bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
infrastructure/services/microservices/ai-insights/ai-insights-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ai-insights-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: ai-insights-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ai-insights-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: ai-insights-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for ai-insights database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $AI_INSIGHTS_DB_HOST -p $AI_INSIGHTS_DB_PORT -U $AI_INSIGHTS_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: AI_INSIGHTS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: AI_INSIGHTS_DB_HOST
- name: AI_INSIGHTS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: AI_INSIGHTS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: AI_INSIGHTS_DB_USER
containers:
- name: ai-insights-service
image: bakery/ai-insights-service:dev
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "ai-insights-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: ai-insights-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: ai-insights-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: ai-insights-service
app.kubernetes.io/component: microservice

67
infrastructure/services/microservices/ai-insights/migrations/ai-insights-migration-job.yaml Normal file
View File

@@ -0,0 +1,67 @@
# Enhanced migration job for ai-insights service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: ai-insights-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: ai-insights-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: ai-insights-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h ai-insights-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "32Mi"
cpu: "10m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/ai-insights-service
command: ["python", "/app/shared/scripts/run_migrations.py", "ai_insights"]
env:
- name: AI_INSIGHTS_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: AI_INSIGHTS_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: AI_INSIGHTS_DATABASE_URL
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: REDIS_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "128Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

143
infrastructure/services/microservices/alert-processor/alert-processor.yaml Normal file
View File

@@ -0,0 +1,143 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: alert-processor
namespace: bakery-ia
labels:
app.kubernetes.io/name: alert-processor
app.kubernetes.io/component: service
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: alert-processor
app.kubernetes.io/component: service
template:
metadata:
labels:
app.kubernetes.io/name: alert-processor
app.kubernetes.io/component: service
spec:
initContainers:
# Wait for RabbitMQ to be ready
- name: wait-for-rabbitmq
image: curlimages/curl:latest
command:
- sh
- -c
- |
echo "Waiting for RabbitMQ to be ready..."
until curl -f -u "$RABBITMQ_USER:$RABBITMQ_PASSWORD" http://$RABBITMQ_HOST:15672/api/healthchecks/node > /dev/null 2>&1; do
echo "RabbitMQ not ready yet, waiting..."
sleep 2
done
echo "RabbitMQ is ready!"
env:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: RABBITMQ_USER
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: RABBITMQ_PASSWORD
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for alert-processor database and migrations to be ready..."
until pg_isready -h $ALERT_PROCESSOR_DB_HOST -p $ALERT_PROCESSOR_DB_PORT -U $ALERT_PROCESSOR_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: ALERT_PROCESSOR_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: ALERT_PROCESSOR_DB_HOST
- name: ALERT_PROCESSOR_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: ALERT_PROCESSOR_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ALERT_PROCESSOR_DB_USER
containers:
- name: alert-processor
image: bakery/alert-processor:latest
command: ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
ports:
- containerPort: 8000
name: http
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
---
apiVersion: v1
kind: Service
metadata:
name: alert-processor
namespace: bakery-ia
labels:
app.kubernetes.io/name: alert-processor
app.kubernetes.io/component: service
app.kubernetes.io/part-of: bakery-ia
spec:
selector:
app.kubernetes.io/name: alert-processor
app.kubernetes.io/component: service
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP
type: ClusterIP

62
infrastructure/services/microservices/alert-processor/migrations/alert-processor-migration-job.yaml Normal file
View File

@@ -0,0 +1,62 @@
# Enhanced migration job for alert-processor service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: alert-processor-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: alert-processor-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: alert-processor-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h alert-processor-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/alert-processor
command: ["python", "/app/shared/scripts/run_migrations.py", "alert_processor"]
env:
- name: ALERT_PROCESSOR_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ALERT_PROCESSOR_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ALERT_PROCESSOR_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

207
infrastructure/services/microservices/auth/auth-service.yaml Normal file
View File

@@ -0,0 +1,207 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: auth-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: auth-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: auth-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
# Wait for database migration to complete
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for auth database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $AUTH_DB_HOST -p $AUTH_DB_PORT -U $AUTH_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Verify that migrations have completed by checking for the alembic_version table
DB_URL="postgresql://$AUTH_DB_USER:$AUTH_DB_PASSWORD@$AUTH_DB_HOST:$AUTH_DB_PORT/$AUTH_DB_NAME"
ATTEMPTS=30
COUNT=0
until [ $COUNT -ge $ATTEMPTS ]; do
if PGPASSWORD="$AUTH_DB_PASSWORD" psql -h "$AUTH_DB_HOST" -p "$AUTH_DB_PORT" -U "$AUTH_DB_USER" -d "$AUTH_DB_NAME" -c "\dt alembic_version" > /dev/null 2>&1; then
echo "Migrations are complete - alembic_version table exists"
exit 0
else
echo "Migrations not complete yet, waiting... ($((COUNT + 1))/$ATTEMPTS)"
sleep 10
fi
COUNT=$((COUNT + 1))
done
echo "Timeout waiting for migrations to complete"
exit 1
env:
- name: AUTH_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: AUTH_DB_HOST
- name: AUTH_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: AUTH_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: AUTH_DB_USER
- name: AUTH_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: AUTH_DB_PASSWORD
- name: AUTH_DB_NAME
value: "auth_db"
containers:
- name: auth-service
image: bakery/auth-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "auth-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: auth-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: auth-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: auth-service
app.kubernetes.io/component: microservice

