Vapora/docs/setup/deployment.html

<!DOCTYPE HTML>
<html lang="en" class="light sidebar-visible" dir="ltr">
    <head>
        <!-- Book generated using mdBook -->
        <meta charset="UTF-8">
        <title>Deployment Guide - VAPORA Platform Documentation</title>


        <!-- Custom HTML head -->

        <meta name="description" content="Comprehensive documentation for VAPORA, an intelligent development orchestration platform built entirely in Rust.">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="theme-color" content="#ffffff">

        <link rel="icon" href="../favicon.svg">
        <link rel="shortcut icon" href="../favicon.png">
        <link rel="stylesheet" href="../css/variables.css">
        <link rel="stylesheet" href="../css/general.css">
        <link rel="stylesheet" href="../css/chrome.css">
        <link rel="stylesheet" href="../css/print.css" media="print">

        <!-- Fonts -->
        <link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
        <link rel="stylesheet" href="../fonts/fonts.css">

        <!-- Highlight.js Stylesheets -->
        <link rel="stylesheet" id="highlight-css" href="../highlight.css">
        <link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
        <link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">

        <!-- Custom theme stylesheets -->


        <!-- Provide site root and default themes to javascript -->
        <script>
            const path_to_root = "../";
            const default_light_theme = "light";
            const default_dark_theme = "dark";
        </script>
        <!-- Start loading toc.js asap -->
        <script src="../toc.js"></script>
    </head>
    <body>
    <div id="mdbook-help-container">
        <div id="mdbook-help-popup">
            <h2 class="mdbook-help-title">Keyboard shortcuts</h2>
            <div>
                <p>Press <kbd>←</kbd> or <kbd>→</kbd> to navigate between chapters</p>
                <p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
                <p>Press <kbd>?</kbd> to show this help</p>
                <p>Press <kbd>Esc</kbd> to hide this help</p>
            </div>
        </div>
    </div>
    <div id="body-container">
        <!-- Work around some values being stored in localStorage wrapped in quotes -->
        <script>
            try {
                let theme = localStorage.getItem('mdbook-theme');
                let sidebar = localStorage.getItem('mdbook-sidebar');

                if (theme.startsWith('"') && theme.endsWith('"')) {
                    localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
                }

                if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
                    localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
                }
            } catch (e) { }
        </script>

        <!-- Set the theme before any content is loaded, prevents flash -->
        <script>
            const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
            let theme;
            try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
            if (theme === null || theme === undefined) { theme = default_theme; }
            const html = document.documentElement;
            html.classList.remove('light')
            html.classList.add(theme);
            html.classList.add("js");
        </script>

        <input type="checkbox" id="sidebar-toggle-anchor" class="hidden">

        <!-- Hide / unhide sidebar before it is displayed -->
        <script>
            let sidebar = null;
            const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
            if (document.body.clientWidth >= 1080) {
                try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
                sidebar = sidebar || 'visible';
            } else {
                sidebar = 'hidden';
            }
            sidebar_toggle.checked = sidebar === 'visible';
            html.classList.remove('sidebar-visible');
            html.classList.add("sidebar-" + sidebar);
        </script>

        <nav id="sidebar" class="sidebar" aria-label="Table of contents">
            <!-- populated by js -->
            <mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
            <noscript>
                <iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
            </noscript>
            <div id="sidebar-resize-handle" class="sidebar-resize-handle">
                <div class="sidebar-resize-indicator"></div>
            </div>
        </nav>

        <div id="page-wrapper" class="page-wrapper">

            <div class="page">
                <div id="menu-bar-hover-placeholder"></div>
                <div id="menu-bar" class="menu-bar sticky">
                    <div class="left-buttons">
                        <label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
                            <i class="fa fa-bars"></i>
                        </label>
                        <button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
                            <i class="fa fa-paint-brush"></i>
                        </button>
                        <ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
                            <li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
                            <li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
                            <li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
                            <li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
                            <li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
                            <li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
                        </ul>
                        <button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
                            <i class="fa fa-search"></i>
                        </button>
                    </div>

                    <h1 class="menu-title">VAPORA Platform Documentation</h1>

                    <div class="right-buttons">
                        <a href="../print.html" title="Print this book" aria-label="Print this book">
                            <i id="print-button" class="fa fa-print"></i>
                        </a>
                        <a href="https://github.com/vapora-platform/vapora" title="Git repository" aria-label="Git repository">
                            <i id="git-repository-button" class="fa fa-github"></i>
                        </a>
                        <a href="https://github.com/vapora-platform/vapora/edit/main/docs/src/../setup/deployment.md" title="Suggest an edit" aria-label="Suggest an edit">
                            <i id="git-edit-button" class="fa fa-edit"></i>
                        </a>

