diff --git a/CLEANUP-GUIDE.md b/CLEANUP-GUIDE.md deleted file mode 100644 index 5b1c39de..00000000 --- a/CLEANUP-GUIDE.md +++ /dev/null @@ -1,202 +0,0 @@ -# ๐Ÿงน Cleanup Guide for Kind + Colima + Skaffold Environment - -This guide provides different cleanup options depending on what you want to clean up. - -## ๐Ÿ“‹ Quick Reference - -| Scenario | Command | What it cleans | -|----------|---------|----------------| -| **Stop development** | `Ctrl+C` (in skaffold dev) | Stops Skaffold, keeps everything | -| **Clean deployment only** | `skaffold delete` | Removes K8s resources, keeps images | -| **Clean HTTPS setup** | `./cleanup-https.sh` | Removes HTTPS + cert-manager | -| **Complete cleanup** | `./complete-cleanup.sh` | **Everything** (interactive) | -| **Nuclear option** | See manual commands below | Complete manual cleanup | - -## ๐Ÿš€ Quick Cleanup Commands - -### 1. Stop Skaffold Development Mode -```bash -# If running skaffold dev, just press: -Ctrl+C - -# Or from another terminal: -skaffold delete --profile=dev -``` - -### 2. Clean Only Kubernetes Resources -```bash -# Remove all bakery-ia resources -kubectl delete namespace bakery-ia - -# Remove cert-manager (if installed) -kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml - -# Remove NGINX Ingress -kubectl delete -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml -``` - -### 3. Clean Docker Images -```bash -# Remove bakery images -docker images | grep "bakery/" | awk '{print $1":"$2}' | xargs docker rmi -f - -# Remove dangling images -docker image prune -f - -# Remove build cache -docker builder prune -f -``` - -### 4. Clean Kind Cluster -```bash -# Delete specific cluster -kind delete cluster --name bakery-ia-local - -# Delete all clusters -kind get clusters | xargs -r -I {} kind delete cluster --name {} -``` - -### 5. Clean Colima -```bash -# Stop Colima -colima stop --profile k8s-local - -# Delete Colima profile (removes all Docker data) -colima delete --profile k8s-local --force -``` - -## ๐Ÿ”„ Automated Cleanup Scripts - -### Option 1: Complete Cleanup (Recommended) -```bash -# Interactive cleanup of everything -./complete-cleanup.sh -``` - -### Option 2: HTTPS-Only Cleanup -```bash -# Removes HTTPS setup but keeps basic environment -./cleanup-https.sh -``` - -### Option 3: Skaffold-Only Cleanup -```bash -# Quick cleanup of just the deployment -skaffold delete --profile=dev -``` - -## ๐Ÿ› ๏ธ Manual Nuclear Cleanup - -If scripts fail, use these manual commands: - -```bash -# 1. Stop all processes -pkill -f skaffold -pkill -f kubectl - -# 2. Clean Kubernetes -kubectl delete namespace bakery-ia --force --grace-period=0 2>/dev/null || true -kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml --ignore-not-found=true -kubectl delete -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml --ignore-not-found=true - -# 3. Clean Docker aggressively -docker stop $(docker ps -aq) 2>/dev/null || true -docker rm $(docker ps -aq) 2>/dev/null || true -docker rmi $(docker images -q) -f 2>/dev/null || true -docker system prune -a -f --volumes - -# 4. Clean Kind completely -kind get clusters | xargs -r -I {} kind delete cluster --name {} - -# 5. Reset Colima completely -colima stop --profile k8s-local 2>/dev/null || true -colima delete --profile k8s-local --force 2>/dev/null || true -rm -rf ~/.colima/k8s-local - -# 6. Clean local files -rm -f *.crt *.key bakery-ia-ca.crt -rm -rf ~/.skaffold/cache - -# 7. Clean hosts file (careful!) -sudo cp /etc/hosts /etc/hosts.backup -sudo sed -i '' '/bakery-ia.local/d' /etc/hosts -sudo sed -i '' '/api.bakery-ia.local/d' /etc/hosts -sudo sed -i '' '/monitoring.bakery-ia.local/d' /etc/hosts -``` - -## ๐ŸŽฏ Cleanup by Use Case - -### Daily Development -```bash -# Quick reset between sessions -skaffold delete --profile=dev -``` - -### Weekly Cleanup -```bash -# Clean up accumulated images and cache -docker image prune -f -docker builder prune -f -``` - -### Project Finished -```bash -# Complete cleanup -./complete-cleanup.sh -``` - -### Something's Broken -```bash -# Nuclear reset -kind delete cluster --name bakery-ia-local -colima delete --profile k8s-local --force -# Then restart with ./skaffold-dev.sh -``` - -## ๐Ÿ” Verify Cleanup - -After cleanup, verify with these commands: - -```bash -# Check Docker images -docker images | grep bakery - -# Check Kind clusters -kind get clusters - -# Check Colima status -colima status --profile k8s-local - -# Check Kubernetes (should fail if cluster deleted) -kubectl get pods -n bakery-ia - -# Check hosts file -grep bakery /etc/hosts -``` - -## ๐Ÿš€ Restart After Cleanup - -To restart development after cleanup: - -```bash -# Quick start -./skaffold-dev.sh - -# Or with HTTPS -./setup-https.sh - -# Or manual -colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local -kind create cluster --name bakery-ia-local -skaffold dev --profile=dev -``` - -## โš ๏ธ Important Notes - -1. **Always backup** important data before cleanup -2. **The complete cleanup script is interactive** - it will ask before destructive operations -3. **Colima profile deletion** removes ALL Docker data in that profile -4. **Kind cluster deletion** is permanent - you'll lose all Kubernetes data -5. **Hosts file changes** require sudo permissions - -Choose the cleanup level that matches your needs! ๐ŸŽฏ \ No newline at end of file diff --git a/bakery-ia-ca.crt b/bakery-ia-ca.crt index 192cf0c2..10cb2c52 100644 --- a/bakery-ia-ca.crt +++ b/bakery-ia-ca.crt @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIIB9TCCAZygAwIBAgIQAqQJ8a0XYP5XfN9bOoSX6TAKBggqhkjOPQQDAjBbMQsw -CQYDVQQGEwJVUzESMBAGA1UEChMJQmFrZXJ5IElBMRswGQYDVQQLExJCYWtlcnkg -SUEgTG9jYWwgQ0ExGzAZBgNVBAMTEmJha2VyeS1pYS1sb2NhbC1jYTAeFw0yNTA5 -MjgwODA5MzFaFw0yNjA5MjgwODA5MzFaMFsxCzAJBgNVBAYTAlVTMRIwEAYDVQQK -EwlCYWtlcnkgSUExGzAZBgNVBAsTEkJha2VyeSBJQSBMb2NhbCBDQTEbMBkGA1UE -AxMSYmFrZXJ5LWlhLWxvY2FsLWNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -OaGd9w4LnTtcIZQo3P3CtBr8CVCckF1gWoNK3CCU30d29oiGTEU+IWo9CE2Tqszk -ZIWKENOB05VaHbJYs2jArKNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFM0ePz20KZn61OMTwWj1aiG0YWVlMAoGCCqGSM49BAMC -A0cAMEQCIE5DgVJTSpPyzHKG836VyMWvT1bNBzlmK+d0txTmivX4AiATgglI/ijl -WD6Uf7SVsaB73mbL4vpHP7HZrZfk3MCo0g== +MIIB9jCCAZ2gAwIBAgIRALeFt7uyrRUtqT8VC8AyOqAwCgYIKoZIzj0EAwIwWzEL +MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUJha2VyeSBJQTEbMBkGA1UECxMSQmFrZXJ5 +IElBIExvY2FsIENBMRswGQYDVQQDExJiYWtlcnktaWEtbG9jYWwtY2EwHhcNMjUw +OTI4MTYzMzAxWhcNMjYwOTI4MTYzMzAxWjBbMQswCQYDVQQGEwJVUzESMBAGA1UE +ChMJQmFrZXJ5IElBMRswGQYDVQQLExJCYWtlcnkgSUEgTG9jYWwgQ0ExGzAZBgNV +BAMTEmJha2VyeS1pYS1sb2NhbC1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BMvQUfoPOJxF4JWwFX+YoolhrMKMBJ7pN5roI6/puxXa3UKRuQSF17lQGqdI9MFy +oYaQJlQ9PqI5RwqZn6uAIT6jQjBAMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBS5waYyMCV5bG55I8YGZSIJCioRdjAKBggqhkjOPQQD +AgNHADBEAiAckCO8A4ZHLQg0wYi8q67lLB83OVXpyJ4Y3csjKI3WogIgNtuWgJ48 +uOcW+pgMS55qTRkhZfAZXdAlhq/M2d/C6QA= -----END CERTIFICATE----- diff --git a/cleanup-https.sh b/cleanup-https.sh deleted file mode 100755 index 97ce0069..00000000 --- a/cleanup-https.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash - -# Bakery IA HTTPS Cleanup Script -# This script removes HTTPS configuration and cert-manager - -set -e - -echo "๐Ÿงน Cleaning up HTTPS setup for Bakery IA" -echo "========================================" - -# Colors for output -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' # No Color - -print_status() { - echo -e "${BLUE}[INFO]${NC} $1" -} - -print_success() { - echo -e "${GREEN}[SUCCESS]${NC} $1" -} - -print_warning() { - echo -e "${YELLOW}[WARNING]${NC} $1" -} - -# Remove application -cleanup_application() { - print_status "Removing Bakery IA application..." - - # Try Skaffold cleanup first (if available and was used) - if command -v skaffold &> /dev/null; then - print_status "Cleaning up Skaffold deployment..." - skaffold delete --profile=dev --ignore-not-found=true 2>/dev/null || true - fi - - # Fallback to manual cleanup - print_status "Cleaning up remaining resources..." - kubectl delete -k infrastructure/kubernetes/overlays/dev/ --ignore-not-found=true - - print_success "Application removed" -} - -# Remove certificates and issuers -cleanup_certificates() { - print_status "Removing certificates and issuers..." - kubectl delete clusterissuers --all --ignore-not-found=true - kubectl delete certificates --all -n cert-manager --ignore-not-found=true - kubectl delete secrets local-ca-key-pair -n cert-manager --ignore-not-found=true - print_success "Certificates and issuers removed" -} - -# Remove cert-manager -cleanup_cert_manager() { - print_status "Removing cert-manager..." - kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml --ignore-not-found=true - print_success "cert-manager removed" -} - -# Remove ingress controller -cleanup_ingress() { - print_status "Removing NGINX Ingress Controller..." - kubectl delete -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml --ignore-not-found=true - print_success "NGINX Ingress Controller removed" -} - -# Remove local files -cleanup_local_files() { - print_status "Removing local certificate files..." - rm -f bakery-ia-ca.crt - print_success "Local files cleaned up" -} - -# Main cleanup -main() { - print_warning "This will remove all HTTPS configuration and cert-manager from your cluster." - read -p "Are you sure you want to continue? (y/N): " -n 1 -r - echo - if [[ ! $REPLY =~ ^[Yy]$ ]]; then - print_status "Cleanup cancelled" - exit 0 - fi - - cleanup_application - cleanup_certificates - cleanup_cert_manager - cleanup_ingress - cleanup_local_files - - print_success "๐ŸŽ‰ Cleanup completed!" - echo "" - echo "Additional cleanup commands (if needed):" - echo " ๐Ÿ—‚๏ธ Remove hosts entries: sudo sed -i '' '/bakery-ia.local/d' /etc/hosts" - echo " ๐Ÿณ Stop Colima: colima stop --profile k8s-local" - echo " ๐Ÿ—‘๏ธ Delete Kind cluster: kind delete cluster --name bakery-ia-local" - echo "" - print_warning "Note: Hosts file entries and CA certificate may need manual cleanup" -} - -main "$@" \ No newline at end of file diff --git a/gateway/Dockerfile b/gateway/Dockerfile index f3ff5be5..3b855bc6 100644 --- a/gateway/Dockerfile +++ b/gateway/Dockerfile @@ -1,5 +1,5 @@ # Add this stage at the top of each service Dockerfile -FROM python:3.11-slim as shared +FROM python:3.11-slim AS shared WORKDIR /shared COPY shared/ /shared/ @@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared COPY gateway/ . # Add shared libraries to Python path -ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" +ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}" # Expose port EXPOSE 8000 diff --git a/infrastructure/kubernetes/README.md b/infrastructure/kubernetes/README.md index 2f56e69d..989f363b 100644 --- a/infrastructure/kubernetes/README.md +++ b/infrastructure/kubernetes/README.md @@ -1,214 +1,86 @@ # Bakery IA Kubernetes Configuration -This directory contains Kubernetes manifests for deploying the Bakery IA forecasting platform in a local development environment with **permanent localhost access** and **FREE HTTPS support** using cert-manager and NGINX ingress. +This directory contains Kubernetes manifests for deploying the Bakery IA platform in local development and production environments with HTTPS support using cert-manager and NGINX ingress. -## โšก Quick Start (5 Commands) +## Quick Start + +Deploy the entire platform with these 5 commands: ```bash -# 1. Start Colima -colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local +# 1. Start Colima with adequate resources +colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local # 2. Create Kind cluster with permanent localhost access kind create cluster --config kind-config.yaml # 3. Install NGINX Ingress Controller -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml && kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml +kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s # 4. Configure permanent localhost access kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' -# 5. Deploy your application +# 5. Deploy with Skaffold skaffold dev --profile=dev -# ๐ŸŽ‰ Done! Access at: http://localhost +# ๐ŸŽ‰ Access at: https://localhost ``` -## Prerequisites (macOS Local Development) +## Prerequisites -1. **Colima**: Docker runtime for macOS -2. **Kind**: Kubernetes in Docker for local clusters -3. **kubectl**: Kubernetes command-line tool -4. **Skaffold**: For building and deploying applications -5. **NGINX Ingress Controller**: For routing traffic (installed automatically) -6. **cert-manager**: For automatic TLS certificate management (installed automatically) - -### Install Prerequisites (macOS) +Install the following tools on macOS: ```bash -# Install Homebrew (if not already installed) -/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - -# Install required tools +# Install via Homebrew brew install colima kind kubectl skaffold # Verify installations -colima version -kind version -kubectl version --client -skaffold version +colima version && kind version && kubectl version --client && skaffold version ``` -## ๐Ÿ”’ HTTPS Setup Options - -### Option 1: Automated HTTPS Setup (Recommended) -```bash -# Run the automated HTTPS setup script -./setup-https.sh -``` - -### Option 2: HTTP Only (Basic Setup) -```bash -# Deploy without HTTPS -kubectl apply -k infrastructure/kubernetes/overlays/dev/ -``` - -## Kind Configuration for Permanent Localhost Access - -The `kind-config.yaml` file in the root directory provides permanent localhost access without port forwarding: - -```yaml -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -name: bakery-ia-local -nodes: -- role: control-plane - kubeadmConfigPatches: - - | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" - extraPortMappings: - # HTTP ingress - - containerPort: 30080 - hostPort: 80 - protocol: TCP - # HTTPS ingress - - containerPort: 30443 - hostPort: 443 - protocol: TCP - # Direct frontend access (backup) - - containerPort: 30300 - hostPort: 3000 - protocol: TCP - # Direct gateway access (backup) - - containerPort: 30800 - hostPort: 8000 - protocol: TCP -``` - -This configuration maps: -- Port 80 โ†’ localhost:80 (HTTP) -- Port 443 โ†’ localhost:443 (HTTPS) -- Port 3000 โ†’ localhost:3000 (Direct frontend) -- Port 8000 โ†’ localhost:8000 (Direct gateway) - ## Directory Structure ``` infrastructure/kubernetes/ -โ”œโ”€โ”€ kind-config.yaml # Kind cluster configuration with port mapping โ”œโ”€โ”€ base/ # Base Kubernetes resources โ”‚ โ”œโ”€โ”€ namespace.yaml # Namespace definition โ”‚ โ”œโ”€โ”€ configmap.yaml # Shared configuration -โ”‚ โ”œโ”€โ”€ secrets.yaml # Secrets (base64 encoded) -โ”‚ โ”œโ”€โ”€ ingress.yaml # HTTP ingress rules +โ”‚ โ”œโ”€โ”€ secrets.yaml # Base64 encoded secrets โ”‚ โ”œโ”€โ”€ ingress-https.yaml # HTTPS ingress rules -โ”‚ โ””โ”€โ”€ kustomization.yaml # Base kustomization -โ”œโ”€โ”€ components/ # Individual component manifests -โ”‚ โ”œโ”€โ”€ cert-manager/ # Certificate management -โ”‚ โ”‚ โ”œโ”€โ”€ cluster-issuer-staging.yaml # Let's Encrypt staging -โ”‚ โ”‚ โ”œโ”€โ”€ cluster-issuer-production.yaml # Let's Encrypt production -โ”‚ โ”‚ โ””โ”€โ”€ local-ca-issuer.yaml # Local CA for development -โ”‚ โ”œโ”€โ”€ auth/ # Auth service -โ”‚ โ”œโ”€โ”€ tenant/ # Tenant service -โ”‚ โ”œโ”€โ”€ training/ # Training service -โ”‚ โ”œโ”€โ”€ forecasting/ # Forecasting service -โ”‚ โ”œโ”€โ”€ sales/ # Sales service -โ”‚ โ”œโ”€โ”€ external/ # External service -โ”‚ โ”œโ”€โ”€ notification/ # Notification service -โ”‚ โ”œโ”€โ”€ inventory/ # Inventory service -โ”‚ โ”œโ”€โ”€ recipes/ # Recipes service -โ”‚ โ”œโ”€โ”€ suppliers/ # Suppliers service -โ”‚ โ”œโ”€โ”€ pos/ # POS service -โ”‚ โ”œโ”€โ”€ orders/ # Orders service -โ”‚ โ”œโ”€โ”€ production/ # Production service -โ”‚ โ”œโ”€โ”€ alert-processor/ # Alert processor -โ”‚ โ”œโ”€โ”€ frontend/ # Frontend application -โ”‚ โ”œโ”€โ”€ databases/ # Database deployments -โ”‚ โ””โ”€โ”€ infrastructure/ # Infrastructure components (gateway, etc.) +โ”‚ โ”œโ”€โ”€ kustomization.yaml # Base kustomization +โ”‚ โ””โ”€โ”€ components/ # Individual component manifests +โ”‚ โ”œโ”€โ”€ cert-manager/ # Certificate management +โ”‚ โ”œโ”€โ”€ auth/ # Authentication service +โ”‚ โ”œโ”€โ”€ tenant/ # Tenant management +โ”‚ โ”œโ”€โ”€ training/ # ML training service +โ”‚ โ”œโ”€โ”€ forecasting/ # Demand forecasting +โ”‚ โ”œโ”€โ”€ sales/ # Sales management +โ”‚ โ”œโ”€โ”€ external/ # External API service +โ”‚ โ”œโ”€โ”€ notification/ # Notification service +โ”‚ โ”œโ”€โ”€ inventory/ # Inventory management +โ”‚ โ”œโ”€โ”€ recipes/ # Recipe management +โ”‚ โ”œโ”€โ”€ suppliers/ # Supplier management +โ”‚ โ”œโ”€โ”€ pos/ # Point of sale +โ”‚ โ”œโ”€โ”€ orders/ # Order management +โ”‚ โ”œโ”€โ”€ production/ # Production planning +โ”‚ โ”œโ”€โ”€ alert-processor/ # Alert processing +โ”‚ โ”œโ”€โ”€ frontend/ # React frontend +โ”‚ โ”œโ”€โ”€ databases/ # Database deployments +โ”‚ โ””โ”€โ”€ infrastructure/ # Gateway & monitoring โ””โ”€โ”€ overlays/ - โ””โ”€โ”€ dev/ # Development environment overlay - โ”œโ”€โ”€ kustomization.yaml # Dev-specific kustomization - โ”œโ”€โ”€ https-kustomization.yaml # HTTPS-specific kustomization - โ”œโ”€โ”€ dev-patches.yaml # Development patches - โ””โ”€โ”€ ingress-https-patch.yaml # HTTPS ingress patch + โ””โ”€โ”€ dev/ # Development environment + โ”œโ”€โ”€ kustomization.yaml # Dev-specific configuration + โ””โ”€โ”€ dev-patches.yaml # Development patches ``` -## ๐Ÿš€ Quick Start (macOS with Kind + Colima) +## Access URLs -### 1. Start Colima and Create Kind Cluster with Permanent Localhost Access +### Primary Access (Standard Web Ports) +- **Frontend**: https://localhost +- **API Gateway**: https://localhost/api -```bash -# Start Colima with proper resources for development -colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local - -# Create Kind cluster with permanent port mapping for localhost access -kind create cluster --config kind-config.yaml - -# Verify cluster is running and port mappings -kubectl cluster-info -docker port bakery-ia-local-control-plane -``` - -The `kind-config.yaml` configuration provides permanent localhost access on ports 80 and 443 without requiring port forwarding! - -### 2. Install NGINX Ingress Controller for Kind - -```bash -# Install NGINX Ingress Controller (Kind-specific with permanent localhost access) -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml - -# Wait for ingress controller to be ready -kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=300s - -# Configure ingress controller for permanent localhost access -kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' -``` - -### 3. Deploy with Skaffold (No Port Forwarding Required!) - -```bash -# Option A: Development mode with auto-rebuild (Recommended) -skaffold dev --profile=dev - -# Option B: One-time deployment -skaffold run --profile=dev - -# Option C: Debug mode (still includes port forwarding for individual services) -skaffold debug --profile=debug - -# Check deployment status -kubectl get pods -n bakery-ia -kubectl get services -n bakery-ia -kubectl get ingress -n bakery-ia -``` - -**Note**: With the new configuration, skaffold no longer needs port forwarding for frontend access since localhost:80 and localhost:443 are permanently mapped! - -### 4. Access the Application - Permanent Localhost Access! ๐ŸŽ‰ - -**No /etc/hosts modification needed!** The application is now accessible directly via standard localhost URLs: - -**Primary Access (Recommended):** -- **Frontend**: http://localhost or https://localhost -- **API Gateway**: http://localhost/api or https://localhost/api - -**Named Host Access (Optional):** -If you prefer named hosts, add to your `/etc/hosts` file: +### Named Host Access (Optional) +Add to `/etc/hosts` for named access: ```bash echo "127.0.0.1 bakery-ia.local" | sudo tee -a /etc/hosts echo "127.0.0.1 api.bakery-ia.local" | sudo tee -a /etc/hosts @@ -216,508 +88,186 @@ echo "127.0.0.1 monitoring.bakery-ia.local" | sudo tee -a /etc/hosts ``` Then access via: -- Frontend: http://bakery-ia.local or https://bakery-ia.local -- API Gateway: http://api.bakery-ia.local or https://api.bakery-ia.local -- Monitoring: http://monitoring.bakery-ia.local or https://monitoring.bakery-ia.local +- **Frontend**: https://bakery-ia.local +- **API**: https://api.bakery-ia.local +- **Monitoring**: https://monitoring.bakery-ia.local -## ๐Ÿ”’ HTTPS Configuration (FREE with Let's Encrypt) +### Direct Service Access (Development) +- **Frontend**: http://localhost:3000 +- **Gateway**: http://localhost:8000 -### Automated HTTPS Setup - -The quickest way to enable HTTPS is using the automated setup script: +## Development Workflow +### Start Development Environment ```bash -# Run the automated HTTPS setup script -./setup-https.sh +# Start development mode with hot-reload +skaffold dev --profile=dev + +# Or one-time deployment +skaffold run --profile=dev ``` -This script will: -- โœ… Install cert-manager (FREE Let's Encrypt client) -- โœ… Install NGINX Ingress Controller -- โœ… Set up cluster issuers (staging, production, and local CA) -- โœ… Deploy your application with HTTPS support -- โœ… Generate and configure TLS certificates -- โœ… Export CA certificate for browser trust - -### Manual HTTPS Setup - -If you prefer manual setup: - -#### 1. Install cert-manager -```bash -kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml -kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s -``` - -#### 2. Install NGINX Ingress Controller for Kind -```bash -kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml -kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s -``` - -#### 3. Apply Certificate Issuers -```bash -kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml -kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml -kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml -``` - -#### 4. Deploy with HTTPS -```bash -kubectl apply -k infrastructure/kubernetes/overlays/dev/ -kubectl patch ingress bakery-ingress -n bakery-ia --patch-file infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml -``` - -#### 5. Export CA Certificate for Browser Trust -```bash -kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt -``` - -### Access HTTPS Application - -After HTTPS setup: -- **๐Ÿ” Frontend:** https://bakery-ia.local -- **๐Ÿ” API Gateway:** https://api.bakery-ia.local -- **๐Ÿ” Monitoring:** https://monitoring.bakery-ia.local - -### Trust the CA Certificate - -**For macOS:** -```bash -open bakery-ia-ca.crt -# In Keychain Access, find "bakery-ia-local-ca" and set to "Always Trust" -``` - -**For Linux:** -```bash -sudo cp bakery-ia-ca.crt /usr/local/share/ca-certificates/ -sudo update-ca-certificates -``` - -### Certificate Management Commands - -```bash -# Check certificate status -kubectl get certificates -n bakery-ia - -# Check certificate details -kubectl describe certificate bakery-ia-tls-cert -n bakery-ia - -# Check cluster issuers -kubectl get clusterissuers - -# Check TLS secret -kubectl get secret bakery-ia-tls-cert -n bakery-ia -``` - -### Switching to Production Let's Encrypt - -To use real Let's Encrypt certificates (requires public domain): - -1. Update the cluster issuer in `ingress-https-patch.yaml`: -```yaml -cert-manager.io/cluster-issuer: "letsencrypt-production" # Change from local-ca-issuer -``` - -2. Update email in cluster issuers to your real email -3. Ensure your domain points to your cluster's external IP - -### Cleanup HTTPS Setup - -```bash -# Run cleanup script -./cleanup-https.sh - -# Or manually clean up -kubectl delete -k infrastructure/kubernetes/overlays/dev/ -kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml -rm -f bakery-ia-ca.crt -``` - -## Port Forwarding for Direct Access - -If you prefer to access services directly without ingress: - -```bash -# Frontend -kubectl port-forward -n bakery-ia svc/frontend-service 3000:3000 - -# Gateway -kubectl port-forward -n bakery-ia svc/gateway-service 8000:8000 - -# Auth Service -kubectl port-forward -n bakery-ia svc/auth-service 8001:8000 - -# Redis -kubectl port-forward -n bakery-ia svc/redis-service 6379:6379 - -# Database example (auth-db) -kubectl port-forward -n bakery-ia svc/auth-db-service 5432:5432 -``` - -## Managing the Deployment - -### Check Status +### Key Features +- โœ… **Hot-reload development** - Automatic rebuilds on code changes +- โœ… **Permanent localhost access** - No port forwarding needed +- โœ… **HTTPS by default** - Local CA certificates for secure development +- โœ… **Microservices architecture** - All services deployed together +- โœ… **Database management** - PostgreSQL, Redis, and RabbitMQ included +### Monitor and Debug ```bash # Check all resources kubectl get all -n bakery-ia -# Check specific resource types -kubectl get pods -n bakery-ia -kubectl get services -n bakery-ia -kubectl get deployments -n bakery-ia -kubectl get pvc -n bakery-ia +# View logs +kubectl logs -n bakery-ia deployment/auth-service -f -# Check logs -kubectl logs -n bakery-ia deployment/auth-service -kubectl logs -n bakery-ia deployment/frontend -f # Follow logs +# Check ingress status +kubectl get ingress -n bakery-ia + +# Debug certificate issues +kubectl describe certificate bakery-ia-tls-cert -n bakery-ia ``` -### Update Deployments +## Certificate Management +The platform uses cert-manager for automatic HTTPS certificate generation: + +- **Local CA**: For development (default) +- **Let's Encrypt Staging**: For testing +- **Let's Encrypt Production**: For production deployments + +### Trust Local Certificates ```bash -# After making changes to manifests -kubectl apply -k infrastructure/kubernetes/overlays/dev/ +# Export CA certificate +kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt -# Force restart a deployment -kubectl rollout restart -n bakery-ia deployment/auth-service - -# Check rollout status -kubectl rollout status -n bakery-ia deployment/auth-service +# Trust in macOS +open bakery-ia-ca.crt +# In Keychain Access, set "bakery-ia-local-ca" to "Always Trust" ``` -### Scaling Services - -```bash -# Scale a service -kubectl scale -n bakery-ia deployment/auth-service --replicas=3 - -# Or edit the kustomization.yaml replicas section and reapply -``` - -### Clean Up (macOS + Kind + Colima + Skaffold) - -```bash -# Option 1: Quick cleanup (development session) -skaffold delete --profile=dev - -# Option 2: Clean up HTTPS setup -./cleanup-https.sh - -# Option 3: Complete cleanup (everything) -./complete-cleanup.sh - -# Option 4: Manual cleanup steps -kubectl delete namespace bakery-ia -kind delete cluster --name bakery-ia-local -colima stop --profile k8s-local -``` - -**๐Ÿ“– For detailed cleanup options, see [CLEANUP-GUIDE.md](../../CLEANUP-GUIDE.md)** - -## Configuration +## Configuration Management ### Secrets +Base64-encoded secrets are stored in `base/secrets.yaml`. For production: +- Use external secret management (HashiCorp Vault, AWS Secrets Manager) +- Never commit real secrets to version control -The `secrets.yaml` file contains base64-encoded secrets. For production, these should be: -1. Generated securely -2. Managed through external secret management systems -3. Not committed to version control - -To encode/decode secrets: ```bash -# Encode +# Encode secrets echo -n "your-secret-value" | base64 -# Decode +# Decode secrets echo "eW91ci1zZWNyZXQtdmFsdWU=" | base64 -d ``` -### Environment-Specific Configuration +### Environment Configuration +Development-specific settings are in `overlays/dev/`: +- **Resource limits**: Reduced for local development +- **Image pull policy**: Never (for local images) +- **Debug settings**: Enabled +- **CORS**: Configured for localhost -Modify the `overlays/dev/` files to customize the development environment: -- `kustomization.yaml`: Image tags, replicas, resource references -- `dev-patches.yaml`: Environment-specific configuration overrides +## Scaling and Resource Management -### Adding New Services +### Scale Services +```bash +# Scale individual service +kubectl scale -n bakery-ia deployment/auth-service --replicas=3 -1. Create a new directory under `components/` -2. Add the service YAML manifest -3. Update `base/kustomization.yaml` to include the new resource -4. Update configuration maps and secrets as needed +# Or update kustomization.yaml replicas section +``` + +### Resource Configuration +Development environment uses minimal resources: +- **Databases**: 64Mi-256Mi memory, 25m-200m CPU +- **Services**: 64Mi-256Mi memory, 25m-200m CPU +- **Training Service**: 256Mi-1Gi memory (ML workloads) ## Troubleshooting ### Common Issues -1. **Images not found**: Ensure images are built and available to the cluster -2. **Pending pods**: Check resource requests and cluster capacity -3. **CrashLoopBackOff**: Check logs and environment variables -4. **Service not accessible**: Verify ingress controller is running and localhost ports are mapped -5. **Database corruption**: If PostgreSQL databases show "could not locate a valid checkpoint record", delete the PVC and restart the pod to get fresh storage -6. **Port conflicts**: If localhost:80 or localhost:443 are already in use, stop other services or change the Kind configuration -7. **HTTPS certificate not issued**: Check cert-manager logs and cluster issuer status -8. **Browser security warnings**: Import and trust the CA certificate (`bakery-ia-ca.crt`) -9. **Certificate pending**: Wait for cert-manager to issue the certificate (usually takes 30-60 seconds) -10. **Kustomize deprecation warnings**: Fixed - using modern `patches` syntax instead of deprecated `patchesStrategicMerge` and `patchesJson6902` +1. **Images not found** + ```bash + # Build images with Skaffold + skaffold build --profile=dev + ``` -### Database Recovery Commands +2. **Database corruption after restart** + ```bash + # Delete corrupted PVC and restart + kubectl delete pod -n bakery-ia -l app.kubernetes.io/name=inventory-db + kubectl delete pvc -n bakery-ia inventory-db-pvc + ``` -If you encounter database corruption (common after improper cluster shutdown): +3. **HTTPS certificate not issued** + ```bash + # Check cert-manager logs + kubectl logs -n cert-manager deployment/cert-manager + kubectl describe certificate bakery-ia-tls-cert -n bakery-ia + ``` +4. **Port conflicts** + ```bash + # Check what's using ports 80/443 + sudo lsof -i :80 -i :443 + ``` + +### Debug Commands ```bash -# Check which databases are failing -kubectl get pods -n bakery-ia | grep -E "(db|CrashLoopBackOff)" - -# For each corrupted database (example with inventory-db): -kubectl delete pod -n bakery-ia -l app.kubernetes.io/name=inventory-db -kubectl delete pvc -n bakery-ia inventory-db-pvc - -# The deployment will automatically recreate with fresh storage -# Repeat for pos-db-pvc and training-db-pvc if needed -``` - -### Debugging Commands - -```bash -# Describe resources for detailed information -kubectl describe pod -n bakery-ia -kubectl describe deployment -n bakery-ia - -# Get events +# Get cluster events kubectl get events -n bakery-ia --sort-by='.firstTimestamp' -# Execute commands in pods -kubectl exec -n bakery-ia -it -- bash -kubectl exec -n bakery-ia -it -- env - -# Check resource usage +# Resource usage kubectl top pods -n bakery-ia kubectl top nodes -# HTTPS/Certificate debugging -kubectl logs -n cert-manager deployment/cert-manager -kubectl describe clusterissuer letsencrypt-staging -kubectl describe certificate bakery-ia-tls-cert -n bakery-ia -kubectl get challenges -n bakery-ia -kubectl get certificaterequests -n bakery-ia +# Execute in pod +kubectl exec -n bakery-ia -it -- bash ``` -## Production Considerations - -For production deployment, consider: - -1. **Resource Limits**: Set appropriate CPU and memory limits -2. **Persistent Volumes**: Use proper storage classes for databases -3. **Secrets Management**: Use external secret management (HashiCorp Vault, AWS Secrets Manager, etc.) -4. **Monitoring**: Deploy Prometheus and Grafana -5. **Backup**: Implement database backup strategies -6. **High Availability**: Use multiple replicas and anti-affinity rules -7. **Security**: Network policies, RBAC, pod security policies -8. **TLS/HTTPS**: Use production Let's Encrypt certificates for public domains -9. **CI/CD**: Integrate with your deployment pipeline - -## Next Steps - -1. Add monitoring with Prometheus and Grafana -2. Implement proper logging with ELK stack or similar -3. Add health checks and metrics endpoints -4. Implement automated testing -5. Set up CI/CD pipelines for automated deployments - -## ๐Ÿš€ Complete Setup Guide (macOS + Kind + Colima) - New Permanent Solution! - -### Method 1: Permanent Localhost Access (Recommended - No Port Forwarding!) +## Cleanup +### Quick Cleanup ```bash -# 1. Start Colima -colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local - -# 2. Create Kind cluster with permanent port mapping -kind create cluster --config kind-config.yaml - -# 3. Install NGINX Ingress Controller with NodePort configuration -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml -kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s - -# 4. Configure ingress for permanent localhost access -kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' - -# 5. Deploy with Skaffold -skaffold dev --profile=dev - -# 6. Access your application - NO /etc/hosts needed! -# Frontend: http://localhost -# API: http://localhost/api -# HTTPS: https://localhost (with browser security warnings) +# Stop Skaffold (Ctrl+C or) +skaffold delete --profile=dev ``` -### Method 2: Legacy Setup with HTTPS and Named Hosts - +### Complete Cleanup ```bash -# 1. Start Colima -colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local - -# 2. Create standard Kind cluster -kind create cluster --name bakery-ia-local - -# 3. Run automated HTTPS setup (includes cert-manager and ingress) -./setup-https.sh - -# 4. Deploy with Skaffold -skaffold dev --profile=dev - -# 5. Add hosts entries for named hosts -sudo tee -a /etc/hosts << EOF -127.0.0.1 bakery-ia.local -127.0.0.1 api.bakery-ia.local -127.0.0.1 monitoring.bakery-ia.local -EOF - -# 6. Trust CA certificate (for HTTPS) -open bakery-ia-ca.crt -# In Keychain Access, set "bakery-ia-local-ca" to "Always Trust" -``` - -## ๐Ÿš€ Skaffold Development Workflow - -### Development Mode (Recommended) -```bash -# Start continuous development mode -skaffold dev --profile=dev -``` - -This will: -- โœ… **Build all Docker images** automatically -- โœ… **Deploy to your Kind cluster** -- โœ… **Watch for file changes** in real-time -- โœ… **Automatically rebuild and redeploy** when you save files -- โœ… **Stream logs** from all services in one terminal - -### Other Skaffold Commands - -```bash -# One-time deployment (no file watching) -skaffold run --profile=dev - -# Debug mode with port forwarding -skaffold debug --profile=debug - -# Force rebuild and deploy -skaffold build --file-output=build.json -skaffold deploy --build-artifacts=build.json - -# Clean up deployed resources -skaffold delete -``` - -### Stopping Skaffold - -```bash -# Stop Skaffold (press Ctrl+C in the terminal running skaffold dev) -# Or run: -skaffold delete - -# Complete cleanup +# Delete everything +kubectl delete namespace bakery-ia kind delete cluster --name bakery-ia-local colima stop --profile k8s-local ``` -### ๐ŸŽฏ Key Skaffold Benefits +### Restart Sequence +```bash +# Post-restart startup +colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local +kind create cluster --config kind-config.yaml +skaffold dev --profile=dev +``` -1. **๐Ÿ”„ Automated builds**: No manual Docker image building -2. **๐Ÿ‘€ File watching**: Instant rebuilds on code changes -3. **๐Ÿ“Š Log streaming**: All service logs in one place -4. **๐Ÿ”— Port forwarding**: Easy access to services during development -5. **โšก One command deployment**: `skaffold dev` does everything +## Production Considerations -### ๐Ÿ’ก Pro Tips +For production deployment: -- Use `skaffold dev --profile=dev` for daily development -- Code changes trigger automatic rebuilds and deployments -- Logs