58
infrastructure/services/microservices/auth/migrations/auth-migration-job.yaml Normal file
View File

@@ -0,0 +1,58 @@
# Enhanced migration job for auth service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: auth-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: auth-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: auth-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
- name: ghcr-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h auth-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/auth-service
command: ["python", "/app/shared/scripts/run_migrations.py", "auth"]
env:
- name: AUTH_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: AUTH_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

87
infrastructure/services/microservices/demo-session/cronjobs/demo-cleanup-cronjob.yaml Normal file
View File

@@ -0,0 +1,87 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: demo-session-cleanup
namespace: bakery-ia
labels:
app: demo-cleanup
component: maintenance
spec:
schedule: "0 * * * *" # Every hour
timeZone: "Europe/Madrid"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
app: demo-cleanup
spec:
imagePullSecrets:
- name: dockerhub-creds
template:
metadata:
labels:
app: demo-cleanup
spec:
initContainers:
- name: wait-for-migrations
image: postgres:17-alpine
command: ["sh", "-c",
"echo 'Waiting for database to be ready...' && \
until pg_isready -h demo-session-db-service -p 5432; do sleep 2; done && \
echo 'Database ready, checking for demo_sessions table...' && \
MAX_ATTEMPTS=60 && \
ATTEMPT=1 && \
until psql -h demo-session-db-service -U demo_session_user -d demo_session_db -c 'SELECT 1 FROM demo_sessions LIMIT 1;' 2>/dev/null; do \
if [ $ATTEMPT -ge $MAX_ATTEMPTS ]; then \
echo 'ERROR: demo_sessions table not created after maximum attempts'; \
exit 1; \
fi; \
echo \"Waiting for demo_sessions table to be created by migrations... (attempt $ATTEMPT/$MAX_ATTEMPTS)\"; \
ATTEMPT=$((ATTEMPT + 1)); \
sleep 5; \
done && \
echo 'demo_sessions table is ready!'"]
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_PASSWORD
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: cleanup-trigger
image: curlimages/curl:latest
command:
- sh
- -c
- |
echo "Triggering demo session cleanup..."
response=$(curl -s -w "\n%{http_code}" -X POST http://demo-session-service:8000/api/v1/demo/operations/cleanup)
http_code=$(echo "$response" | tail -n 1)
body=$(echo "$response" | sed '$d')
echo "Response: $body"
echo "HTTP Status: $http_code"
if [ "$http_code" -ge 200 ] && [ "$http_code" -lt 300 ]; then
echo "Cleanup job enqueued successfully"
exit 0
else
echo "Failed to enqueue cleanup job"
exit 1
fi
resources:
requests:
memory: "32Mi"
cpu: "10m"
limits:
memory: "64Mi"
cpu: "50m"
restartPolicy: OnFailure
activeDeadlineSeconds: 30

77
infrastructure/services/microservices/demo-session/database.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: v1
kind: Service
metadata:
name: demo-session-db-service
namespace: bakery-ia
labels:
app: demo-session-db
component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app: demo-session-db
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: demo-session-db
namespace: bakery-ia
labels:
app: demo-session-db
component: database
spec:
serviceName: demo-session-db-service
replicas: 1
selector:
matchLabels:
app: demo-session-db
template:
metadata:
labels:
app: demo-session-db
component: database
spec:
containers:
- name: postgres
image: postgres:17-alpine
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
value: "demo_session_db"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_PASSWORD
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
volumeClaimTemplates:
- metadata:
name: postgres-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi

125
infrastructure/services/microservices/demo-session/demo-cleanup-worker.yaml Normal file
View File

