bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add minio support and forntend analitycs

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-17 22:42:40 +01:00
parent fbc670ddb3
commit 3c4b5c2a06
53 changed files with 3485 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infrastructure/helm/signoz-values-prod.yaml
View File

@@ -6,7 +6,7 @@
# Install Command: helm install signoz signoz/signoz -n bakery-ia -f signoz-values-prod.yaml
global:
storageClass: "standard" # For MicroK8s, use "microk8s-hostpath" or custom storage class
storageClass: "microk8s-hostpath" # For MicroK8s, use "microk8s-hostpath" or custom storage class
clusterName: "bakery-ia-prod"
domain: "monitoring.bakewise.ai"
# Docker Hub credentials - applied to all sub-charts (including Zookeeper, ClickHouse, etc)

12
infrastructure/kubernetes/base/components/forecasting/forecasting-service.yaml
View File

@@ -140,10 +140,9 @@ spec:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
volumeMounts:
- name: model-storage
mountPath: /app/models
readOnly: true # Forecasting only reads models
- secretRef:
name: minio-secrets
# Model storage now uses MinIO - no local volumeMounts needed
resources:
requests:
memory: "512Mi"
@@ -172,10 +171,7 @@ spec:
secret:
secretName: redis-tls-secret
defaultMode: 0400
- name: model-storage
persistentVolumeClaim:
claimName: model-storage
readOnly: true # Forecasting only reads models
# Model storage migrated to MinIO - PVC no longer needed
---
apiVersion: v1

5
infrastructure/kubernetes/base/components/infrastructure/gateway-service.yaml
View File

@@ -56,6 +56,11 @@ spec:
configMapKeyRef:
name: bakery-config
key: OTEL_EXPORTER_OTLP_ENDPOINT
- name: SIGNOZ_OTEL_COLLECTOR_URL
valueFrom:
configMapKeyRef:
name: bakery-config
key: SIGNOZ_OTEL_COLLECTOR_URL
resources:
requests:
memory: "256Mi"

154
infrastructure/kubernetes/base/components/minio/minio-deployment.yaml Normal file
View File

@@ -0,0 +1,154 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: bakery-ia
labels:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage
template:
metadata:
labels:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage
spec:
# Init container to set up TLS certificates with correct permissions
initContainers:
- name: init-certs
image: busybox:1.36
command:
- sh
- -c
- |
mkdir -p /certs/CAs
cp /certs-secret/minio-cert.pem /certs/public.crt
cp /certs-secret/minio-key.pem /certs/private.key
cp /certs-secret/ca-cert.pem /certs/CAs/ca.crt
chmod 600 /certs/private.key
chmod 644 /certs/public.crt /certs/CAs/ca.crt
volumeMounts:
- name: certs-secret
mountPath: /certs-secret
readOnly: true
- name: certs
mountPath: /certs
containers:
- name: minio
image: minio/minio:RELEASE.2024-11-07T00-52-20Z
args:
- server
- /data
- --console-address
- :9001
- --address
- :9000
- --certs-dir
- /certs
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secrets
key: MINIO_ROOT_USER
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secrets
key: MINIO_ROOT_PASSWORD
# Enable TLS for MinIO
- name: MINIO_SERVER_URL
value: "https://minio.bakery-ia.svc.cluster.local:9000"
- name: MINIO_BROWSER_REDIRECT_URL
value: "https://minio-console.bakery-ia.svc.cluster.local:9001"
ports:
- containerPort: 9000
name: api
- containerPort: 9001
name: console
volumeMounts:
- name: minio-data
mountPath: /data
- name: certs
mountPath: /certs
readOnly: true
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "2Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /minio/health/live
port: 9000
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /minio/health/ready
port: 9000
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 15
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: minio-data
- name: certs-secret
secret:
secretName: minio-tls
- name: certs
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: bakery-ia
labels:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: 9000
protocol: TCP
name: api
- port: 9001
targetPort: 9001
protocol: TCP
name: console
selector:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage
---
apiVersion: v1
kind: Service
metadata:
name: minio-console
namespace: bakery-ia
labels:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage
spec:
type: ClusterIP
ports:
- port: 9001
targetPort: 9001
protocol: TCP
name: console
selector:
app.kubernetes.io/name: minio
app.kubernetes.io/component: storage

16
infrastructure/kubernetes/base/components/minio/minio-pvc.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-data
namespace: bakery-ia
labels:
app.kubernetes.io/name: minio-data
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: bakery-ia
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: standard

22
infrastructure/kubernetes/base/components/minio/minio-secrets.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-secrets
namespace: bakery-ia
labels:
app.kubernetes.io/name: minio-secrets
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: bakery-ia
type: Opaque
data:
# MinIO Root Credentials (base64 encoded)
MINIO_ROOT_USER: YWRtaW4= # admin
MINIO_ROOT_PASSWORD: c2VjdXJlLXBhc3N3b3Jk # secure-password
# Service Account Credentials for applications
MINIO_ACCESS_KEY: dHJhaW5pbmctc2VydmljZQ== # training-service
MINIO_SECRET_KEY: dHJhaW5pbmctc2VjcmV0LWtleQ== # training-secret-key
# Forecasting Service Credentials
FORECASTING_MINIO_ACCESS_KEY: Zm9yZWNhc3Rpbmctc2VydmljZQ== # forecasting-service
FORECASTING_MINIO_SECRET_KEY: Zm9yZWNhc3Rpbmctc2VjcmV0LWtleQ== # forecasting-secret-key

7
infrastructure/kubernetes/base/components/training/training-service.yaml
View File

@@ -140,11 +140,11 @@ spec:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
- secretRef:
name: minio-secrets
volumeMounts:
- name: tmp-storage
mountPath: /tmp
- name: model-storage
mountPath: /app/models
resources:
requests:
memory: "512Mi"
@@ -176,9 +176,6 @@ spec:
- name: tmp-storage
emptyDir:
sizeLimit: 4Gi # Increased from 2Gi to handle cmdstan temp files during optimization
- name: model-storage
persistentVolumeClaim:
claimName: model-storage
---
apiVersion: v1

16
infrastructure/kubernetes/base/components/volumes/model-storage-pvc.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: model-storage
namespace: bakery-ia
labels:
app.kubernetes.io/name: model-storage
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: bakery-ia
spec:
accessModes:
- ReadWriteOnce # Single node access (works with local Kubernetes)
resources:
requests:
storage: 10Gi # Adjust based on your needs
storageClassName: standard # Use default local-path provisioner

17
infrastructure/kubernetes/base/configmap.yaml
View File

@@ -66,6 +66,17 @@ data:
ALERT_PROCESSOR_DB_HOST: "alert-processor-db-service"
AI_INSIGHTS_DB_HOST: "ai-insights-db-service"
DISTRIBUTION_DB_HOST: "distribution-db-service"
DEMO_SESSION_DB_HOST: "demo-session-db-service"
# MinIO Configuration
MINIO_ENDPOINT: "minio.bakery-ia.svc.cluster.local:9000"
MINIO_USE_SSL: "true"
MINIO_MODEL_BUCKET: "training-models"
MINIO_CONSOLE_PORT: "9001"
MINIO_API_PORT: "9000"
MINIO_REGION: "us-east-1"
MINIO_MODEL_LIFECYCLE_DAYS: "90"
MINIO_CACHE_TTL_SECONDS: "3600"
# Database Configuration
DB_PORT: "5432"
@@ -238,7 +249,8 @@ data:
# ================================================================
# MODEL STORAGE & TRAINING
# ================================================================
MODEL_STORAGE_PATH: "/app/models"
# Model storage is handled by MinIO (see MinIO Configuration section)
MODEL_STORAGE_BACKEND: "minio"
MODEL_BACKUP_ENABLED: "true"
MODEL_VERSIONING_ENABLED: "true"
MAX_TRAINING_TIME_MINUTES: "30"
@@ -416,6 +428,9 @@ data:
# OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "signoz-otel-collector.bakery-ia.svc.cluster.local:4317"
# OTEL_EXPORTER_OTLP_LOGS_ENDPOINT: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
# Gateway telemetry proxy configuration
SIGNOZ_OTEL_COLLECTOR_URL: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318"
# Optional: Protocol overrides per signal
# OTEL_EXPORTER_OTLP_TRACES_PROTOCOL: "grpc"
# OTEL_EXPORTER_OTLP_METRICS_PROTOCOL: "grpc"

193
infrastructure/kubernetes/base/jobs/minio-bucket-init-job.yaml Normal file
View File

