Deploying a New Service¶
Checklist¶
1. ECR repository¶
Add to terraform-heezy/environments/production/aws/ecr.tf:
2. Dockerfile¶
Create heezy-containers/dockerfiles/heezy-my-service/Dockerfile.
3. Build workflow¶
Create heezy-containers/.gitea/workflows/deploy-heezy-my-service.yml.
Copy an existing one (e.g. deploy-receipts.yml) and update paths + service name.
4. k8s manifests¶
Create heezy-k8s/apps/heezy-my-service/:
- deployment.yaml
- service.yaml
- kustomization.yaml
5. Schema¶
If the service uses Postgres, add tables to:
ansible-heezy/roles/heezy-postgres-schema/files/schema.sql
Tables are applied idempotently on every Ansible run.
6. SWAG proxy conf¶
Add /config/nginx/proxy-confs/my-service.subdomain.conf in the SWAG pod.
7. Pi-hole split DNS¶
# Get current hosts, append new entry, PATCH
SID=$(kubectl exec -n heezy deployment/pihole -- curl -sk -X POST http://localhost/api/auth \
-H 'Content-Type: application/json' -d '{"password":"heezy-pihole-admin-2025"}' \
| python3 -c "import sys,json; print(json.load(sys.stdin)['session']['sid'])")
kubectl exec -n heezy deployment/pihole -- curl -sk -X PATCH http://localhost/api/config \
-H "sid: $SID" -H 'Content-Type: application/json' \
-d '{"config":{"dns":{"hosts":["192.168.1.25 my-service.heezy.info"]}}}'
8. Cloudflare DNS + Tunnel¶
Add CNAME in terraform-heezy/environments/production/cloudflare/.
9. Update TOOLS.md + MEMORY.md¶
Document URL, port, auth details.
Naming Convention¶
heezy-<service>[-<subservice>]
Examples: heezy-finance, heezy-finance-reconcile, heezy-cs16-leaderboard