@@ -0,0 +1,125 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-cleanup-worker
namespace: bakery-ia
labels:
app: demo-cleanup-worker
component: background-jobs
service: demo-session
spec:
replicas: 2
selector:
matchLabels:
app: demo-cleanup-worker
template:
metadata:
labels:
app: demo-cleanup-worker
component: background-jobs
service: demo-session
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-migrations
image: postgres:17-alpine
command: ["sh", "-c",
"echo 'Waiting for database to be ready...' && \
until pg_isready -h demo-session-db-service -p 5432; do sleep 2; done && \
echo 'Database ready, checking for demo_sessions table...' && \
MAX_ATTEMPTS=60 && \
ATTEMPT=1 && \
until psql -h demo-session-db-service -U demo_session_user -d demo_session_db -c 'SELECT 1 FROM demo_sessions LIMIT 1;' 2>/dev/null; do \
if [ $ATTEMPT -ge $MAX_ATTEMPTS ]; then \
echo 'ERROR: demo_sessions table not created after maximum attempts'; \
exit 1; \
fi; \
echo \"Waiting for demo_sessions table to be created by migrations... (attempt $ATTEMPT/$MAX_ATTEMPTS)\"; \
ATTEMPT=$((ATTEMPT + 1)); \
sleep 5; \
done && \
echo 'demo_sessions table is ready!'"]
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_PASSWORD
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: worker
image: bakery/demo-session-service
imagePullPolicy: IfNotPresent
command:
- python
- -m
- app.jobs.cleanup_worker
env:
- name: DEMO_SESSION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DATABASE_URL
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
- name: REDIS_URL
value: "rediss://:$(REDIS_PASSWORD)@redis-service:6379/0?ssl_cert_reqs=none"
- name: LOG_LEVEL
value: "INFO"
- name: INVENTORY_SERVICE_URL
value: "http://inventory-service:8000"
- name: RECIPES_SERVICE_URL
value: "http://recipes-service:8000"
- name: SALES_SERVICE_URL
value: "http://sales-service:8000"
- name: ORDERS_SERVICE_URL
value: "http://orders-service:8000"
- name: PRODUCTION_SERVICE_URL
value: "http://production-service:8000"
- name: SUPPLIERS_SERVICE_URL
value: "http://suppliers-service:8000"
- name: POS_SERVICE_URL
value: "http://pos-service:8000"
- name: PROCUREMENT_SERVICE_URL
value: "http://procurement-service:8000"
- name: DISTRIBUTION_SERVICE_URL
value: "http://distribution-service:8000"
- name: FORECASTING_SERVICE_URL
value: "http://forecasting-service:8000"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- python
- -c
- "import sys; sys.exit(0)"
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
exec:
command:
- python
- -c
- "import sys; sys.exit(0)"
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
restartPolicy: Always

135
infrastructure/services/microservices/demo-session/deployment.yaml Normal file
View File

@@ -0,0 +1,135 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-session-service
namespace: bakery-ia
labels:
app: demo-session-service
component: demo-session
spec:
replicas: 2
selector:
matchLabels:
app: demo-session-service
template:
metadata:
labels:
app: demo-session-service
component: demo-session
spec:
serviceAccountName: demo-session-sa
containers:
- name: demo-session-service
image: bakery/demo-session-service:latest
ports:
- containerPort: 8000
name: http
envFrom:
- configMapRef:
name: bakery-config
env:
- name: SERVICE_NAME
value: "demo-session-service"
- name: ALERT_PROCESSOR_SERVICE_URL
value: "http://alert-processor:8000"
- name: DEMO_SESSION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DATABASE_URL
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
- name: REDIS_URL
value: "rediss://:$(REDIS_PASSWORD)@redis-service:6379/0?ssl_cert_reqs=none"
- name: AUTH_SERVICE_URL
value: "http://auth-service:8000"
- name: TENANT_SERVICE_URL
value: "http://tenant-service:8000"
- name: INVENTORY_SERVICE_URL
value: "http://inventory-service:8000"
- name: RECIPES_SERVICE_URL
value: "http://recipes-service:8000"
- name: SALES_SERVICE_URL
value: "http://sales-service:8000"
- name: ORDERS_SERVICE_URL
value: "http://orders-service:8000"
- name: PRODUCTION_SERVICE_URL
value: "http://production-service:8000"
- name: SUPPLIERS_SERVICE_URL
value: "http://suppliers-service:8000"
- name: LOG_LEVEL
value: "INFO"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
startupProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 30
initContainers:
- name: wait-for-redis
image: busybox:1.36
command: ['sh', '-c', 'until nc -z redis-service 6379; do echo waiting for redis; sleep 2; done']
- name: wait-for-migrations
image: postgres:17-alpine
command: ["sh", "-c",
"echo 'Waiting for database to be ready...' && \
until pg_isready -h demo-session-db-service -p 5432; do sleep 2; done && \
echo 'Database ready, checking for demo_sessions table...' && \
MAX_ATTEMPTS=60 && \
ATTEMPT=1 && \
while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do \
if psql -h demo-session-db-service -U demo_session_user -d demo_session_db -c 'SELECT 1 FROM demo_sessions LIMIT 1;' 2>/dev/null; then \
break; \
fi; \
echo \"Waiting for demo_sessions table to be created by migrations... (attempt $ATTEMPT/$MAX_ATTEMPTS)\"; \
ATTEMPT=$((ATTEMPT + 1)); \
sleep 5; \
done && \
if [ $ATTEMPT -gt $MAX_ATTEMPTS ]; then \
echo 'ERROR: demo_sessions table not created after maximum attempts'; \
exit 1; \
fi && \
echo 'demo_sessions table is ready!' && \
echo 'Checking if table has required columns...' && \
psql -h demo-session-db-service -U demo_session_user -d demo_session_db -c '\\d demo_sessions' && \
echo 'Table structure verified!'"]
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_PASSWORD
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"

135
infrastructure/services/microservices/demo-session/deployment.yaml.backup Normal file
View File

@@ -0,0 +1,135 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-session-service
namespace: bakery-ia
labels:
app: demo-session-service
component: demo-session
spec:
replicas: 2
selector:
matchLabels:
app: demo-session-service
template:
metadata:
labels:
app: demo-session-service
component: demo-session
spec:
serviceAccountName: demo-session-sa
containers:
- name: demo-session-service
image: bakery/demo-session-service:latest
ports:
- containerPort: 8000
name: http
envFrom:
- configMapRef:
name: bakery-config
env:
- name: SERVICE_NAME
value: "demo-session-service"
- name: ALERT_PROCESSOR_SERVICE_URL
value: "http://alert-processor:8000"
- name: DEMO_SESSION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DATABASE_URL
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
- name: REDIS_URL
value: "rediss://:$(REDIS_PASSWORD)@redis-service:6379/0?ssl_cert_reqs=none"
- name: AUTH_SERVICE_URL
value: "http://auth-service:8000"
- name: TENANT_SERVICE_URL
value: "http://tenant-service:8000"
- name: INVENTORY_SERVICE_URL
value: "http://inventory-service:8000"
- name: RECIPES_SERVICE_URL
value: "http://recipes-service:8000"
- name: SALES_SERVICE_URL
value: "http://sales-service:8000"
- name: ORDERS_SERVICE_URL
value: "http://orders-service:8000"
- name: PRODUCTION_SERVICE_URL
value: "http://production-service:8000"
- name: SUPPLIERS_SERVICE_URL
value: "http://suppliers-service:8000"
- name: LOG_LEVEL
value: "INFO"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
startupProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 30
initContainers:
- name: wait-for-redis
image: busybox:1.36
command: ['sh', '-c', 'until nc -z redis-service 6379; do echo waiting for redis; sleep 2; done']
- name: wait-for-migrations
image: localhost:5000/postgres_17-alpine
command: ["sh", "-c",
"echo 'Waiting for database to be ready...' && \
until pg_isready -h demo-session-db-service -p 5432; do sleep 2; done && \
echo 'Database ready, checking for demo_sessions table...' && \
MAX_ATTEMPTS=60 && \
ATTEMPT=1 && \
while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do \
if psql -h demo-session-db-service -U demo_session_user -d demo_session_db -c 'SELECT 1 FROM demo_sessions LIMIT 1;' 2>/dev/null; then \
break; \
fi; \
echo \"Waiting for demo_sessions table to be created by migrations... (attempt $ATTEMPT/$MAX_ATTEMPTS)\"; \
ATTEMPT=$((ATTEMPT + 1)); \
sleep 5; \
done && \
if [ $ATTEMPT -gt $MAX_ATTEMPTS ]; then \
echo 'ERROR: demo_sessions table not created after maximum attempts'; \
exit 1; \
fi && \
echo 'demo_sessions table is ready!' && \
echo 'Checking if table has required columns...' && \
psql -h demo-session-db-service -U demo_session_user -d demo_session_db -c '\\d demo_sessions' && \
echo 'Table structure verified!'"]
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DB_PASSWORD
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"

32
infrastructure/services/microservices/demo-session/migrations/demo-seed-rbac.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: demo-seed-sa
namespace: bakery-ia
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: demo-seed-role
namespace: bakery-ia
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: demo-seed-rolebinding
namespace: bakery-ia
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: demo-seed-role
subjects:
- kind: ServiceAccount
name: demo-seed-sa
namespace: bakery-ia

56
infrastructure/services/microservices/demo-session/migrations/demo-session-migration-job.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: batch/v1
kind: Job
metadata:
name: demo-session-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: demo-session-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: demo-session-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h demo-session-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/demo-session-service
command: ["python", "/app/shared/scripts/run_migrations.py", "demo_session"]
env:
- name: DEMO_SESSION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: DEMO_SESSION_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

35
infrastructure/services/microservices/demo-session/rbac.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: demo-session-sa
namespace: bakery-ia
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: demo-session-job-creator
namespace: bakery-ia
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "get", "list", "watch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: demo-session-job-creator-binding
namespace: bakery-ia
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: demo-session-job-creator
subjects:
- kind: ServiceAccount
name: demo-session-sa
namespace: bakery-ia

17
infrastructure/services/microservices/demo-session/service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: demo-session-service
namespace: bakery-ia
labels:
app: demo-session-service
component: demo-session
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app: demo-session-service

205
infrastructure/services/microservices/distribution/distribution-service.yaml Normal file
View File

@@ -0,0 +1,205 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: distribution-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: distribution-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: distribution-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: distribution-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
# Wait for database migration to complete
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for distribution database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $DISTRIBUTION_DB_HOST -p $DISTRIBUTION_DB_PORT -U $DISTRIBUTION_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Verify that migrations have completed by checking for the alembic_version table
ATTEMPTS=30
COUNT=0
until [ $COUNT -ge $ATTEMPTS ]; do
if PGPASSWORD="$DISTRIBUTION_DB_PASSWORD" psql -h "$DISTRIBUTION_DB_HOST" -p "$DISTRIBUTION_DB_PORT" -U "$DISTRIBUTION_DB_USER" -d "$DISTRIBUTION_DB_NAME" -c "\dt alembic_version" > /dev/null 2>&1; then
echo "Migrations are complete - alembic_version table exists"
exit 0
else
echo "Migrations not complete yet, waiting... ($((COUNT + 1))/$ATTEMPTS)"
sleep 10
fi
COUNT=$((COUNT + 1))
done
echo "Timeout waiting for migrations to complete"
exit 1
env:
- name: DISTRIBUTION_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: DISTRIBUTION_DB_HOST
- name: DISTRIBUTION_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: DISTRIBUTION_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: DISTRIBUTION_DB_USER
- name: DISTRIBUTION_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: DISTRIBUTION_DB_PASSWORD
- name: DISTRIBUTION_DB_NAME
value: "distribution_db"
containers:
- name: distribution-service
image: bakery/distribution-service:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "distribution-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: distribution-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: distribution-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: distribution-service
app.kubernetes.io/component: microservice

