bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add base kubernetes support final fix 2

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-09-28 19:48:05 +02:00
parent 83f1d9df87
commit 57f77638cc
36 changed files with 1073 additions and 2645 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
CLEANUP-GUIDE.md
View File

@@ -1,202 +0,0 @@
# 🧹 Cleanup Guide for Kind + Colima + Skaffold Environment
This guide provides different cleanup options depending on what you want to clean up.
## 📋 Quick Reference
| Scenario | Command | What it cleans |
|----------|---------|----------------|
| **Stop development** | `Ctrl+C` (in skaffold dev) | Stops Skaffold, keeps everything |
| **Clean deployment only** | `skaffold delete` | Removes K8s resources, keeps images |
| **Clean HTTPS setup** | `./cleanup-https.sh` | Removes HTTPS + cert-manager |
| **Complete cleanup** | `./complete-cleanup.sh` | **Everything** (interactive) |
| **Nuclear option** | See manual commands below | Complete manual cleanup |
## 🚀 Quick Cleanup Commands
### 1. Stop Skaffold Development Mode
```bash
# If running skaffold dev, just press:
Ctrl+C
# Or from another terminal:
skaffold delete --profile=dev
```
### 2. Clean Only Kubernetes Resources
```bash
# Remove all bakery-ia resources
kubectl delete namespace bakery-ia
# Remove cert-manager (if installed)
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
# Remove NGINX Ingress
kubectl delete -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
```
### 3. Clean Docker Images
```bash
# Remove bakery images
docker images | grep "bakery/" | awk '{print $1":"$2}' | xargs docker rmi -f
# Remove dangling images
docker image prune -f
# Remove build cache
docker builder prune -f
```
### 4. Clean Kind Cluster
```bash
# Delete specific cluster
kind delete cluster --name bakery-ia-local
# Delete all clusters
kind get clusters | xargs -r -I {} kind delete cluster --name {}
```
### 5. Clean Colima
```bash
# Stop Colima
colima stop --profile k8s-local
# Delete Colima profile (removes all Docker data)
colima delete --profile k8s-local --force
```
## 🔄 Automated Cleanup Scripts
### Option 1: Complete Cleanup (Recommended)
```bash
# Interactive cleanup of everything
./complete-cleanup.sh
```
### Option 2: HTTPS-Only Cleanup
```bash
# Removes HTTPS setup but keeps basic environment
./cleanup-https.sh
```
### Option 3: Skaffold-Only Cleanup
```bash
# Quick cleanup of just the deployment
skaffold delete --profile=dev
```
## 🛠️ Manual Nuclear Cleanup
If scripts fail, use these manual commands:
```bash
# 1. Stop all processes
pkill -f skaffold
pkill -f kubectl
# 2. Clean Kubernetes
kubectl delete namespace bakery-ia --force --grace-period=0 2>/dev/null || true
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml --ignore-not-found=true
kubectl delete -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml --ignore-not-found=true
# 3. Clean Docker aggressively
docker stop $(docker ps -aq) 2>/dev/null || true
docker rm $(docker ps -aq) 2>/dev/null || true
docker rmi $(docker images -q) -f 2>/dev/null || true
docker system prune -a -f --volumes
# 4. Clean Kind completely
kind get clusters | xargs -r -I {} kind delete cluster --name {}
# 5. Reset Colima completely
colima stop --profile k8s-local 2>/dev/null || true
colima delete --profile k8s-local --force 2>/dev/null || true
rm -rf ~/.colima/k8s-local
# 6. Clean local files
rm -f *.crt *.key bakery-ia-ca.crt
rm -rf ~/.skaffold/cache
# 7. Clean hosts file (careful!)
sudo cp /etc/hosts /etc/hosts.backup
sudo sed -i '' '/bakery-ia.local/d' /etc/hosts
sudo sed -i '' '/api.bakery-ia.local/d' /etc/hosts
sudo sed -i '' '/monitoring.bakery-ia.local/d' /etc/hosts
```
## 🎯 Cleanup by Use Case
### Daily Development
```bash
# Quick reset between sessions
skaffold delete --profile=dev
```
### Weekly Cleanup
```bash
# Clean up accumulated images and cache
docker image prune -f
docker builder prune -f
```
### Project Finished
```bash
# Complete cleanup
./complete-cleanup.sh
```
### Something's Broken
```bash
# Nuclear reset
kind delete cluster --name bakery-ia-local
colima delete --profile k8s-local --force
# Then restart with ./skaffold-dev.sh
```
## 🔍 Verify Cleanup
After cleanup, verify with these commands:
```bash
# Check Docker images
docker images | grep bakery
# Check Kind clusters
kind get clusters
# Check Colima status
colima status --profile k8s-local
# Check Kubernetes (should fail if cluster deleted)
kubectl get pods -n bakery-ia
# Check hosts file
grep bakery /etc/hosts
```
## 🚀 Restart After Cleanup
To restart development after cleanup:
```bash
# Quick start
./skaffold-dev.sh
# Or with HTTPS
./setup-https.sh
# Or manual
colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local
kind create cluster --name bakery-ia-local
skaffold dev --profile=dev
```
## ⚠️ Important Notes
1. **Always backup** important data before cleanup
2. **The complete cleanup script is interactive** - it will ask before destructive operations
3. **Colima profile deletion** removes ALL Docker data in that profile
4. **Kind cluster deletion** is permanent - you'll lose all Kubernetes data
5. **Hosts file changes** require sudo permissions
Choose the cleanup level that matches your needs! 🎯

