2026-01-17 03:58:28 +00:00
# From Scratch Guide
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Complete walkthrough from zero to production-ready infrastructure deployment using the Provisioning platform. This guide covers installation, configuration,
workspace setup, infrastructure definition, and deployment workflows.
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
## Overview
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
This guide walks you through:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- Installing prerequisites and the Provisioning platform
- Configuring cloud provider credentials
- Creating your first workspace
- Defining infrastructure using Nickel
- Deploying servers and task services
- Setting up Kubernetes clusters
- Implementing security best practices
- Monitoring and maintaining infrastructure
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
**Time commitment**: 2-3 hours for complete setup
**Prerequisites**: Linux or macOS, terminal access, cloud provider account (optional)
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
## Phase 1: Installation
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### System Prerequisites
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Ensure your system meets minimum requirements:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Check OS (Linux or macOS)
uname -s
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify available disk space (minimum 10GB recommended)
df -h ~
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Check internet connectivity
ping -c 3 github.com
```
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Install Required Tools
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
#### Nushell (Required)
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# macOS
2026-01-14 04:53:21 +00:00
brew install nushell
2026-01-17 03:58:28 +00:00
# Linux
cargo install nu
2026-01-14 04:53:21 +00:00
# Verify installation
2026-01-17 03:58:28 +00:00
nu --version # Expected: 0.109.1+
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
#### Nickel (Required)
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# macOS
brew install nickel
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Linux
cargo install nickel-lang-cli
2026-01-14 04:53:21 +00:00
# Verify installation
2026-01-17 03:58:28 +00:00
nickel --version # Expected: 1.15.1+
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
#### Additional Tools
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# SOPS for secrets management
brew install sops # macOS
# or download from [https://github.com/getsops/sops/releases](https://github.com/getsops/sops/releases)
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Age for encryption
brew install age # macOS
cargo install age # Linux
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# K9s for Kubernetes management (optional)
brew install derailed/k9s/k9s
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify installations
sops --version # Expected: 3.10.2+
age --version # Expected: 1.2.1+
k9s version # Expected: 0.50.6+
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Install Provisioning Platform
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
#### Option 1: Using Installer Script (Recommended)
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Download and run installer
INSTALL_URL="https://raw.githubusercontent.com/yourusername/provisioning/main/install.sh"
curl -sSL "$INSTALL_URL" | bash
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Follow prompts to configure installation directory and path
# Default: ~/.local/bin/provisioning
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Installer performs:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- Downloads latest platform binaries
- Installs CLI to system PATH
- Creates default configuration structure
- Validates dependencies
- Runs health check
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
#### Option 2: Build from Source
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Clone repository
git clone [https://github.com/yourusername/provisioning.git ](https://github.com/yourusername/provisioning.git )
cd provisioning
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Build core CLI
cd provisioning/core
cargo build --release
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Install to local bin
cp target/release/provisioning ~/.local/bin/
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Add to PATH (add to ~/.bashrc or ~/.zshrc)
export PATH="$HOME/.local/bin:$PATH"
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify installation
provisioning version
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Platform Health Check
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Verify installation
provisioning setup check
2026-01-14 04:53:21 +00:00
# Expected output:
2026-01-17 03:58:28 +00:00
# ✓ Nushell 0.109.1 installed
# ✓ Nickel 1.15.1 installed
# ✓ SOPS 3.10.2 installed
# ✓ Age 1.2.1 installed
# ✓ Provisioning CLI installed
# ✓ Configuration directory created
# Platform ready for use
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 2: Initial Configuration
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Generate User Configuration
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create user configuration directory
mkdir -p ~/.config/provisioning
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Generate default user config
provisioning setup init-user-config
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Generated configuration structure:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```text
~/.config/provisioning/
├── user_config.yaml # User preferences and workspace registry
├── credentials/ # Provider credentials (encrypted)
├── age/ # Age encryption keys
└── cache/ # CLI cache
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Configure Encryption
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Generate Age key pair for secrets
age-keygen -o ~/.config/provisioning/age/provisioning.key
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Store public key
age-keygen -y ~/.config/provisioning/age/provisioning.key > ~/.config/provisioning/age/provisioning.pub
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Configure SOPS to use Age
cat > ~/.config/sops/config.yaml < < EOF
creation_rules:
- path_regex: \.secret\.(yam| l tom| l json)$
age: $(cat ~/.config/provisioning/age/provisioning.pub)
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Provider Credentials
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Configure credentials for your chosen cloud provider.