@@ -0,0 +1,193 @@
apiVersion: batch/v1
kind: Job
metadata:
name: minio-bucket-init
namespace: bakery-ia
labels:
app.kubernetes.io/name: minio-bucket-init
app.kubernetes.io/component: storage-init
app.kubernetes.io/part-of: bakery-ia
spec:
ttlSecondsAfterFinished: 300
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: minio-bucket-init
app.kubernetes.io/component: storage-init
spec:
restartPolicy: OnFailure
initContainers:
# Wait for MinIO to be ready
- name: wait-for-minio
image: busybox:1.36
command:
- sh
- -c
- |
echo "Waiting for MinIO to be ready..."
until nc -z minio.bakery-ia.svc.cluster.local 9000; do
echo "MinIO not ready, waiting..."
sleep 5
done
echo "MinIO is ready!"
containers:
- name: bucket-init
image: minio/mc:RELEASE.2024-11-17T19-35-25Z
command:
- /bin/sh
- -c
- |
set -e
echo "Configuring MinIO client..."
# Configure mc alias with TLS (skip cert verification for self-signed)
mc alias set myminio https://minio.bakery-ia.svc.cluster.local:9000 \
${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD} --insecure
echo "Creating buckets..."
# Create training-models bucket if not exists
if ! mc ls myminio/training-models --insecure 2>/dev/null; then
mc mb myminio/training-models --insecure
echo "Created bucket: training-models"
else
echo "Bucket already exists: training-models"
fi
# Set bucket policy (private by default)
mc anonymous set none myminio/training-models --insecure
# Enable versioning for model backups
mc version enable myminio/training-models --insecure
echo "Enabled versioning on training-models bucket"
# Set lifecycle policy to expire old versions after 90 days
cat > /tmp/lifecycle.json << 'EOF'
{
"Rules": [
{
"ID": "expire-old-versions",
"Status": "Enabled",
"Filter": {
"Prefix": "models/"
},
"NoncurrentVersionExpiration": {
"NoncurrentDays": 90
}
},
{
"ID": "expire-old-metadata",
"Status": "Enabled",
"Filter": {
"Prefix": "models/"
},
"Expiration": {
"ExpiredObjectDeleteMarker": true
}
}
]
}
EOF
mc ilm import myminio/training-models < /tmp/lifecycle.json --insecure || true
echo "Lifecycle policy configured"
# Create service accounts with limited permissions
echo "Creating service accounts..."
# Training service policy (read/write models)
cat > /tmp/training-policy.json << 'EOF'
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::training-models",
"arn:aws:s3:::training-models/*"
]
}
]
}
EOF
# Forecasting service policy (read-only models)
cat > /tmp/forecasting-policy.json << 'EOF'
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::training-models",
"arn:aws:s3:::training-models/*"
]
}
]
}
EOF
# Create service accounts using credentials from secrets
echo "Creating service accounts..."
mc admin user add myminio ${TRAINING_MINIO_USER} ${TRAINING_MINIO_PASSWORD} --insecure 2>/dev/null || true
mc admin user add myminio ${FORECASTING_MINIO_USER} ${FORECASTING_MINIO_PASSWORD} --insecure 2>/dev/null || true
# Apply policies (ignore errors if already exists)
mc admin policy create myminio training-policy /tmp/training-policy.json --insecure 2>/dev/null || true
mc admin policy attach myminio training-policy --user=${TRAINING_MINIO_USER} --insecure 2>/dev/null || true
mc admin policy create myminio forecasting-policy /tmp/forecasting-policy.json --insecure 2>/dev/null || true
mc admin policy attach myminio forecasting-policy --user=${FORECASTING_MINIO_USER} --insecure 2>/dev/null || true
echo "MinIO bucket initialization complete!"
# List buckets for verification
echo "Current buckets:"
mc ls myminio --insecure
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secrets
key: MINIO_ROOT_USER
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secrets
key: MINIO_ROOT_PASSWORD
# Training service MinIO credentials
- name: TRAINING_MINIO_USER
valueFrom:
secretKeyRef:
name: minio-secrets
key: MINIO_ACCESS_KEY
- name: TRAINING_MINIO_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secrets
key: MINIO_SECRET_KEY
# Forecasting service MinIO credentials
- name: FORECASTING_MINIO_USER
valueFrom:
secretKeyRef:
name: minio-secrets
key: FORECASTING_MINIO_ACCESS_KEY
- name: FORECASTING_MINIO_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secrets
key: FORECASTING_MINIO_SECRET_KEY

10
infrastructure/kubernetes/base/kustomization.yaml
View File

@@ -18,6 +18,13 @@ resources:
# Additional configs
- configs/postgres-init-config.yaml
# MinIO Storage (with TLS)
- components/minio/minio-secrets.yaml
- secrets/minio-tls-secret.yaml
- components/minio/minio-pvc.yaml
- components/minio/minio-deployment.yaml
- jobs/minio-bucket-init-job.yaml
# Migration jobs
- migrations/auth-migration-job.yaml
@@ -63,9 +70,6 @@ resources:
- components/nominatim/nominatim.yaml
- jobs/nominatim-init-job.yaml
# Persistent storage
- components/volumes/model-storage-pvc.yaml
# Cert manager cluster issuers
- components/cert-manager/cluster-issuer-staging.yaml
- components/cert-manager/local-ca-issuer.yaml