                    </div>
                </div>

                <div id="search-wrapper" class="hidden">
                    <form id="searchbar-outer" class="searchbar-outer">
                        <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
                    </form>
                    <div id="searchresults-outer" class="searchresults-outer hidden">
                        <div id="searchresults-header" class="searchresults-header"></div>
                        <ul id="searchresults">
                        </ul>
                    </div>
                </div>

                <!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
                <script>
                    document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
                    document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
                    Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
                        link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
                    });
                </script>

                <div id="content" class="content">
                    <main>
                        <h1 id="vapora-v10-deployment-guide"><a class="header" href="#vapora-v10-deployment-guide">VAPORA v1.0 Deployment Guide</a></h1>
<p>Complete guide for deploying VAPORA v1.0 to Kubernetes (self-hosted).</p>
<p><strong>Version</strong>: 0.1.0
<strong>Status</strong>: Production Ready
<strong>Last Updated</strong>: 2025-11-10</p>
<hr />
<h2 id="table-of-contents"><a class="header" href="#table-of-contents">Table of Contents</a></h2>
<ol>
<li><a href="#overview">Overview</a></li>
<li><a href="#prerequisites">Prerequisites</a></li>
<li><a href="#architecture">Architecture</a></li>
<li><a href="#deployment-methods">Deployment Methods</a></li>
<li><a href="#building-docker-images">Building Docker Images</a></li>
<li><a href="#kubernetes-deployment">Kubernetes Deployment</a></li>
<li><a href="#provisioning-deployment">Provisioning Deployment</a></li>
<li><a href="#configuration">Configuration</a></li>
<li><a href="#monitoring--health-checks">Monitoring &amp; Health Checks</a></li>
<li><a href="#scaling">Scaling</a></li>
<li><a href="#troubleshooting">Troubleshooting</a></li>
<li><a href="#rollback">Rollback</a></li>
<li><a href="#security">Security</a></li>
</ol>
<hr />
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
<p>VAPORA v1.0 is a <strong>cloud-native multi-agent software development platform</strong> that runs on Kubernetes. It consists of:</p>
<ul>
<li><strong>6 Rust services</strong>: Backend API, Frontend UI, Agents, MCP Server, LLM Router (embedded), Shared library</li>
<li><strong>2 Infrastructure services</strong>: SurrealDB (database), NATS JetStream (messaging)</li>
<li><strong>Multi-IA routing</strong>: Claude, OpenAI, Gemini, Ollama support</li>
<li><strong>12 specialized agents</strong>: Architect, Developer, Reviewer, Tester, Documenter, etc.</li>
</ul>
<p>All services are containerized and deployed as Kubernetes workloads.</p>
<hr />
<h2 id="prerequisites"><a class="header" href="#prerequisites">Prerequisites</a></h2>
<h3 id="required-tools"><a class="header" href="#required-tools">Required Tools</a></h3>
<ul>
<li><strong>Kubernetes 1.25+</strong> (K3s, RKE2, or managed Kubernetes)</li>
<li><strong>kubectl</strong> (configured and connected to cluster)</li>
<li><strong>Docker</strong> or <strong>Podman</strong> (for building images)</li>
<li><strong>Nushell</strong> (for deployment scripts)</li>
</ul>
<h3 id="optional-tools"><a class="header" href="#optional-tools">Optional Tools</a></h3>
<ul>
<li><strong>Provisioning CLI</strong> (for advanced deployment)</li>
<li><strong>Helm</strong> (if using Helm charts)</li>
<li><strong>cert-manager</strong> (for automatic TLS certificates)</li>
<li><strong>Prometheus/Grafana</strong> (for monitoring)</li>
</ul>
<h3 id="cluster-requirements"><a class="header" href="#cluster-requirements">Cluster Requirements</a></h3>
<ul>
<li><strong>Minimum</strong>: 4 CPU, 8GB RAM, 50GB storage</li>
<li><strong>Recommended</strong>: 8 CPU, 16GB RAM, 100GB storage</li>
<li><strong>Production</strong>: 16+ CPU, 32GB+ RAM, 200GB+ storage</li>
</ul>
<h3 id="storage"><a class="header" href="#storage">Storage</a></h3>