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
#### UpCloud Configuration
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Edit user config
nano ~/.config/provisioning/user_config.yaml
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Add provider credentials
cat >> ~/.config/provisioning/user_config.yaml < < EOF
providers:
upcloud:
username: "your-upcloud-username"
password_env: "UPCLOUD_PASSWORD" # Read from environment variable
default_zone: "de-fra1"
EOF
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Set environment variable (add to ~/.bashrc or ~/.zshrc)
export UPCLOUD_PASSWORD="your-upcloud-password"
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
#### AWS Configuration
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Add AWS credentials to user config
cat >> ~/.config/provisioning/user_config.yaml < < EOF
providers:
aws:
access_key_id_env: "AWS_ACCESS_KEY_ID"
secret_access_key_env: "AWS_SECRET_ACCESS_KEY"
default_region: "eu-west-1"
EOF
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Set environment variables
export AWS_ACCESS_KEY_ID="your-access-key-id"
export AWS_SECRET_ACCESS_KEY="your-secret-access-key"
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
#### Local Provider (Development)
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Configure local provider for testing
cat >> ~/.config/provisioning/user_config.yaml < < EOF
providers:
local:
backend: "docker" # or "podman", "libvirt"
storage_path: "$HOME/.local/share/provisioning/local"
EOF
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Ensure Docker is running
docker info
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Validate Configuration
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Validate user configuration
provisioning validate config
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Test provider connectivity
provisioning providers
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Expected output:
# PROVIDER STATUS REGION/ZONE
# upcloud connected de-fra1
# local ready localhost
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 3: Create First Workspace
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Initialize Workspace
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create workspace for first project
provisioning workspace init my-first-project
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Navigate to workspace
cd workspace_my_first_project
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify structure
ls -la
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Workspace structure created:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```text
workspace_my_first_project/
├── infra/ # Infrastructure definitions (Nickel)
├── config/ # Workspace configuration
│ ├── provisioning.yaml # Workspace metadata
│ ├── dev-defaults.toml # Development defaults
│ ├── test-defaults.toml # Testing defaults
│ └── prod-defaults.toml # Production defaults
├── extensions/ # Workspace-specific extensions
│ ├── providers/
│ ├── taskservs/
│ └── workflows/
└── runtime/ # State and logs (gitignored)
├── state/
├── checkpoints/
└── logs/
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Configure Workspace
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Edit workspace metadata
nano config/provisioning.yaml
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Example workspace configuration:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```yaml
workspace:
name: my-first-project
description: Learning Provisioning platform
environment: development
created: 2026-01-16T10:00:00Z
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
defaults:
provider: local
region: localhost
confirmation_required: false
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
versioning:
nushell: "0.109.1"
nickel: "1.15.1"
kubernetes: "1.29.0"
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 4: Define Infrastructure
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Simple Server Configuration
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Create your first infrastructure definition using Nickel:
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create server definition
cat > infra/simple-server.ncl < < 'EOF'
{
metadata = {
name = "simple-server"
provider = "local"
environment = 'development
}
infrastructure = {
servers = [
{
name = "dev-web-01"
plan = "small"
zone = "localhost"
disk_size_gb = 25
backup_enabled = false
role = 'standalone
}
]
}
services = {
taskservs = ["containerd"]
}
}
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Validate Infrastructure Schema
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Type-check Nickel schema
nickel typecheck infra/simple-server.ncl
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Validate against platform contracts
provisioning validate config --infra simple-server
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Preview deployment
provisioning server create --check --infra simple-server
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Expected output:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```text
Infrastructure Plan: simple-server
Provider: local
Environment: development
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Servers to create:
- dev-web-01 (small, standalone)
Disk: 25 GB
Backup: disabled
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Task services:
- containerd
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Estimated resources:
CPU: 1 core
RAM: 1 GB
Disk: 25 GB
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Validation: PASSED
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Deploy Infrastructure
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Create server
provisioning server create --infra simple-server --yes
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Monitor deployment
provisioning server status dev-web-01
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Deployment progress:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```text
Creating server: dev-web-01...
[████████████████████████] 100% - Container created
[████████████████████████] 100% - Network configured
[████████████████████████] 100% - SSH ready
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Server dev-web-01 created successfully
IP Address: 172.17.0.2
Status: running
Provider: local (docker)
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Install Task Service
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Install containerd
provisioning taskserv create containerd --infra simple-server
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify installation
provisioning taskserv status containerd
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Installation output:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```text
Installing containerd on dev-web-01...