28
infrastructure/kubernetes/base/secrets/minio-tls-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-tls
namespace: bakery-ia
labels:
app.kubernetes.io/name: bakery-ia
app.kubernetes.io/component: minio-tls
app.kubernetes.io/part-of: bakery-ia
type: Opaque
data:
# MinIO TLS certificates (base64 encoded)
# Generated using infrastructure/tls/generate-minio-certificates.sh
# Valid for 3 years from generation date
#
# Certificate details:
# Subject: CN=minio.bakery-ia.svc.cluster.local, O=BakeryIA, OU=Storage
# Issuer: CN=BakeryIA-CA, O=BakeryIA, OU=Security
#
# To regenerate:
# 1. Run: infrastructure/tls/generate-minio-certificates.sh
# 2. Run: scripts/create-tls-secrets.sh
ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ5ekNDQTdPZ0F3SUJBZ0lVUGdPcU5ZK1pvS0J5UTFNZk84bGtpR2hPbXhJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RURUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeEZUQVRCZ05WQkFjTQpERk5oYmtaeVlXNWphWE5qYnpFUk1BOEdBMVVFQ2d3SVFtRnJaWEo1U1VFeEVUQVBCZ05WQkFzTUNGTmxZM1Z5CmFYUjVNUlF3RWdZRFZRUUREQXRDWVd0bGNubEpRUzFEUVRBZUZ3MHlOVEV3TVRneE5ESXlNVFJhRncwek5URXcKTVRZeE5ESXlNVFJhTUhVeEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJVdwpFd1lEVlFRSERBeFRZVzVHY21GdVkybHpZMjh4RVRBUEJnTlZCQW9NQ0VKaGEyVnllVWxCTVJFd0R3WURWUVFMCkRBaFRaV04xY21sMGVURVVNQklHQTFVRUF3d0xRbUZyWlhKNVNVRXRRMEV3Z2dJaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURSRDVPMmVna1lnOUhOUlI1U1UwYkxuR0hqcHYvUmFnck03ZGh1c2FXbgpyZkRGNVZwVFo0czkvOXNPRUowTnlqdW9LWGFtb3VUd1IxbncxOUZkSDhmMWVvbWNRNGVLdzJIa3hveHFSMzR0ClJEYUFHejNiV08rcmFUUTRTeU1LN1hGTW92VVVpTGwrR08yM2wxQk5QZmh6a2NEa1o5N200MzRmMVFWbzk5dGIKaFY0YklMYW9GSXFmMDlNMEUxL2ZhQitKQ1I4WWtsN0xvWGd1ejNWUi9CVW5kMHZNc1RNV3VlRC8yblZ1VVpPMAowcFVtVFVCUTJRZDc2NTdrL0hXZC8xd2NFQUw5ZFhOUmJ4aEROZkdnYzNXdFFoZ2djcFlMUWFmTGE4MXRseHljCndEZ042UGRFbFVseGdYL091b1oxeWxNWkU3eHBzTXRwbjFBd2VvZFZibTNRcDVBMXlkeWJFNjF1MXVyWXoxTHQKV05aOWVPZkFxZXdpWVFIVlpXTUM0YTRTYSsyeU02cTVQWC80ZytUYklUaDhoWkp3WFBLNUVEaWc3dkYxNEpQbApsRVJOcHdpYTNuNmEwUDcwM0hQTjZya1FPNWtWVGRpVXNmaWJNdGNVSkhMeVdXUUFSQm15ZVZma0lDYWFlWUVsCkVMa3N3YTlOVkVTS3ZRYUhLU2lIWkZoRUkwYUF2Y3BBam0xRU9oRWEraFNSaE9vRnlVT3ZHK2NNT2ZjQlNtTDAKVW1sRC9sZmFuVFQwems1YXFzcEVrWEdlQnczMXJtWi8wQVpPalYycHBSeFdXZWt6bzlCZjdnNmVMVFk0VUNDNQpNeVB0em14OVRiWHJOQW5YaGlGNkxnNWgyOFI0MkdUZTVBZDZUSGtGOVMvS2hxOHUwZFk1U0EyR1VGMUViUU84Ckt3SURBUUFCbzFNd1VUQWRCZ05WSFE0RUZnUVVBKzZxL2tjOGZUUVUxRURxekdSZktRcHE2bTB3SHdZRFZSMGoKQkJnd0ZvQVVBKzZxL2tjOGZUUVUxRURxekdSZktRcHE2bTB3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcQpoa2lHOXcwQkFRc0ZBQU9DQWdFQVF1dkZoMitIUUZ5OFZUY1VnYWxFVmlheXQxelFHdjRySVNtaXEzRzZJZVhQClhTNGd3cUhrRnpUd1p2bW9oVHdtT0N3Vy94RjRLZ3htRmJ5V05yRUpKRXFjYmVkcVVXVi8wQkNhRm1KdlVkZEkKK2V4L2lEM0ZlYnU4QUZJK0o4bEJIL0NlbkRpU0xIaGd5c2VZOHV3Um5Yc3NoWDVSbkRpckYxdUtyMUo2MzVhbgpHbHlGSU5Vcm5RbGd1RXZ0cjBlbkdVbHpUNXJXajR5MEFXVWRiWGk4dlJzaldvUThKYTBCeFRyWVloL2tPL0ZJClB0cVg3d3N4b0pNREVRNzF6aHdhN1dMUWMyZGZiMnJBcjF1QmgzcU53aVZCSU5CK3QzSkZ2NzJ4cXNXZ3VySUIKSWYyc29SVEkybk1lNWdURzFEZmQrVjI0amZhL3lJZ0FzTWpDem1HUUsyMHZvYlg0c0FWbm1QVmJaZzlTTEZaaQpNaWRrbjlPOVU2OE1FT2UzSWFzY2xkN2ZwNUprK0hyYkpVNi9zMTZFRVIvQWdEM09vajN3UmdqVENTK0FERCtqCnhvMk84Vlgya1BvMDNBTitpWWEzbkptbE1GekNyelQrOFp4U25QNUZxR2cyRUNFYnFxQTBCLzVuYVZwbWRZYVYKNDFvRkxzd2NGbTJpcUdhd2JzTE45eDN0dklDdUU5M0hZazFqNzJQelhhaVNMdHB2YW1IMWRSWUMrSFVNMUwwTwo0OUNOTVlKZUwvTmx5UXVaSm0yWDBxRE5TWG1STUw4SFU5c093V1g2cFBQSk96dXF0Z2R4Lytsa0dBZDJ3WkpVCklWYm1MNlF2emRidGEvY1NWd3NMdEJ6RzQ4YTFiNEtCYzdXTEhUd2JyZEJSVGcwVGtMWTRrdkNaZTVuTmw0RT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
minio-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdyVENDQkpXZ0F3SUJBZ0lVRytCME0ycnhucWpHZHRmbzBCaGV2S0N4MGdBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RURUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeEZUQVRCZ05WQkFjTQpERk5oYmtaeVlXNWphWE5qYnpFUk1BOEdBMVVFQ2d3SVFtRnJaWEo1U1VFeEVUQVBCZ05WQkFzTUNGTmxZM1Z5CmFYUjVNUlF3RWdZRFZRUUREQXRDWVd0bGNubEpRUzFEUVRBZUZ3MHlOakF4TVRjeE5EVTBORGhhRncweU9UQXgKTVRZeE5EVTBORGhhTUlHS01Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUVDQXdLUTJGc2FXWnZjbTVwWVRFVgpNQk1HQTFVRUJ3d01VMkZ1Um5KaGJtTnBjMk52TVJFd0R3WURWUVFLREFoQ1lXdGxjbmxKUVRFUU1BNEdBMVVFCkN3d0hVM1J2Y21GblpURXFNQ2dHQTFVRUF3d2hiV2x1YVc4dVltRnJaWEo1TFdsaExuTjJZeTVqYkhWemRHVnkKTG14dlkyRnNNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQW5qdTd0cFF3dkYvVgprL011UmhySllWME1KcXRyRkovTlgrMU9MSmFNaEZYL0tZMTBMUCtCNjV3L3BsWkd5SnRidFVkV2o1d1pMclpRCm1KYjNwNFR0dUs0QlQxZ3UzYlNaS0lIUU5lQWc4MUtzTUdxKzV1WE9vUFdOckFoaDRoWU9KNDVtSXNZYmEwRGQKTzJNRnY5V3VXVm4zVDZGenpNN3FMZENKelpOamVhQjdtVEpqZEhHcjg0aVQ4NkFFQStIeXd2c3FPb2paZStVagpLdThYcmp4VUdSL2VQRnZRQ3lNZFdnRmJqd2lqSi9CbjhSQ0FSSXVpRXNzalNMUVdPZ1FncklBVHZFRi9jeVVkClpLR2hhYzMvNEk3MXhEV2hYNzFYV1l3T05FbXJRNmNHelhtdmNVTVY4SHZFV016YjA1UnBPWXp5bUtyYnhOTDQKZVdOYUt2cnZjWnpjTXpwSU00UmVHS3cyTjlzQUdzM1lCVFI3V1hMS1dnbkxZYnNvSHgzZGRadXlRK0hKd0RUWApxcFh1dFloYW9DZmZIMjNuTU1GaUFLMWltZWJCSTFoVWNBaVB2cFN4N2RJM21nTlA0YWZOL29xaE1PUGc4VHhtCndNZWt2cHovN2NXYkNPTmprZDlkcTBWTExTVyt0cUlmZlZRajBMT1VQdlhyTE9tUG1jTDZsU2xSTzg4NVRWdngKSkRidDJYVVJtaHFKenBhcklmTmhGOUVscEhtYnNkc2xtWVBvLzlKV1VtcmtiSjZBYWZkbEpuckNUR3hKcGl3TAowbEpveEl3dnFZdDhEQnVjMWNORktKSVNMWkl5bzZ1WFJ1TlZvTnByeGdmVXZsOENscDNnUyttSVNGZzMzdTJrCkpjYnF6bnZ2YzN0YmxIZTB4ZzJNSE1JVlRkWmlSamNDQXdFQUFhT0NBUjB3Z2dFWk1Bc0dBMVVkRHdRRUF3SUUKTURBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdnYW9HQTFVZEVRU0JvakNCbjRJaApiV2x1YVc4dVltRnJaWEo1TFdsaExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2dnOXRhVzVwYnk1aVlXdGxjbmt0CmFXR0NLVzFwYm1sdkxXTnZibk52YkdVdVltRnJaWEo1TFdsaExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doZHQKYVc1cGJ5MWpiMjV6YjJ4bExtSmhhMlZ5ZVMxcFlZSUZiV2x1YVcrQ0RXMXBibWx2TFdOdmJuTnZiR1dDQ1d4dgpZMkZzYUc5emRJY0Vmd0FBQVRBZEJnTlZIUTRFRmdRVXJXMzNxOWkreE5MdVZjcGUrKzlxUE56dVF4VXdId1lEClZSMGpCQmd3Rm9BVUErNnEva2M4ZlRRVTFFRHF6R1JmS1FwcTZtMHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUIKQUlTT0NieFJWd2xtaWdjNldLM3hUaUJxNlJGMGNzdnV5NjJNYnI3N0h0Q3VPNHgxOTI5QjAxMXd1djdnWEhmawpPQm9qa3ZwZnFQUXlRZTk2dGFwRGJqYWZpeStlSHBPSm1lQjFNN2lQKzEzTGJJRjN3alE5SXZ1TWtnN3FQczZXCk15cnBvd1ZwK1BPeDU2SlJRK3lPcm5nakgxRG9FMW45NDBJR0lTZkRmb2g3cTljMkNvSlA2cWo3YWxid1U4RU0KYlB5d3B4WkFTNjYydUtBR0VNcFNLK2NuMXdUU3ZWSDN6NDVrMk9yUmwvQ05PZ0Fad1dyNzdQK1A3bW9FSHlmUQplR0dpclJTWWswUkJtYzdOTGd0Ry9iV0JQTEt4dHIyQmZidDFwZFZXakd4TmlwaDR4c1Z0YldpNnVOeUxYNE1qCllyK0FVUjd1MHlCVWxSc1VUL1dDbkFYdnRmNzRwcWJaNDZ3YjFnajEreU1GWHRNUldVV2NFcU1GVXRJdEsrUngKSlA4bUErbW9qdEdOcGdJZG53b1pPMTBsQkZ2U0ZKL1hGUFlsbHFKOGJpWmJ3RDZtWElzei9WQmdDRHlyQ3kybwpQeVhzR29HNDdTZkovQldvdHUwRkNaZERreCtQU0k2bkdKdyt2empSVzJ3TU9tdzJiZ0xkK3dsVDNpTXp4V3VOCkNidk0wSmpTQ2J3YVMvdE84emtrNGROeVhkWWNQbkJPNVJlM1IrQUV3T0RxV2F4T0ZXYmVUWW10bHlOTXdNT04Kd2lpR3pLWjkwaHM5QSt6M2x0QldNNmxNOFBJaFplcHB1TEZNTDRMSjZ0Ti93anJrOEVVMFBNT2ZlUTVjWXprZAp3QXdiRjVXaVhDd2JtaERCbW4xVVBrMjdPQUV0TzRSM3luaXM0eGNJbmVTQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
minio-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBbmp1N3RwUXd2Ri9Way9NdVJockpZVjBNSnF0ckZKL05YKzFPTEphTWhGWC9LWTEwCkxQK0I2NXcvcGxaR3lKdGJ0VWRXajV3WkxyWlFtSmIzcDRUdHVLNEJUMWd1M2JTWktJSFFOZUFnODFLc01HcSsKNXVYT29QV05yQWhoNGhZT0o0NW1Jc1liYTBEZE8yTUZ2OVd1V1ZuM1Q2Rnp6TTdxTGRDSnpaTmplYUI3bVRKagpkSEdyODRpVDg2QUVBK0h5d3ZzcU9valplK1VqS3U4WHJqeFVHUi9lUEZ2UUN5TWRXZ0ZiandpakovQm44UkNBClJJdWlFc3NqU0xRV09nUWdySUFUdkVGL2N5VWRaS0doYWMzLzRJNzF4RFdoWDcxWFdZd09ORW1yUTZjR3pYbXYKY1VNVjhIdkVXTXpiMDVScE9ZenltS3JieE5MNGVXTmFLdnJ2Y1p6Y016cElNNFJlR0t3Mk45c0FHczNZQlRSNwpXWExLV2duTFlic29IeDNkZFp1eVErSEp3RFRYcXBYdXRZaGFvQ2ZmSDIzbk1NRmlBSzFpbWViQkkxaFVjQWlQCnZwU3g3ZEkzbWdOUDRhZk4vb3FoTU9QZzhUeG13TWVrdnB6LzdjV2JDT05qa2Q5ZHEwVkxMU1crdHFJZmZWUWoKMExPVVB2WHJMT21QbWNMNmxTbFJPODg1VFZ2eEpEYnQyWFVSbWhxSnpwYXJJZk5oRjlFbHBIbWJzZHNsbVlQbwovOUpXVW1ya2JKNkFhZmRsSm5yQ1RHeEpwaXdMMGxKb3hJd3ZxWXQ4REJ1YzFjTkZLSklTTFpJeW82dVhSdU5WCm9OcHJ4Z2ZVdmw4Q2xwM2dTK21JU0ZnMzN1MmtKY2Jxem52dmMzdGJsSGUweGcyTUhNSVZUZFppUmpjQ0F3RUEKQVFLQ0FnQVhHQWE4amdKUzYvWERBeUlFejFJRzZNcW1OaXlKdFEwSGJCNFZ1ZDlHVFRyUmVMaTAvSkdjcnBCSAptWjM1RjF1YUtKQkVvM2ExYjV4eHVNN3FYeWRHNWZhQSt4RFVBTkM5cmJ5U3NHUit2dGtzczllcTRXMTM1bjdICjFlMWJUdmEvNVRPWTdhc0F5MVcrbmlRdnJHTW0zVStRQ3JOWTkvWUx1N3p4Q1FyaXJINTlqSEloZzVtaUVKUHYKWWJKVVVyellva20yZzFTaWxYMjlmV25LWHpteTlRaTliSFQvdXg5RWpLQXRUd2hwQXRoWXdaekc1RTVDU2UyYgpaZFU4b0crWVhaVUR5OWRyR2NhaGNrbVpwSndzelJDbmsyQTdGZXBTd25Nc1JIZy9obmdpc3hqZEFmcUl2N2VYCmNrYS9LWkQxK2xGSjROMzBhd29peFZKYXBZY2VwZk1hMS83dE1vZFFsOXdaOVZLWTZ6YlEwL1U0QndlMGQ0OEYKQ1graVlOZ2t4UWRmdVdwMFU2RkVlUTluR2tPMndZQUJxMCtzSDIxU2puRTQvTXh5anpLZCtjR08zUkdkTktxUwo5QTVubkh4MUwxVDN6Z0hOR2ZHS1F6Tzg5L09sVDBWVE80OEhkamxva0hmc3VTVG03N2tkZkU1TVFwamF2WktaCmo0QXoyWENGWkM2WkJxYm9wZlA1amVNWmI1WDU0aXVtclIwcHpRRGloQ3ZZWmYxTlVDa3hFdFZmaTF1eUtvLzYKMzhQK0pDcEtWSk1mYzhyYTFlWVRTV0ZaZDc1UXVMK1FtblpPVUNqQktXMnNQQTVGbERyTkVTdTQrREhCVVFtOApxdUxDUGdLaHA1TmVJRDVjcm5iVElYclVCb2tQdHpsWm10SEs5TFRYeTNPWkdXUmt5UUtDQVFFQTF0OFRhdWdCCmpMUVI2NXBTbGRXTDdVSnVGVlZUVW9DSlB5cHlOQjkvc1VsTC9Nd1RBbHlhWHoveU15Q2VCdWt3cnBMT1M0NHMKaG5kQlJOL3ZsdkRCaEovVjdYaDBEUWUvMGlqczRJdGNYQ1lpN3hFcWZOd1FQTUJEKzVyWkdKeU1iOEtLV3YwSwpBUnhES0k0YytLUkQwemQ1d1ZtelZSTjdLZlUzT3FXbGV1TjNMTFZqN3R6YU9kT2xSU0E3YWlCTS9odWQ1VFE5CkUwcEF3SDhIaGMxYW1qaUM4dEJsYUZlZ0lodXpJenhNU1hIUkJVcDNsaDMvb2UzNjM4Mm5zRUxjbE4xaFVWRGsKdDNUQVpjdHlYRkIzSEUydHpJdm9xRUpRN0Zkd3MwNUVQZXFIODFOekdjRlRNS1NieVJzNmtYYzhFQ0hPc2lYSAp6TDd5dlI3S1BmVHZhd0tDQVFFQXZJVlZRV3lpcU5ScTdTQkd3czg3WjVjZFlJOGdwSkI4bFlySklqaTRyVUVFCk14MmdVeCtYaHM5QTJSczQxZ1hsYXdvRWNqUDliZXJ2ZTYzMVZOV0M0K3Q5cFR2Vm9qcVhtcnZaNVVEN3V2Q0kKRlFPLy9JSUdqa0tFZkRwSUgvcWxEUlZlbEZTU1JjOVEvY0piZlNwS2JsYnJYZ1FtdG5KOWpsQkpFL1NMSW14UAo3OURVdGlmWmx5cFVRbDl5YzhSZzFSYmpyQWtjQVZhOVBHMXQ3cGhTanJkZHRKbXRVUmtFdGhYWTc3R3c5WHJUCjgwWlJHdkpIS0lsWlBmaHF2WlNGQzg4MVJJZ0lpRitCdWxobm16TUo0dmdYeXEwVCtRY1VGN0FBdFBRU0hyMHIKQm5wN1JlUDF5R201UDd0MjNmRU00Z0R1RENBUHQ0R1lZeUxFY2dpelpRS0NBUUVBaE9MVGJITnR1ZW9IaHpFYQowQ1dRY3p4NVBtSlZ0SmxmeUJ2bEkwMHp1SjMvQzZuZU84Q3ZqQ2JORUVlazA5dFZ5ekZwdWhxRWVPaTZDZkdBCmlGWC9LSmw5UVc4VVBwYkRVQ01WVkUxNzRsV0hsMWlEY1ZMY0MrWlFaUVBBTGROcm14YXlZRkZMNWFIbit1WGgKRHZqd0pXbVN1RHhVaDFJVUFyL3YxeXBvckJhUE5xdzcwSmJ2czRHc0haTXdpNUxNYXY4RGFLUWsvWkFYZWJWVwpIcThBMEk0UWxrREI1b1VDdVBWdWxXVU9QUUhSNWpiR3ZLVnkybCtHbnZEZU8wa3VpRFpkb0YrcUE3ZUY0YTZ2CjNGMjdQRnJpR0xXU1ByVTh2TjNiQ2xsbUpQQ3VBWk5qaE5NbU10Z3FySFpWZzI4OVN6RE5WeW04Wm1qVlVKY0IKTnM0TFh3S0NBUUVBdDRua0tBOFpDZC9NdmxJbk1qREorQit5ZFRqRG9oUWRod1lZcmgybEJ1QitzemxMeHNIQwpKM2lOL1JFNHMzNElEcjh3OXZMUThIdkRicGs5ZWJ0cGRIYm4yNysyVFB4WWIwZ21hc0ZxazJUc1IvRmZyL256CllmczJ1eStPMnJ1T2gzOWZsbkFEL0wxTGI5TVNlWGg4QUpMVkViSmU4ay9qRjNQb3dlbmFyOGZkeDNCOE4xL3kKd3U1dUhEU0szRlM3cFpwa1REQ09PR3QzVDJhR21iMW8yeE9Bd255L3RXM3pIVWVGN2s4RUp1clBnVkRiVTYyLwpRNkw4NUkxL2RsVXJkd1RrS25WNlFUTWl2UWFtei8zUHlVNmE4ekt3ZUVuQThSTGtqVWYyZ0VEUnE3d0JXbGtICkNIaU41NU9ldFpPaVpFSmRnQ2FTeHFrQWNMdi9uN29DMVFLQ0FRRUFxRkNHVDFWWG4yUGEwdFQ2ZCtvRnZYYTkKSENVMTFEbG9ad1hUOTY4cmhGOEJSazdLRVVvZXpFdjZiTUZsdUwzak9jMDNkUUs1WlF0anZUQkZKYlc3NVZMVgphcnR1U0xiVS9CVytnRGtZWmszQ241Z1B6QzlIbGRDa3MrS0lDOHJBcUNPdW9NRzc3SFlOVys3ckJLS3did2w1CmtDQW1uSmE2NWZZczdDWXpEOThmb0crVmxsc25VWCttMUxMZUtjclBEZWlpcW5kQmFTWi9NRVJnWmE2SXZid2kKMDVtNnFqL3ZXL1ZiV05iNVR4Z2N5MWpOOXpRbWJONFJ0Zmdzc3NKRmZzS3JNS0lxVnp1NkNMcEJ4eXBOUXZHYQo0S3UzVFZGcm9zaFlxWUpMVm1xVklYT1dWZk9IQTRMT2VpNmtDZTlHaTQydjdqS014M0dEK25CK1BWbVFXZz09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