are automatically streamed to your terminal -- Press `Ctrl+C` to stop and clean up everything +- **Security**: Implement RBAC, network policies, pod security standards +- **Monitoring**: Deploy Prometheus, Grafana, and alerting +- **Backup**: Database backup strategies +- **High Availability**: Multi-replica deployments with anti-affinity +- **External Secrets**: Use managed secret services +- **TLS**: Production Let's Encrypt certificates +- **CI/CD**: Automated deployment pipelines -## ๐ŸŽ‰ Summary: What You Get +## Next Steps -### ๐Ÿš€ NEW: Permanent Localhost Access (No Port Forwarding!) -- โœ… **Direct localhost access** at http://localhost and https://localhost -- โœ… **Standard web ports** 80 and 443 work directly -- โœ… **No /etc/hosts modifications** required for basic access -- โœ… **No port forwarding commands** needed during development -- โœ… **Bookmark-friendly URLs** like any standard web application -- โœ… **Kind cluster configuration** with permanent port mapping - -### Development Environment -- โœ… **One-command deployment** with `skaffold dev --profile=dev` -- โœ… **Hot-reload development** with automatic rebuilds -- โœ… **Complete observability** with streaming logs and metrics -- โœ… **Easy cleanup** with `skaffold delete` or cleanup scripts -- โœ… **Database corruption protection** with proper PVC management - -### FREE HTTPS with Let's Encrypt (Optional) -- โœ… **Automated certificate management** with cert-manager -- โœ… **Local development certificates** for offline work -- โœ… **Production-ready** Let's Encrypt integration -- โœ… **Auto-renewal** of certificates before expiration -- โœ… **Browser-trusted certificates** with CA import - -### Security Features -- โœ… **TLS 1.3 encryption** for all traffic (when HTTPS is configured) -- โœ… **HTTPS redirects** from HTTP (configurable) -- โœ… **Secure headers** via NGINX Ingress -- โœ… **Certificate transparency** compliance - -### Access URLs - Choose Your Style! - -**๐ŸŒŸ Primary Access (New Permanent Solution):** -- **Frontend:** http://localhost or https://localhost -- **API Gateway:** http://localhost/api or https://localhost/api - -**๐Ÿท๏ธ Named Host Access (Optional with /etc/hosts):** -- **Frontend:** http://bakery-ia.local or https://bakery-ia.local -- **API:** http://api.bakery-ia.local or https://api.bakery-ia.local -- **Monitoring:** http://monitoring.bakery-ia.local or https://monitoring.bakery-ia.local - -**๐Ÿ”ง Direct Service Access (Backup):** -- **Frontend Direct:** http://localhost:3000 -- **Gateway Direct:** http://localhost:8000 - -This setup provides production-like development experience with the convenience of standard localhost URLs! ๐Ÿš€ - - - Pre-Restart Shutdown Sequence: - - 1. Stop Skaffold: - # If running interactively: Ctrl+C - # If running in background: - pkill -f skaffold - - 2. Delete Kind cluster: - kind delete cluster --name bakery-ia-local - - 3. Stop Colima: - colima stop - - Post-Restart Startup Sequence: - - 1. Start Colima: - colima start - - 2. Create Kind cluster: - kind create cluster --config kind-config.yaml --name bakery-ia-local - - 3. Start Skaffold with dev profile: - skaffold dev -p dev - - What Skaffold Will Do: - - - Check existing Docker images (tagged as :dev) - - Skip rebuilds if source code unchanged - - Load images to new Kind cluster - - Deploy using infrastructure/kubernetes/overlays/dev - - Watch for changes and hot-reload - - The -p dev profile ensures consistent tagging and deployment configuration - as defined in your skaffold.yaml profiles section. \ No newline at end of file +1. Add comprehensive monitoring and logging +2. Implement automated testing +3. Set up CI/CD pipelines +4. Add health checks and metrics endpoints +5. Implement proper backup strategies \ No newline at end of file diff --git a/infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml b/infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml index da62ec97..f4a9602c 100644 --- a/infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml +++ b/infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml @@ -69,92 +69,29 @@ spec: containers: - name: alert-processor-service image: bakery/alert-processor:f246381-dirty - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: ALERT_PROCESSOR_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: ALERT_PROCESSOR_DB_HOST - - name: ALERT_PROCESSOR_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: ALERT_PROCESSOR_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: ALERT_PROCESSOR_DB_NAME - - name: ALERT_PROCESSOR_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: ALERT_PROCESSOR_DB_USER - - name: ALERT_PROCESSOR_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: ALERT_PROCESSOR_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: RABBITMQ_VHOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_VHOST - - name: NOTIFICATION_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: NOTIFICATION_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "128Mi" @@ -181,4 +118,4 @@ spec: initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 - failureThreshold: 3 \ No newline at end of file + failureThreshold: 3 diff --git a/infrastructure/kubernetes/base/components/auth/auth-service.yaml b/infrastructure/kubernetes/base/components/auth/auth-service.yaml index 1fb388c6..255eecff 100644 --- a/infrastructure/kubernetes/base/components/auth/auth-service.yaml +++ b/infrastructure/kubernetes/base/components/auth/auth-service.yaml @@ -25,92 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: AUTH_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_DB_HOST - - name: AUTH_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: AUTH_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_DB_NAME - - name: AUTH_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: AUTH_DB_USER - - name: AUTH_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: AUTH_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: JWT_SECRET_KEY - valueFrom: - secretKeyRef: - name: jwt-secrets - key: JWT_SECRET_KEY - - name: JWT_REFRESH_SECRET_KEY - valueFrom: - secretKeyRef: - name: jwt-secrets - key: JWT_REFRESH_SECRET_KEY + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -153,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: auth-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/external/external-service.yaml b/infrastructure/kubernetes/base/components/external/external-service.yaml index df7c939f..701a6101 100644 --- a/infrastructure/kubernetes/base/components/external/external-service.yaml +++ b/infrastructure/kubernetes/base/components/external/external-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: EXTERNAL_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: EXTERNAL_DB_HOST - - name: EXTERNAL_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: EXTERNAL_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: EXTERNAL_DB_NAME - - name: EXTERNAL_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: EXTERNAL_DB_USER - - name: EXTERNAL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: EXTERNAL_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: external-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/forecasting/forecasting-service.yaml b/infrastructure/kubernetes/base/components/forecasting/forecasting-service.yaml index ba2336ac..97b4ce46 100644 --- a/infrastructure/kubernetes/base/components/forecasting/forecasting-service.yaml +++ b/infrastructure/kubernetes/base/components/forecasting/forecasting-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: FORECASTING_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: FORECASTING_DB_HOST - - name: FORECASTING_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: FORECASTING_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: FORECASTING_DB_NAME - - name: FORECASTING_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: FORECASTING_DB_USER - - name: FORECASTING_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: FORECASTING_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: forecasting-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/frontend/frontend-service.yaml b/infrastructure/kubernetes/base/components/frontend/frontend-service.yaml index cdca7997..11412cc4 100644 --- a/infrastructure/kubernetes/base/components/frontend/frontend-service.yaml +++ b/infrastructure/kubernetes/base/components/frontend/frontend-service.yaml @@ -29,26 +29,9 @@ spec: env: - name: NODE_ENV value: "production" - - name: VITE_APP_TITLE - valueFrom: - configMapKeyRef: - name: bakery-config - key: VITE_APP_TITLE - - name: VITE_APP_VERSION - valueFrom: - configMapKeyRef: - name: bakery-config - key: VITE_APP_VERSION - - name: VITE_API_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: VITE_API_URL - - name: VITE_ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: VITE_ENVIRONMENT + envFrom: + - configMapRef: + name: bakery-config resources: requests: memory: "512Mi" @@ -91,4 +74,4 @@ spec: name: http selector: app.kubernetes.io/name: frontend - app.kubernetes.io/component: frontend \ No newline at end of file + app.kubernetes.io/component: frontend diff --git a/infrastructure/kubernetes/base/components/infrastructure/gateway-service.yaml b/infrastructure/kubernetes/base/components/infrastructure/gateway-service.yaml index b37a3dcc..4501e358 100644 --- a/infrastructure/kubernetes/base/components/infrastructure/gateway-service.yaml +++ b/infrastructure/kubernetes/base/components/infrastructure/gateway-service.yaml @@ -25,62 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -123,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: gateway - app.kubernetes.io/component: gateway \ No newline at end of file + app.kubernetes.io/component: gateway diff --git a/infrastructure/kubernetes/base/components/inventory/inventory-service.yaml b/infrastructure/kubernetes/base/components/inventory/inventory-service.yaml index 0cac92de..e86bd84d 100644 --- a/infrastructure/kubernetes/base/components/inventory/inventory-service.yaml +++ b/infrastructure/kubernetes/base/components/inventory/inventory-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: INVENTORY_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: INVENTORY_DB_HOST - - name: INVENTORY_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: INVENTORY_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: INVENTORY_DB_NAME - - name: INVENTORY_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: INVENTORY_DB_USER - - name: INVENTORY_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: INVENTORY_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: inventory-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/notification/notification-service.yaml b/infrastructure/kubernetes/base/components/notification/notification-service.yaml index b9143ed6..80a82e2f 100644 --- a/infrastructure/kubernetes/base/components/notification/notification-service.yaml +++ b/infrastructure/kubernetes/base/components/notification/notification-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: NOTIFICATION_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: NOTIFICATION_DB_HOST - - name: NOTIFICATION_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: NOTIFICATION_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: NOTIFICATION_DB_NAME - - name: NOTIFICATION_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: NOTIFICATION_DB_USER - - name: NOTIFICATION_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: NOTIFICATION_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: notification-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/orders/orders-service.yaml b/infrastructure/kubernetes/base/components/orders/orders-service.yaml index 7bb0e7a4..8d081078 100644 --- a/infrastructure/kubernetes/base/components/orders/orders-service.yaml +++ b/infrastructure/kubernetes/base/components/orders/orders-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: ORDERS_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: ORDERS_DB_HOST - - name: ORDERS_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: ORDERS_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: ORDERS_DB_NAME - - name: ORDERS_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: ORDERS_DB_USER - - name: ORDERS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: ORDERS_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: orders-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/pos/pos-service.yaml b/infrastructure/kubernetes/base/components/pos/pos-service.yaml index dd06f215..8bf9f7be 100644 --- a/infrastructure/kubernetes/base/components/pos/pos-service.yaml +++ b/infrastructure/kubernetes/base/components/pos/pos-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: POS_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: POS_DB_HOST - - name: POS_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: POS_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: POS_DB_NAME - - name: POS_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: POS_DB_USER - - name: POS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: POS_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: pos-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/production/production-service.yaml b/infrastructure/kubernetes/base/components/production/production-service.yaml index 15404bcb..0bd253c1 100644 --- a/infrastructure/kubernetes/base/components/production/production-service.yaml +++ b/infrastructure/kubernetes/base/components/production/production-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: PRODUCTION_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: PRODUCTION_DB_HOST - - name: PRODUCTION_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: PRODUCTION_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: PRODUCTION_DB_NAME - - name: PRODUCTION_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: PRODUCTION_DB_USER - - name: PRODUCTION_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: PRODUCTION_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: production-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/recipes/recipes-service.yaml b/infrastructure/kubernetes/base/components/recipes/recipes-service.yaml index f656edff..e2c6b976 100644 --- a/infrastructure/kubernetes/base/components/recipes/recipes-service.yaml +++ b/infrastructure/kubernetes/base/components/recipes/recipes-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: RECIPES_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RECIPES_DB_HOST - - name: RECIPES_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: RECIPES_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: RECIPES_DB_NAME - - name: RECIPES_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: RECIPES_DB_USER - - name: RECIPES_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: RECIPES_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: recipes-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/sales/sales-service.yaml b/infrastructure/kubernetes/base/components/sales/sales-service.yaml index c9c6dac7..1070d933 100644 --- a/infrastructure/kubernetes/base/components/sales/sales-service.yaml +++ b/infrastructure/kubernetes/base/components/sales/sales-service.yaml @@ -25,92 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: SALES_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: SALES_DB_HOST - - name: SALES_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: SALES_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: SALES_DB_NAME - - name: SALES_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: SALES_DB_USER - - name: SALES_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: SALES_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL - - name: GATEWAY_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: GATEWAY_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -153,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: sales-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/suppliers/suppliers-service.yaml b/infrastructure/kubernetes/base/components/suppliers/suppliers-service.yaml index 2ebb82a3..52a3de90 100644 --- a/infrastructure/kubernetes/base/components/suppliers/suppliers-service.yaml +++ b/infrastructure/kubernetes/base/components/suppliers/suppliers-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: SUPPLIERS_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: SUPPLIERS_DB_HOST - - name: SUPPLIERS_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: SUPPLIERS_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: SUPPLIERS_DB_NAME - - name: SUPPLIERS_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: SUPPLIERS_DB_USER - - name: SUPPLIERS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: SUPPLIERS_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: suppliers-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/tenant/tenant-service.yaml b/infrastructure/kubernetes/base/components/tenant/tenant-service.yaml index c288659c..6d0ac2c5 100644 --- a/infrastructure/kubernetes/base/components/tenant/tenant-service.yaml +++ b/infrastructure/kubernetes/base/components/tenant/tenant-service.yaml @@ -25,87 +25,29 @@ spec: ports: - containerPort: 8000 name: http - env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: TENANT_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: TENANT_DB_HOST - - name: TENANT_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: TENANT_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: TENANT_DB_NAME - - name: TENANT_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: TENANT_DB_USER - - name: TENANT_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: TENANT_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets resources: requests: memory: "256Mi" @@ -148,4 +90,4 @@ spec: name: http selector: app.kubernetes.io/name: tenant-service - app.kubernetes.io/component: microservice \ No newline at end of file + app.kubernetes.io/component: microservice diff --git a/infrastructure/kubernetes/base/components/training/training-service.yaml b/infrastructure/kubernetes/base/components/training/training-service.yaml index 1e1fbe45..b5ef169a 100644 --- a/infrastructure/kubernetes/base/components/training/training-service.yaml +++ b/infrastructure/kubernetes/base/components/training/training-service.yaml @@ -25,92 +25,30 @@ spec: ports: - containerPort: 8000 name: http + envFrom: + - configMapRef: + name: bakery-config + - secretRef: + name: database-secrets + - secretRef: + name: redis-secrets + - secretRef: + name: rabbitmq-secrets + - secretRef: + name: jwt-secrets + - secretRef: + name: external-api-secrets + - secretRef: + name: payment-secrets + - secretRef: + name: email-secrets + - secretRef: + name: monitoring-secrets + - secretRef: + name: pos-integration-secrets + - secretRef: + name: whatsapp-secrets env: - - name: ENVIRONMENT - valueFrom: - configMapKeyRef: - name: bakery-config - key: ENVIRONMENT - - name: DEBUG - valueFrom: - configMapKeyRef: - name: bakery-config - key: DEBUG - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: bakery-config - key: LOG_LEVEL - - name: TRAINING_DB_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: TRAINING_DB_HOST - - name: TRAINING_DB_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: DB_PORT - - name: TRAINING_DB_NAME - valueFrom: - configMapKeyRef: - name: bakery-config - key: TRAINING_DB_NAME - - name: TRAINING_DB_USER - valueFrom: - secretKeyRef: - name: database-secrets - key: TRAINING_DB_USER - - name: TRAINING_DB_PASSWORD - valueFrom: - secretKeyRef: - name: database-secrets - key: TRAINING_DB_PASSWORD - - name: REDIS_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_HOST - - name: REDIS_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: REDIS_PORT - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secrets - key: REDIS_PASSWORD - - name: RABBITMQ_HOST - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_HOST - - name: RABBITMQ_PORT - valueFrom: - configMapKeyRef: - name: bakery-config - key: RABBITMQ_PORT - - name: RABBITMQ_USER - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_USER - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: rabbitmq-secrets - key: RABBITMQ_PASSWORD - - name: AUTH_SERVICE_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: AUTH_SERVICE_URL - - name: GATEWAY_URL - valueFrom: - configMapKeyRef: - name: bakery-config - key: GATEWAY_URL - name: TRAINING_PERSISTENCE_PATH value: "/app/training_state" volumeMounts: @@ -184,4 +122,4 @@ spec: resources: requests: storage: 5Gi - storageClassName: standard \ No newline at end of file + storageClassName: standard diff --git a/infrastructure/kubernetes/base/ingress.yaml b/infrastructure/kubernetes/base/ingress.yaml deleted file mode 100644 index 1dd3faee..00000000 --- a/infrastructure/kubernetes/base/ingress.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bakery-ingress - namespace: bakery-ia - labels: - app.kubernetes.io/name: bakery-ia - app.kubernetes.io/component: ingress - annotations: - # Kind-specific nginx ingress controller annotations - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - nginx.ingress.kubernetes.io/proxy-body-size: "10m" - nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - # CORS configuration for local development - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000,http://bakery-ia.local,http://127.0.0.1:3000" - nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH" - nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin" - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" -spec: - ingressClassName: nginx - rules: - - host: bakery-ia.local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: frontend-service - port: - number: 3000 - - path: /api - pathType: Prefix - backend: - service: - name: gateway-service - port: - number: 8000 - - path: /auth - pathType: Prefix - backend: - service: - name: auth-service - port: - number: 8000 - - host: api.bakery-ia.local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: gateway-service - port: - number: 8000 - - host: monitoring.bakery-ia.local - http: - paths: - - path: /grafana - pathType: Prefix - backend: - service: - name: grafana-service - port: - number: 3000 - - path: /prometheus - pathType: Prefix - backend: - service: - name: prometheus-service - port: - number: 9090 - - host: localhost - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: frontend-service - port: - number: 3000 - - path: /api - pathType: Prefix - backend: - service: - name: gateway-service - port: - number: 8000 \ No newline at end of file diff --git a/infrastructure/kubernetes/base/kustomization.yaml b/infrastructure/kubernetes/base/kustomization.yaml index aacdf31b..8c930da4 100644 --- a/infrastructure/kubernetes/base/kustomization.yaml +++ b/infrastructure/kubernetes/base/kustomization.yaml @@ -9,7 +9,7 @@ resources: - namespace.yaml - configmap.yaml - secrets.yaml - - ingress.yaml + - ingress-https.yaml # Infrastructure components - components/databases/redis.yaml diff --git a/infrastructure/kubernetes/overlays/dev/dev-ingress.yaml b/infrastructure/kubernetes/overlays/dev/dev-ingress.yaml new file mode 100644 index 00000000..7e8322e5 --- /dev/null +++ b/infrastructure/kubernetes/overlays/dev/dev-ingress.yaml @@ -0,0 +1,38 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bakery-ingress + namespace: bakery-ia + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + nginx.ingress.kubernetes.io/cors-allow-origin: "*" + nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS" + nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # Development specific annotations + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" + nginx.ingress.kubernetes.io/proxy-body-size: "10m" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: frontend-service + port: + number: 3000 + - path: /api + pathType: Prefix + backend: + service: + name: gateway-service + port: + number: 8000 \ No newline at end of file diff --git a/infrastructure/kubernetes/overlays/dev/dev-patches.yaml b/infrastructure/kubernetes/overlays/dev/dev-patches.yaml index 19be5c2c..46db09e1 100644 --- a/infrastructure/kubernetes/overlays/dev/dev-patches.yaml +++ b/infrastructure/kubernetes/overlays/dev/dev-patches.yaml @@ -18,44 +18,3 @@ data: # Frontend Development Configuration VITE_ENVIRONMENT: "development" VITE_API_URL: "/api" - - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bakery-ingress - namespace: bakery-ia - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/force-ssl-redirect: "false" - nginx.ingress.kubernetes.io/cors-allow-origin: "*" - nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS" - nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization" - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - # Development specific annotations - nginx.ingress.kubernetes.io/proxy-read-timeout: "300" - nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" - nginx.ingress.kubernetes.io/proxy-body-size: "10m" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" -spec: - ingressClassName: nginx - rules: - - host: localhost - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: frontend-service - port: - number: 3000 - - path: /api - pathType: Prefix - backend: - service: - name: gateway-service - port: - number: 8000 diff --git a/infrastructure/kubernetes/overlays/dev/https-kustomization.yaml b/infrastructure/kubernetes/overlays/dev/https-kustomization.yaml deleted file mode 100644 index 263bc73b..00000000 --- a/infrastructure/kubernetes/overlays/dev/https-kustomization.