[████████████████████████] 100% - Dependencies resolved
[████████████████████████] 100% - Containerd installed
[████████████████████████] 100% - Service started
[████████████████████████] 100% - Health check passed
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Containerd installed successfully
Version: 1.7.0
Runtime: runc
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Verify Deployment
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# SSH into server
provisioning server ssh dev-web-01
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Inside server - verify containerd
sudo systemctl status containerd
sudo ctr version
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Exit server
exit
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# List all resources
provisioning server list
provisioning taskserv list
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 5: Kubernetes Cluster Deployment
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Define Kubernetes Infrastructure
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create Kubernetes cluster definition
cat > infra/k8s-cluster.ncl < < 'EOF'
{
metadata = {
name = "k8s-dev-cluster"
provider = "local"
environment = 'development
}
infrastructure = {
servers = [
{
name = "k8s-control-01"
plan = "medium"
role = 'control
zone = "localhost"
disk_size_gb = 50
}
{
name = "k8s-worker-01"
plan = "medium"
role = 'worker
zone = "localhost"
disk_size_gb = 50
}
{
name = "k8s-worker-02"
plan = "medium"
role = 'worker
zone = "localhost"
disk_size_gb = 50
}
]
}
services = {
taskservs = ["containerd", "etcd", "kubernetes", "cilium"]
}
kubernetes = {
version = "1.29.0"
pod_cidr = "10.244.0.0/16"
service_cidr = "10.96.0.0/12"
container_runtime = "containerd"
cri_socket = "/run/containerd/containerd.sock"
}
}
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Validate Kubernetes Configuration
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Type-check schema
nickel typecheck infra/k8s-cluster.ncl
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Validate configuration
provisioning validate config --infra k8s-cluster
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Preview deployment
provisioning cluster create --check --infra k8s-cluster
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Deploy Kubernetes Cluster
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create cluster infrastructure
provisioning cluster create --infra k8s-cluster --yes
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Monitor cluster deployment
provisioning cluster status k8s-dev-cluster
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
Cluster deployment phases:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```text
Phase 1: Creating servers...
[████████████████████████] 100% - 3/3 servers created
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Phase 2: Installing containerd...
[████████████████████████] 100% - 3/3 nodes ready
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Phase 3: Installing etcd...
[████████████████████████] 100% - Control plane ready
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Phase 4: Installing Kubernetes...
[████████████████████████] 100% - API server available
[████████████████████████] 100% - Workers joined
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Phase 5: Installing Cilium CNI...
[████████████████████████] 100% - Network ready
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Kubernetes cluster deployed successfully
Cluster: k8s-dev-cluster
Control plane: k8s-control-01
Workers: k8s-worker-01, k8s-worker-02
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Access Kubernetes Cluster
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Get kubeconfig
provisioning cluster kubeconfig k8s-dev-cluster > ~/.kube/config-dev
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Set KUBECONFIG
export KUBECONFIG=~/.kube/config-dev
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify cluster
kubectl get nodes
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Expected output:
# NAME STATUS ROLES AGE VERSION
# k8s-control-01 Ready control-plane 5m v1.29.0
# k8s-worker-01 Ready <none> 4m v1.29.0
# k8s-worker-02 Ready <none> 4m v1.29.0
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Use K9s for interactive management
k9s
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 6: Security Configuration
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Enable Audit Logging
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Configure audit logging
cat > config/audit-config.toml < < EOF
[audit]
enabled = true
log_path = "runtime/logs/audit"
retention_days = 90
level = "info"
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
[audit.filters]
include_commands = ["server create", "server delete", "cluster deploy"]
exclude_users = []
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Configure SOPS for Secrets
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create secrets file
cat > config/secrets.secret.yaml < < EOF
database:
password: "changeme-db-password"
admin_user: "admin"
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
kubernetes:
service_account_key: "changeme-sa-key"
EOF
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Encrypt secrets with SOPS
sops -e -i config/secrets.secret.yaml
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify encryption
cat config/secrets.secret.yaml # Should show encrypted content
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Decrypt when needed
sops -d config/secrets.secret.yaml
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Enable MFA (Optional)
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Enable multi-factor authentication
provisioning security mfa enable
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Scan QR code with authenticator app
# Enter verification code
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Configure RBAC
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create role definition
cat > config/rbac-roles.yaml < < EOF
roles:
- name: developer
permissions:
- server:read
- server:create
- taskserv:read
- taskserv:install
deny:
- cluster:delete
- config:modify
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- name: operator
permissions:
- "*:read"
- server:*
- taskserv:*
- cluster:read
- cluster:deploy
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- name: admin
permissions:
- "*:*"
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 7: Multi-Cloud Deployment
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Define Multi-Cloud Infrastructure
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create multi-cloud definition
cat > infra/multi-cloud.ncl < < 'EOF'
{
batch_workflow = {
operations = [
{
id = "upcloud-frontend"
provider = "upcloud"
region = "de-fra1"
servers = [
{name = "upcloud-web-01", plan = "medium", role = 'web}
