Add new infra architecture
This commit is contained in:
Urtzi Alfaro
@@ -0,0 +1,205 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: distribution-service
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app.kubernetes.io/name: distribution-service
|
||||
app.kubernetes.io/component: microservice
|
||||
app.kubernetes.io/part-of: bakery-ia
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: distribution-service
|
||||
app.kubernetes.io/component: microservice
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: distribution-service
|
||||
app.kubernetes.io/component: microservice
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: dockerhub-creds
|
||||
initContainers:
|
||||
# Wait for Redis to be ready
|
||||
- name: wait-for-redis
|
||||
image: redis:7.4-alpine
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
echo "Waiting for Redis to be ready..."
|
||||
until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
|
||||
echo "Redis not ready yet, waiting..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Redis is ready!"
|
||||
env:
|
||||
- name: REDIS_HOST
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: bakery-config
|
||||
key: REDIS_HOST
|
||||
- name: REDIS_PORT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: bakery-config
|
||||
key: REDIS_PORT
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: redis-secrets
|
||||
key: REDIS_PASSWORD
|
||||
volumeMounts:
|
||||
- name: redis-tls
|
||||
mountPath: /tls
|
||||
readOnly: true
|
||||
# Wait for database migration to complete
|
||||
- name: wait-for-migration
|
||||
image: postgres:17-alpine
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
echo "Waiting for distribution database and migrations to be ready..."
|
||||
# Wait for database to be accessible
|
||||
until pg_isready -h $DISTRIBUTION_DB_HOST -p $DISTRIBUTION_DB_PORT -U $DISTRIBUTION_DB_USER; do
|
||||
echo "Database not ready yet, waiting..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Database is ready!"
|
||||
|
||||
# Verify that migrations have completed by checking for the alembic_version table
|
||||
ATTEMPTS=30
|
||||
COUNT=0
|
||||
until [ $COUNT -ge $ATTEMPTS ]; do
|
||||
if PGPASSWORD="$DISTRIBUTION_DB_PASSWORD" psql -h "$DISTRIBUTION_DB_HOST" -p "$DISTRIBUTION_DB_PORT" -U "$DISTRIBUTION_DB_USER" -d "$DISTRIBUTION_DB_NAME" -c "\dt alembic_version" > /dev/null 2>&1; then
|
||||
echo "Migrations are complete - alembic_version table exists"
|
||||
exit 0
|
||||
else
|
||||
echo "Migrations not complete yet, waiting... ($((COUNT + 1))/$ATTEMPTS)"
|
||||
sleep 10
|
||||
fi
|
||||
COUNT=$((COUNT + 1))
|
||||
done
|
||||
|
||||
echo "Timeout waiting for migrations to complete"
|
||||
exit 1
|
||||
env:
|
||||
- name: DISTRIBUTION_DB_HOST
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: bakery-config
|
||||
key: DISTRIBUTION_DB_HOST
|
||||
- name: DISTRIBUTION_DB_PORT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: bakery-config
|
||||
key: DB_PORT
|
||||
- name: DISTRIBUTION_DB_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-secrets
|
||||
key: DISTRIBUTION_DB_USER
|
||||
- name: DISTRIBUTION_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-secrets
|
||||
key: DISTRIBUTION_DB_PASSWORD
|
||||
- name: DISTRIBUTION_DB_NAME
|
||||
value: "distribution_db"
|
||||
containers:
|
||||
- name: distribution-service
|
||||
image: bakery/distribution-service:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
name: http
|
||||
env:
|
||||
# OpenTelemetry Configuration
|
||||
- name: OTEL_COLLECTOR_ENDPOINT
|
||||
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
|
||||
- name: OTEL_EXPORTER_OTLP_ENDPOINT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: bakery-config
|
||||
key: OTEL_EXPORTER_OTLP_ENDPOINT
|
||||
- name: OTEL_SERVICE_NAME
|
||||
value: "distribution-service"
|
||||
- name: ENABLE_TRACING
|
||||
value: "true"
|
||||
# Logging Configuration
|
||||
- name: OTEL_LOGS_EXPORTER
|
||||
value: "otlp"
|
||||
- name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED
|
||||
value: "true"
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: bakery-config
|
||||
- secretRef:
|
||||
name: database-secrets
|
||||
- secretRef:
|
||||
name: redis-secrets
|
||||
- secretRef:
|
||||
name: rabbitmq-secrets
|
||||
- secretRef:
|
||||
name: jwt-secrets
|
||||
resources:
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health/live
|
||||
port: 8000
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
periodSeconds: 10
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health/ready
|
||||
port: 8000
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 5
|
||||
failureThreshold: 5
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: false
|
||||
volumeMounts:
|
||||
- name: redis-tls
|
||||
mountPath: /tls
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: redis-tls
|
||||
secret:
|
||||
secretName: redis-tls-secret
|
||||
defaultMode: 0400
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: distribution-service
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app.kubernetes.io/name: distribution-service
|
||||
app.kubernetes.io/component: microservice
|
||||
app.kubernetes.io/part-of: bakery-ia
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8000
|
||||
targetPort: 8000
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: distribution-service
|
||||
app.kubernetes.io/component: microservice
|
||||
@@ -0,0 +1,63 @@
|
||||
# Enhanced migration job for distribution service with automatic table creation
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: distribution-migration
|
||||
namespace: bakery-ia
|
||||
labels:
|
||||
app.kubernetes.io/name: distribution-migration
|
||||
app.kubernetes.io/component: migration
|
||||
app.kubernetes.io/part-of: bakery-ia
|
||||
spec:
|
||||
backoffLimit: 3
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: distribution-migration
|
||||
app.kubernetes.io/component: migration
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: dockerhub-creds
|
||||
initContainers:
|
||||
- name: wait-for-db
|
||||
image: postgres:17-alpine
|
||||
command: ["sh", "-c", "until pg_isready -h distribution-db-service -p 5432; do sleep 2; done"]
|
||||
resources:
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
containers:
|
||||
- name: migrate
|
||||
image: bakery/distribution-service
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["python", "/app/shared/scripts/run_migrations.py", "distribution"]
|
||||
env:
|
||||
- name: DISTRIBUTION_DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-secrets
|
||||
key: DISTRIBUTION_DATABASE_URL
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-secrets
|
||||
key: DISTRIBUTION_DATABASE_URL
|
||||
- name: DB_FORCE_RECREATE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: bakery-config
|
||||
key: DB_FORCE_RECREATE
|
||||
optional: true
|
||||
- name: LOG_LEVEL
|
||||
value: "INFO"
|
||||
resources:
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
restartPolicy: OnFailure
|
||||
Reference in New Issue
Block a user