22
bakery-ia-ca.crt
View File

@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB9TCCAZygAwIBAgIQAqQJ8a0XYP5XfN9bOoSX6TAKBggqhkjOPQQDAjBbMQsw MIIB9jCCAZ2gAwIBAgIRALeFt7uyrRUtqT8VC8AyOqAwCgYIKoZIzj0EAwIwWzEL
CQYDVQQGEwJVUzESMBAGA1UEChMJQmFrZXJ5IElBMRswGQYDVQQLExJCYWtlcnkg MAkGA1UEBhMCVVMxEjAQBgNVBAoTCUJha2VyeSBJQTEbMBkGA1UECxMSQmFrZXJ5
SUEgTG9jYWwgQ0ExGzAZBgNVBAMTEmJha2VyeS1pYS1sb2NhbC1jYTAeFw0yNTA5 IElBIExvY2FsIENBMRswGQYDVQQDExJiYWtlcnktaWEtbG9jYWwtY2EwHhcNMjUw
MjgwODA5MzFaFw0yNjA5MjgwODA5MzFaMFsxCzAJBgNVBAYTAlVTMRIwEAYDVQQK OTI4MTYzMzAxWhcNMjYwOTI4MTYzMzAxWjBbMQswCQYDVQQGEwJVUzESMBAGA1UE
EwlCYWtlcnkgSUExGzAZBgNVBAsTEkJha2VyeSBJQSBMb2NhbCBDQTEbMBkGA1UE ChMJQmFrZXJ5IElBMRswGQYDVQQLExJCYWtlcnkgSUEgTG9jYWwgQ0ExGzAZBgNV
AxMSYmFrZXJ5LWlhLWxvY2FsLWNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE BAMTEmJha2VyeS1pYS1sb2NhbC1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
OaGd9w4LnTtcIZQo3P3CtBr8CVCckF1gWoNK3CCU30d29oiGTEU+IWo9CE2Tqszk BMvQUfoPOJxF4JWwFX+YoolhrMKMBJ7pN5roI6/puxXa3UKRuQSF17lQGqdI9MFy
ZIWKENOB05VaHbJYs2jArKNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQF oYaQJlQ9PqI5RwqZn6uAIT6jQjBAMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8E
MAMBAf8wHQYDVR0OBBYEFM0ePz20KZn61OMTwWj1aiG0YWVlMAoGCCqGSM49BAMC BTADAQH/MB0GA1UdDgQWBBS5waYyMCV5bG55I8YGZSIJCioRdjAKBggqhkjOPQQD
A0cAMEQCIE5DgVJTSpPyzHKG836VyMWvT1bNBzlmK+d0txTmivX4AiATgglI/ijl AgNHADBEAiAckCO8A4ZHLQg0wYi8q67lLB83OVXpyJ4Y3csjKI3WogIgNtuWgJ48
WD6Uf7SVsaB73mbL4vpHP7HZrZfk3MCo0g== uOcW+pgMS55qTRkhZfAZXdAlhq/M2d/C6QA=
-----END CERTIFICATE----- -----END CERTIFICATE-----

