bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
infrastructure/services/databases/ai-insights-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ai-insights-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: ai-insights-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ai-insights-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: ai-insights-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: AI_INSIGHTS_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: AI_INSIGHTS_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: AI_INSIGHTS_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: ai-insights-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: ai-insights-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: ai-insights-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: ai-insights-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ai-insights-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: ai-insights-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/alert-processor-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: alert-processor-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: alert-processor-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: alert-processor-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: alert-processor-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: ALERT_PROCESSOR_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ALERT_PROCESSOR_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: ALERT_PROCESSOR_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: alert-processor-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: alert-processor-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: alert-processor-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: alert-processor-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: alert-processor-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: alert-processor-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/auth-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: auth-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: auth-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: auth-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: AUTH_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: AUTH_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: AUTH_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: auth-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: auth-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: auth-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: auth-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: auth-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: auth-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

159
infrastructure/services/databases/demo-session-db.yaml Normal file
View File

@@ -0,0 +1,159 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-session-db
namespace: bakery-ia
labels:
app: demo-session-db
component: database
app.kubernetes.io/name: demo-session-db
app.kubernetes.io/part-of: bakery-forecasting-platform
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: demo-session-db
template:
metadata:
labels:
app: demo-session-db
component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
ports:
- containerPort: 5432
name: postgres
envFrom:
- configMapRef:
name: bakery-config
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_PASSWORD
- name: POSTGRES_DB
value: demo_session_db
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
volumeMounts:
- name: demo-session-db-data
mountPath: /var/lib/postgresql/data
- name: tls-certs-writable
mountPath: /tls
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "200m"
livenessProbe:
exec:
command:
- sh
- -c
- exec pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
exec:
command:
- sh
- -c
- exec pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
volumes:
- name: demo-session-db-data
persistentVolumeClaim:
claimName: demo-session-db-pvc
- name: tls-certs-source
secret:
secretName: postgres-tls
items:
- key: server-cert.pem
path: server-cert.pem
- key: server-key.pem
path: server-key.pem
- key: ca-cert.pem
path: ca-cert.pem
- name: tls-certs-writable
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: demo-session-db-service
namespace: bakery-ia
labels:
app: demo-session-db
component: database
app.kubernetes.io/name: demo-session-db-service
app.kubernetes.io/part-of: bakery-forecasting-platform
spec:
type: ClusterIP
selector:
app: demo-session-db
ports:
- name: postgres
port: 5432
targetPort: 5432
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: demo-session-db-pvc
namespace: bakery-ia
labels:
app: demo-session-db
component: database
app.kubernetes.io/name: demo-session-db-pvc
app.kubernetes.io/part-of: bakery-forecasting-platform
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: standard

171
infrastructure/services/databases/distribution-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: distribution-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: distribution-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: distribution-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: distribution-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: DISTRIBUTION_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: DISTRIBUTION_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DISTRIBUTION_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: distribution-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: distribution-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: distribution-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: distribution-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: distribution-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: distribution-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/external-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: external-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: external-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: external-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: EXTERNAL_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: EXTERNAL_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: EXTERNAL_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: external-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: external-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: external-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: external-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: external-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: external-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/forecasting-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: forecasting-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: forecasting-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: forecasting-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: forecasting-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: FORECASTING_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: FORECASTING_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: FORECASTING_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: forecasting-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: forecasting-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: forecasting-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: forecasting-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forecasting-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: forecasting-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/inventory-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: inventory-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: inventory-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: inventory-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: inventory-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: INVENTORY_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: INVENTORY_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: INVENTORY_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: inventory-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: inventory-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: inventory-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: inventory-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: inventory-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: inventory-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

25
infrastructure/services/databases/kustomization.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- auth-db.yaml
- tenant-db.yaml
- training-db.yaml
- forecasting-db.yaml
- ai-insights-db.yaml
- sales-db.yaml
- inventory-db.yaml
- production-db.yaml
- procurement-db.yaml
- distribution-db.yaml
- recipes-db.yaml
- suppliers-db.yaml
- pos-db.yaml
- orders-db.yaml
- external-db.yaml
- notification-db.yaml
- alert-processor-db.yaml
- orchestrator-db.yaml
- demo-session-db.yaml
- rabbitmq.yaml

