Skip to main content

Welance Production

The welance-prod tenant manages ArgoCD deployments for production Kubernetes clusters.

Overview

The welance-prod tenant contains GitOps configurations for deploying applications to production Kubernetes clusters. It serves as the single source of truth for all production environment configurations, managed through ArgoCD.

Purpose

This tenant is used for:

  • Production environments: Live production workloads
  • Production databases: Production database configurations
  • Production services: Critical production services
  • High-availability deployments: Production-grade application deployments

Repository Structure

The welance-prod folder structure follows an environment-based organization:

welance-prod/
├── management/          # Management/administrative environment
├── develop/            # Production development environment (if applicable)
├── staging/            # Production staging environment (if applicable)
└── [other-environments]/  # Additional production environments

Environments

Each subfolder within welance-prod represents a distinct production environment:

Management

The management environment contains:

  • Production platform management tools
  • Administrative applications for production
  • Production monitoring and observability tools
  • Infrastructure management components for production

Develop

The develop environment contains (if applicable):

  • Production development application deployments
  • Production development database configurations
  • Production development service configurations

Staging

The staging environment contains (if applicable):

  • Production staging application deployments
  • Pre-production testing configurations in production cluster
  • Production staging database configurations

Additional Environments

Other environments may exist based on organizational needs, each following the same structure and GitOps principles.

ArgoCD Integration

The welance-prod tenant is managed by ArgoCD, which:

  • Monitors Git Repository: ArgoCD watches the welance-prod folder for changes
  • Syncs to Cluster: Automatically deploys changes to the production Kubernetes cluster
  • Manages Applications: Each environment contains ArgoCD Application definitions
  • Helm Values: Contains Helm values files for application configurations
  • Environment Variables: Contains environment-specific variable files

Typical Structure Per Environment

Each environment folder typically contains:

[environment]/
├── [project-id]-[environment]/
│   ├── values.yaml          # Helm values for the application
│   ├── env.yaml             # Environment variables
│   └── [other-configs]/     # Additional configuration files
└── [other-projects]/        # Other projects in this environment

Configuration Files

values.yaml

Helm values files contain:

  • Image tags and versions
  • Resource limits and requests (production-grade)
  • Ingress configurations
  • Storage configurations
  • Service configurations
  • Production-specific overrides
  • High-availability configurations

env.yaml

Environment variable files contain:

  • Application environment variables
  • Production database connection strings
  • API keys and secrets (references)
  • Feature flags
  • Production configuration values

Deployment Workflow

  1. Pipeline Updates: CI/CD pipelines update values in welance-prod repository (typically requires manual approval)
  2. Git Commit: Changes are committed to the repository
  3. ArgoCD Detection: ArgoCD detects changes in the Git repository
  4. Automatic Sync: ArgoCD syncs changes to the production Kubernetes cluster
  5. Application Update: Applications are updated with new configurations

Code Repository

The welance-prod tenant source code is available on GitLab:

Repository: https://gitlab.com/welance/platform/tenants

The welance-prod folder is located in the root of the tenants repository.

Access and Permissions

  • Read Access: Restricted to authorized personnel
  • Write Access: Highly restricted, typically requires:
    • Manual approval in CI/CD pipelines
    • Administrative privileges
    • Production deployment authorization
  • ArgoCD Access: ArgoCD requires read access to sync configurations

Production Considerations

Security

  • Secrets Management: Production secrets are managed separately and referenced
  • Access Control: Strict access controls and audit logging
  • Encryption: All sensitive data encrypted at rest and in transit

Reliability

  • High Availability: Production deployments configured for high availability
  • Resource Limits: Appropriate resource limits and requests
  • Monitoring: Comprehensive monitoring and alerting
  • Backup: Regular backups and disaster recovery procedures

Change Management

  • Manual Approval: Production deployments typically require manual approval
  • Change Review: All changes reviewed before deployment
  • Rollback Capability: Quick rollback procedures in place
  • Testing: Changes tested in non-production before production deployment

Notes

  • All configurations are version-controlled in Git
  • Changes follow GitOps principles (Git as single source of truth)
  • ArgoCD handles the actual deployment to Kubernetes
  • Production environments have stricter access controls
  • Production deployments require manual approval in CI/CD pipelines
  • Environment-specific configurations override default Helm values
  • Production configurations prioritize stability and reliability