63
infrastructure/services/microservices/distribution/migrations/distribution-migration-job.yaml Normal file
View File

@@ -0,0 +1,63 @@
# Enhanced migration job for distribution service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: distribution-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: distribution-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: distribution-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h distribution-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/distribution-service
imagePullPolicy: IfNotPresent
command: ["python", "/app/shared/scripts/run_migrations.py", "distribution"]
env:
- name: DISTRIBUTION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: DISTRIBUTION_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: DISTRIBUTION_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

68
infrastructure/services/microservices/external/cronjobs/external-data-rotation-cronjob.yaml vendored Normal file
View File

@@ -0,0 +1,68 @@
# infrastructure/kubernetes/base/cronjobs/external-data-rotation-cronjob.yaml
# Monthly CronJob to rotate 24-month sliding window (runs 1st of month at 2am UTC)
apiVersion: batch/v1
kind: CronJob
metadata:
name: external-data-rotation
namespace: bakery-ia
labels:
app: external-service
component: data-rotation
spec:
schedule: "0 2 1 * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
app: external-service
job: data-rotation
spec:
imagePullSecrets:
- name: dockerhub-creds
ttlSecondsAfterFinished: 172800
backoffLimit: 2
template:
metadata:
labels:
app: external-service
cronjob: data-rotation
spec:
restartPolicy: OnFailure
containers:
- name: data-rotator
image: bakery/external-service:latest
imagePullPolicy: Always
command:
- python
- -m
- app.jobs.rotate_data
args:
- "--log-level=INFO"
- "--notify-slack=true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: monitoring-secrets
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"

216
infrastructure/services/microservices/external/external-service.yaml vendored Normal file
View File

@@ -0,0 +1,216 @@
# infrastructure/kubernetes/base/components/external/external-service.yaml
# External Data Service v2.0 - Optimized city-based architecture
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: external-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
version: "2.0"
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: external-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: external-service
app.kubernetes.io/component: microservice
version: "2.0"
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
# Wait for database migration to complete
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for external database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $EXTERNAL_DB_HOST -p $EXTERNAL_DB_PORT -U $EXTERNAL_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Verify that migrations have completed by checking for the alembic_version table
ATTEMPTS=30
COUNT=0
until [ $COUNT -ge $ATTEMPTS ]; do
if PGPASSWORD="$EXTERNAL_DB_PASSWORD" psql -h "$EXTERNAL_DB_HOST" -p "$EXTERNAL_DB_PORT" -U "$EXTERNAL_DB_USER" -d "$EXTERNAL_DB_NAME" -c "\dt alembic_version" > /dev/null 2>&1; then
echo "Migrations are complete - alembic_version table exists"
exit 0
else
echo "Migrations not complete yet, waiting... ($((COUNT + 1))/$ATTEMPTS)"
sleep 10
fi
COUNT=$((COUNT + 1))
done
echo "Timeout waiting for migrations to complete"
exit 1
env:
- name: EXTERNAL_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: EXTERNAL_DB_HOST
- name: EXTERNAL_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: EXTERNAL_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: EXTERNAL_DB_USER
- name: EXTERNAL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: EXTERNAL_DB_PASSWORD
- name: EXTERNAL_DB_NAME
value: "external_db"
containers:
- name: external-service
image: bakery/external-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "external-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: external-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: external-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: external-service
app.kubernetes.io/component: microservice

82
infrastructure/services/microservices/external/migrations/external-data-init-job.yaml vendored Normal file
View File

@@ -0,0 +1,82 @@
# infrastructure/kubernetes/base/jobs/external-data-init-job.yaml
# One-time job to initialize 24 months of historical data for all enabled cities
apiVersion: batch/v1
kind: Job
metadata:
name: external-data-init
namespace: bakery-ia
labels:
app: external-service
component: data-initialization
spec:
ttlSecondsAfterFinished: 86400
backoffLimit: 3
template:
metadata:
labels:
app: external-service
job: data-init
spec:
imagePullSecrets:
- name: dockerhub-creds
restartPolicy: OnFailure
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command:
- sh
- -c
- |
until pg_isready -h $EXTERNAL_DB_HOST -p $DB_PORT -U $EXTERNAL_DB_USER; do
echo "Waiting for database..."
sleep 2
done
echo "Database is ready"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for external-service migration to complete..."
sleep 15
echo "Migration should be complete"
envFrom:
- configMapRef:
name: bakery-config
containers:
- name: data-loader
image: bakery/external-service:latest
imagePullPolicy: Always
command:
- python
- -m
- app.jobs.initialize_data
args:
- "--months=6" # Reduced from 24 to avoid memory/rate limit issues
- "--log-level=INFO"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: external-api-secrets
resources:
requests:
memory: "2Gi" # Increased from 1Gi
cpu: "500m"
limits:
memory: "4Gi" # Increased from 2Gi
cpu: "1000m"

