epic-devops-infrastructure

Guide for epic-devops-infrastructure

Epic: DevOps & Infrastructure

CI/CD, monitoring, and deployment infrastructure.

Missions Completed

🚀 CI/CD Pipelines

Mission DEVOPS-PIPELINES: GHA Migration (2026-01-18)

Role: DevOps Engineer
  • Backend GHA: backend-build.yml with cargo-chef caching
  • Website GHA: website-build.yml
  • Game Client GHA: client-build.yml
  • Discord Bot GHA: discord-bot-build.yml
  • Ops Tools GHA: ops-tools-build.yml
  • Security Scanning: Trivy container scanning
  • Image Pruner: Weekly scheduled cleanup

Mission AH: DevOps Scale (2026-01-13)

  • CI/CD Pipelines: backend-ci.yml, game-ci.yml
  • Kubernetes Manifests: chart/loh-backend Helm chart

Mission I: Infrastructure Verification (2026-01-13)

  • Multi-Service Support: api-game, api-web, api-ops containers
  • Swarm Deploy: deploy keys in docker-compose
  • Load Test: docker stack deploy verification

📊 Monitoring & Observability

Mission N: Infrastructure Monitoring (2026-01-12)

  • Prometheus: cadvisor + node-exporter scraping
  • Alertmanager: Email/webhook routes
  • Alert Rules: CPU/OOM/Disk/Crash Loop
  • Grafana: Prometheus datasource + dashboards

Mission O: PagerDuty Integration (2026-01-13)

  • PagerDuty Service: Generic Prometheus integration
  • Alertmanager Config: PagerDuty receiver
  • Severity Routing: Page only on severity="critical"

Mission S: Discord Tooling (2026-01-13)

  • Discord Bot: Slash command service
  • /stats command: CCU, RAM/CPU
  • /health command: Backend status
  • Alert Integration: Alertmanager → Discord webhook

☁️ Edge & Cloudflare

Mission EDGE-OPS: Cloudflare Networking (2026-01-17)

  • Worker CORS: Restricted origins for kb-api, account-api
  • Password Hashing: Verified Salted SHA-256
  • Debug Endpoints: Removed /kb/debug
  • Service Token Rotation: Comma-separated support

Ad-Hoc: Storefront D1 Migration (2026-01-20)

  • D1 Schema: shop_categories, shop_items tables
  • Shop API: Read-only Cloudflare Worker
  • Seed Script: seed-shop.ts for ops-managed data
  • Security Hardening: CORS, Cache-Control, Turnstile

🐳 Docker & Infrastructure

Docker Optimization (2026-01-18)

  • Multi-stage Builds: cargo-chef for game-server
  • Helm Charts: Standardized k8s manifests
  • Security Scanning: trivy/cargo-audit in pipelines

Mission U: Zero Trust & Vault (2026-01-15)

  • Vault Deployment: HCP/Self-hosted instance
  • Secret Migration: .env → Vault KV Storage
  • Zero Trust Auth: AppRole/OIDC for service-to-service

Ad-Hoc: Infrastructure (2026-01-17)

  • Secrets Rotation Audit: /tools/devops/secrets dashboard
  • SSL Monitor: /tools/devops/ssl dashboard
  • Automated Migrations: scripts/migrate_d1.sh
  • IaC: Terraform configs for GCP/CockroachDB