<ul>
<li><strong>Storage Class</strong>: Required for SurrealDB PersistentVolumeClaim</li>
<li><strong>Options</strong>: local-path, nfs-client, rook-ceph, or cloud provider storage</li>
<li><strong>Minimum</strong>: 20Gi for database</li>
</ul>
<h3 id="ingress"><a class="header" href="#ingress">Ingress</a></h3>
<ul>
<li><strong>nginx-ingress</strong> controller installed</li>
<li><strong>Domain name</strong> pointing to cluster ingress IP</li>
<li><strong>TLS certificate</strong> (optional, recommended for production)</li>
</ul>
<hr />
<h2 id="architecture"><a class="header" href="#architecture">Architecture</a></h2>
<pre><code>┌─────────────────────────────────────────────────────┐
│                  Internet / Users                   │
└───────────────────────┬─────────────────────────────┘
                        │
┌───────────────────────▼─────────────────────────────┐
│  Ingress (nginx)                                    │
│  - vapora.example.com                               │
│  - TLS termination                                  │
└────┬────────┬─────────┬─────────┬──────────────────┘
     │        │         │         │
     │        │         │         │
┌────▼────┐ ┌▼─────┐ ┌▼─────┐  ┌▼──────────┐
│Frontend │ │Backend│ │ MCP  │  │           │
│(Leptos) │ │(Axum) │ │Server│  │           │
│ 2 pods  │ │2 pods │ │1 pod │  │           │
└─────────┘ └───┬───┘ └──────┘  │           │
                │                 │           │
         ┌──────┴──────┬──────────┤           │
         │             │          │           │
    ┌────▼────┐   ┌───▼─────┐  ┌▼───────┐   │
    │SurrealDB│   │  NATS   │  │ Agents │   │
    │StatefulS│   │JetStream│  │ 3 pods │   │
    │  1 pod  │   │  1 pod  │  └────────┘   │
    └─────────┘   └─────────┘                │
         │                                   │
    ┌────▼────────────────────────────────┐  │
    │  Persistent Volume (20Gi)           │  │
    │  - SurrealDB data                   │  │
    └─────────────────────────────────────┘  │
                                              │
┌─────────────────────────────────────────────▼──┐
│  External LLM APIs                            │
│  - Anthropic Claude API                       │
│  - OpenAI API                                 │
│  - Google Gemini API                          │
│  - (Optional) Ollama local                    │
└───────────────────────────────────────────────┘
</code></pre>
<hr />
<h2 id="deployment-methods"><a class="header" href="#deployment-methods">Deployment Methods</a></h2>
<p>VAPORA supports two deployment methods:</p>
<h3 id="method-1-vanilla-kubernetes-recommended-for-getting-started"><a class="header" href="#method-1-vanilla-kubernetes-recommended-for-getting-started">Method 1: Vanilla Kubernetes (Recommended for Getting Started)</a></h3>
<p><strong>Pros</strong>:</p>
<ul>
<li>Simple, well-documented</li>
<li>Standard K8s manifests</li>
<li>Easy to understand and modify</li>
<li>No additional tools required</li>
</ul>
<p><strong>Cons</strong>:</p>
<ul>
<li>Manual cluster management</li>
<li>Manual service ordering</li>
<li>No built-in rollback</li>
</ul>
<p><strong>Use when</strong>: Learning, testing, or simple deployments</p>
<h3 id="method-2-provisioning-recommended-for-production"><a class="header" href="#method-2-provisioning-recommended-for-production">Method 2: Provisioning (Recommended for Production)</a></h3>
<p><strong>Pros</strong>:</p>
<ul>
<li>Automated cluster creation</li>
<li>Declarative workflows</li>
<li>Built-in rollback</li>
<li>Service mesh integration</li>
<li>Secret management</li>
</ul>
<p><strong>Cons</strong>:</p>
<ul>
<li>Requires Provisioning CLI</li>
<li>More complex configuration</li>
<li>Steeper learning curve</li>
</ul>
<p><strong>Use when</strong>: Production deployments, complex environments</p>
<hr />
<h2 id="building-docker-images"><a class="header" href="#building-docker-images">Building Docker Images</a></h2>
<h3 id="option-1-using-nushell-script-recommended"><a class="header" href="#option-1-using-nushell-script-recommended">Option 1: Using Nushell Script (Recommended)</a></h3>
<pre><code class="language-bash"># Build all images (local registry)
nu scripts/build-docker.nu

