# Deployment recipes for SecretumVault (Docker, Kubernetes, Helm) [doc("Show deploy help")] help: @echo "DEPLOYMENT COMMANDS"; \ echo ""; \ echo "Docker Compose:"; \ echo " just deploy::compose-up Start full Docker Compose stack"; \ echo " just deploy::compose-down Stop Docker Compose"; \ echo " just deploy::compose-logs View Docker logs"; \ echo ""; \ echo "Docker Image:"; \ echo " just deploy::docker-build Build Docker image"; \ echo " just deploy::docker-run Run Docker container"; \ echo ""; \ echo "Kubernetes:"; \ echo " just deploy::k8s-apply Deploy all K8s manifests"; \ echo " just deploy::k8s-delete Delete all K8s resources"; \ echo " just deploy::k8s-status Check K8s deployment status"; \ echo ""; \ echo "Helm:"; \ echo " just deploy::helm-install Install via Helm"; \ echo " just deploy::helm-upgrade Upgrade Helm release"; \ echo " just deploy::helm-uninstall Uninstall Helm release"; \ echo "" # Docker Compose: start all services [doc("Start full Docker Compose stack (vault, etcd, surrealdb, postgres, prometheus, grafana)")] compose-up: @echo "Building and starting Docker Compose stack..." docker-compose up -d @echo "✅ Stack started" @echo "" @echo "Services:" @echo " Vault: http://localhost:8200" @echo " Prometheus: http://localhost:9090" @echo " Grafana: http://localhost:3000" @docker-compose ps # Docker Compose: stop services [doc("Stop Docker Compose stack")] compose-down: docker-compose down # Docker Compose: view logs [doc("View Docker Compose logs")] compose-logs: docker-compose logs -f # Docker Compose: restart specific service [doc("Restart Docker Compose service")] compose-restart SERVICE: docker-compose restart {{ SERVICE }} # Docker: build image [doc("Build Docker image (secretumvault:latest)")] docker-build: docker build -t secretumvault:latest . # Docker: run container [doc("Run Docker container locally")] docker-run: docker run -it --rm \ -p 8200:8200 \ -p 9090:9090 \ -v "{{ env_var('PWD') }}/docker/config:/etc/secretumvault:ro" \ secretumvault:latest server --config /etc/secretumvault/svault.toml # Docker: build and push to registry [doc("Build and push Docker image to registry")] docker-push REGISTRY="docker.io/secretumvault": docker build -t {{ REGISTRY }}:latest . docker push {{ REGISTRY }}:latest # Kubernetes: apply all manifests [doc("Deploy to Kubernetes (applies all manifests)")] k8s-apply: @echo "Creating namespace..." kubectl apply -f k8s/01-namespace.yaml @sleep 1 @echo "Applying ConfigMap..." kubectl apply -f k8s/02-configmap.yaml @echo "Applying Deployment..." kubectl apply -f k8s/03-deployment.yaml @echo "Applying Services..." kubectl apply -f k8s/04-service.yaml @echo "Applying etcd..." kubectl apply -f k8s/05-etcd.yaml @echo "Applying SurrealDB..." kubectl apply -f k8s/06-surrealdb.yaml @echo "Applying PostgreSQL..." kubectl apply -f k8s/07-postgresql.yaml @echo "✅ All manifests applied" @sleep 3 @echo "" @just k8s-status # Kubernetes: delete all resources [doc("Delete all Kubernetes resources")] k8s-delete: @echo "Deleting namespace (all resources will be deleted)..." kubectl delete namespace secretumvault # Kubernetes: show deployment status [doc("Show Kubernetes deployment status")] k8s-status: @echo "Namespace:" @kubectl -n secretumvault get ns @echo "" @echo "Pods:" @kubectl -n secretumvault get pods @echo "" @echo "Services:" @kubectl -n secretumvault get svc @echo "" @echo "StatefulSets:" @kubectl -n secretumvault get statefulsets @echo "" @echo "Wait for vault to be ready:" @echo " kubectl -n secretumvault wait --for=condition=ready pod -l app=vault --timeout=300s" # Kubernetes: port-forward to vault [doc("Port-forward to vault API")] k8s-portforward: kubectl -n secretumvault port-forward svc/vault 8200:8200 # Kubernetes: view logs [doc("View vault pod logs")] k8s-logs: kubectl -n secretumvault logs -f deployment/vault # Helm: install release [doc("Install vault via Helm")] helm-install: helm install vault helm/ \ --namespace secretumvault \ --create-namespace # Helm: install with custom values [doc("Install Helm with custom values")] helm-install-custom VALUES: helm install vault helm/ \ --namespace secretumvault \ --create-namespace \ --values {{ VALUES }} # Helm: upgrade release [doc("Upgrade existing Helm release")] helm-upgrade: helm upgrade vault helm/ --namespace secretumvault # Helm: uninstall release [doc("Uninstall Helm release")] helm-uninstall: helm uninstall vault --namespace secretumvault # Helm: show values [doc("Show Helm chart values")] helm-values: helm show values helm/ | less # Helm: dry-run [doc("Dry-run Helm install (show manifest)")] helm-dry-run: helm install vault helm/ \ --namespace secretumvault \ --create-namespace \ --dry-run \ --debug # Kubernetes: exec into pod [doc("Execute shell in vault pod")] k8s-shell: kubectl -n secretumvault exec -it deployment/vault -- /bin/sh # Setup PostgreSQL secret [doc("Create PostgreSQL secret in Kubernetes")] k8s-postgres-secret PASSWORD: kubectl -n secretumvault create secret generic vault-postgresql-secret \ --from-literal=password="{{ PASSWORD }}" \ --dry-run=client -o yaml | kubectl apply -f - # Setup SurrealDB secret [doc("Create SurrealDB secret in Kubernetes")] k8s-surrealdb-secret PASSWORD: kubectl -n secretumvault create secret generic vault-surrealdb-secret \ --from-literal=password="{{ PASSWORD }}" \ --dry-run=client -o yaml | kubectl apply -f -