2
infrastructure/kubernetes/overlays/dev/kustomization.yaml
View File

@@ -666,7 +666,7 @@ replicas:
- name: tenant-service
count: 1
- name: training-service
count: 1
count: 2 # Safe with MinIO storage
- name: forecasting-service
count: 1
- name: sales-service

2
infrastructure/kubernetes/overlays/prod/kustomization.yaml
View File

@@ -200,7 +200,7 @@ replicas:
- name: tenant-service
count: 2
- name: training-service
count: 2
count: 3 # Safe with MinIO storage - no PVC conflicts
- name: forecasting-service
count: 3
- name: sales-service

12
infrastructure/kubernetes/overlays/prod/storage-patch.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: model-storage
namespace: bakery-ia
spec:
storageClassName: microk8s-hostpath # MicroK8s storage class
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi # Increased for production (adjust based on your needs)

206
infrastructure/signoz/dashboards/user-activity.json
View File

@@ -31,7 +31,7 @@
"y": 3,
"w": 6,
"h": 3,
"i": "api-calls-per-user",
"i": "user-actions",
"moved": false,
"static": false
},
@@ -40,7 +40,16 @@
"y": 3,
"w": 6,
"h": 3,
"i": "session-duration",
"i": "page-views",
"moved": false,
"static": false
},
{
"x": 0,
"y": 6,
"w": 12,
"h": 4,
"i": "geo-visitors",
"moved": false,
"static": false
}
@@ -51,7 +60,7 @@
"name": "service",
"description": "Filter by service name",
"type": "QUERY",
"queryValue": "SELECT DISTINCT(resource_attrs['service.name']) as value FROM signoz_metrics.distributed_time_series_v4_1day WHERE metric_name = 'active_users' AND value != '' ORDER BY value",
"queryValue": "SELECT DISTINCT(serviceName) FROM signoz_traces.distributed_signoz_index_v2 ORDER BY serviceName",
"customValue": "",
"textboxValue": "",
"showALLOption": true,
@@ -59,7 +68,7 @@
"order": 1,
"modificationUUID": "",
"sort": "ASC",
"selectedValue": null
"selectedValue": "bakery-frontend"
}
},
"widgets": [
@@ -75,26 +84,26 @@
"builder": {
"queryData": [
{
"dataSource": "metrics",
"dataSource": "traces",
"queryName": "A",
"aggregateOperator": "sum",
"aggregateOperator": "count_distinct",
"aggregateAttribute": {
"key": "active_users",
"dataType": "int64",
"type": "Gauge",
"isColumn": false
"key": "user.id",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"timeAggregation": "latest",
"timeAggregation": "count_distinct",
"spaceAggregation": "sum",
"functions": [],
"filters": {
"items": [
{
"key": {
"key": "service.name",
"key": "serviceName",
"dataType": "string",
"type": "resource",
"isColumn": false
"type": "tag",
"isColumn": true
},
"op": "=",
"value": "{{.service}}"
@@ -110,13 +119,13 @@
"orderBy": [],
"groupBy": [
{
"key": "service.name",
"key": "serviceName",
"dataType": "string",
"type": "resource",
"isColumn": false
"type": "tag",
"isColumn": true
}
],
"legend": "{{service.name}}",
"legend": "{{serviceName}}",
"reduceTo": "sum"
}
],
@@ -139,16 +148,16 @@
"builder": {
"queryData": [
{
"dataSource": "metrics",
"dataSource": "traces",
"queryName": "A",
"aggregateOperator": "sum",
"aggregateOperator": "count",
"aggregateAttribute": {
"key": "user_sessions_total",
"dataType": "int64",
"type": "Counter",
"isColumn": false
"key": "session.id",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"timeAggregation": "sum",
"timeAggregation": "count",
"spaceAggregation": "sum",
"functions": [],
"filters": {
@@ -162,6 +171,16 @@
},
"op": "=",
"value": "{{.service}}"
},
{
"key": {
"key": "span.name",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"op": "=",
"value": "user_session"
}
],
"op": "AND"
@@ -192,9 +211,9 @@
"yAxisUnit": "none"
},
{
"id": "api-calls-per-user",
"title": "API Calls per User",
"description": "Average API calls per user by service",
"id": "user-actions",
"title": "User Actions",
"description": "Total user actions by service",
"isStacked": false,
"nullZeroValues": "zero",
"opacity": "1",
@@ -203,17 +222,17 @@
"builder": {
"queryData": [
{
"dataSource": "metrics",
"dataSource": "traces",
"queryName": "A",
"aggregateOperator": "avg",
"aggregateOperator": "count",
"aggregateAttribute": {
"key": "api_calls_per_user",
"dataType": "float64",
"type": "Gauge",
"isColumn": false
"key": "user.action",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"timeAggregation": "avg",
"spaceAggregation": "avg",
"timeAggregation": "count",
"spaceAggregation": "sum",
"functions": [],
"filters": {
"items": [
@@ -226,6 +245,16 @@
},
"op": "=",
"value": "{{.service}}"
},
{
"key": {
"key": "span.name",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"op": "=",
"value": "user_action"
}
],
"op": "AND"
@@ -245,7 +274,7 @@
}
],
"legend": "{{serviceName}}",
"reduceTo": "avg"
"reduceTo": "sum"
}
],
"queryFormulas": []
@@ -256,9 +285,9 @@
"yAxisUnit": "none"
},
{
"id": "session-duration",
"title": "Session Duration",
"description": "Average session duration by service",
"id": "page-views",
"title": "Page Views",
"description": "Total page views by service",
"isStacked": false,
"nullZeroValues": "zero",
"opacity": "1",
@@ -267,17 +296,17 @@
"builder": {
"queryData": [
{
"dataSource": "metrics",
"dataSource": "traces",
"queryName": "A",
"aggregateOperator": "avg",
"aggregateOperator": "count",
"aggregateAttribute": {
"key": "session_duration_seconds",
"dataType": "float64",
"type": "Gauge",
"isColumn": false
"key": "page.path",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"timeAggregation": "avg",
"spaceAggregation": "avg",
"timeAggregation": "count",
"spaceAggregation": "sum",
"functions": [],
"filters": {
"items": [
@@ -290,6 +319,16 @@
},
"op": "=",
"value": "{{.service}}"
},
{
"key": {
"key": "span.name",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"op": "=",
"value": "page_view"
}
],
"op": "AND"
@@ -309,7 +348,7 @@
}
],
"legend": "{{serviceName}}",
"reduceTo": "avg"
"reduceTo": "sum"
}
],
"queryFormulas": []
@@ -317,7 +356,74 @@
"queryType": "builder"
},
"fillSpans": false,
"yAxisUnit": "seconds"
"yAxisUnit": "none"
},
{
"id": "geo-visitors",
"title": "Geolocation Visitors",
"description": "Number of visitors who shared location data",
"isStacked": false,
"nullZeroValues": "zero",
"opacity": "1",
"panelTypes": "value",
"query": {
"builder": {
"queryData": [
{
"dataSource": "traces",
"queryName": "A",
"aggregateOperator": "count",
"aggregateAttribute": {
"key": "user.id",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"timeAggregation": "count",
"spaceAggregation": "sum",
"functions": [],
"filters": {
"items": [
{
"key": {
"key": "serviceName",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"op": "=",
"value": "{{.service}}"
},
{
"key": {
"key": "span.name",
"dataType": "string",
"type": "tag",
"isColumn": true
},
"op": "=",
"value": "user_location"
}
],
"op": "AND"
},
"expression": "A",
"disabled": false,
"having": [],
"stepInterval": 60,
"limit": null,
"orderBy": [],
"groupBy": [],
"legend": "Visitors with Location Data (See GEOLOCATION_VISUALIZATION_GUIDE.md for map integration)",
"reduceTo": "sum"
}
],
"queryFormulas": []
},
"queryType": "builder"
},
"fillSpans": false,
"yAxisUnit": "none"
}
]
}