# Build and push to Docker Hub
nu scripts/build-docker.nu --registry docker.io --push

# Build with specific tag
nu scripts/build-docker.nu --tag v0.1.0

# Build without cache
nu scripts/build-docker.nu --no-cache
</code></pre>
<h3 id="option-2-manual-docker-build"><a class="header" href="#option-2-manual-docker-build">Option 2: Manual Docker Build</a></h3>
<pre><code class="language-bash"># From project root

# Backend
docker build -f crates/vapora-backend/Dockerfile -t vapora/backend:latest .

# Frontend
docker build -f crates/vapora-frontend/Dockerfile -t vapora/frontend:latest .

# Agents
docker build -f crates/vapora-agents/Dockerfile -t vapora/agents:latest .

# MCP Server
docker build -f crates/vapora-mcp-server/Dockerfile -t vapora/mcp-server:latest .
</code></pre>
<h3 id="image-sizes-approximate"><a class="header" href="#image-sizes-approximate">Image Sizes (Approximate)</a></h3>
<ul>
<li><strong>vapora/backend</strong>: ~50MB (Alpine + Rust binary)</li>
<li><strong>vapora/frontend</strong>: ~30MB (nginx + WASM)</li>
<li><strong>vapora/agents</strong>: ~50MB (Alpine + Rust binary)</li>
<li><strong>vapora/mcp-server</strong>: ~45MB (Alpine + Rust binary)</li>
</ul>
<hr />
<h2 id="kubernetes-deployment"><a class="header" href="#kubernetes-deployment">Kubernetes Deployment</a></h2>
<h3 id="step-1-configure-secrets"><a class="header" href="#step-1-configure-secrets">Step 1: Configure Secrets</a></h3>
<p>Edit <code>kubernetes/03-secrets.yaml</code>:</p>
<pre><code class="language-yaml">stringData:
  # Generate strong JWT secret
  jwt-secret: "$(openssl rand -base64 32)"

  # Add your LLM API keys
  anthropic-api-key: "sk-ant-xxxxx"
  openai-api-key: "sk-xxxxx"
  gemini-api-key: "xxxxx"  # Optional

  # Database credentials
  surrealdb-user: "root"
  surrealdb-pass: "$(openssl rand -base64 32)"
</code></pre>
<p><strong>IMPORTANT</strong>: Never commit real secrets to version control!</p>
<h3 id="step-2-configure-ingress"><a class="header" href="#step-2-configure-ingress">Step 2: Configure Ingress</a></h3>
<p>Edit <code>kubernetes/08-ingress.yaml</code>:</p>
<pre><code class="language-yaml">spec:
  rules:
  - host: vapora.yourdomain.com  # Change this!
</code></pre>
<h3 id="step-3-deploy-using-script-recommended"><a class="header" href="#step-3-deploy-using-script-recommended">Step 3: Deploy Using Script (Recommended)</a></h3>
<pre><code class="language-bash"># Dry run to validate
nu scripts/deploy-k8s.nu --dry-run

# Deploy to default namespace (vapora)
nu scripts/deploy-k8s.nu

# Deploy to custom namespace
nu scripts/deploy-k8s.nu --namespace my-vapora

# Skip secrets (if already created)
nu scripts/deploy-k8s.nu --skip-secrets
</code></pre>
<h3 id="step-4-manual-deploy-alternative"><a class="header" href="#step-4-manual-deploy-alternative">Step 4: Manual Deploy (Alternative)</a></h3>
<pre><code class="language-bash"># Apply manifests in order
kubectl apply -f kubernetes/00-namespace.yaml
kubectl apply -f kubernetes/01-surrealdb.yaml
kubectl apply -f kubernetes/02-nats.yaml
kubectl apply -f kubernetes/03-secrets.yaml
kubectl apply -f kubernetes/04-backend.yaml
kubectl apply -f kubernetes/05-frontend.yaml
kubectl apply -f kubernetes/06-agents.yaml
kubectl apply -f kubernetes/07-mcp-server.yaml
kubectl apply -f kubernetes/08-ingress.yaml

# Wait for rollout
kubectl rollout status deployment/vapora-backend -n vapora
kubectl rollout status deployment/vapora-frontend -n vapora
</code></pre>
<h3 id="step-5-verify-deployment"><a class="header" href="#step-5-verify-deployment">Step 5: Verify Deployment</a></h3>
<pre><code class="language-bash"># Check all pods are running
kubectl get pods -n vapora

