SOPs - Standard Operation Procedures

Day 0

In order for Constellation to be deployed, the following resources and settings are either not codified or are managed outside of Terraform:

• Constellation AWS Accounts including SSO -> Managed by constellation/aws-management
• Constellation Roles (Engineering & Admin) -> Managed by constellation/aws-management
• S3 Bucket for TF state; currently done here -> Will move to constellation/aws-management
• Azure App Registrations (Constellation-ArgoCD & Constellation-Grafana); Secrets in AWS SM -> Should be done using the Azure Provider; requires an SP with appropriate RBAC
• clear-route/constellation-iac GHA IAM role for TF provisioning; currently here -> Will be done by constellation/aws-management
• Constellation Github App created manually (used by ArgoCD)

Postgres Snapshot Creation & Restore

Snapshot Creation

The RDS DB instances are isolated and not accessible from localhost or outside the cluster.

If you need a Postgres dump, you can apply the following manifests and execute the commands below to create a dump and copy it to your local machine:

apiVersion: v1
kind: Pod
metadata:
  name: pg-sleeper
  labels:
    app: pg-sleeper
    allow-egress-rds: "true"
spec:
  containers:
    - name: postgres
      image: postgres:17
      command: ["sleep", "infinity"]
      envFrom:
        - secretRef:
            name: secrets
      imagePullPolicy: IfNotPresent
      stdin: true
      tty: true
  restartPolicy: Never

kubectl apply -f postgres-dump.yml -n app-atlas # Change to your app namespace
kubectl exec -it -n app-atlas pg-sleeper -- sh -c 'PGDATABASE=$DB_NAME pg_dump > /tmp/$DB_NAME.dump'
kubectl cp -n app-atlas pg-sleeper:/tmp/atlas.dump atlas.dump # Change to your app namespace specific DB_NAME, usually the app name
less atlas.dump # Inspect the dump
kubectl delete -f postgres-dump.yml -n app-atlas # Change to your app namespace

Snapshot Restore

tbd.