2
infrastructure/tls/ca/ca-cert.srl
View File

@@ -1 +1 @@
1BE074336AF19EA8C676D7E8D0185EBCA0B1D1FF
1BE074336AF19EA8C676D7E8D0185EBCA0B1D202

111
infrastructure/tls/generate-minio-certificates.sh Executable file
View File

@@ -0,0 +1,111 @@
#!/usr/bin/env bash
# Generate MinIO TLS certificates using existing CA
# This script generates certificates for MinIO server
set -e
TLS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CA_DIR="$TLS_DIR/ca"
MINIO_DIR="$TLS_DIR/minio"
mkdir -p "$MINIO_DIR"
echo "Generating MinIO TLS certificates using existing CA..."
echo "CA Directory: $CA_DIR"
echo "MinIO Directory: $MINIO_DIR"
echo ""
# Check if CA exists
if [ ! -f "$CA_DIR/ca-cert.pem" ] || [ ! -f "$CA_DIR/ca-key.pem" ]; then
echo "ERROR: CA certificates not found. Please run generate-certificates.sh first."
exit 1
fi
# Generate MinIO server private key
echo "Step 1: Generating MinIO server private key..."
openssl genrsa -out "$MINIO_DIR/minio-key.pem" 4096
# Convert to traditional RSA format (required by MinIO)
echo "Step 1b: Converting private key to traditional RSA format..."
openssl rsa -in "$MINIO_DIR/minio-key.pem" -traditional -out "$MINIO_DIR/minio-key.pem"
# Create certificate signing request (CSR)
echo "Step 2: Creating MinIO certificate signing request..."
openssl req -new -key "$MINIO_DIR/minio-key.pem" -out "$MINIO_DIR/minio.csr" \
-subj "/C=US/ST=California/L=SanFrancisco/O=BakeryIA/OU=Storage/CN=minio.bakery-ia.svc.cluster.local"
# Create SAN (Subject Alternative Names) configuration for MinIO
cat > "$MINIO_DIR/san.cnf" <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = SanFrancisco
O = BakeryIA
OU = Storage
CN = minio.bakery-ia.svc.cluster.local
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = minio.bakery-ia.svc.cluster.local
DNS.2 = minio.bakery-ia
DNS.3 = minio-console.bakery-ia.svc.cluster.local
DNS.4 = minio-console.bakery-ia
DNS.5 = minio
DNS.6 = minio-console
DNS.7 = localhost
IP.1 = 127.0.0.1
EOF
# Sign the certificate with CA (valid for 3 years)
echo "Step 3: Signing MinIO certificate with CA..."
openssl x509 -req -in "$MINIO_DIR/minio.csr" \
-CA "$CA_DIR/ca-cert.pem" -CAkey "$CA_DIR/ca-key.pem" -CAcreateserial \
-out "$MINIO_DIR/minio-cert.pem" -days 1095 \
-extensions v3_req -extfile "$MINIO_DIR/san.cnf"
# Set proper permissions
chmod 600 "$MINIO_DIR/minio-key.pem"
chmod 644 "$MINIO_DIR/minio-cert.pem"
# Copy CA cert for MinIO
cp "$CA_DIR/ca-cert.pem" "$MINIO_DIR/ca-cert.pem"
echo ""
echo "Step 4: Verifying MinIO certificates..."
# Verify MinIO certificate
echo "MinIO certificate details:"
openssl x509 -in "$MINIO_DIR/minio-cert.pem" -noout -subject -issuer -dates
openssl verify -CAfile "$CA_DIR/ca-cert.pem" "$MINIO_DIR/minio-cert.pem"
echo ""
echo "==================="
echo "✓ MinIO certificates generated successfully!"
echo ""
echo "Generated files:"
echo " MinIO:"
echo " - $MINIO_DIR/minio-cert.pem (Server certificate)"
echo " - $MINIO_DIR/minio-key.pem (Server private key - traditional RSA format)"
echo " - $MINIO_DIR/ca-cert.pem (CA certificate)"
echo ""
echo "Important Notes:"
echo " • Private key is in traditional RSA format (BEGIN RSA PRIVATE KEY)"
echo " • This format is required by MinIO to avoid 'The private key contains additional data' error"
echo " • Certificates follow the standardized Opaque secret structure"
echo ""
echo "Next steps:"
echo " 1. Update Kubernetes minio-tls secret with these certificates"
echo " 2. Apply the updated secret to your cluster"
echo " 3. Restart MinIO pods if necessary"
echo ""
echo "For more details, see: docs/MINIO_TLS_FIX_SUMMARY.md"

33
infrastructure/tls/minio/ca-cert.pem Normal file
View File

@@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFyzCCA7OgAwIBAgIUPgOqNY+ZoKByQ1MfO8lkiGhOmxIwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNTEwMTgxNDIyMTRaFw0zNTEw
MTYxNDIyMTRaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUw
EwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMREwDwYDVQQL
DAhTZWN1cml0eTEUMBIGA1UEAwwLQmFrZXJ5SUEtQ0EwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDRD5O2egkYg9HNRR5SU0bLnGHjpv/RagrM7dhusaWn
rfDF5VpTZ4s9/9sOEJ0NyjuoKXamouTwR1nw19FdH8f1eomcQ4eKw2HkxoxqR34t
RDaAGz3bWO+raTQ4SyMK7XFMovUUiLl+GO23l1BNPfhzkcDkZ97m434f1QVo99tb
hV4bILaoFIqf09M0E1/faB+JCR8Ykl7LoXguz3VR/BUnd0vMsTMWueD/2nVuUZO0
0pUmTUBQ2Qd7657k/HWd/1wcEAL9dXNRbxhDNfGgc3WtQhggcpYLQafLa81tlxyc
wDgN6PdElUlxgX/OuoZ1ylMZE7xpsMtpn1AweodVbm3Qp5A1ydybE61u1urYz1Lt
WNZ9eOfAqewiYQHVZWMC4a4Sa+2yM6q5PX/4g+TbITh8hZJwXPK5EDig7vF14JPl
lERNpwia3n6a0P703HPN6rkQO5kVTdiUsfibMtcUJHLyWWQARBmyeVfkICaaeYEl
ELkswa9NVESKvQaHKSiHZFhEI0aAvcpAjm1EOhEa+hSRhOoFyUOvG+cMOfcBSmL0
UmlD/lfanTT0zk5aqspEkXGeBw31rmZ/0AZOjV2ppRxWWekzo9Bf7g6eLTY4UCC5
MyPtzmx9TbXrNAnXhiF6Lg5h28R42GTe5Ad6THkF9S/Khq8u0dY5SA2GUF1EbQO8
KwIDAQABo1MwUTAdBgNVHQ4EFgQUA+6q/kc8fTQU1EDqzGRfKQpq6m0wHwYDVR0j
BBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEAQuvFh2+HQFy8VTcUgalEViayt1zQGv4rISmiq3G6IeXP
XS4gwqHkFzTwZvmohTwmOCwW/xF4KgxmFbyWNrEJJEqcbedqUWV/0BCaFmJvUddI
+ex/iD3Febu8AFI+J8lBH/CenDiSLHhgyseY8uwRnXsshX5RnDirF1uKr1J635an
GlyFINUrnQlguEvtr0enGUlzT5rWj4y0AWUdbXi8vRsjWoQ8Ja0BxTrYYh/kO/FI
PtqX7wsxoJMDEQ71zhwa7WLQc2dfb2rAr1uBh3qNwiVBINB+t3JFv72xqsWgurIB
If2soRTI2nMe5gTG1Dfd+V24jfa/yIgAsMjCzmGQK20vobX4sAVnmPVbZg9SLFZi
Midkn9O9U68MEOe3Iascld7fp5Jk+HrbJU6/s16EER/AgD3Ooj3wRgjTCS+ADD+j
xo2O8VX2kPo03AN+iYa3nJmlMFzCrzT+8ZxSnP5FqGg2ECEbqqA0B/5naVpmdYaV
41oFLswcFm2iqGawbsLN9x3tvICuE93HYk1j72PzXaiSLtpvamH1dRYC+HUM1L0O
49CNMYJeL/NlyQuZJm2X0qDNSXmRML8HU9sOwWX6pPPJOzuqtgdx/+lkGAd2wZJU
IVbmL6Qvzdbta/cSVwsLtBzG48a1b4KBc7WLHTwbrdBRTg0TkLY4kvCZe5nNl4E=
-----END CERTIFICATE-----

