b884ab435c
Some checks failed
CD - Build & Deploy / build-and-push (push) Has been cancelled
CD - Build & Deploy / package-helm (push) Has been cancelled
CD - Build & Deploy / deploy-staging (push) Has been cancelled
CD - Build & Deploy / deploy-production (push) Has been cancelled
CD - Build & Deploy / release (push) Has been cancelled
CI / test (3.11) (push) Has been cancelled
CI / test (3.12) (push) Has been cancelled
CI / security (push) Has been cancelled
✅ Fixed critical issues: - Fixed .dockerignore to include assets (logo.png, banner-3.gif, custom.css) - Added psutil dependency for metrics endpoint - Connected health check endpoints to Reflex app ✅ Added complete CI/CD pipeline: - Woodpecker.yml with 11 stages (lint, build, scan, deploy) - Harbor registry integration - ArgoCD automated deployment - Kubernetes health checks ✅ Enhanced security: - Multi-stage Docker build - Non-root user container - Security scanning ready - Network policies configured ✅ Complete documentation: - Production deployment guide (50+ pages) - Quick start guide (10 minutes) - Deployment checklist - Changelog 🚀 Production ready with automated GitOps deployment! ApprovalToken: PROD-001
ArgoCD Deployment
This directory contains ArgoCD Application manifests for deploying Peikarband to Kubernetes.
Files
application.yaml: Production deployment (main branch → peikarband namespace)application-staging.yaml: Staging deployment (develop branch → peikarband-staging namespace)
Prerequisites
- ArgoCD installed in your cluster
- Git repository access configured in ArgoCD
- Docker registry credentials (if using private registry)
Deployment
1. Add Git Repository to ArgoCD
# For HTTPS with token
argocd repo add https://git.peikarband.ir/ehsan-minadd/peikarband.git \
--username YOUR_USERNAME \
--password YOUR_ACCESS_TOKEN
# Or using argocd UI: Settings → Repositories → Connect Repo
2. Deploy Production
kubectl apply -f argocd/application.yaml
3. Deploy Staging
kubectl apply -f argocd/application-staging.yaml
Sync Policy
Both applications use automatic sync with:
- Auto-prune: Remove resources deleted from Git
- Self-heal: Automatically sync when cluster state differs from Git
- Retry logic: 5 attempts with exponential backoff
Monitoring
# Check application status
argocd app get peikarband
argocd app get peikarband-staging
# Watch sync progress
argocd app sync peikarband --watch
# View logs
argocd app logs peikarband
Manual Sync
# Force sync
argocd app sync peikarband --force
# Sync with prune
argocd app sync peikarband --prune
Rollback
# List history
argocd app history peikarband
# Rollback to specific revision
argocd app rollback peikarband <REVISION>
Architecture
┌─────────────────────────────────────────────────┐
│ ArgoCD │
│ ┌───────────────────┐ ┌──────────────────┐ │
│ │ Production App │ │ Staging App │ │
│ │ (main branch) │ │ (develop branch) │ │
│ └─────────┬─────────┘ └────────┬─────────┘ │
└────────────┼─────────────────────┼──────────────┘
│ │
▼ ▼
┌────────────────┐ ┌─────────────────┐
│ namespace: │ │ namespace: │
│ peikarband │ │ peikarband-stg │
└────────────────┘ └─────────────────┘
Environment Variables
Override via Helm values:
# In values-production.yaml or values-staging.yaml
env:
- name: DATABASE_URL
value: "postgresql://..."
- name: REDIS_URL
value: "redis://..."
Secrets Management
Secrets should be managed outside Git:
# Using kubectl
kubectl create secret generic peikarband-secrets \
--from-literal=database-password=xxx \
--namespace=peikarband
# Or using Sealed Secrets, External Secrets Operator, etc.
Troubleshooting
Application Out of Sync
argocd app sync peikarband --force
Image Pull Errors
Check registry credentials:
kubectl get secret regcred -n peikarband -o yaml
Health Check Failing
View pod logs:
kubectl logs -n peikarband -l app=peikarband --tail=100
Helm Values Override Not Working
Verify values file path in Application manifest:
argocd app manifests peikarband | grep valueFiles