# Expected output:
# NAME                                READY   STATUS    RESTARTS
# surrealdb-0                         1/1     Running   0
# nats-xxx                            1/1     Running   0
# vapora-backend-xxx                  1/1     Running   0
# vapora-backend-yyy                  1/1     Running   0
# vapora-frontend-xxx                 1/1     Running   0
# vapora-frontend-yyy                 1/1     Running   0
# vapora-agents-xxx                   1/1     Running   0
# vapora-agents-yyy                   1/1     Running   0
# vapora-agents-zzz                   1/1     Running   0
# vapora-mcp-server-xxx               1/1     Running   0

# Check services
kubectl get svc -n vapora

# Check ingress
kubectl get ingress -n vapora
</code></pre>
<h3 id="step-6-access-vapora"><a class="header" href="#step-6-access-vapora">Step 6: Access VAPORA</a></h3>
<pre><code class="language-bash"># Get ingress IP/hostname
kubectl get ingress vapora -n vapora

# Configure DNS
# Point vapora.yourdomain.com to ingress IP

# Access UI
open https://vapora.yourdomain.com
</code></pre>
<hr />
<h2 id="provisioning-deployment"><a class="header" href="#provisioning-deployment">Provisioning Deployment</a></h2>
<h3 id="step-1-validate-configuration"><a class="header" href="#step-1-validate-configuration">Step 1: Validate Configuration</a></h3>
<pre><code class="language-bash"># Validate Provisioning workspace
nu scripts/validate-provisioning.nu
</code></pre>
<h3 id="step-2-create-cluster"><a class="header" href="#step-2-create-cluster">Step 2: Create Cluster</a></h3>
<pre><code class="language-bash">cd provisioning/vapora-wrksp

# Validate configuration
provisioning validate --all

# Create cluster
provisioning cluster create --config workspace.toml
</code></pre>
<h3 id="step-3-deploy-services"><a class="header" href="#step-3-deploy-services">Step 3: Deploy Services</a></h3>
<pre><code class="language-bash"># Deploy infrastructure (database, messaging)
provisioning workflow run workflows/deploy-infra.yaml

# Deploy services (backend, frontend, agents)
provisioning workflow run workflows/deploy-services.yaml

# Or deploy full stack at once
provisioning workflow run workflows/deploy-full-stack.yaml
</code></pre>
<h3 id="step-4-health-check"><a class="header" href="#step-4-health-check">Step 4: Health Check</a></h3>
<pre><code class="language-bash">provisioning workflow run workflows/health-check.yaml
</code></pre>
<p>See <code>provisioning-integration/README.md</code> for details.</p>
<hr />
<h2 id="configuration"><a class="header" href="#configuration">Configuration</a></h2>
<h3 id="environment-variables"><a class="header" href="#environment-variables">Environment Variables</a></h3>
<h4 id="backend-vapora-backend"><a class="header" href="#backend-vapora-backend">Backend (<code>vapora-backend</code>)</a></h4>
<pre><code class="language-bash">RUST_LOG=info,vapora=debug
SURREALDB_URL=http://surrealdb:8000
SURREALDB_USER=root
SURREALDB_PASS=&lt;secret&gt;
NATS_URL=nats://nats:4222
JWT_SECRET=&lt;secret&gt;
BIND_ADDR=0.0.0.0:8080
</code></pre>
<h4 id="agents-vapora-agents"><a class="header" href="#agents-vapora-agents">Agents (<code>vapora-agents</code>)</a></h4>
<pre><code class="language-bash">RUST_LOG=info,vapora_agents=debug
NATS_URL=nats://nats:4222
BIND_ADDR=0.0.0.0:9000
ANTHROPIC_API_KEY=&lt;secret&gt;
OPENAI_API_KEY=&lt;secret&gt;
GEMINI_API_KEY=&lt;secret&gt;
VAPORA_AGENT_CONFIG=/etc/vapora/agents.toml  # Optional
</code></pre>
<h4 id="mcp-server-vapora-mcp-server"><a class="header" href="#mcp-server-vapora-mcp-server">MCP Server (<code>vapora-mcp-server</code>)</a></h4>
<pre><code class="language-bash">RUST_LOG=info,vapora_mcp_server=debug
# Port configured via --port flag
</code></pre>
<h3 id="configmaps"><a class="header" href="#configmaps">ConfigMaps</a></h3>
<p>Create custom configuration:</p>
<pre><code class="language-bash">kubectl create configmap agent-config -n vapora \
  --from-file=agents.toml
</code></pre>
<p>Mount in deployment:</p>
<pre><code class="language-yaml">volumeMounts:
- name: config
  mountPath: /etc/vapora
volumes:
- name: config
  configMap:
    name: agent-config
</code></pre>
<hr />
<h2 id="monitoring--health-checks"><a class="header" href="#monitoring--health-checks">Monitoring &amp; Health Checks</a></h2>
<h3 id="health-endpoints"><a class="header" href="#health-endpoints">Health Endpoints</a></h3>
<p>All services expose health check endpoints:</p>
<ul>
<li><strong>Backend</strong>: <code>GET /health</code></li>
<li><strong>Frontend</strong>: <code>GET /health.html</code></li>
<li><strong>Agents</strong>: <code>GET /health</code>, <code>GET /ready</code></li>
<li><strong>MCP Server</strong>: <code>GET /health</code></li>
<li><strong>SurrealDB</strong>: <code>GET /health</code></li>
<li><strong>NATS</strong>: <code>GET /healthz</code> (port 8222)</li>
</ul>
<h3 id="manual-health-checks"><a class="header" href="#manual-health-checks">Manual Health Checks</a></h3>
<pre><code class="language-bash"># Backend health
kubectl exec -n vapora deploy/vapora-backend -- \
  curl -s http://localhost:8080/health