38
infrastructure/tls/minio/minio-cert.pem Normal file
View File

@@ -0,0 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGrTCCBJWgAwIBAgIUG+B0M2rxnqjGdtfo0BhevKCx0gAwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAcM
DFNhbkZyYW5jaXNjbzERMA8GA1UECgwIQmFrZXJ5SUExETAPBgNVBAsMCFNlY3Vy
aXR5MRQwEgYDVQQDDAtCYWtlcnlJQS1DQTAeFw0yNjAxMTcxNDU0NDhaFw0yOTAx
MTYxNDU0NDhaMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEV
MBMGA1UEBwwMU2FuRnJhbmNpc2NvMREwDwYDVQQKDAhCYWtlcnlJQTEQMA4GA1UE
CwwHU3RvcmFnZTEqMCgGA1UEAwwhbWluaW8uYmFrZXJ5LWlhLnN2Yy5jbHVzdGVy
LmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnju7tpQwvF/V
k/MuRhrJYV0MJqtrFJ/NX+1OLJaMhFX/KY10LP+B65w/plZGyJtbtUdWj5wZLrZQ
mJb3p4TtuK4BT1gu3bSZKIHQNeAg81KsMGq+5uXOoPWNrAhh4hYOJ45mIsYba0Dd
O2MFv9WuWVn3T6FzzM7qLdCJzZNjeaB7mTJjdHGr84iT86AEA+HywvsqOojZe+Uj
Ku8XrjxUGR/ePFvQCyMdWgFbjwijJ/Bn8RCARIuiEssjSLQWOgQgrIATvEF/cyUd
ZKGhac3/4I71xDWhX71XWYwONEmrQ6cGzXmvcUMV8HvEWMzb05RpOYzymKrbxNL4
eWNaKvrvcZzcMzpIM4ReGKw2N9sAGs3YBTR7WXLKWgnLYbsoHx3ddZuyQ+HJwDTX
qpXutYhaoCffH23nMMFiAK1imebBI1hUcAiPvpSx7dI3mgNP4afN/oqhMOPg8Txm
wMekvpz/7cWbCONjkd9dq0VLLSW+tqIffVQj0LOUPvXrLOmPmcL6lSlRO885TVvx
JDbt2XURmhqJzparIfNhF9ElpHmbsdslmYPo/9JWUmrkbJ6AafdlJnrCTGxJpiwL
0lJoxIwvqYt8DBuc1cNFKJISLZIyo6uXRuNVoNprxgfUvl8Clp3gS+mISFg33u2k
Jcbqznvvc3tblHe0xg2MHMIVTdZiRjcCAwEAAaOCAR0wggEZMAsGA1UdDwQEAwIE
MDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgaoGA1UdEQSBojCBn4Ih
bWluaW8uYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxvY2Fsgg9taW5pby5iYWtlcnkt
aWGCKW1pbmlvLWNvbnNvbGUuYmFrZXJ5LWlhLnN2Yy5jbHVzdGVyLmxvY2Fsghdt
aW5pby1jb25zb2xlLmJha2VyeS1pYYIFbWluaW+CDW1pbmlvLWNvbnNvbGWCCWxv
Y2FsaG9zdIcEfwAAATAdBgNVHQ4EFgQUrW33q9i+xNLuVcpe++9qPNzuQxUwHwYD
VR0jBBgwFoAUA+6q/kc8fTQU1EDqzGRfKQpq6m0wDQYJKoZIhvcNAQELBQADggIB
AISOCbxRVwlmigc6WK3xTiBq6RF0csvuy62Mbr77HtCuO4x1929B011wuv7gXHfk
OBojkvpfqPQyQe96tapDbjafiy+eHpOJmeB1M7iP+13LbIF3wjQ9IvuMkg7qPs6W
MyrpowVp+POx56JRQ+yOrngjH1DoE1n940IGISfDfoh7q9c2CoJP6qj7albwU8EM
bPywpxZAS662uKAGEMpSK+cn1wTSvVH3z45k2OrRl/CNOgAZwWr77P+P7moEHyfQ
eGGirRSYk0RBmc7NLgtG/bWBPLKxtr2Bfbt1pdVWjGxNiph4xsVtbWi6uNyLX4Mj
Yr+AUR7u0yBUlRsUT/WCnAXvtf74pqbZ46wb1gj1+yMFXtMRWUWcEqMFUtItK+Rx
JP8mA+mojtGNpgIdnwoZO10lBFvSFJ/XFPYllqJ8biZbwD6mXIsz/VBgCDyrCy2o
PyXsGoG47SfJ/BWotu0FCZdDkx+PSI6nGJw+vzjRW2wMOmw2bgLd+wlT3iMzxWuN
CbvM0JjSCbwaS/tO8zkk4dNyXdYcPnBO5Re3R+AEwODqWaxOFWbeTYmtlyNMwMON
wiiGzKZ90hs9A+z3ltBWM6lM8PIhZeppuLFML4LJ6tN/wjrk8EU0PMOfeQ5cYzkd
wAwbF5WiXCwbmhDBmn1UPk27OAEtO4R3ynis4xcIneSC
-----END CERTIFICATE-----

