tasklist-v2.md - GCP Deployment Tasks
CODITECT DMS - OpenTofu Deployment Checklist
Version: 2.0.0 Created: 2025-12-28 Total Tasks: 147 Status: Ready for Execution
Progress Summary
| Phase | Tasks | Completed | Progress |
|---|---|---|---|
| Phase 1: Prerequisites | 28 | 0 | 0% |
| Phase 2: Infrastructure | 35 | 0 | 0% |
| Phase 3: Application | 25 | 0 | 0% |
| Phase 4: Database | 15 | 0 | 0% |
| Phase 5: DNS & SSL | 12 | 0 | 0% |
| Phase 6: Monitoring | 15 | 0 | 0% |
| Phase 7: Validation | 17 | 0 | 0% |
| Total | 147 | 0 | 0% |
Phase 1: Prerequisites & Setup (28 Tasks)
1.1 Tool Installation
- Install OpenTofu >= 1.6.0
- Install Google Cloud SDK >= 450.0.0
- Install kubectl >= 1.28.0
- Install Helm >= 3.12.0
- Install Docker >= 24.0.0
- Install k6 for load testing
- Verify all tool versions
1.2 GCP Authentication
- Run
gcloud auth login - Run
gcloud auth application-default login - Verify authentication with
gcloud auth list - Configure default project
1.3 GCP Project Creation
- Create coditect-dev project
- Create coditect-staging project
- Create coditect-prod project
- Link billing account to coditect-dev
- Link billing account to coditect-staging
- Link billing account to coditect-prod
1.4 Enable GCP APIs (Per Project x 3)
- Enable Container API (coditect-dev)
- Enable Container API (coditect-staging)
- Enable Container API (coditect-prod)
- Enable SQL Admin API (all projects)
- Enable Redis API (all projects)
- Enable Secret Manager API (all projects)
- Enable Cloud Armor API (all projects)
- Enable Monitoring API (all projects)
- Enable AI Platform API (all projects)
1.5 Terraform State Buckets
- Create gs://coditect-dev-terraform-state
- Create gs://coditect-staging-terraform-state
- Create gs://coditect-prod-terraform-state
- Enable versioning on all state buckets
Phase 2: Infrastructure Deployment (35 Tasks)
2.1 Development Environment
- Initialize OpenTofu for dev
- Run
tofu planfor dev environment - Review dev plan output
- Apply dev infrastructure
- Verify VPC created
- Verify GKE cluster running
- Verify Cloud SQL instance running
- Verify Redis instance running
- Verify all secrets created
- Save dev outputs
2.2 Staging Environment
- Initialize OpenTofu for staging
- Run
tofu planfor staging environment - Review staging plan output
- Apply staging infrastructure
- Verify VPC created
- Verify GKE cluster running
- Verify Cloud SQL instance running
- Verify Redis instance running
- Verify all secrets created
- Save staging outputs
2.3 Production Environment
- Initialize OpenTofu for prod
- Run
tofu planfor prod environment - Review prod plan with team
- Get approval from Platform Lead
- Get approval from Security Lead
- Apply prod infrastructure
- Verify VPC created with private subnets
- Verify GKE cluster running (private nodes)
- Verify Cloud SQL instance running (HA)
- Verify Redis instance running (HA)
- Verify Cloud Armor policy active
- Verify all secrets created
- Save prod outputs
- Document infrastructure endpoints
- Update runbooks with actual resource names
Phase 3: Application Deployment (25 Tasks)
3.1 Kubernetes Configuration
- Get GKE credentials for dev
- Get GKE credentials for staging
- Get GKE credentials for prod
- Verify kubectl connectivity to all clusters
- Create coditect-dms namespace (dev)
- Create coditect-dms namespace (staging)
- Create coditect-dms namespace (prod)
3.2 Secrets Configuration
- Create Kubernetes secrets from Secret Manager (dev)
- Create Kubernetes secrets from Secret Manager (staging)
- Create Kubernetes secrets from Secret Manager (prod)
- Set OpenAI API key in Secret Manager
- Set Stripe API keys in Secret Manager
3.3 Docker Images
- Configure Docker for GCR authentication
- Build API Docker image
- Tag image with version
- Push image to gcr.io/coditect-prod
- Verify image in Container Registry
3.4 Kubernetes Deployment
- Deploy to dev environment
- Verify dev pods running
- Deploy to staging environment
- Verify staging pods running
- Deploy to prod environment
- Verify prod pods running
- Verify HPA configured correctly
- Verify pod resource limits applied
Phase 4: Database Setup (15 Tasks)
4.1 Cloud SQL Proxy
- Download Cloud SQL Proxy
- Configure proxy for dev
- Configure proxy for staging
