Update monitoring packages to latest versions

- Updated all OpenTelemetry packages to latest versions: - opentelemetry-api: 1.27.0 → 1.39.1 - opentelemetry-sdk: 1.27.0 → 1.39.1 - opentelemetry-exporter-otlp-proto-grpc: 1.27.0 → 1.39.1 - opentelemetry-exporter-otlp-proto-http: 1.27.0 → 1.39.1 - opentelemetry-instrumentation-fastapi: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-httpx: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-redis: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-sqlalchemy: 0.48b0 → 0.60b1 - Removed prometheus-client==0.23.1 from all services - Unified all services to use the same monitoring package versions Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
2026-01-08 19:25:52 +01:00
parent dfb7e4b237
commit 29d19087f1
129 changed files with 5718 additions and 1821 deletions
--- a/infrastructure/kubernetes/overlays/dev/cluster-issuer-staging.yaml
+++ b/infrastructure/kubernetes/overlays/dev/cluster-issuer-staging.yaml
@@ -1,29 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-issuer
-spec:
-  selfSigned: {}
---
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    # The ACME server URL (Let's Encrypt staging)
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: admin@bakery-ia.local  # Change this to your email
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-staging
-    # Enable the HTTP-01 challenge provider
-    solvers:
-    - http01:
-        ingress:
-          class: nginx
-          podTemplate:
-            spec:
-              nodeSelector:
-                "kubernetes.io/os": linux
--- a/infrastructure/kubernetes/overlays/dev/dev-certificate.yaml
+++ b/infrastructure/kubernetes/overlays/dev/dev-certificate.yaml
@@ -24,6 +24,7 @@ spec:
    - localhost
    - bakery-ia.local
    - api.bakery-ia.local
+    - monitoring.bakery-ia.local
    - "*.bakery-ia.local"

  # IP addresses (for localhost)
--- a/infrastructure/kubernetes/overlays/dev/dev-ingress.yaml
+++ b/infrastructure/kubernetes/overlays/dev/dev-ingress.yaml
@@ -36,6 +36,7 @@ spec:
  - hosts:
    - localhost
    - bakery-ia.local
+    - monitoring.bakery-ia.local
    secretName: bakery-dev-tls-cert
  rules:
  - host: localhost
@@ -54,4 +55,32 @@ spec:
          service:
            name: gateway-service
            port:
-              number: 8000
+              number: 8000
+  - host: bakery-ia.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: frontend-service
+            port:
+              number: 3000
+      - path: /api
+        pathType: Prefix
+        backend:
+          service:
+            name: gateway-service
+            port:
+              number: 8000
+  - host: monitoring.bakery-ia.local
+    http:
+      paths:
+      # SigNoz Frontend UI
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: signoz
+            port:
+              number: 8080
--- a/infrastructure/kubernetes/overlays/dev/kustomization.yaml
+++ b/infrastructure/kubernetes/overlays/dev/kustomization.yaml
@@ -9,15 +9,12 @@ metadata:

 resources:
  - ../../base
-  # Monitoring enabled for dev environment
-  - ../../base/components/monitoring
  - dev-ingress.yaml
-  # SigNoz ingress is applied by Tilt (see Tiltfile)
-  # - signoz-ingress.yaml
+  # SigNoz is managed via Helm deployment (see Tiltfile signoz-deploy)
+  # Monitoring is handled by SigNoz (no separate monitoring components needed)
  # Dev-Prod Parity: Enable HTTPS with self-signed certificates
  - dev-certificate.yaml
-  - monitoring-certificate.yaml
-  - cluster-issuer-staging.yaml
+  # SigNoz paths are now included in the main ingress (ingress-https.yaml)

 # Exclude nominatim from dev to save resources
 # Using scale to 0 for StatefulSet to prevent pod creation
@@ -611,39 +608,6 @@ patches:
          limits:
            memory: "512Mi"
            cpu: "300m"
-  # Optional exporters resource patches for dev
-  - target:
-      group: apps
-      version: v1
-      kind: DaemonSet
-      name: node-exporter
-      namespace: monitoring
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/containers/0/resources
-        value:
-          requests:
-            memory: "32Mi"
-            cpu: "25m"
-          limits:
-            memory: "64Mi"
-            cpu: "100m"
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-      name: postgres-exporter
-      namespace: monitoring
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/containers/0/resources
-        value:
-          requests:
-            memory: "32Mi"
-            cpu: "25m"
-          limits:
-            memory: "64Mi"
-            cpu: "100m"

 secretGenerator:
  - name: dev-secrets
--- a/infrastructure/kubernetes/overlays/dev/monitoring-certificate.yaml
+++ b/infrastructure/kubernetes/overlays/dev/monitoring-certificate.yaml
@@ -1,49 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: bakery-dev-monitoring-tls-cert
-  namespace: monitoring
-spec:
-  # Self-signed certificate for local development
-  secretName: bakery-ia-tls-cert
-
-  # Certificate duration
-  duration: 2160h # 90 days
-  renewBefore: 360h # 15 days
-
-  # Subject configuration
-  subject:
-    organizations:
-      - Bakery IA Development
-
-  # Common name
-  commonName: localhost
-
-  # DNS names this certificate is valid for
-  dnsNames:
-    - localhost
-    - monitoring.bakery-ia.local
-
-  # IP addresses (for localhost)
-  ipAddresses:
-    - 127.0.0.1
-    - ::1
-
-  # Use self-signed issuer for development
-  issuerRef:
-    name: selfsigned-issuer
-    kind: ClusterIssuer
-    group: cert-manager.io
-
-  # Private key configuration
-  privateKey:
-    algorithm: RSA
-    encoding: PKCS1
-    size: 2048
-
-  # Usages
-  usages:
-    - server auth
-    - client auth
-    - digital signature
-    - key encipherment
--- a/infrastructure/kubernetes/overlays/dev/signoz-ingress.yaml
+++ b/infrastructure/kubernetes/overlays/dev/signoz-ingress.yaml
@@ -1,39 +0,0 @@
---
-# SigNoz Ingress for Development (localhost)
-# SigNoz is deployed via Helm in the 'signoz' namespace
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: signoz-ingress-localhost
-  namespace: signoz
-  annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-    nginx.ingress.kubernetes.io/use-regex: "true"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - localhost
-    secretName: bakery-ia-tls-cert
-  rules:
-  - host: localhost
-    http:
-      paths:
-      # SigNoz Frontend UI
-      - path: /signoz(/|$)(.*)
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: signoz-frontend
-            port:
-              number: 3301
-      # SigNoz Query Service API
-      - path: /signoz-api(/|$)(.*)
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: signoz-query-service
-            port:
-              number: 8080