# Database health
kubectl exec -n vapora deploy/vapora-backend -- \
  curl -s http://surrealdb:8000/health

# NATS health
kubectl exec -n vapora deploy/vapora-backend -- \
  curl -s http://nats:8222/healthz
</code></pre>
<h3 id="kubernetes-probes"><a class="header" href="#kubernetes-probes">Kubernetes Probes</a></h3>
<p>All deployments have:</p>
<ul>
<li><strong>Liveness Probe</strong>: Restarts unhealthy pods</li>
<li><strong>Readiness Probe</strong>: Removes pod from service until ready</li>
</ul>
<h3 id="logs"><a class="header" href="#logs">Logs</a></h3>
<pre><code class="language-bash"># View backend logs
kubectl logs -n vapora -l app=vapora-backend -f

# View agent logs
kubectl logs -n vapora -l app=vapora-agents -f

# View all logs
kubectl logs -n vapora -l app --all-containers=true -f
</code></pre>
<h3 id="metrics-optional"><a class="header" href="#metrics-optional">Metrics (Optional)</a></h3>
<p>Deploy Prometheus + Grafana:</p>
<pre><code class="language-bash"># Install Prometheus Operator
helm install prometheus prometheus-community/kube-prometheus-stack \
  -n monitoring --create-namespace

# Access Grafana
kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80
</code></pre>
<p>VAPORA services expose metrics on <code>/metrics</code> endpoint (future enhancement).</p>
<hr />
<h2 id="scaling"><a class="header" href="#scaling">Scaling</a></h2>
<h3 id="manual-scaling"><a class="header" href="#manual-scaling">Manual Scaling</a></h3>
<pre><code class="language-bash"># Scale backend
kubectl scale deployment vapora-backend -n vapora --replicas=4

# Scale frontend
kubectl scale deployment vapora-frontend -n vapora --replicas=3

# Scale agents (for higher workload)
kubectl scale deployment vapora-agents -n vapora --replicas=10
</code></pre>
<h3 id="horizontal-pod-autoscaler-hpa"><a class="header" href="#horizontal-pod-autoscaler-hpa">Horizontal Pod Autoscaler (HPA)</a></h3>
<pre><code class="language-yaml">apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: vapora-backend-hpa
  namespace: vapora
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: vapora-backend
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
</code></pre>
<p>Apply:</p>
<pre><code class="language-bash">kubectl apply -f hpa.yaml
</code></pre>
<h3 id="resource-limits"><a class="header" href="#resource-limits">Resource Limits</a></h3>
<p>Adjust in deployment YAML:</p>
<pre><code class="language-yaml">resources:
  requests:
    cpu: 200m
    memory: 256Mi
  limits:
    cpu: 1000m
    memory: 1Gi
</code></pre>
<hr />
<h2 id="troubleshooting"><a class="header" href="#troubleshooting">Troubleshooting</a></h2>
<h3 id="pods-not-starting"><a class="header" href="#pods-not-starting">Pods Not Starting</a></h3>
<pre><code class="language-bash"># Check pod status
kubectl get pods -n vapora

# Describe pod for events
kubectl describe pod -n vapora &lt;pod-name&gt;

# Check logs
kubectl logs -n vapora &lt;pod-name&gt;

# Check previous logs (if crashed)
kubectl logs -n vapora &lt;pod-name&gt; --previous
</code></pre>
<h3 id="database-connection-issues"><a class="header" href="#database-connection-issues">Database Connection Issues</a></h3>
<pre><code class="language-bash"># Check SurrealDB is running
kubectl get pod -n vapora -l app=surrealdb

