Deploy Verification Workflow
Pre-Deploy Checklist
-
Validate configs before committing:
- YAML syntax:
python3 -c "import yaml; yaml.safe_load(open('FILE'))" - K8s manifests:
kubectl apply --dry-run=client -f <file> - Helm:
helm template <chart> | kubectl apply --dry-run=client -f - - Cross-check service-specific keys (don't mix Hydra/Kratos/other service configs)
- YAML syntax:
-
Build verification (if applicable):
go build ./...ormake buildgo vet ./...- Run tests:
make testorgo test ./...
Deploy Steps
- Stage and commit changes with conventional commit format
- Push to current branch
- Verify deployment:
# Check rollout status with timeout
kubectl rollout status deployment/<name> -n <namespace> --timeout=120s
# If flaky connectivity, retry with backoff
for i in 1 2 3; do
kubectl rollout status deployment/<name> -n <namespace> --timeout=60s && break
echo "Retry $i/3... waiting 15s"
sleep 15
done
Post-Deploy Verification
# Check pods are healthy
kubectl get pods -n <namespace> -l app=<name>
# Check recent logs for errors
kubectl logs -n <namespace> deployment/<name> --tail=50 --since=2m
# Smoke test (if endpoint available)
curl -sf https://<endpoint>/health
Connectivity Failure Protocol
If kubectl is unreachable after 3 retries:
- Document in commit/PR: "UNVERIFIED: kubectl connectivity failed at $(date)"
- Create a verification script the user can run later:
kubectl rollout status deployment/<name> -n <namespace> kubectl get pods -n <namespace> -l app=<name> - Inform the user clearly that manual verification is needed
Common Pitfalls
| Issue | Cause | Fix |
|---|---|---|
| Wrong config keys | Copied from wrong service | Validate top-level keys match target service |
| ImagePullBackOff | Wrong image tag/registry | Check image exists: docker manifest inspect <image> |
| CrashLoopBackOff | Config or code error | Check logs: kubectl logs <pod> --previous |
| Pending pods | Resource constraints | Check events: kubectl describe pod <pod> |