51
infrastructure/tls/minio/minio-key.pem Normal file
View File

@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAnju7tpQwvF/Vk/MuRhrJYV0MJqtrFJ/NX+1OLJaMhFX/KY10
LP+B65w/plZGyJtbtUdWj5wZLrZQmJb3p4TtuK4BT1gu3bSZKIHQNeAg81KsMGq+
5uXOoPWNrAhh4hYOJ45mIsYba0DdO2MFv9WuWVn3T6FzzM7qLdCJzZNjeaB7mTJj
dHGr84iT86AEA+HywvsqOojZe+UjKu8XrjxUGR/ePFvQCyMdWgFbjwijJ/Bn8RCA
RIuiEssjSLQWOgQgrIATvEF/cyUdZKGhac3/4I71xDWhX71XWYwONEmrQ6cGzXmv
cUMV8HvEWMzb05RpOYzymKrbxNL4eWNaKvrvcZzcMzpIM4ReGKw2N9sAGs3YBTR7
WXLKWgnLYbsoHx3ddZuyQ+HJwDTXqpXutYhaoCffH23nMMFiAK1imebBI1hUcAiP
vpSx7dI3mgNP4afN/oqhMOPg8TxmwMekvpz/7cWbCONjkd9dq0VLLSW+tqIffVQj
0LOUPvXrLOmPmcL6lSlRO885TVvxJDbt2XURmhqJzparIfNhF9ElpHmbsdslmYPo
/9JWUmrkbJ6AafdlJnrCTGxJpiwL0lJoxIwvqYt8DBuc1cNFKJISLZIyo6uXRuNV
oNprxgfUvl8Clp3gS+mISFg33u2kJcbqznvvc3tblHe0xg2MHMIVTdZiRjcCAwEA
AQKCAgAXGAa8jgJS6/XDAyIEz1IG6MqmNiyJtQ0HbB4Vud9GTTrReLi0/JGcrpBH
mZ35F1uaKJBEo3a1b5xxuM7qXydG5faA+xDUANC9rbySsGR+vtkss9eq4W135n7H
1e1bTva/5TOY7asAy1W+niQvrGMm3U+QCrNY9/YLu7zxCQrirH59jHIhg5miEJPv
YbJUUrzYokm2g1SilX29fWnKXzmy9Qi9bHT/ux9EjKAtTwhpAthYwZzG5E5CSe2b
ZdU8oG+YXZUDy9drGcahckmZpJwszRCnk2A7FepSwnMsRHg/hngisxjdAfqIv7eX
cka/KZD1+lFJ4N30awoixVJapYcepfMa1/7tModQl9wZ9VKY6zbQ0/U4Bwe0d48F
CX+iYNgkxQdfuWp0U6FEeQ9nGkO2wYABq0+sH21SjnE4/MxyjzKd+cGO3RGdNKqS
9A5nnHx1L1T3zgHNGfGKQzO89/OlT0VTO48HdjlokHfsuSTm77kdfE5MQpjavZKZ
j4Az2XCFZC6ZBqbopfP5jeMZb5X54iumrR0pzQDihCvYZf1NUCkxEtVfi1uyKo/6
38P+JCpKVJMfc8ra1eYTSWFZd75QuL+QmnZOUCjBKW2sPA5FlDrNESu4+DHBUQm8
quLCPgKhp5NeID5crnbTIXrUBokPtzlZmtHK9LTXy3OZGWRkyQKCAQEA1t8TaugB
jLQR65pSldWL7UJuFVVTUoCJPypyNB9/sUlL/MwTAlyaXz/yMyCeBukwrpLOS44s
hndBRN/vlvDBhJ/V7Xh0DQe/0ijs4ItcXCYi7xEqfNwQPMBD+5rZGJyMb8KKWv0K
ARxDKI4c+KRD0zd5wVmzVRN7KfU3OqWleuN3LLVj7tzaOdOlRSA7aiBM/hud5TQ9
E0pAwH8Hhc1amjiC8tBlaFegIhuzIzxMSXHRBUp3lh3/oe36382nsELclN1hUVDk
t3TAZctyXFB3HE2tzIvoqEJQ7Fdws05EPeqH81NzGcFTMKSbyRs6kXc8ECHOsiXH
zL7yvR7KPfTvawKCAQEAvIVVQWyiqNRq7SBGws87Z5cdYI8gpJB8lYrJIji4rUEE
Mx2gUx+Xhs9A2Rs41gXlawoEcjP9berve631VNWC4+t9pTvVojqXmrvZ5UD7uvCI
FQO//IIGjkKEfDpIH/qlDRVelFSSRc9Q/cJbfSpKblbrXgQmtnJ9jlBJE/SLImxP
79DUtifZlypUQl9yc8Rg1RbjrAkcAVa9PG1t7phSjrddtJmtURkEthXY77Gw9XrT
80ZRGvJHKIlZPfhqvZSFC881RIgIiF+BulhnmzMJ4vgXyq0T+QcUF7AAtPQSHr0r
Bnp7ReP1yGm5P7t23fEM4gDuDCAPt4GYYyLEcgizZQKCAQEAhOLTbHNtueoHhzEa
0CWQczx5PmJVtJlfyBvlI00zuJ3/C6neO8CvjCbNEEek09tVyzFpuhqEeOi6CfGA
iFX/KJl9QW8UPpbDUCMVVE174lWHl1iDcVLcC+ZQZQPALdNrmxayYFFL5aHn+uXh
DvjwJWmSuDxUh1IUAr/v1yporBaPNqw70Jbvs4GsHZMwi5LMav8DaKQk/ZAXebVW
Hq8A0I4QlkDB5oUCuPVulWUOPQHR5jbGvKVy2l+GnvDeO0kuiDZdoF+qA7eF4a6v
3F27PFriGLWSPrU8vN3bCllmJPCuAZNjhNMmMtgqrHZVg289SzDNVym8ZmjVUJcB
Ns4LXwKCAQEAt4nkKA8ZCd/MvlInMjDJ+B+ydTjDohQdhwYYrh2lBuB+szlLxsHC
J3iN/RE4s34IDr8w9vLQ8HvDbpk9ebtpdHbn27+2TPxYb0gmasFqk2TsR/Ffr/nz
Yfs2uy+O2ruOh39flnAD/L1Lb9MSeXh8AJLVEbJe8k/jF3Powenar8fdx3B8N1/y
wu5uHDSK3FS7pZpkTDCOOGt3T2aGmb1o2xOAwny/tW3zHUeF7k8EJurPgVDbU62/
Q6L85I1/dlUrdwTkKnV6QTMivQamz/3PyU6a8zKweEnA8RLkjUf2gEDRq7wBWlkH
CHiN55OetZOiZEJdgCaSxqkAcLv/n7oC1QKCAQEAqFCGT1VXn2Pa0tT6d+oFvXa9
HCU11DloZwXT968rhF8BRk7KEUoezEv6bMFluL3jOc03dQK5ZQtjvTBFJbW75VLV
artuSLbU/BW+gDkYZk3Cn5gPzC9HldCks+KIC8rAqCOuoMG77HYNW+7rBKKwbwl5
kCAmnJa65fYs7CYzD98foG+VllsnUX+m1LLeKcrPDeiiqndBaSZ/MERgZa6Ivbwi
05m6qj/vW/VbWNb5Txgcy1jN9zQmbN4RtfgsssJFfsKrMKIqVzu6CLpBxypNQvGa
4Ku3TVFroshYqYJLVmqVIXOWVfOHA4LOei6kCe9Gi42v7jKMx3GD+nB+PVmQWg==
-----END RSA PRIVATE KEY-----

28
infrastructure/tls/minio/minio.csr Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE0DCCArgCAQAwgYoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
MRUwEwYDVQQHDAxTYW5GcmFuY2lzY28xETAPBgNVBAoMCEJha2VyeUlBMRAwDgYD
VQQLDAdTdG9yYWdlMSowKAYDVQQDDCFtaW5pby5iYWtlcnktaWEuc3ZjLmNsdXN0
ZXIubG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN+XNRDxtM
siHWRzlX5bWLjd2la1w0HeUbzZ8l4mVRQTvgVZ2ilhZ4g749D3hE2HK4PV7yDXyN
ofIz91s5CCIK9iuReukoYeTST0VRrNNUd72oe1oxp4v+iPOOQE8K6IH63ztc8EHZ
0cHxNVrm7HCVLFFG09WGn9th9b51OVhCUFTyQqfvnL3rhvL0vvx7xTuVISGhw8wc
/7DZPR2OFdSS8raVpWqy+vi0lgjQnbdcaI43t+2tfqHi3E3mJ1h3SR4YQJh0FWMI
ULcIW3GcOKxQ2r9mAh1JeAR9BtVRQnFF4ZBlnN4nwd0IdmFLofvFgnylIJ5lm1kT
/aIkAhljKPiWZhDmLayMlxf+YgtzPhoUtGt5tPfmXPDosYv5BNl/7PD3gem+Gqmn
KRb4Sxz+6jDDMCijk/+QSh9ri3rDCjoiwxgi1p7lFDZukbR02XSVUmrTZljmDOPg
tnMXhVNbr0ftWBtraynEGEIKIJrAG/XWmlgL+9rQ/2VHRuPbBplfY1azIvAHcxag
xK4xW0cA9HAj8WSmEt30WplLXCeHv8UY2FKSk3cPmBp7QIAwKxqdeFuUQTcsT8p6
wDCwZuP8irD9JMmbaLn+GyRFJkbXfcmLnWEKO7LqtEP7tfKEb+Vz2kTKv488heQo
AUVPJRBiZsrwcoWlGlQ2iWmM9bW3ZGkzhwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
ggIBABINqJhSOOh+ZnFFKCz0hRIKZdAiDYXtwNDY0nGS6ZUkCTIqbx8m+iGmAyn+
zCtoN5AK73U6QMeMHKebL6Yfhjh5HvVWqRb/dbXwgasVusOQMXmYCvkLOuSKjSUf
3jWhJrA9I1Vg41vfoZmyy3u6g7/uRmOgSAhVB0Dk44GAlzW0jpZIBveQ4H0M1PHV
HGAXaZKLmmnHTpC3ilsaQTKF5yjVXMmJ85VnyMlo/Kxiv+XujKdt1Dp0BRk+IPpW
DFNAY2joOAPOvJImH/7k0YrE3JZl11e4pyI1BO5SpKllWfPMhw0kqsTrtrnTeAgW
eguP+fkXZaCeOyUyvatUMW7+lVcKu2Gqs/tPpn7PaAVyb1dTN5L9E32o6f9dJ7ew
mD+mw+p+dKwhTSsf20irVZmNEYTyE40fnQQeR41fM5a8uGMxegIfKSwtWgDgEjE7
z3L034/g+RQop0nyRhCb52HKlWHniGM/w+/S+2Rn6Ac7R7L3gAuNrdCLD9bWIcXe
jaGQeh0zrp/TtXk/D+81KLdixGbWCzoeCggFzaFZUHf/4AT8lI6qZhp8IouBIL51
b2A9Gz1yro0y6YaJai2HDDu7emVCCGgu45i8yxh09jwIR/MRjBWBDHw29xixbIiN
af6SBracitghXnTxpOjLLfN1amp7i0CUe51HzxLblxNcnZM7
-----END CERTIFICATE REQUEST-----

27
infrastructure/tls/minio/san.cnf Normal file
View File

@@ -0,0 +1,27 @@
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = SanFrancisco
O = BakeryIA
OU = Storage
CN = minio.bakery-ia.svc.cluster.local
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = minio.bakery-ia.svc.cluster.local
DNS.2 = minio.bakery-ia
DNS.3 = minio-console.bakery-ia.svc.cluster.local
DNS.4 = minio-console.bakery-ia
DNS.5 = minio
DNS.6 = minio-console
DNS.7 = localhost
IP.1 = 127.0.0.1