58
infrastructure/services/microservices/external/migrations/external-migration-job.yaml vendored Normal file
View File

@@ -0,0 +1,58 @@
# Enhanced migration job for external service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: external-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: external-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: external-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
- name: ghcr-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h external-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/external-service
command: ["python", "/app/shared/scripts/run_migrations.py", "external"]
env:
- name: EXTERNAL_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: EXTERNAL_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

194
infrastructure/services/microservices/forecasting/forecasting-service.yaml Normal file
View File

@@ -0,0 +1,194 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: forecasting-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: forecasting-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: forecasting-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: forecasting-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for forecasting database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $FORECASTING_DB_HOST -p $FORECASTING_DB_PORT -U $FORECASTING_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: FORECASTING_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: FORECASTING_DB_HOST
- name: FORECASTING_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: FORECASTING_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: FORECASTING_DB_USER
containers:
- name: forecasting-service
image: bakery/forecasting-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "forecasting-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
- secretRef:
name: minio-secrets
# Model storage now uses MinIO - no local volumeMounts needed
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
# Model storage migrated to MinIO - PVC no longer needed
---
apiVersion: v1
kind: Service
metadata:
name: forecasting-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: forecasting-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: forecasting-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/forecasting/migrations/forecasting-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for forecasting service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: forecasting-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: forecasting-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: forecasting-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h forecasting-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/forecasting-service
command: ["python", "/app/shared/scripts/run_migrations.py", "forecasting"]
env:
- name: FORECASTING_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: FORECASTING_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

79
infrastructure/services/microservices/frontend/frontend-service.yaml Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: bakery-ia
labels:
app.kubernetes.io/name: frontend
app.kubernetes.io/component: frontend
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: frontend
app.kubernetes.io/component: frontend
template:
metadata:
labels:
app.kubernetes.io/name: frontend
app.kubernetes.io/component: frontend
spec:
imagePullSecrets:
- name: dockerhub-creds
containers:
- name: frontend
image: bakery/dashboard:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
name: http
env:
- name: NODE_ENV
value: "production"
envFrom:
- configMapRef:
name: bakery-config
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 10
periodSeconds: 30
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 20
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: frontend
app.kubernetes.io/component: frontend
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: frontend
app.kubernetes.io/component: frontend

190
infrastructure/services/microservices/inventory/inventory-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: inventory-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: inventory-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: inventory-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: inventory-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for inventory database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $INVENTORY_DB_HOST -p $INVENTORY_DB_PORT -U $INVENTORY_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: INVENTORY_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: INVENTORY_DB_HOST
- name: INVENTORY_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: INVENTORY_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: INVENTORY_DB_USER
containers:
- name: inventory-service
image: bakery/inventory-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "inventory-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: inventory-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: inventory-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: inventory-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/inventory/migrations/inventory-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for inventory service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: inventory-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: inventory-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: inventory-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h inventory-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/inventory-service
command: ["python", "/app/shared/scripts/run_migrations.py", "inventory"]
env:
- name: INVENTORY_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: INVENTORY_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

71
infrastructure/services/microservices/kustomization.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Core services
- auth/auth-service.yaml
- tenant/tenant-service.yaml
# Data & Analytics services
- training/training-service.yaml
- forecasting/forecasting-service.yaml
- ai-insights/ai-insights-service.yaml
# Operations services
- sales/sales-service.yaml
- inventory/inventory-service.yaml
- production/production-service.yaml
- procurement/procurement-service.yaml
- distribution/distribution-service.yaml
# Supporting services
- recipes/recipes-service.yaml
- suppliers/suppliers-service.yaml
- pos/pos-service.yaml
- orders/orders-service.yaml
- external/external-service.yaml
# Platform services
- notification/notification-service.yaml
- alert-processor/alert-processor.yaml
- orchestrator/orchestrator-service.yaml
# Demo services
- demo-session/deployment.yaml
- demo-session/service.yaml
- demo-session/rbac.yaml
# Frontend
- frontend/frontend-service.yaml
# Data initialization jobs
- external/migrations/external-data-init-job.yaml
# Migration jobs
- auth/migrations/auth-migration-job.yaml
- tenant/migrations/tenant-migration-job.yaml
- training/migrations/training-migration-job.yaml
- forecasting/migrations/forecasting-migration-job.yaml
- ai-insights/migrations/ai-insights-migration-job.yaml
- sales/migrations/sales-migration-job.yaml
- inventory/migrations/inventory-migration-job.yaml
- production/migrations/production-migration-job.yaml
- procurement/migrations/procurement-migration-job.yaml
- distribution/migrations/distribution-migration-job.yaml
- recipes/migrations/recipes-migration-job.yaml
- suppliers/migrations/suppliers-migration-job.yaml
- pos/migrations/pos-migration-job.yaml
- orders/migrations/orders-migration-job.yaml
- external/migrations/external-migration-job.yaml
- notification/migrations/notification-migration-job.yaml
- alert-processor/migrations/alert-processor-migration-job.yaml
- orchestrator/migrations/orchestrator-migration-job.yaml
- demo-session/migrations/demo-session-migration-job.yaml
- demo-session/migrations/demo-seed-rbac.yaml
# Worker deployments
- demo-session/demo-cleanup-worker.yaml
# CronJobs
- demo-session/cronjobs/demo-cleanup-cronjob.yaml
- external/cronjobs/external-data-rotation-cronjob.yaml

