HH-Search Deployment Plan (FE & Node Server)

Frontend Deployment

Staging:

 Setup Environment Variable (ballbot & prod-support)

{"enableOTPVerification":true, "enableFilterDtp":true, "enableNewSearch":true, "enableNewSearchSuggest":true}

 Release feat/opensearch to develop (ballbot & prod-support)

Production:

```
 Get Review PR
```
```
 Setup Environment Variable
```

PUBLIC_API_SEARCH_DOMAIN=https://search.hungryhub.com
PUBLIC_APP_FEATURES={"enableFilterDtp":false, "enableNewSearch":false, "enableNewSearchSuggest":false}

```
 Release feat/opensearch to master
```

 Once BE & Node Server ready update Environment Variable on Netlify

PUBLIC_APP_FEATURES={"enableFilterDtp":false, "enableNewSearch":true, "enableNewSearchSuggest":false}

```
 Trigger netlify deploy
```

Node Backend Deployment

Pre-Deployment Steps

```
 Make sure kafka server & topics ready
```
```
 Make sure opensearch server ready
```
```
 Setup redis server for production
```
```
 Create SSM > Parameter Store
```

Name: /prod/hh_search_config

Value: (replace xxx with the actual value)

apiVersion: v1
kind: ConfigMap
metadata:
  name: hh-search-config
data:
  API_KEYS: worker.0NQPfOmh0811eFGqWxCTk+9XVmSI6X4l
  MYSQL_CONNECTION_LIMIT: '5'
  MYSQL_DATABASE: xxx
  MYSQL_HOST: xxx
  MYSQL_PASSWORD: xxx
  MYSQL_PORT: '3306'
  MYSQL_USER: admin
  NODE_ENV: staging
  NAMESPACE: support
  OPENSEARCH_NODE: https://os-hh-search-prod-hh-production.d.aivencloud.com:25940
  OPENSEARCH_PASSWORD: AVNS_q2bdzsu7MuVSTrEqRlf
  OPENSEARCH_USER: avnadmin
  FASTIFY_PORT: '4000'
  FASTIFY_HOST: '0.0.0.0'
  REDIS_HOST: xxx
  REDIS_PASSWORD: xxx
  REDIS_PORT: '6379'
  REDIS_TLS: 'true'
  WORKER_ENABLED: 'false'
  KAFKA_BROKER_LIST: kafka-hh-production.a.aivencloud.com:25942
  KAFKA_SECURITY_PROTOCOL: ssl
  KAFKA_SSL_KEY_LOCATION: certs/service.key
  KAFKA_SSL_CERT_LOCATION: certs/service.cert
  KAFKA_SSL_CA_LOCATION: certs/ca.pem
  KAFKA_GROUP_ID: hh-search-group-id-production
  ROLLBAR_ACCESS_TOKEN: 4aabad74eb584c3d9ef7e1e24c567773
  ROLLBAR_ENABLED: 'true'
  NEW_RELIC_ENABLED: 'true'
  NEW_RELIC_APP_NAME: 'HH Search'
  NEW_RELIC_LICENSE_KEY: xxx
  NEW_RELIC_API_KEY: xxx
  NEW_RELIC_ENTITY_GUID: xxx

 Create SSM > Parameter Store for google & kafka config files

/prod/hh_search_google_credentials
/prod/hh_search_kafka_ssl_ca
/prod/hh_search_kafka_ssl_cert
/prod/hh_search_kafka_ssl_key Note: click the link above to get the value (change dev to prod )

Deployment Steps

 Create a new deployment pipeline like this on production environment

hh-search-prod-support

 Create a new ECR Repository `hh-search` on production

```
 Resolve Bot Review PR
```
```
 Merge branch feat/opensearch to main
```

 Merge branch feat/prod-deployment-v2 to main

```
 Update terraform config
```

alb/ingress-v-1-22.tf

resource "kubectl_manifest" "search" {
  depends_on = [time_sleep.wait_120_seconds]
  yaml_body  = <<YAML
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: search
  namespace: hungryhub
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: ${data.terraform_remote_state.route53.outputs.cloudflare_acm}
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-2021-06
    alb.ingress.kubernetes.io/healthcheck-path: /health
    alb.ingress.kubernetes.io/success-codes: 200,403
spec:
  rules:
  - host: search.${data.terraform_remote_state.route53.outputs.external_domain}
    http:
      paths:
        - path: "/"
          pathType: Prefix
          backend:
            service:
              name: ssl-redirect
              port:
                name: use-annotation
        - path: "/"
          pathType: Prefix
          backend:
            service:
              name: hh-search
              port:
                number: 4000
  - host: search-worker.${data.terraform_remote_state.route53.outputs.external_domain}
    http:
      paths:
        - path: "/"
          pathType: Prefix
          backend:
            service:
              name: ssl-redirect
              port:
                name: use-annotation
        - path: "/"
          pathType: Prefix
          backend:
            service:
              name: hh-search-worker
              port:
                number: 4000
YAML
}

alb/output.tf

output "search_lb" {
  value = data.aws_lb.hungryhub-search.dns_name
}

alb/route53.tf

data "aws_lb" "hungryhub-search" {
  depends_on = [time_sleep.wait_180_seconds, kubectl_manifest.search]
  tags = {
    "ingress.k8s.aws/stack" = "hungryhub/search"
    "elbv2.k8s.aws/cluster" = data.terraform_remote_state.vpc.outputs.eks_cluster_name
  }
}

cloudflare/cloudflare.tf

resource "cloudflare_record" "search" {
  zone_id         = var.zone_id
  name            = "search"
  value           = data.terraform_remote_state.alb.outputs.search_lb
  type            = "CNAME"
  proxied         = true
  allow_overwrite = true
}

resource "cloudflare_record" "search-worker" {
  zone_id         = var.zone_id
  name            = "search-worker"
  value           = data.terraform_remote_state.alb.outputs.search_lb
  type            = "CNAME"
  proxied         = true
  allow_overwrite = true
}

```
 Release the changes
```

Issues

```
 Connect to redis without password
```

 Missing [search.hungryhub.com](http://search.hungryhub.com) record in DNS ➝ done tp manual

Keyboard shortcuts

HungryHub Knowledge Base