guide covers: - VPS setup and MicroK8s installation - Configuration adaptations required - Container registry setup options - SSL certificate configuration - Monitoring and backup setup - Troubleshooting common issues - Security hardening checklist - Rollback procedures All existing Kubernetes manifests remain unchanged and compatible. 2026-01-02 14:57:09 +00:00			`echo -e "${GREEN}✓ Secrets applied${NC}"`
			`echo ""`
			`}`

			`# Function to apply kustomization`
			`deploy_application() {`
			`echo -e "${YELLOW}Deploying application...${NC}"`
			`kubectl apply -k $KUSTOMIZE_PATH`
			`echo -e "${GREEN}✓ Application deployed${NC}"`
			`echo ""`
			`}`

			`# Function to wait for deployments`
			`wait_for_deployments() {`
			`echo -e "${YELLOW}Waiting for deployments to be ready...${NC}"`
			`echo "This may take several minutes..."`

			`# Wait for all deployments`
			`kubectl wait --for=condition=available --timeout=600s \`
			`deployment --all -n $NAMESPACE`

			`echo -e "${GREEN}✓ All deployments are ready${NC}"`
			`echo ""`
			`}`

			`# Function to check deployment status`
			`check_status() {`
			`echo -e "${YELLOW}Deployment Status:${NC}"`
			`echo ""`

			`echo "Pods:"`
			`kubectl get pods -n $NAMESPACE`
			`echo ""`

			`echo "Services:"`
			`kubectl get svc -n $NAMESPACE`
			`echo ""`

			`echo "Ingress:"`
			`kubectl get ingress -n $NAMESPACE`
			`echo ""`

			`echo "Persistent Volume Claims:"`
			`kubectl get pvc -n $NAMESPACE`
			`echo ""`

			`echo "Certificates:"`
			`kubectl get certificate -n $NAMESPACE`
			`echo ""`
			`}`

			`# Function to show access information`
			`show_access_info() {`
			`echo -e "${GREEN}========================================${NC}"`
			`echo -e "${GREEN}Deployment Complete!${NC}"`
			`echo -e "${GREEN}========================================${NC}"`
			`echo ""`
			`echo "Access your application at:"`

			`# Get ingress hosts`
			`HOSTS=$(kubectl get ingress bakery-ingress-prod -n $NAMESPACE -o jsonpath='{.spec.rules[*].host}' 2>/dev/null \|\| echo "")`

			`if [ -n "$HOSTS" ]; then`
			`for host in $HOSTS; do`
			`echo " https://$host"`
			`done`
			`else`
			`echo " Configure your domain in prod-ingress.yaml"`
			`fi`

			`echo ""`
			`echo "Useful commands:"`
			`echo " View logs: kubectl logs -f deployment/gateway -n $NAMESPACE"`
			`echo " Check pods: kubectl get pods -n $NAMESPACE"`
			`echo " Check events: kubectl get events -n $NAMESPACE --sort-by='.lastTimestamp'"`
			`echo " Scale: kubectl scale deployment/gateway --replicas=5 -n $NAMESPACE"`
			`echo ""`
			`}`

			`# Main deployment flow`
			`main() {`
			`check_cluster`
			`check_addons`
			`create_namespace`
			`apply_secrets`
			`deploy_application`

			`echo -e "${YELLOW}Do you want to wait for deployments to be ready? (yes/no):${NC}"`
			`read -p "> " wait_confirm`

			`if [ "$wait_confirm" = "yes" ]; then`
			`wait_for_deployments`
			`fi`

			`check_status`
			`show_access_info`
			`}`

			`# Run main function`
			`main`