Skip to main content

AlphaSwarm.FUND Blue/Green Cutover

Runbook for migrating alphaswarm.fund traffic to the tower cluster with a short, controlled DNS/tunnel switch and immediate rollback path.

Green lane artifacts

  • Overlay: alphaswarm_platform/deployments/kubernetes/overlays/tower-green/
  • Tunnel lane: alphaswarm_platform/deployments/kubernetes/edge/cloudflared-alphaswarm-green/
  • Verification: scripts/verify_blue_green_cutover.sh

Green hostnames:

  • alphaswarm-green.alphaswarm.fund
  • api-green.alphaswarm.fund
  • manage-green.alphaswarm.fund

1) Pre-cutover prep

  1. Ensure tower-dev is healthy:

    bash scripts/verify_tower_cluster.sh

  2. Update Auth0 app allow-lists so both blue and green URLs are valid during transition. Use alphaswarm_platform/terraform/modules/auth0_identity inputs:

    • callback_urls + cutover_callback_urls
    • logout_urls + cutover_logout_urls
    • web_origins + cutover_web_origins

  3. Create green tunnel token secret:

    token="$(cloudflared tunnel token alphaswarm-fund-edge-green)"
    kubectl -n alphaswarm-edge create secret generic cloudflared-alphaswarm-green-token \
      --from-literal=token="$token" \
      --dry-run=client -o yaml | kubectl apply -f -

2) Deploy green lane

kubectl apply -k alphaswarm_platform/deployments/kubernetes/edge/cloudflared-alphaswarm-green/
kubectl apply -k alphaswarm_platform/deployments/kubernetes/overlays/tower-green/

3) Validate before switch

bash scripts/verify_blue_green_cutover.sh
CHECK_EXTERNAL=true bash scripts/verify_blue_green_cutover.sh

4) Cut over traffic

Perform the controlled switch in Cloudflare:

  • point DNS/app routing to green hostnames (or update tunnel ingress mapping)
  • confirm health endpoints:
    • https://alphaswarm-green.alphaswarm.fund
    • https://api-green.alphaswarm.fund/livez
    • https://manage-green.alphaswarm.fund/manage/livez

Once stable, update canonical host routing (alphaswarm.fund, api.alphaswarm.fund, manage.alphaswarm.fund) to the tower green lane.

5) Rollback

Immediate rollback commands:

kubectl apply -k alphaswarm_platform/deployments/kubernetes/overlays/tower-dev/
kubectl delete -k alphaswarm_platform/deployments/kubernetes/edge/cloudflared-alphaswarm-green/

Then restore blue DNS/tunnel routing and rerun baseline checks.