103
cleanup-https.sh
View File

@@ -1,103 +0,0 @@
#!/bin/bash
# Bakery IA HTTPS Cleanup Script
# This script removes HTTPS configuration and cert-manager
set -e
echo "🧹 Cleaning up HTTPS setup for Bakery IA"
echo "========================================"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
# Remove application
cleanup_application() {
print_status "Removing Bakery IA application..."
# Try Skaffold cleanup first (if available and was used)
if command -v skaffold &> /dev/null; then
print_status "Cleaning up Skaffold deployment..."
skaffold delete --profile=dev --ignore-not-found=true 2>/dev/null || true
fi
# Fallback to manual cleanup
print_status "Cleaning up remaining resources..."
kubectl delete -k infrastructure/kubernetes/overlays/dev/ --ignore-not-found=true
print_success "Application removed"
}
# Remove certificates and issuers
cleanup_certificates() {
print_status "Removing certificates and issuers..."
kubectl delete clusterissuers --all --ignore-not-found=true
kubectl delete certificates --all -n cert-manager --ignore-not-found=true
kubectl delete secrets local-ca-key-pair -n cert-manager --ignore-not-found=true
print_success "Certificates and issuers removed"
}
# Remove cert-manager
cleanup_cert_manager() {
print_status "Removing cert-manager..."
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml --ignore-not-found=true
print_success "cert-manager removed"
}
# Remove ingress controller
cleanup_ingress() {
print_status "Removing NGINX Ingress Controller..."
kubectl delete -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml --ignore-not-found=true
print_success "NGINX Ingress Controller removed"
}
# Remove local files
cleanup_local_files() {
print_status "Removing local certificate files..."
rm -f bakery-ia-ca.crt
print_success "Local files cleaned up"
}
# Main cleanup
main() {
print_warning "This will remove all HTTPS configuration and cert-manager from your cluster."
read -p "Are you sure you want to continue? (y/N): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
print_status "Cleanup cancelled"
exit 0
fi
cleanup_application
cleanup_certificates
cleanup_cert_manager
cleanup_ingress
cleanup_local_files
print_success "🎉 Cleanup completed!"
echo ""
echo "Additional cleanup commands (if needed):"
echo " 🗂️ Remove hosts entries: sudo sed -i '' '/bakery-ia.local/d' /etc/hosts"
echo " 🐳 Stop Colima: colima stop --profile k8s-local"
echo " 🗑️ Delete Kind cluster: kind delete cluster --name bakery-ia-local"
echo ""
print_warning "Note: Hosts file entries and CA certificate may need manual cleanup"
}
main "$@"

4
gateway/Dockerfile
View File

@@ -1,5 +1,5 @@
# Add this stage at the top of each service Dockerfile # Add this stage at the top of each service Dockerfile
FROM python:3.11-slim as shared FROM python:3.11-slim AS shared
WORKDIR /shared WORKDIR /shared
COPY shared/ /shared/ COPY shared/ /shared/
@@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared
COPY gateway/ . COPY gateway/ .
# Add shared libraries to Python path # Add shared libraries to Python path
ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}"
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