# Test connection from backend
kubectl exec -n vapora deploy/vapora-backend -- \
  curl -v http://surrealdb:8000/health

# Check SurrealDB logs
kubectl logs -n vapora surrealdb-0
</code></pre>
<h3 id="nats-connection-issues"><a class="header" href="#nats-connection-issues">NATS Connection Issues</a></h3>
<pre><code class="language-bash"># Check NATS is running
kubectl get pod -n vapora -l app=nats

# Test connection
kubectl exec -n vapora deploy/vapora-backend -- \
  curl http://nats:8222/varz

# Check NATS logs
kubectl logs -n vapora -l app=nats
</code></pre>
<h3 id="image-pull-errors"><a class="header" href="#image-pull-errors">Image Pull Errors</a></h3>
<pre><code class="language-bash"># Check image pull secrets
kubectl get secrets -n vapora

# Create Docker registry secret
kubectl create secret docker-registry regcred \
  -n vapora \
  --docker-server=&lt;registry&gt; \
  --docker-username=&lt;username&gt; \
  --docker-password=&lt;password&gt;

# Add to deployment
spec:
  imagePullSecrets:
  - name: regcred
</code></pre>
<h3 id="ingress-not-working"><a class="header" href="#ingress-not-working">Ingress Not Working</a></h3>
<pre><code class="language-bash"># Check ingress controller is installed
kubectl get pods -n ingress-nginx

# Check ingress resource
kubectl describe ingress vapora -n vapora

# Check ingress logs
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx
</code></pre>
<hr />
<h2 id="rollback"><a class="header" href="#rollback">Rollback</a></h2>
<h3 id="kubernetes-rollback"><a class="header" href="#kubernetes-rollback">Kubernetes Rollback</a></h3>
<pre><code class="language-bash"># View rollout history
kubectl rollout history deployment/vapora-backend -n vapora

# Rollback to previous version
kubectl rollout undo deployment/vapora-backend -n vapora

# Rollback to specific revision
kubectl rollout undo deployment/vapora-backend -n vapora --to-revision=2
</code></pre>
<h3 id="provisioning-rollback"><a class="header" href="#provisioning-rollback">Provisioning Rollback</a></h3>
<pre><code class="language-bash">cd provisioning/vapora-wrksp

# List versions
provisioning version list

# Rollback to previous version
provisioning rollback --to-version &lt;version-id&gt;
</code></pre>
<hr />
<h2 id="security"><a class="header" href="#security">Security</a></h2>
<h3 id="secrets-management"><a class="header" href="#secrets-management">Secrets Management</a></h3>
<ul>
<li><strong>Kubernetes Secrets</strong>: Encrypted at rest (if configured in K8s)</li>
<li><strong>External Secrets Operator</strong>: Sync from Vault, AWS Secrets Manager, etc.</li>
<li><strong>RustyVault</strong>: Integrated with Provisioning</li>
</ul>
<h3 id="network-policies"><a class="header" href="#network-policies">Network Policies</a></h3>
<p>Apply network policies to restrict pod-to-pod communication:</p>
<pre><code class="language-yaml">apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: vapora-backend
  namespace: vapora
spec:
  podSelector:
    matchLabels:
      app: vapora-backend
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: vapora-frontend
    ports:
    - protocol: TCP
      port: 8080
</code></pre>
<h3 id="tls-certificates"><a class="header" href="#tls-certificates">TLS Certificates</a></h3>
<p>Use cert-manager for automatic TLS:</p>
<pre><code class="language-bash"># Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml

# Create ClusterIssuer
kubectl apply -f - &lt;&lt;EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: admin@yourdomain.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx
EOF
</code></pre>
<p>Update ingress:</p>
<pre><code class="language-yaml">metadata:
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - vapora.yourdomain.com
    secretName: vapora-tls
</code></pre>
<hr />
<h2 id="backup--restore"><a class="header" href="#backup--restore">Backup &amp; Restore</a></h2>
<h3 id="surrealdb-backup"><a class="header" href="#surrealdb-backup">SurrealDB Backup</a></h3>
<pre><code class="language-bash"># Create backup
kubectl exec -n vapora surrealdb-0 -- \
  surreal export --conn http://localhost:8000 \
  --user root --pass &lt;password&gt; \
  --ns vapora --db main backup.surql