57
infrastructure/services/microservices/notification/migrations/notification-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for notification service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: notification-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: notification-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: notification-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h notification-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/notification-service
command: ["python", "/app/shared/scripts/run_migrations.py", "notification"]
env:
- name: NOTIFICATION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: NOTIFICATION_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/notification/notification-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: notification-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: notification-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: notification-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for notification database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $NOTIFICATION_DB_HOST -p $NOTIFICATION_DB_PORT -U $NOTIFICATION_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: NOTIFICATION_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: NOTIFICATION_DB_HOST
- name: NOTIFICATION_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: NOTIFICATION_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: NOTIFICATION_DB_USER
containers:
- name: notification-service
image: bakery/notification-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "notification-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: notification-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: notification-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: notification-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/orchestrator/migrations/orchestrator-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for orchestrator service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: orchestrator-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: orchestrator-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h orchestrator-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/orchestrator-service
command: ["python", "/app/shared/scripts/run_migrations.py", "orchestrator"]
env:
- name: ORCHESTRATOR_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/orchestrator/orchestrator-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: orchestrator-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for orchestrator database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $ORCHESTRATOR_DB_HOST -p $ORCHESTRATOR_DB_PORT -U $ORCHESTRATOR_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: ORCHESTRATOR_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORCHESTRATOR_DB_HOST
- name: ORCHESTRATOR_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: ORCHESTRATOR_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DB_USER
containers:
- name: orchestrator-service
image: bakery/orchestrator-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "orchestrator-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: orchestrator-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/orders/migrations/orders-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for orders service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: orders-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: orders-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: orders-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h orders-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/orders-service
command: ["python", "/app/shared/scripts/run_migrations.py", "orders"]
env:
- name: ORDERS_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORDERS_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/orders/orders-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: orders-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orders-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: orders-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: orders-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for orders database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $ORDERS_DB_HOST -p $ORDERS_DB_PORT -U $ORDERS_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: ORDERS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORDERS_DB_HOST
- name: ORDERS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: ORDERS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ORDERS_DB_USER
containers:
- name: orders-service
image: bakery/orders-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "orders-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: orders-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orders-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: orders-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/pos/migrations/pos-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for pos service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: pos-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: pos-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: pos-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h pos-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/pos-service
command: ["python", "/app/shared/scripts/run_migrations.py", "pos"]
env:
- name: POS_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: POS_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/pos/pos-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: pos-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: pos-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: pos-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: pos-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for pos database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $POS_DB_HOST -p $POS_DB_PORT -U $POS_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: POS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: POS_DB_HOST
- name: POS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: POS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: POS_DB_USER
containers:
- name: pos-service
image: bakery/pos-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "pos-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: pos-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: pos-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: pos-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/procurement/migrations/procurement-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for procurement service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: procurement-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: procurement-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h procurement-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/procurement-service
command: ["python", "/app/shared/scripts/run_migrations.py", "procurement"]
env:
- name: PROCUREMENT_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/procurement/procurement-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: procurement-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for procurement database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $PROCUREMENT_DB_HOST -p $PROCUREMENT_DB_PORT -U $PROCUREMENT_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: PROCUREMENT_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: PROCUREMENT_DB_HOST
- name: PROCUREMENT_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: PROCUREMENT_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DB_USER
containers:
- name: procurement-service
image: bakery/procurement-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "procurement-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: procurement-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/production/migrations/production-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for production service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: production-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: production-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: production-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h production-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/production-service
command: ["python", "/app/shared/scripts/run_migrations.py", "production"]
env:
- name: PRODUCTION_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: PRODUCTION_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/production/production-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: production-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: production-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: production-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: production-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for production database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $PRODUCTION_DB_HOST -p $PRODUCTION_DB_PORT -U $PRODUCTION_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: PRODUCTION_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: PRODUCTION_DB_HOST
- name: PRODUCTION_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: PRODUCTION_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: PRODUCTION_DB_USER
containers:
- name: production-service
image: bakery/production-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "production-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: production-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: production-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: production-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/recipes/migrations/recipes-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for recipes service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: recipes-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: recipes-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: recipes-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h recipes-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/recipes-service
command: ["python", "/app/shared/scripts/run_migrations.py", "recipes"]
env:
- name: RECIPES_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: RECIPES_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/recipes/recipes-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: recipes-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: recipes-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: recipes-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: recipes-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for recipes database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $RECIPES_DB_HOST -p $RECIPES_DB_PORT -U $RECIPES_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: RECIPES_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RECIPES_DB_HOST
- name: RECIPES_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: RECIPES_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: RECIPES_DB_USER
containers:
- name: recipes-service
image: bakery/recipes-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "recipes-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: recipes-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: recipes-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: recipes-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/sales/migrations/sales-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for sales service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: sales-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: sales-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: sales-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h sales-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/sales-service
command: ["python", "/app/shared/scripts/run_migrations.py", "sales"]
env:
- name: SALES_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: SALES_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/sales/sales-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sales-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: sales-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sales-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: sales-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for sales database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $SALES_DB_HOST -p $SALES_DB_PORT -U $SALES_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: SALES_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: SALES_DB_HOST
- name: SALES_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: SALES_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: SALES_DB_USER
containers:
- name: sales-service
image: bakery/sales-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "sales-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: sales-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: sales-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: sales-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/suppliers/migrations/suppliers-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for suppliers service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: suppliers-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: suppliers-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: suppliers-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h suppliers-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/suppliers-service
command: ["python", "/app/shared/scripts/run_migrations.py", "suppliers"]
env:
- name: SUPPLIERS_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

