SOPs - Standard Operation Procedures¶
Day0¶
In order for Constellation to be deployed, the following resources & settings are either not codified or are done outside of Terraform:
- Constellation AWS Accounts including SSO -> will be done by constellation/aws-management
- Constellation Roles (Engineering & Admin) -> will be done by constellation/aws-management
- S3 Bucket for TF state; currently done here -> will move to constellation/aws-management
- Azure App Registrations (Constellation-ArgoCD & Constellation-Grafana); Secrets in AWS SM -> should be done using the Azure Provider, need an SP with appropriate RBAC
clear-route/constellation-iacGHA IAM role for TF provisioning; currently here -> will be done by constellation/aws-management- Constellation Github App created by hand (used by ArgoCD)
Postgres Snapshot Creation & Restore¶
Snapshot Creation¶
The RDS DB instances are isolated and not accessible from localhost or outside the cluster. If you do need a Postgres dump you can apply the following manifests and execute the following commands to create a postgres dump and copy it to your local machine:
apiVersion: v1
kind: Pod
metadata:
name: pg-sleeper
labels:
app: pg-sleeper
allow-egress-rds: "true"
spec:
containers:
- name: postgres
image: postgres:17
command: ["sleep", "infinity"]
envFrom:
- secretRef:
name: secrets
imagePullPolicy: IfNotPresent
stdin: true
tty: true
restartPolicy: Never
> kubectl apply -f postgres-dump.yml -n app-radar # change to your app namespace
> kubectl exec -it -n app-radar pg-sleeper -- sh -c 'PGDATABASE=$DB_NAME pg_dump > /tmp/$DB_NAME.dump'
> kubectl cp -n app-radar pg-sleeper:/tmp/radar.dump radar.dump # change to your app namespace specific DB_NAME, usually the app name
> less radar.dump # inspect the dump
> kubectl delete -f postgres-dump.yml -n app-radar # change to your