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -metadata: - name: bakery-ia-https-dev - -# Base configuration -resources: - - ../../base - - ../../base/components/cert-manager/cluster-issuer-staging.yaml - - ../../base/components/cert-manager/cluster-issuer-production.yaml - - ../../base/components/cert-manager/local-ca-issuer.yaml - -# Patches -patches: - - path: dev-patches.yaml - - target: - kind: Ingress - name: bakery-ingress - path: ingress-https-patch.yaml - -labels: - - includeSelectors: true - pairs: - app.kubernetes.io/part-of: bakery-ia - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/environment: dev-https - -# Set image tags for development -images: - - name: bakery/auth-service - newTag: latest - - name: bakery/tenant-service - newTag: latest - - name: bakery/training-service - newTag: latest - - name: bakery/forecasting-service - newTag: latest - - name: bakery/sales-service - newTag: latest - - name: bakery/external-service - newTag: latest - - name: bakery/notification-service - newTag: latest - - name: bakery/inventory-service - newTag: latest - - name: bakery/recipes-service - newTag: latest - - name: bakery/suppliers-service - newTag: latest - - name: bakery/pos-service - newTag: latest - - name: bakery/orders-service - newTag: latest - - name: bakery/production-service - newTag: latest - - name: bakery/alert-processor - newTag: latest - - name: bakery/gateway - newTag: latest - - name: bakery/dashboard - newTag: latest \ No newline at end of file diff --git a/infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml b/infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml deleted file mode 100644 index d2cc8e82..00000000 --- a/infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bakery-ingress - namespace: bakery-ia - annotations: - # Enable HTTPS redirect - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - # Update CORS for HTTPS - nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakery-ia.local,https://api.bakery-ia.local,https://monitoring.bakery-ia.local" - # Cert-manager annotations - using local CA for development - cert-manager.io/cluster-issuer: "local-ca-issuer" -spec: - tls: - - hosts: - - bakery-ia.local - - api.bakery-ia.local - - monitoring.bakery-ia.local - secretName: bakery-ia-tls-cert \ No newline at end of file diff --git a/infrastructure/kubernetes/overlays/dev/kustomization.yaml b/infrastructure/kubernetes/overlays/dev/kustomization.yaml index a68ed613..0adcf439 100644 --- a/infrastructure/kubernetes/overlays/dev/kustomization.yaml +++ b/infrastructure/kubernetes/overlays/dev/kustomization.yaml @@ -8,6 +8,7 @@ namespace: bakery-ia resources: - ../../base + - dev-ingress.yaml patches: - path: dev-patches.yaml diff --git a/services/auth/Dockerfile b/services/auth/Dockerfile index 5d0a3b6a..6699139b 100644 --- a/services/auth/Dockerfile +++ b/services/auth/Dockerfile @@ -1,5 +1,5 @@ # Add this stage at the top of each service Dockerfile -FROM python:3.11-slim as shared +FROM python:3.11-slim AS shared WORKDIR /shared COPY shared/ /shared/ @@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared COPY services/auth/ . # Add shared libraries to Python path -ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" +ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}" # Expose port EXPOSE 8000 diff --git a/services/forecasting/Dockerfile b/services/forecasting/Dockerfile index f0d7c7e9..37bb2634 100644 --- a/services/forecasting/Dockerfile +++ b/services/forecasting/Dockerfile @@ -1,5 +1,5 @@ # Add this stage at the top of each service Dockerfile -FROM python:3.11-slim as shared +FROM python:3.11-slim AS shared WORKDIR /shared COPY shared/ /shared/ @@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared COPY services/forecasting/ . # Add shared libraries to Python path -ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" +ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}" # Expose port EXPOSE 8000 diff --git a/services/notification/Dockerfile b/services/notification/Dockerfile index 15c0f3d5..6f4d0232 100644 --- a/services/notification/Dockerfile +++ b/services/notification/Dockerfile @@ -1,5 +1,5 @@ # Add this stage at the top of each service Dockerfile -FROM python:3.11-slim as shared +FROM python:3.11-slim AS shared WORKDIR /shared COPY shared/ /shared/ @@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared COPY services/notification/ . # Add shared libraries to Python path -ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" +ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}" # Expose port EXPOSE 8000 diff --git a/services/orders/app/repositories/order_repository.py b/services/orders/app/repositories/order_repository.py index 0d2835fb..66895b9e 100644 --- a/services/orders/app/repositories/order_repository.py +++ b/services/orders/app/repositories/order_repository.py @@ -433,13 +433,13 @@ class OrderRepository(BaseRepository[CustomerOrder, OrderCreate, OrderUpdate]): func.count(func.distinct(CustomerOrder.customer_id)).label("unique_customers"), func.sum( case( - [(CustomerOrder.order_type == "rush", 1)], + (CustomerOrder.order_type == "rush", 1), else_=0 ) ).label("rush_orders"), func.sum( case( - [(CustomerOrder.sales_channel == "wholesale", 1)], + (CustomerOrder.sales_channel == "wholesale", 1), else_=0 ) ).label("wholesale_orders") @@ -535,4 +535,4 @@ class OrderStatusHistoryRepository(BaseRepository[OrderStatusHistory, dict, dict logger.error("Error creating status change", order_id=str(order_id), error=str(e)) - raise \ No newline at end of file + raise diff --git a/services/tenant/Dockerfile b/services/tenant/Dockerfile index a445f70c..25e0b7e0 100644 --- a/services/tenant/Dockerfile +++ b/services/tenant/Dockerfile @@ -1,5 +1,5 @@ # Add this stage at the top of each service Dockerfile -FROM python:3.11-slim as shared +FROM python:3.11-slim AS shared WORKDIR /shared COPY shared/ /shared/ @@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared COPY services/tenant/ . # Add shared libraries to Python path -ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" +ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}" # Expose port EXPOSE 8000 diff --git a/services/training/Dockerfile b/services/training/Dockerfile index 8cd9dac4..b7ecc50a 100644 --- a/services/training/Dockerfile +++ b/services/training/Dockerfile @@ -1,5 +1,5 @@ # Add this stage at the top of each service Dockerfile -FROM python:3.11-slim as shared +FROM python:3.11-slim AS shared WORKDIR /shared COPY shared/ /shared/ @@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared COPY services/training/ . # Add shared libraries to Python path -ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" +ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}" # Expose port EXPOSE 8000 diff --git a/setup-https.sh b/setup-https.sh index 2052c3a2..113d3a89 100755 --- a/setup-https.sh +++ b/setup-https.sh @@ -3,7 +3,8 @@ # Bakery IA HTTPS Setup Script # This script sets up HTTPS with cert-manager and Let's Encrypt for local development -set -e +# Remove -e to handle errors more gracefully +set -u echo "๐Ÿ”’ Setting up HTTPS for Bakery IA with cert-manager and Let's Encrypt" echo "===============================================================" @@ -64,18 +65,61 @@ check_prerequisites() { # Check if Colima is running if ! colima status --profile k8s-local &> /dev/null; then - print_error "Colima is not running. Please start it with:" - print_error "colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local" - exit 1 + print_warning "Colima is not running. Starting Colima..." + colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local + if [ $? -ne 0 ]; then + print_error "Failed to start Colima. Please check your Docker installation." + exit 1 + fi + print_success "Colima started successfully" fi - # Check if cluster is running - if ! kubectl cluster-info &> /dev/null; then - print_error "No Kubernetes cluster found. Please create your Kind cluster first:" - print_error "kind create cluster --name bakery-ia-local" - exit 1 + # Check if cluster is running or exists + local cluster_exists=false + local cluster_running=false + + # Check if Kind cluster exists + if kind get clusters | grep -q "bakery-ia-local"; then + cluster_exists=true + print_status "Kind cluster 'bakery-ia-local' already exists" + + # Check if kubectl can connect to it + if kubectl cluster-info --context kind-bakery-ia-local &> /dev/null; then + cluster_running=true + print_success "Kubernetes cluster is running and accessible" + else + print_warning "Kind cluster exists but is not accessible via kubectl" + fi fi + # Handle cluster creation/recreation + if [ "$cluster_exists" = true ] && [ "$cluster_running" = false ]; then + print_warning "Kind cluster exists but is not running. Recreating..." + kind delete cluster --name bakery-ia-local || true + cluster_exists=false + fi + + if [ "$cluster_exists" = false ]; then + print_warning "Creating new Kind cluster..." + if [ ! -f "kind-config.yaml" ]; then + print_error "kind-config.yaml not found. Please ensure you're running this script from the project root." + exit 1 + fi + + if kind create cluster --config kind-config.yaml; then + print_success "Kind cluster created successfully" + else + print_error "Failed to create Kind cluster. Please check your Kind installation." + exit 1 + fi + fi + + # Ensure we're using the correct kubectl context + kubectl config use-context kind-bakery-ia-local || { + print_error "Failed to set kubectl context to kind-bakery-ia-local" + exit 1 + } + print_success "Prerequisites check passed" } @@ -83,48 +127,208 @@ check_prerequisites() { install_cert_manager() { print_status "Installing cert-manager..." - # Install cert-manager - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml + # Check if cert-manager is already installed + if kubectl get namespace cert-manager &> /dev/null; then + print_warning "cert-manager namespace already exists. Checking if installation is complete..." - # Wait for cert-manager to be ready + # Check if pods are running + if kubectl get pods -n cert-manager | grep -q "Running"; then + print_success "cert-manager is already installed and running" + return 0 + else + print_status "cert-manager exists but pods are not ready. Waiting..." + fi + else + # Install cert-manager + print_status "Installing cert-manager from official release..." + if kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml; then + print_success "cert-manager installation started" + else + print_error "Failed to install cert-manager. Please check your internet connection and try again." + exit 1 + fi + fi + + # Wait for cert-manager namespace to be created + print_status "Waiting for cert-manager namespace..." + for i in {1..30}; do + if kubectl get namespace cert-manager &> /dev/null; then + break + fi + sleep 2 + done + + # Wait for cert-manager pods to be created + print_status "Waiting for cert-manager pods to be created..." + for i in {1..60}; do + if kubectl get pods -n cert-manager &> /dev/null && [ $(kubectl get pods -n cert-manager --no-headers | wc -l) -ge 3 ]; then + print_success "cert-manager pods created" + break + fi + print_status "Waiting for cert-manager pods... (attempt $i/60)" + sleep 5 + done + + # Wait for cert-manager pods to be ready print_status "Waiting for cert-manager pods to be ready..." - kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s - print_success "cert-manager installed successfully" + # Use more reliable selectors for cert-manager components + local components=( + "app.kubernetes.io/name=cert-manager" + "app.kubernetes.io/name=cainjector" + "app.kubernetes.io/name=webhook" + ) + local component_names=("cert-manager" "cert-manager-cainjector" "cert-manager-webhook") + + for i in "${!components[@]}"; do + local selector="${components[$i]}" + local name="${component_names[$i]}" + + print_status "Waiting for $name to be ready..." + + # First check if pods exist with this selector + local pod_count=0 + for attempt in {1..30}; do + pod_count=$(kubectl get pods -n cert-manager -l "$selector" --no-headers 2>/dev/null | wc -l) + if [ "$pod_count" -gt 0 ]; then + break + fi + sleep 2 + done + + if [ "$pod_count" -eq 0 ]; then + print_warning "No pods found for $name with selector $selector, trying alternative approach..." + # Fallback: wait for any pods containing the component name + if kubectl wait --for=condition=ready pod -n cert-manager --all --timeout=300s 2>/dev/null; then + print_success "All cert-manager pods are ready" + break + else + print_warning "$name pods not found, but continuing..." + continue + fi + fi + + # Wait for the specific component to be ready + if kubectl wait --for=condition=ready pod -l "$selector" -n cert-manager --timeout=300s 2>/dev/null; then + print_success "$name is ready" + else + print_warning "$name is taking longer than expected. Checking status..." + kubectl get pods -n cert-manager -l "$selector" 2>/dev/null || true + + # Continue anyway, sometimes it works despite timeout + print_warning "Continuing with setup. $name may still be starting..." + fi + done + + # Final verification + if kubectl get pods -n cert-manager | grep -q "Running"; then + print_success "cert-manager installed successfully" + else + print_warning "cert-manager installation may not be complete. Current status:" + kubectl get pods -n cert-manager + print_status "Continuing with setup anyway..." + fi } # Install NGINX Ingress Controller install_nginx_ingress() { print_status "Installing NGINX Ingress Controller for Kind..." - # Install NGINX Ingress Controller for Kind (correct URL) - kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml + # Check if NGINX Ingress is already installed + if kubectl get namespace ingress-nginx &> /dev/null; then + print_warning "NGINX Ingress Controller namespace already exists. Checking status..." - # Wait for ingress controller to be ready - print_status "Waiting for NGINX Ingress Controller to be ready..." - kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=300s + # Check if controller is running + if kubectl get pods -n ingress-nginx -l app.kubernetes.io/component=controller | grep -q "Running"; then + print_success "NGINX Ingress Controller is already running" + else + print_status "NGINX Ingress Controller exists but not ready. Waiting..." + kubectl wait --namespace ingress-nginx \ + --for=condition=ready pod \ + --selector=app.kubernetes.io/component=controller \ + --timeout=300s 2>/dev/null || { + print_warning "Ingress controller taking longer than expected, but continuing..." + } + fi + else + # Install NGINX Ingress Controller for Kind (updated URL) + print_status "Installing NGINX Ingress Controller for Kind..." + if kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml; then + print_success "NGINX Ingress Controller installation started" - print_success "NGINX Ingress Controller installed successfully" + # Wait for ingress controller to be ready + print_status "Waiting for NGINX Ingress Controller to be ready..." + kubectl wait --namespace ingress-nginx \ + --for=condition=ready pod \ + --selector=app.kubernetes.io/component=controller \ + --timeout=300s 2>/dev/null || { + print_warning "Ingress controller taking longer than expected, but continuing..." + } + else + print_error "Failed to install NGINX Ingress Controller" + exit 1 + fi + fi + + # Configure ingress for permanent localhost access + print_status "Configuring permanent localhost access..." + kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' || true + + print_success "NGINX Ingress Controller configured successfully" } # Setup cluster issuers setup_cluster_issuers() { print_status "Setting up cluster issuers..." - # Apply cluster issuers - kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml - kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml - kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml + # Check if cert-manager components exist + if [ ! -f "infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml" ]; then + print_error "cert-manager component files not found. Please ensure you're running this script from the project root." + exit 1 + fi - # Wait a bit for the issuers to be created - sleep 10 + # Apply cluster issuers + print_status "Applying cluster issuers..." + + local issuer_files=( + "infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml" + "infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml" + "infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml" + ) + + for issuer_file in "${issuer_files[@]}"; do + if [ -f "$issuer_file" ]; then + print_status "Applying $issuer_file..." + kubectl apply -f "$issuer_file" || { + print_warning "Failed to apply $issuer_file, but continuing..." + } + else + print_warning "$issuer_file not found, skipping..." + fi + done + + # Wait for the issuers to be created + print_status "Waiting for cluster issuers to be ready..." + sleep 15 # Check if issuers are ready print_status "Checking cluster issuer status..." - kubectl get clusterissuers + kubectl get clusterissuers 2>/dev/null || print_warning "No cluster issuers found yet" + + # Verify that the local CA issuer is ready (if it exists) + if kubectl get clusterissuer local-ca-issuer &> /dev/null; then + for i in {1..10}; do + local issuer_ready=$(kubectl get clusterissuer local-ca-issuer -o jsonpath='{.status.conditions[0].type}' 2>/dev/null || echo "") + if [[ "$issuer_ready" == "Ready" ]]; then + print_success "Local CA issuer is ready" + break + fi + print_status "Waiting for local CA issuer to be ready... (attempt $i/10)" + sleep 10 + done + else + print_warning "Local CA issuer not found, skipping readiness check" + fi print_success "Cluster issuers configured successfully" } @@ -140,16 +344,50 @@ deploy_with_https() { exit 1 fi - # Deploy with Skaffold (builds and deploys automatically) - print_status "Building and deploying with Skaffold..." - skaffold run --profile=dev + # Check if skaffold.yaml exists + if [ ! -f "skaffold.yaml" ]; then + print_error "skaffold.yaml not found. Please ensure you're running this script from the project root." + exit 1 + fi - # Apply the HTTPS ingress patch - print_status "Applying HTTPS configuration..." - kubectl patch ingress bakery-ingress -n bakery-ia --patch-file infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml + # Deploy with Skaffold (builds and deploys automatically with HTTPS support) + print_status "Building and deploying with Skaffold (dev profile includes HTTPS)..." + if skaffold run --profile=dev; then + print_success "Skaffold deployment started" + else + print_warning "Skaffold deployment had issues, but continuing..." + fi + # Wait for namespace to be created + print_status "Waiting for bakery-ia namespace..." + for i in {1..30}; do + if kubectl get namespace bakery-ia &> /dev/null; then + print_success "bakery-ia namespace found" + break + fi + sleep 2 + done + + # Check if namespace was created + if ! kubectl get namespace bakery-ia &> /dev/null; then + print_warning "bakery-ia namespace not found. Deployment may have failed." + return 0 + fi + + # Wait for deployments to be ready print_status "Waiting for deployments to be ready..." - kubectl wait --for=condition=available --timeout=300s deployment --all -n bakery-ia + if kubectl wait --for=condition=available --timeout=600s deployment --all -n bakery-ia 2>/dev/null; then + print_success "All deployments are ready" + else + print_warning "Some deployments are taking longer than expected, but continuing..." + fi + + # Verify ingress exists + if kubectl get ingress bakery-ingress -n bakery-ia &> /dev/null; then + print_success "HTTPS ingress configured successfully" + else + print_warning "Ingress not found, but continuing with setup..." + fi print_success "Application deployed with HTTPS support using Skaffold" } @@ -159,19 +397,39 @@ check_certificates() { print_status "Checking certificate status..." # Wait for certificate to be issued - sleep 30 + print_status "Waiting for certificates to be issued..." + + # Check if certificate exists + for i in {1..12}; do + if kubectl get certificate bakery-ia-tls-cert -n bakery-ia &> /dev/null; then + print_success "Certificate found" + break + fi + print_status "Waiting for certificate to be created... (attempt $i/12)" + sleep 10 + done + + # Wait for certificate to be ready + for i in {1..20}; do + if kubectl get certificate bakery-ia-tls-cert -n bakery-ia -o jsonpath='{.status.conditions[0].type}' 2>/dev/null | grep -q "Ready"; then + print_success "Certificate is ready" + break + fi + print_status "Waiting for certificate to be ready... (attempt $i/20)" + sleep 15 + done echo "" - echo "Certificate status:" - kubectl get certificates -n bakery-ia + echo "๐Ÿ“‹ Certificate status:" + kubectl get certificates -n bakery-ia 2>/dev/null || print_warning "No certificates found" echo "" - echo "Certificate details:" - kubectl describe certificate bakery-ia-tls-cert -n bakery-ia + echo "๐Ÿ” Certificate details:" + kubectl describe certificate bakery-ia-tls-cert -n bakery-ia 2>/dev/null || print_warning "Certificate not found" echo "" - echo "TLS secret status:" - kubectl get secret bakery-ia-tls-cert -n bakery-ia + echo "๐Ÿ” TLS secret status:" + kubectl get secret bakery-ia-tls-cert -n bakery-ia 2>/dev/null || print_warning "TLS secret not found" } # Update hosts file @@ -182,18 +440,37 @@ update_hosts_file() { EXTERNAL_IP="127.0.0.1" # Check if entries exist in hosts file - if ! grep -q "bakery-ia.local" /etc/hosts; then - print_warning "Please add the following entries to your /etc/hosts file:" - echo "" - echo "sudo tee -a /etc/hosts << EOF" - echo "$EXTERNAL_IP bakery-ia.local" - echo "$EXTERNAL_IP api.bakery-ia.local" - echo "$EXTERNAL_IP monitoring.bakery-ia.local" - echo "EOF" - echo "" + if ! grep -q "bakery-ia.local" /etc/hosts 2>/dev/null; then + print_warning "Adding entries to /etc/hosts file for named host access..." + + # Ask for user permission + read -p "Do you want to add entries to /etc/hosts for named host access? (y/N): " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + # Add hosts entries with proper error handling + { + echo "$EXTERNAL_IP bakery-ia.local" + echo "$EXTERNAL_IP api.bakery-ia.local" + echo "$EXTERNAL_IP monitoring.bakery-ia.local" + } | sudo tee -a /etc/hosts > /dev/null + + if [ $? -eq 0 ]; then + print_success "Hosts file entries added successfully" + else + print_error "Failed to update hosts