# Copy backup locally
kubectl cp vapora/surrealdb-0:/backup.surql ./backup-$(date +%Y%m%d).surql
</code></pre>
<h3 id="surrealdb-restore"><a class="header" href="#surrealdb-restore">SurrealDB Restore</a></h3>
<pre><code class="language-bash"># Copy backup to pod
kubectl cp ./backup.surql vapora/surrealdb-0:/restore.surql

# Restore
kubectl exec -n vapora surrealdb-0 -- \
  surreal import --conn http://localhost:8000 \
  --user root --pass &lt;password&gt; \
  --ns vapora --db main /restore.surql
</code></pre>
<h3 id="pvc-backup"><a class="header" href="#pvc-backup">PVC Backup</a></h3>
<pre><code class="language-bash"># Snapshot PVC (if supported by storage class)
kubectl apply -f - &lt;&lt;EOF
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
  name: surrealdb-snapshot
  namespace: vapora
spec:
  source:
    persistentVolumeClaimName: data-surrealdb-0
EOF
</code></pre>
<hr />
<h2 id="uninstall"><a class="header" href="#uninstall">Uninstall</a></h2>
<h3 id="delete-all-resources"><a class="header" href="#delete-all-resources">Delete All Resources</a></h3>
<pre><code class="language-bash"># Delete namespace (deletes all resources)
kubectl delete namespace vapora

# Or delete manifests individually
kubectl delete -f kubernetes/
</code></pre>
<h3 id="delete-pvcs"><a class="header" href="#delete-pvcs">Delete PVCs</a></h3>
<pre><code class="language-bash"># List PVCs
kubectl get pvc -n vapora

# Delete PVC (data will be lost!)
kubectl delete pvc data-surrealdb-0 -n vapora
</code></pre>
<hr />
<h2 id="next-steps"><a class="header" href="#next-steps">Next Steps</a></h2>
<p>After successful deployment:</p>
<ol>
<li><strong>Configure DNS</strong>: Point domain to ingress IP</li>
<li><strong>Set up TLS</strong>: Configure cert-manager for HTTPS</li>
<li><strong>Enable monitoring</strong>: Deploy Prometheus/Grafana</li>
<li><strong>Configure backups</strong>: Schedule SurrealDB backups</li>
<li><strong>Set up CI/CD</strong>: Automate deployments</li>
<li><strong>Configure HPA</strong>: Enable autoscaling</li>
<li><strong>Test disaster recovery</strong>: Practice rollback procedures</li>
</ol>
<hr />
<h2 id="support"><a class="header" href="#support">Support</a></h2>
<ul>
<li><strong>Deployment Issues</strong>: Check <code>kubernetes/README.md</code></li>
<li><strong>Provisioning Issues</strong>: Check <code>provisioning-integration/README.md</code></li>
<li><strong>Scripts Help</strong>: Run <code>nu scripts/&lt;script-name&gt;.nu --help</code></li>
<li><strong>Kubernetes Docs</strong>: https://kubernetes.io/docs/</li>
</ul>
<hr />
<p><strong>VAPORA v1.0</strong> - Cloud-Native Multi-Agent Platform
<strong>Status</strong>: Production Ready ✅</p>

                    </main>

                    <nav class="nav-wrapper" aria-label="Page navigation">
                        <!-- Mobile navigation buttons -->
                            <a rel="prev" href="../../setup/setup-guide.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
                                <i class="fa fa-angle-left"></i>
                            </a>

                            <a rel="next prefetch" href="../../setup/deployment-quickstart.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
                                <i class="fa fa-angle-right"></i>
                            </a>

                        <div style="clear: both"></div>
                    </nav>
                </div>
            </div>

            <nav class="nav-wide-wrapper" aria-label="Page navigation">
                    <a rel="prev" href="../../setup/setup-guide.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
                        <i class="fa fa-angle-left"></i>
                    </a>

                    <a rel="next prefetch" href="../../setup/deployment-quickstart.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
                        <i class="fa fa-angle-right"></i>
                    </a>
            </nav>

        </div>




        <script>
            window.playground_copyable = true;
        </script>


        <script src="../elasticlunr.min.js"></script>
        <script src="../mark.min.js"></script>
        <script src="../searcher.js"></script>

        <script src="../clipboard.min.js"></script>
        <script src="../highlight.js"></script>
        <script src="../book.js"></script>

        <!-- Custom JS scripts -->


    </div>
    </body>
</html>