Deployment
This page summarizes production deployment flows and points to the GitOps layout.
GitOps (production)
Production manifests are managed by Argo CD under git-ops/production/:
- Each app has
application.yaml,kustomization.yaml, andresources/ prerequisites/must be applied first (shared resources like GHCR pull secret)
Apply order:
kubectl apply -f git-ops/production/app-project.yaml
kubectl apply -f git-ops/production/prerequisites/application.yaml
kubectl apply -f git-ops/production/gnoland/application.yaml
kubectl apply -f git-ops/production/gnoweb/application.yaml
kubectl apply -f git-ops/production/server-bridge/application.yaml
kubectl apply -f git-ops/production/server-communicate/application.yaml
kubectl apply -f git-ops/production/server-internal-api/application.yaml
kubectl apply -f git-ops/production/server-internal-worker/application.yaml
kubectl apply -f git-ops/production/server-internal-world/application.yaml
kubectl apply -f git-ops/production/server-world/application.yamlGitHub Actions (production)
Workflows under .github/workflows/ handle builds/releases:
- Build and Push (
ci.yaml): server images, updatesgit-ops/production/*/kustomization.yaml - Game Release (
ci-game.yaml): builds and deploys the game to Firebase Hosting - Game Preview (
ci-game-preview.yaml): preview channels - Docs Release (
ci-docs.yaml): builds and deploys docs to Firebase Hosting - Cleanup GHCR (
cleanup-ghcr.yaml): scheduled image cleanup
Docs (Firebase Hosting)
Docs deploys through ci-docs.yaml and uses firebase.json at the repo root.
Secrets
Production secrets are stored as SealedSecrets in
git-ops/production/**/resources/secrets.yaml. The Sealed Secrets controller
creates the real Kubernetes Secrets at runtime.
Last updated on