190
infrastructure/services/microservices/suppliers/suppliers-service.yaml Normal file
View File

@@ -0,0 +1,190 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: suppliers-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: suppliers-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: suppliers-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: suppliers-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for suppliers database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $SUPPLIERS_DB_HOST -p $SUPPLIERS_DB_PORT -U $SUPPLIERS_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: SUPPLIERS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: SUPPLIERS_DB_HOST
- name: SUPPLIERS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: SUPPLIERS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DB_USER
containers:
- name: suppliers-service
image: bakery/suppliers-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "suppliers-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: suppliers-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: suppliers-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: suppliers-service
app.kubernetes.io/component: microservice

58
infrastructure/services/microservices/tenant/migrations/tenant-migration-job.yaml Normal file
View File

@@ -0,0 +1,58 @@
# Enhanced migration job for tenant service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: tenant-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: tenant-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: tenant-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
- name: ghcr-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h tenant-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/tenant-service
command: ["python", "/app/shared/scripts/run_migrations.py", "tenant"]
env:
- name: TENANT_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: TENANT_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

191
infrastructure/services/microservices/tenant/tenant-service.yaml Normal file
View File

@@ -0,0 +1,191 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: tenant-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: tenant-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: tenant-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: tenant-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
- name: ghcr-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for tenant database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $TENANT_DB_HOST -p $TENANT_DB_PORT -U $TENANT_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: TENANT_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: TENANT_DB_HOST
- name: TENANT_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: TENANT_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: TENANT_DB_USER
containers:
- name: tenant-service
image: bakery/tenant-service:latest
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "tenant-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
---
apiVersion: v1
kind: Service
metadata:
name: tenant-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: tenant-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: tenant-service
app.kubernetes.io/component: microservice

57
infrastructure/services/microservices/training/migrations/training-migration-job.yaml Normal file
View File

@@ -0,0 +1,57 @@
# Enhanced migration job for training service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: training-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: training-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: training-migration
app.kubernetes.io/component: migration
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h training-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/training-service
command: ["python", "/app/shared/scripts/run_migrations.py", "training"]
env:
- name: TRAINING_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: TRAINING_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

198
infrastructure/services/microservices/training/training-service.yaml Normal file
View File

@@ -0,0 +1,198 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: training-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: training-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: training-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: training-service
app.kubernetes.io/component: microservice
spec:
imagePullSecrets:
- name: dockerhub-creds
initContainers:
# Wait for Redis to be ready
- name: wait-for-redis
image: redis:7.4-alpine
command:
- sh
- -c
- |
echo "Waiting for Redis to be ready..."
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
echo "Redis not ready yet, waiting..."
sleep 2
done
echo "Redis is ready!"
env:
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets
key: REDIS_PASSWORD
volumeMounts:
- name: redis-tls
mountPath: /tls
readOnly: true
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for training database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $TRAINING_DB_HOST -p $TRAINING_DB_PORT -U $TRAINING_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: TRAINING_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: TRAINING_DB_HOST
- name: TRAINING_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: TRAINING_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: TRAINING_DB_USER
containers:
- name: training-service
image: bakery/training-service:79c869aaa529b2aaf2bbe77d2a2506e3ebdaf2abac3c83505ddfad29f3dbf99e
ports:
- containerPort: 8000
name: http
env:
# OpenTelemetry Configuration
- name: OTEL_COLLECTOR_ENDPOINT
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
valueFrom:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: OTEL_SERVICE_NAME
value: "training-service"
- name: ENABLE_TRACING
value: "true"
# Logging Configuration
- name: OTEL_LOGS_EXPORTER
value: "otlp"
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
value: "true"
# Metrics Configuration
- name: ENABLE_OTEL_METRICS
value: "true"
- name: ENABLE_SYSTEM_METRICS
value: "true"
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
- secretRef:
name: minio-secrets
volumeMounts:
- name: tmp-storage
mountPath: /tmp
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "4Gi"
cpu: "2000m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 60
timeoutSeconds: 30
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 15
periodSeconds: 15
failureThreshold: 5
volumes:
- name: redis-tls
secret:
secretName: redis-tls-secret
defaultMode: 0400
- name: tmp-storage
emptyDir:
sizeLimit: 4Gi # Increased from 2Gi to handle cmdstan temp files during optimization
---
apiVersion: v1
kind: Service
metadata:
name: training-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: training-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: training-service
app.kubernetes.io/component: microservice