- Configure proxy for prod
4.2 PostgreSQL Extensions
- Enable pgvector extension (dev)
- Enable pgvector extension (staging)
- Enable pgvector extension (prod)
- Verify vector extension installed
4.3 Database Migrations
- Test migrations on dev
- Run migrations on dev
- Test migrations on staging
- Run migrations on staging
- Run migrations on prod
- Verify all tables created
- Verify indexes created
Phase 5: DNS & SSL (12 Tasks)
5.1 Static IP Verification
- Verify static IP for dev
- Verify static IP for staging
- Verify static IP for prod
5.2 DNS Configuration
- Create/verify DNS zone
- Add A record for dms-api-dev.coditect.ai
- Add A record for dms-api-staging.coditect.ai
- Add A record for dms-api.coditect.ai
- Verify DNS propagation
5.3 SSL Certificates
- Verify managed certificate for dev
- Verify managed certificate for staging
- Verify managed certificate for prod
- Test HTTPS connectivity
Phase 6: Monitoring & Alerting (15 Tasks)
6.1 Alert Verification
- Verify high error rate alert created
- Verify high latency alert created
- Verify high CPU alert created
- Verify high memory alert created
- Verify Cloud SQL connection alert created
- Verify Redis memory alert created
6.2 Notification Channels
- Configure email notifications
- Configure Slack webhook
- Configure PagerDuty integration
- Test alert notifications
6.3 Dashboards
- Verify Cloud Monitoring dashboard created
- Import Grafana dashboards (if using kube-prometheus)
- Configure SLO dashboards
- Set up log-based metrics
6.4 Uptime Checks
- Verify health check uptime monitor
- Verify readiness check uptime monitor
Phase 7: Validation & Go-Live (17 Tasks)
7.1 Smoke Tests
- Test /health endpoint
- Test /health/ready endpoint
- Test /docs (Swagger UI)
- Test /redoc (ReDoc)
- Test API authentication
- Test document upload
- Test semantic search
7.2 Load Testing
- Run k6 load test (100 users)
- Run k6 load test (500 users)
- Analyze load test results
- Verify autoscaling triggers
7.3 Security Validation
- Run OWASP ZAP scan
- Verify Cloud Armor blocking attacks
- Verify rate limiting working
- Review security audit logs
7.4 Go-Live
- Get final sign-off from Platform Lead
- Get final sign-off from Security
- Update status page to "Operational"
- Announce launch to stakeholders
Post-Deployment Tasks
Documentation
- Update runbooks with actual values
- Document all endpoints
- Create troubleshooting guide
- Record deployment video/walkthrough
Training
- Train on-call team
- Train support team
- Create FAQ document
Handoff
- Transfer ownership to operations
- Schedule post-mortem meeting
- Document lessons learned
Quick Commands Reference
OpenTofu Commands
# Initialize
tofu init -backend-config="bucket=coditect-prod-terraform-state"
# Plan
tofu plan -var-file=environments/prod/terraform.tfvars -out=prod.tfplan
# Apply
tofu apply prod.tfplan
# Destroy (DANGEROUS)
tofu destroy -var-file=environments/prod/terraform.tfvars
Kubernetes Commands
# Get credentials
gcloud container clusters get-credentials coditect-dms-prod-cluster --region us-central1
# Deploy
kubectl apply -f deploy/kubernetes/
# Check status
kubectl get pods -n coditect-dms
kubectl get svc -n coditect-dms
kubectl get ingress -n coditect-dms
# Logs
kubectl logs -f deployment/coditect-dms-api -n coditect-dms
# Scale
kubectl scale deployment coditect-dms-api --replicas=10 -n coditect-dms
Database Commands
# Start proxy
cloud_sql_proxy -instances=coditect-prod:us-central1:coditect-dms-db-xxxx=tcp:5432
# Connect
psql -h localhost -U dms_admin -d coditect_dms
# Run migrations
alembic upgrade head
Rollback Checklist
Application Rollback
- Identify problematic deployment
- Run
kubectl rollout undo - Verify rollback successful
- Notify stakeholders
Infrastructure Rollback
- Identify problematic change in state
- Run targeted
tofu applyto revert - Verify infrastructure restored
- Update documentation
Database Rollback
- Identify migration to revert
- Run
alembic downgrade - Or restore from backup
- Verify data integrity
Sign-Off
| Role | Name | Date | Signature |
|---|---|---|---|
| Platform Lead | |||
| Security Lead | |||
| Engineering Manager | |||
| CTO | Hal Casteel |
Document Version: 2.0.0 Last Updated: 2025-12-28 Next Review: Weekly during deployment