]
taskservs = ["containerd", "nginx"]
}
{
id = "aws-backend"
provider = "aws"
region = "eu-west-1"
servers = [
{name = "aws-api-01", plan = "t3.medium", role = 'api}
]
taskservs = ["containerd", "docker"]
dependencies = ["upcloud-frontend"]
}
{
id = "local-database"
provider = "local"
region = "localhost"
servers = [
{name = "local-db-01", plan = "large", role = 'database}
]
taskservs = ["postgresql"]
}
]
parallel_limit = 2
}
}
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Deploy Multi-Cloud Infrastructure
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Submit batch workflow
provisioning batch submit infra/multi-cloud.ncl
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Monitor workflow progress
provisioning batch status
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# View detailed operation status
provisioning batch operations
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 8: Monitoring and Maintenance
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Platform Health Monitoring
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Check platform health
provisioning health
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# View service status
provisioning service status orchestrator
provisioning service status control-center
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# View logs
provisioning logs --service orchestrator --tail 100
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Infrastructure Monitoring
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# List all servers
provisioning server list --all-workspaces
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Show server details
provisioning server info k8s-control-01
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Check task service status
provisioning taskserv list
provisioning taskserv health containerd
2026-01-14 04:53:21 +00:00
```
### Backup Configuration
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Create backup
provisioning backup create --type full --output ~/backups/provisioning-$(date +%Y%m%d).tar.gz
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Schedule automatic backups
provisioning backup schedule daily --time "02:00" --retention 7
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Phase 9: Advanced Workflows
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Custom Workflow Creation
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Create custom workflow
cat > extensions/workflows/deploy-app.ncl < < 'EOF'
{
workflow = {
name = "deploy-application"
description = "Deploy application to Kubernetes"
steps = [
{
name = "build-image"
action = "docker-build"
params = {dockerfile = "Dockerfile", tag = "myapp:latest"}
}
{
name = "push-image"
action = "docker-push"
params = {image = "myapp:latest", registry = "registry.example.com"}
depends_on = ["build-image"]
}
{
name = "deploy-k8s"
action = "kubectl-apply"
params = {manifest = "k8s/deployment.yaml"}
depends_on = ["push-image"]
}
{
name = "verify-deployment"
action = "kubectl-rollout-status"
params = {deployment = "myapp"}
depends_on = ["deploy-k8s"]
}
]
}
}
EOF
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
### Execute Custom Workflow
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Run workflow
provisioning workflow run deploy-application
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Monitor workflow
provisioning workflow status deploy-application
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# View workflow history
provisioning workflow history
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
## Troubleshooting
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Common Issues
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
#### Server Creation Fails
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Enable debug logging
provisioning --debug server create --infra simple-server
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Check provider connectivity
provisioning providers
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Validate credentials
provisioning validate config
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
#### Task Service Installation Fails
2026-01-14 04:53:21 +00:00
2026-01-14 04:53:58 +00:00
```bash
2026-01-17 03:58:28 +00:00
# Check server connectivity
provisioning server ssh dev-web-01
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Verify dependencies
provisioning taskserv check-deps containerd
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Retry installation
provisioning taskserv create containerd --force
2026-01-14 04:53:21 +00:00
```
2026-01-17 03:58:28 +00:00
#### Cluster Deployment Fails
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
```bash
# Check cluster status
provisioning cluster status k8s-dev-cluster
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# View cluster logs
provisioning cluster logs k8s-dev-cluster
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
# Reset and retry
provisioning cluster reset k8s-dev-cluster
provisioning cluster create --infra k8s-cluster
2026-01-14 04:53:21 +00:00
```
## Next Steps
2026-01-17 03:58:28 +00:00
### Production Deployment
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- Review [Security Best Practices ](../security/README.md )
- Configure [Backup & Recovery ](../operations/backup-recovery.md )
- Set up [Monitoring ](../operations/monitoring.md )
- Implement [Disaster Recovery ](disaster-recovery.md )
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Advanced Features
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- Explore [Batch Workflows ](../infrastructure/batch-workflows.md )
- Configure [Orchestrator ](../features/orchestrator.md )
- Use [Interactive Guides ](../features/interactive-guides.md )
- Develop [Custom Extensions ](custom-extensions.md )
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
### Learning Resources
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- [Nickel Guide ](../infrastructure/nickel-guide.md ) - Infrastructure as code
- [Workspace Management ](workspace-management.md ) - Advanced workspace usage
- [Multi-Cloud Deployment ](multi-cloud-deployment.md ) - Multi-cloud strategies
- [API Reference ](../api-reference/README.md ) - Complete API documentation
2026-01-14 04:53:21 +00:00
## Summary
2026-01-17 03:58:28 +00:00
You've completed the from-scratch guide and learned:
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
- Platform installation and configuration
- Provider credential setup
- Workspace creation and management
- Infrastructure definition with Nickel
- Server and task service deployment
- Kubernetes cluster deployment
- Security configuration
- Multi-cloud deployment
- Monitoring and maintenance
- Custom workflow creation
2026-01-14 04:53:21 +00:00
2026-01-17 03:58:28 +00:00
Your Provisioning platform is now ready for production use.