╔═══════════════════════════════════════════════════════════════════════════╗ ║ AUTHENTICATION SERVICE DEPLOYMENT ║ ║ Quick Reference Card ║ ╚═══════════════════════════════════════════════════════════════════════════╝ 📦 STATUS: READY FOR DEPLOYMENT 📁 Location: apps/authentication-service/ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ CRITICAL CHANGES FROM PREVIOUS VERSION ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ ✓ ENVIRONMENT: "production" (was "dev") ✓ DEBUG: "False" (was "True") ✓ JWT_SECRET_KEY (unified, was JWT_PRIVATE_KEY/JWT_PUBLIC_KEY) ✓ All secrets from: auth-service-secrets (unified) ✓ Cloud SQL: archie-postgres-dev (SHARED instance) ✓ Port: 8000 (NOT 8080) ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ QUICK DEPLOYMENT (4 STEPS) ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ 1️⃣ CREATE SECRET (Required before first deployment) kubectl create secret generic auth-service-secrets \ --from-literal=workos-api-key= \ --from-literal=workos-client-id= \ --from-literal=jwt-secret-key= \ -n authentication 2️⃣ DEPLOY ./apps/authentication-service/scripts/deploy-to-gke.sh 3️⃣ VERIFY ./apps/authentication-service/scripts/verify-deployment.sh 4️⃣ TEST (Optional) ./apps/authentication-service/scripts/run-tests-in-cluster.sh ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ INFRASTRUCTURE DETAILS ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Namespace: authentication Service Account: auth-service-sa GCP SA: auth-service@archie-v3-build.iam.gserviceaccount.com Database: archie-v3-build:us-central1:archie-postgres-dev (SHARED) Database Name: auth_db Database User: auth_service_user Connection: Via Cloud SQL Proxy on localhost:5432 Redis: 10.61.176.5:6378 (Shared Memorystore) NATS: nats://nats.nats:4222 ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ SCALING & RESOURCES ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Replicas: 2 (min) - 10 (max) via HPA CPU: 250m (request) - 1000m (limit) Memory: 512Mi (request) - 1Gi (limit) Auto-scale on: 70% CPU, 80% Memory ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ MONITORING COMMANDS ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Watch pods: kubectl get pods -n authentication -w Stream logs: kubectl logs -n authentication -l app=auth-api -f Port forward: kubectl port-forward -n authentication svc/auth-api 8000:8000 Scale manually: kubectl scale deployment/auth-api -n authentication --replicas=N Restart: kubectl rollout restart deployment/auth-api -n authentication View HPA: kubectl get hpa -n authentication Events: kubectl get events -n authentication --sort-by='.lastTimestamp' ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ FILES CREATED/UPDATED ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Kubernetes Manifests (6 files): ✓ k8s/base/namespace.yaml ✓ k8s/base/service-account.yaml ✓ k8s/base/auth-api-deployment.yaml [UPDATED] ✓ k8s/base/auth-api-service.yaml ✓ k8s/base/hpa.yaml ✓ k8s/base/kustomization.yaml Docker & Build (2 files): ✓ Dockerfile [UPDATED - Multi-stage] ✓ cloudbuild.yaml [UPDATED] Scripts (3 files, executable): ✓ scripts/deploy-to-gke.sh [UPDATED] ✓ scripts/run-tests-in-cluster.sh [UPDATED] ✓ scripts/verify-deployment.sh [NEW] Documentation: ✓ K8S_MANIFESTS_SUMMARY.md [NEW] ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ PREREQUISITES CHECKLIST ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ □ GKE cluster access configured gcloud container clusters get-credentials archie-v3-dev-gke \ --region us-central1 --project archie-v3-build □ Kubernetes secret created (auth-service-secrets) □ Workload Identity binding configured gcloud iam service-accounts add-iam-policy-binding \ auth-service@archie-v3-build.iam.gserviceaccount.com \ --role roles/iam.workloadIdentityUser \ --member "serviceAccount:archie-v3-build.svc.id.goog[authentication/auth-service-sa]" □ Database setup complete (auth_db, auth_service_user) □ Alembic migrations run (alembic upgrade head) ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ TROUBLESHOOTING ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Pod not starting? → Check: kubectl describe pod -n authentication → Check: kubectl logs -n authentication -c auth-api → Check: kubectl logs -n authentication -c cloud-sql-proxy Database connection issues? → Verify Cloud SQL Proxy logs → Check Workload Identity binding → Verify database user permissions Health check failing? → Port-forward and test manually: kubectl port-forward -n authentication svc/auth-api 8000:8000 curl http://localhost:8000/health Secret missing? → Check: kubectl get secret auth-service-secrets -n authentication → Create: See step 1️⃣ above ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ ROLLBACK ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Rollback to previous version: kubectl rollout undo deployment/auth-api -n authentication Check rollout history: kubectl rollout history deployment/auth-api -n authentication Delete entire deployment: kubectl delete -k apps/authentication-service/k8s/base/ ╔═══════════════════════════════════════════════════════════════════════════╗ ║ Ready for deployment! 🚀 ║ ║ For full details, see K8S_MANIFESTS_SUMMARY.md ║ ╚═══════════════════════════════════════════════════════════════════════════╝