171
infrastructure/services/databases/notification-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: notification-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: notification-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: notification-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: NOTIFICATION_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: NOTIFICATION_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: NOTIFICATION_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: notification-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: notification-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: notification-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: notification-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: notification-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: notification-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/orchestrator-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: orchestrator-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORCHESTRATOR_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: orchestrator-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: orchestrator-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: orchestrator-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/orders-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: orders-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: orders-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: orders-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: orders-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORDERS_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ORDERS_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: ORDERS_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: orders-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: orders-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orders-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: orders-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: orders-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: orders-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/pos-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: pos-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: pos-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: pos-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: pos-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: POS_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: POS_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: POS_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: pos-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: pos-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: pos-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: pos-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pos-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: pos-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/procurement-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: procurement-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: PROCUREMENT_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: procurement-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: procurement-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: procurement-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/production-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: production-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: production-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: production-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: production-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: PRODUCTION_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: PRODUCTION_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: PRODUCTION_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: production-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: production-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: production-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: production-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: production-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: production-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

125
infrastructure/services/databases/rabbitmq.yaml Normal file
View File

@@ -0,0 +1,125 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: rabbitmq
namespace: bakery-ia
labels:
app.kubernetes.io/name: rabbitmq
app.kubernetes.io/component: message-broker
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: rabbitmq
app.kubernetes.io/component: message-broker
template:
metadata:
labels:
app.kubernetes.io/name: rabbitmq
app.kubernetes.io/component: message-broker
spec:
imagePullSecrets:
- name: dockerhub-creds
containers:
- name: rabbitmq
image: rabbitmq:4.1-management-alpine
ports:
- containerPort: 5672
name: amqp
- containerPort: 15672
name: management
env:
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: RABBITMQ_USER
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: RABBITMQ_PASSWORD
- name: RABBITMQ_DEFAULT_VHOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_VHOST
volumeMounts:
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
exec:
command:
- timeout
- "5"
- bash
- -c
- "</dev/tcp/localhost/5672 && rabbitmq-diagnostics ping"
initialDelaySeconds: 40
timeoutSeconds: 10
periodSeconds: 30
failureThreshold: 5
readinessProbe:
exec:
command:
- timeout
- "5"
- bash
- -c
- "</dev/tcp/localhost/5672 && rabbitmq-diagnostics ping"
initialDelaySeconds: 20
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
volumes:
- name: rabbitmq-data
persistentVolumeClaim:
claimName: rabbitmq-pvc
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: rabbitmq
app.kubernetes.io/component: message-broker
spec:
type: ClusterIP
ports:
- port: 5672
targetPort: 5672
protocol: TCP
name: amqp
- port: 15672
targetPort: 15672
protocol: TCP
name: management
selector:
app.kubernetes.io/name: rabbitmq
app.kubernetes.io/component: message-broker
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rabbitmq-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: rabbitmq
app.kubernetes.io/component: message-broker
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/recipes-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: recipes-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: recipes-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: recipes-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: recipes-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: RECIPES_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: RECIPES_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: RECIPES_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: recipes-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: recipes-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: recipes-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: recipes-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: recipes-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/sales-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sales-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: sales-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sales-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: sales-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: SALES_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: SALES_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: SALES_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: sales-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: sales-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: sales-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: sales-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sales-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: sales-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/suppliers-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: suppliers-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: suppliers-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: suppliers-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: suppliers-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: SUPPLIERS_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: suppliers-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: suppliers-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: suppliers-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: suppliers-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: suppliers-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: suppliers-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/tenant-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: tenant-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: tenant-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: tenant-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: tenant-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: TENANT_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: TENANT_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: TENANT_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: tenant-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: tenant-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: tenant-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: tenant-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tenant-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: tenant-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

171
infrastructure/services/databases/training-db.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: training-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: training-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: training-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: training-db
app.kubernetes.io/component: database
spec:
imagePullSecrets:
- name: dockerhub-creds
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:1.36
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: TRAINING_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: TRAINING_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: TRAINING_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: training-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: training-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: training-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: training-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: training-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: training-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi