Add base kubernetes support final

2025-09-28 13:54:28 +02:00
parent b95ecf1c53
commit 3816383760
25 changed files with 2271 additions and 99 deletions
--- a/infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml
+++ b/infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml
@@ -20,6 +20,29 @@ spec:
        app.kubernetes.io/component: worker
    spec:
      initContainers:
+      - name: wait-for-database
+        image: busybox:1.36
+        command:
+        - sh
+        - -c
+        - |
+          echo "Waiting for alert processor database to be ready..."
+          until nc -z $ALERT_PROCESSOR_DB_HOST $ALERT_PROCESSOR_DB_PORT; do
+            echo "Database not ready yet, waiting..."
+            sleep 2
+          done
+          echo "Database is ready!"
+        env:
+        - name: ALERT_PROCESSOR_DB_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: ALERT_PROCESSOR_DB_HOST
+        - name: ALERT_PROCESSOR_DB_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: DB_PORT
      - name: wait-for-rabbitmq
        image: busybox:1.36
        command:
--- a/infrastructure/kubernetes/base/components/cert-manager/cert-manager.yaml
+++ b/infrastructure/kubernetes/base/components/cert-manager/cert-manager.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cert-manager-webhook
+  namespace: cert-manager
+---
+# Cert-manager installation using Helm repository
+# This will be installed via kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
+# The actual installation will be done via command line, this file documents the resources
--- a/infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml
+++ b/infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml
@@ -0,0 +1,23 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+  namespace: cert-manager
+spec:
+  acme:
+    # The ACME server URL (Let's Encrypt production)
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: admin@bakery-ia.local  # Change this to your email
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-production
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+          podTemplate:
+            spec:
+              nodeSelector:
+                "kubernetes.io/os": linux
--- a/infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml
+++ b/infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml
@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL (Let's Encrypt staging)
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: admin@bakery-ia.local  # Change this to your email
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+          podTemplate:
+            spec:
+              nodeSelector:
+                "kubernetes.io/os": linux
--- a/infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml
+++ b/infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml
@@ -0,0 +1,34 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: local-ca-issuer
+spec:
+  ca:
+    secretName: local-ca-key-pair
+---
+# Create a root CA certificate for local development
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: local-ca-cert
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: bakery-ia-local-ca
+  subject:
+    organizationalUnits:
+      - "Bakery IA Local CA"
+    organizations:
+      - "Bakery IA"
+    countries:
+      - "US"
+  secretName: local-ca-key-pair
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  duration: 8760h # 1 year
+  renewBefore: 720h # 30 days
--- a/infrastructure/kubernetes/base/components/sales/sales-service.yaml
+++ b/infrastructure/kubernetes/base/components/sales/sales-service.yaml
@@ -106,6 +106,11 @@ spec:
            configMapKeyRef:
              name: bakery-config
              key: AUTH_SERVICE_URL
+        - name: GATEWAY_URL
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: GATEWAY_URL
        resources:
          requests:
            memory: "256Mi"
--- a/infrastructure/kubernetes/base/components/training/training-service.yaml
+++ b/infrastructure/kubernetes/base/components/training/training-service.yaml
@@ -21,7 +21,7 @@ spec:
    spec:
      containers:
      - name: training-service
-        image: bakery/training-service:latest
+        image: bakery/training-service:79c869aaa529b2aaf2bbe77d2a2506e3ebdaf2abac3c83505ddfad29f3dbf99e
        ports:
        - containerPort: 8000
          name: http
@@ -106,6 +106,11 @@ spec:
            configMapKeyRef:
              name: bakery-config
              key: AUTH_SERVICE_URL
+        - name: GATEWAY_URL
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: GATEWAY_URL
        resources:
          requests:
            memory: "256Mi"