Add new infra architecture

2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
--- a/infrastructure/platform/storage/postgres/configs/postgres-init-config.yaml
+++ b/infrastructure/platform/storage/postgres/configs/postgres-init-config.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-init-config
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: bakery-ia
+data:
+  init.sql: |
+    -- Create required extensions
+    CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+    CREATE EXTENSION IF NOT EXISTS "pg_stat_statements";
+    CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+
+    -- Create monitoring user for SigNoz metrics collection
+    -- This user will be created only if it doesn't already exist
+    DO $$
+    BEGIN
+        IF NOT EXISTS (SELECT FROM pg_catalog.pg_user WHERE usename = 'monitoring') THEN
+            CREATE USER monitoring WITH PASSWORD 'monitoring_369f9c001f242b07ef9e2826e17169ca';
+            GRANT pg_monitor TO monitoring;
+            GRANT SELECT ON pg_stat_database TO monitoring;
+            RAISE NOTICE 'Created monitoring user for SigNoz metrics collection';
+        ELSE
+            -- User already exists, ensure it has the correct password and permissions
+            ALTER USER monitoring WITH PASSWORD 'monitoring_369f9c001f242b07ef9e2826e17169ca';
+            GRANT pg_monitor TO monitoring;
+            GRANT SELECT ON pg_stat_database TO monitoring;
+            RAISE NOTICE 'Updated monitoring user permissions for SigNoz metrics collection';
+        END IF;
+    END $$
+    ;
--- a/infrastructure/platform/storage/postgres/configs/postgres-logging-config.yaml
+++ b/infrastructure/platform/storage/postgres/configs/postgres-logging-config.yaml
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-logging-config
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: database-logging
+data:
+  postgresql.conf: |
+    # PostgreSQL Configuration for Kubernetes
+    # Generated for security compliance and monitoring
+
+    # Network Configuration
+    listen_addresses = '*'
+    port = 5432
+
+    # Connection Logging
+    log_connections = on
+    log_disconnections = on
+    log_hostname = off
+
+    # Query Logging
+    log_statement = 'all'
+    log_duration = on
+    log_min_duration_statement = 1000
+
+    # Log Destination
+    log_destination = 'stderr'
+    logging_collector = off
+
+    # Log Output Format
+    log_line_prefix = '%t [%p]: user=%u,db=%d,app=%a,client=%h '
+    log_timezone = 'UTC'
+
+    # Error Logging
+    log_error_verbosity = default
+    log_min_messages = warning
+    log_min_error_statement = error
+
+    # Checkpoints
+    log_checkpoints = on
+
+    # Lock Waits
+    log_lock_waits = on
+    deadlock_timeout = 1s
+
+    # Temporary Files
+    log_temp_files = 0
+
+    # Autovacuum Logging
+    log_autovacuum_min_duration = 0
+
+    # SSL/TLS Configuration
+    ssl = on
+    ssl_cert_file = '/tls/server-cert.pem'
+    ssl_key_file = '/tls/server-key.pem'
+    ssl_ca_file = '/tls/ca-cert.pem'
+    ssl_prefer_server_ciphers = on
+    ssl_min_protocol_version = 'TLSv1.2'