file. You may need to add entries manually." + fi + else + print_warning "Skipping hosts file update. You can still access via https://localhost" + fi else print_success "Hosts file entries already exist" fi + + echo "" + print_status "Available access methods:" + echo " ๐ŸŒ Primary: https://localhost (no hosts file needed)" + echo " ๐Ÿท๏ธ Named: https://bakery-ia.local (requires hosts file)" + echo " ๐Ÿ”— API: https://localhost/api or https://api.bakery-ia.local" } # Export CA certificate for browser trust @@ -201,55 +478,171 @@ export_ca_certificate() { print_status "Exporting CA certificate for browser trust..." # Wait for CA certificate to be created - sleep 10 + for i in {1..10}; do + if kubectl get secret local-ca-key-pair -n cert-manager &> /dev/null; then + print_success "CA certificate secret found" + break + fi + print_status "Waiting for CA certificate secret... (attempt $i/10)" + sleep 10 + done # Extract the CA certificate - kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt + if kubectl get secret local-ca-key-pair -n cert-manager &> /dev/null; then + if kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt 2>/dev/null; then + print_success "CA certificate exported as 'bakery-ia-ca.crt'" - print_success "CA certificate exported as 'bakery-ia-ca.crt'" - print_warning "To trust this certificate in your browser:" - echo " 1. Import 'bakery-ia-ca.crt' into your browser's certificate store" - echo " 2. Mark it as trusted for website authentication" - echo "" - print_warning "For macOS: Add to Keychain Access and set to 'Always Trust'" - print_warning "For Linux: Add to /usr/local/share/ca-certificates/ and run 'sudo update-ca-certificates'" + # Make the certificate file readable + chmod 644 bakery-ia-ca.crt + else + print_warning "Failed to extract CA certificate from secret" + fi + + print_warning "To trust this certificate and remove browser warnings:" + echo "" + echo "๐Ÿ“ฑ macOS:" + echo " 1. Double-click 'bakery-ia-ca.crt' to open Keychain Access" + echo " 2. Find 'bakery-ia-local-ca' in the certificates list" + echo " 3. Double-click it and set to 'Always Trust'" + echo "" + echo "๐Ÿง Linux:" + echo " sudo cp bakery-ia-ca.crt /usr/local/share/ca-certificates/" + echo " sudo update-ca-certificates" + echo "" + echo "๐ŸชŸ Windows:" + echo " 1. Double-click 'bakery-ia-ca.crt'" + echo " 2. Click 'Install Certificate'" + echo " 3. Choose 'Trusted Root Certification Authorities'" + echo "" + else + print_warning "CA certificate secret not found. HTTPS will work but with browser warnings." + print_warning "You can still access the application at https://localhost" + fi } # Display access information display_access_info() { print_success "๐ŸŽ‰ HTTPS setup completed!" echo "" - echo "Access your application at:" - echo " ๐ŸŒ Frontend: https://bakery-ia.local" - echo " ๐Ÿ”— API: https://api.bakery-ia.local" - echo " ๐Ÿ“Š Monitoring: https://monitoring.bakery-ia.local" + echo "๐ŸŒ Access your application at:" + echo " Primary: https://localhost" + echo " API: https://localhost/api" + echo " Named Host: https://bakery-ia.local (if hosts file updated)" + echo " API Named: https://api.bakery-ia.local (if hosts file updated)" echo "" - echo "Useful commands:" - echo " ๐Ÿ“‹ Check pods: kubectl get pods -n bakery-ia" - echo " ๐Ÿ” Check ingress: kubectl get ingress -n bakery-ia" - echo " ๐Ÿ“œ Check certificates: kubectl get certificates -n bakery-ia" - echo " ๐Ÿ“ View logs: kubectl logs -f deployment/ -n bakery-ia" - echo " ๐Ÿš€ Run Skaffold dev mode: skaffold dev --profile=dev" - echo " ๐Ÿงน Clean up: skaffold delete" + echo "๐Ÿ› ๏ธ Useful commands:" + echo " ๐Ÿ“‹ Check status: kubectl get all -n bakery-ia" + echo " ๐Ÿ” Check ingress: kubectl get ingress -n bakery-ia" + echo " ๐Ÿ“œ Check certificates: kubectl get certificates -n bakery-ia" + echo " ๐Ÿ“ View service logs: kubectl logs -f deployment/ -n bakery-ia" + echo " ๐Ÿš€ Development mode: skaffold dev --profile=dev" + echo " ๐Ÿงน Clean up: skaffold delete --profile=dev" + echo " ๐Ÿ”„ Restart service: kubectl rollout restart deployment/ -n bakery-ia" echo "" - print_warning "Note: You may see certificate warnings until you import the CA certificate into your browser" + echo "๐Ÿ”ง Troubleshooting:" + echo " ๐Ÿฉบ Get events: kubectl get events -n bakery-ia --sort-by='.firstTimestamp'" + echo " ๐Ÿ” Describe pod: kubectl describe pod -n bakery-ia" + echo " ๐Ÿ“Š Resource usage: kubectl top pods -n bakery-ia" + echo " ๐Ÿ” Certificate details: kubectl describe certificate bakery-ia-tls-cert -n bakery-ia" + echo "" + if [ -f "bakery-ia-ca.crt" ]; then + print_warning "๐Ÿ“‹ Next steps:" + echo " 1. Import 'bakery-ia-ca.crt' into your browser to remove certificate warnings" + echo " 2. Access https://localhost to verify the setup" + echo " 3. Run 'skaffold dev --profile=dev' for development with hot-reload" + else + print_warning "โš ๏ธ Note: You may see certificate warnings until the CA certificate is properly configured" + fi + echo "" + print_status "๐ŸŽฏ The application is now ready for secure development!" } +# Check current cert-manager status for debugging +check_current_cert_manager_status() { + print_status "Checking current cert-manager status..." + + if kubectl get namespace cert-manager &> /dev/null; then + echo "" + echo "๐Ÿ“‹ Current cert-manager pods status:" + kubectl get pods -n cert-manager + + echo "" + echo "๐Ÿ” cert-manager deployments:" + kubectl get deployments -n cert-manager + + # Check for any pending or failed pods + local failed_pods=$(kubectl get pods -n cert-manager --field-selector=status.phase!=Running --no-headers 2>/dev/null | wc -l) + if [ "$failed_pods" -gt 0 ]; then + echo "" + print_warning "Found $failed_pods non-running pods. Details:" + kubectl get pods -n cert-manager --field-selector=status.phase!=Running + fi + echo "" + else + print_status "cert-manager namespace not found. Will install fresh." + fi +} + +# Cleanup function for failed installations +cleanup_on_failure() { + print_warning "Cleaning up due to failure..." + + # Optional cleanup - ask user + read -p "Do you want to clean up the Kind cluster and start fresh? (y/N): " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + print_status "Cleaning up Kind cluster..." + kind delete cluster --name bakery-ia-local || true + print_success "Cleanup completed. You can run the script again." + else + print_status "Keeping existing setup. You can continue manually or run the script again." + fi +} + +# Trap function to handle script interruption +trap 'echo ""; print_warning "Script interrupted. Partial setup may be present."; cleanup_on_failure; exit 1' INT TERM + # Main execution main() { echo "Starting HTTPS setup for Bakery IA..." - check_prerequisites - install_cert_manager - install_nginx_ingress - setup_cluster_issuers - deploy_with_https - check_certificates - update_hosts_file - export_ca_certificate - display_access_info + # Set error handling for individual steps + local step_failed=false - print_success "Setup completed successfully! ๐Ÿš€" + check_prerequisites || { step_failed=true; } + if [ "$step_failed" = false ]; then + check_current_cert_manager_status || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + install_cert_manager || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + install_nginx_ingress || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + setup_cluster_issuers || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + deploy_with_https || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + check_certificates || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + update_hosts_file || { step_failed=true; } + fi + if [ "$step_failed" = false ]; then + export_ca_certificate || { step_failed=true; } + fi + + if [ "$step_failed" = false ]; then + display_access_info + print_success "Setup completed successfully! ๐Ÿš€" + else + print_error "Setup failed at one or more steps. Check the output above for details." + cleanup_on_failure + exit 1 + fi } # Run main function diff --git a/skaffold-dev.sh b/skaffold-dev.sh deleted file mode 100755 index cac0c8f7..00000000 --- a/skaffold-dev.sh +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/bash - -# Bakery IA Skaffold Development Script -# Quick setup script for Skaffold development workflow - -set -e - -echo "๐Ÿš€ Starting Bakery IA Development Environment with Skaffold" -echo "==========================================================" - -# Colors for output -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' # No Color - -# Function to print colored output -print_status() { - echo -e "${BLUE}[INFO]${NC} $1" -} - -print_success() { - echo -e "${GREEN}[SUCCESS]${NC} $1" -} - -print_warning() { - echo -e "${YELLOW}[WARNING]${NC} $1" -} - -print_error() { - echo -e "${RED}[ERROR]${NC} $1" -} - -# Check prerequisites -check_prerequisites() { - print_status "Checking prerequisites..." - - local missing_tools=() - - if ! command -v skaffold &> /dev/null; then - missing_tools+=("skaffold") - fi - - if ! command -v kubectl &> /dev/null; then - missing_tools+=("kubectl") - fi - - if ! command -v colima &> /dev/null; then - missing_tools+=("colima") - fi - - if ! command -v kind &> /dev/null; then - missing_tools+=("kind") - fi - - if [ ${#missing_tools[@]} -ne 0 ]; then - print_error "Missing required tools: ${missing_tools[*]}" - print_error "Install with: brew install ${missing_tools[*]}" - exit 1 - fi - - # Check if Colima is running - if ! colima status --profile k8s-local &> /dev/null; then - print_warning "Colima is not running. Starting it now..." - colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local - fi - - # Check if Kind cluster exists - if ! kind get clusters | grep -q "bakery-ia-local"; then - print_warning "Kind cluster not found. Creating it now..." - kind create cluster --name bakery-ia-local - fi - - # Verify cluster is accessible - if ! kubectl cluster-info &> /dev/null; then - print_error "Cannot connect to Kubernetes cluster" - exit 1 - fi - - print_success "Prerequisites check passed" -} - -# Setup development environment -setup_dev_environment() { - print_status "Setting up development environment..." - - # Check if NGINX Ingress is installed - if ! kubectl get namespace ingress-nginx &> /dev/null; then - print_status "Installing NGINX Ingress Controller..." - kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml - kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=300s - fi - - print_success "Development environment ready" -} - -# Start Skaffold development mode -start_skaffold_dev() { - print_status "Starting Skaffold development mode..." - - print_warning "Starting continuous development mode with Skaffold..." - print_warning "This will:" - echo " - Build all Docker images automatically" - echo " - Deploy to your Kind cluster" - echo " - Watch for file changes and auto-rebuild" - echo " - Stream logs from all services" - echo "" - print_warning "Press Ctrl+C to stop and clean up" - echo "" - - # Start Skaffold in development mode - skaffold dev --profile=dev -} - -# Display information -display_info() { - print_success "๐ŸŽ‰ Skaffold development environment ready!" - echo "" - echo "Next steps:" - echo " 1. Add hosts entries (if not done already):" - echo " sudo tee -a /etc/hosts << EOF" - echo " 127.0.0.1 bakery-ia.local" - echo " 127.0.0.1 api.bakery-ia.local" - echo " 127.0.0.1 monitoring.bakery-ia.local" - echo " EOF" - echo "" - echo " 2. Access your application:" - echo " ๐ŸŒ Frontend: http://bakery-ia.local" - echo " ๐Ÿ”— API: http://api.bakery-ia.local" - echo "" - echo " 3. For HTTPS support, run: ./setup-https.sh" - echo "" - echo "Useful commands:" - echo " ๐Ÿ“‹ Check pods: kubectl get pods -n bakery-ia" - echo " ๐Ÿ“ View logs: kubectl logs -f deployment/ -n bakery-ia" - echo " ๐Ÿงน Clean up: skaffold delete" -} - -# Main execution -main() { - check_prerequisites - setup_dev_environment - display_info - start_skaffold_dev -} - -# Run main function -main "$@" \ No newline at end of file