776
infrastructure/kubernetes/README.md
View File

@@ -1,214 +1,86 @@
# Bakery IA Kubernetes Configuration # Bakery IA Kubernetes Configuration
This directory contains Kubernetes manifests for deploying the Bakery IA forecasting platform in a local development environment with **permanent localhost access** and **FREE HTTPS support** using cert-manager and NGINX ingress. This directory contains Kubernetes manifests for deploying the Bakery IA platform in local development and production environments with HTTPS support using cert-manager and NGINX ingress.
## Quick Start (5 Commands) ## Quick Start
Deploy the entire platform with these 5 commands:
```bash ```bash
# 1. Start Colima # 1. Start Colima with adequate resources
colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local
# 2. Create Kind cluster with permanent localhost access # 2. Create Kind cluster with permanent localhost access
kind create cluster --config kind-config.yaml kind create cluster --config kind-config.yaml
# 3. Install NGINX Ingress Controller # 3. Install NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml && kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s
# 4. Configure permanent localhost access # 4. Configure permanent localhost access
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}'
# 5. Deploy your application # 5. Deploy with Skaffold
skaffold dev --profile=dev skaffold dev --profile=dev
# 🎉 Done! Access at: http://localhost # 🎉 Access at: https://localhost
``` ```
## Prerequisites (macOS Local Development) ## Prerequisites
1. **Colima**: Docker runtime for macOS Install the following tools on macOS:
2. **Kind**: Kubernetes in Docker for local clusters
3. **kubectl**: Kubernetes command-line tool
4. **Skaffold**: For building and deploying applications
5. **NGINX Ingress Controller**: For routing traffic (installed automatically)
6. **cert-manager**: For automatic TLS certificate management (installed automatically)
### Install Prerequisites (macOS)
```bash ```bash
# Install Homebrew (if not already installed) # Install via Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install required tools
brew install colima kind kubectl skaffold brew install colima kind kubectl skaffold
# Verify installations # Verify installations
colima version colima version && kind version && kubectl version --client && skaffold version
kind version
kubectl version --client
skaffold version
``` ```
## 🔒 HTTPS Setup Options
### Option 1: Automated HTTPS Setup (Recommended)
```bash
# Run the automated HTTPS setup script
./setup-https.sh
```
### Option 2: HTTP Only (Basic Setup)
```bash
# Deploy without HTTPS
kubectl apply -k infrastructure/kubernetes/overlays/dev/
```
## Kind Configuration for Permanent Localhost Access
The `kind-config.yaml` file in the root directory provides permanent localhost access without port forwarding:
```yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: bakery-ia-local
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
# HTTP ingress
- containerPort: 30080
hostPort: 80
protocol: TCP
# HTTPS ingress
- containerPort: 30443
hostPort: 443
protocol: TCP
# Direct frontend access (backup)
- containerPort: 30300
hostPort: 3000
protocol: TCP
# Direct gateway access (backup)
- containerPort: 30800
hostPort: 8000
protocol: TCP
```
This configuration maps:
- Port 80 → localhost:80 (HTTP)
- Port 443 → localhost:443 (HTTPS)
- Port 3000 → localhost:3000 (Direct frontend)
- Port 8000 → localhost:8000 (Direct gateway)
## Directory Structure ## Directory Structure
``` ```
infrastructure/kubernetes/ infrastructure/kubernetes/
├── kind-config.yaml # Kind cluster configuration with port mapping
├── base/ # Base Kubernetes resources ├── base/ # Base Kubernetes resources
│ ├── namespace.yaml # Namespace definition │ ├── namespace.yaml # Namespace definition
│ ├── configmap.yaml # Shared configuration │ ├── configmap.yaml # Shared configuration
│ ├── secrets.yaml # Secrets (base64 encoded) │ ├── secrets.yaml # Base64 encoded secrets
│ ├── ingress.yaml # HTTP ingress rules
│ ├── ingress-https.yaml # HTTPS ingress rules │ ├── ingress-https.yaml # HTTPS ingress rules
── kustomization.yaml # Base kustomization ── kustomization.yaml # Base kustomization
── components/ # Individual component manifests │ └── components/ # Individual component manifests
│ ├── cert-manager/ # Certificate management │ ├── cert-manager/ # Certificate management
├── cluster-issuer-staging.yaml # Let's Encrypt staging ├── auth/ # Authentication service
├── cluster-issuer-production.yaml # Let's Encrypt production ├── tenant/ # Tenant management
── local-ca-issuer.yaml # Local CA for development ── training/ # ML training service
├── auth/ # Auth service ├── forecasting/ # Demand forecasting
├── tenant/ # Tenant service ├── sales/ # Sales management
├── training/ # Training service ├── external/ # External API service
│ ├── forecasting/ # Forecasting service
│ ├── sales/ # Sales service
│ ├── external/ # External service
│ ├── notification/ # Notification service │ ├── notification/ # Notification service
│ ├── inventory/ # Inventory service ├── inventory/ # Inventory management
│ ├── recipes/ # Recipes service ├── recipes/ # Recipe management
│ ├── suppliers/ # Suppliers service ├── suppliers/ # Supplier management
│ ├── pos/ # POS service ├── pos/ # Point of sale
│ ├── orders/ # Orders service ├── orders/ # Order management
│ ├── production/ # Production service ├── production/ # Production planning
│ ├── alert-processor/ # Alert processor ├── alert-processor/ # Alert processing
│ ├── frontend/ # Frontend application ├── frontend/ # React frontend
│ ├── databases/ # Database deployments │ ├── databases/ # Database deployments
│ └── infrastructure/ # Infrastructure components (gateway, etc.) └── infrastructure/ # Gateway & monitoring
└── overlays/ └── overlays/
└── dev/ # Development environment overlay └── dev/ # Development environment
├── kustomization.yaml # Dev-specific kustomization ├── kustomization.yaml # Dev-specific configuration
── https-kustomization.yaml # HTTPS-specific kustomization ── dev-patches.yaml # Development patches
├── dev-patches.yaml # Development patches
└── ingress-https-patch.yaml # HTTPS ingress patch
``` ```
## 🚀 Quick Start (macOS with Kind + Colima) ## Access URLs
### 1. Start Colima and Create Kind Cluster with Permanent Localhost Access ### Primary Access (Standard Web Ports)
- **Frontend**: https://localhost
- **API Gateway**: https://localhost/api
```bash ### Named Host Access (Optional)
# Start Colima with proper resources for development Add to `/etc/hosts` for named access:
colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local
# Create Kind cluster with permanent port mapping for localhost access
kind create cluster --config kind-config.yaml
# Verify cluster is running and port mappings
kubectl cluster-info
docker port bakery-ia-local-control-plane
```
The `kind-config.yaml` configuration provides permanent localhost access on ports 80 and 443 without requiring port forwarding!
### 2. Install NGINX Ingress Controller for Kind
```bash
# Install NGINX Ingress Controller (Kind-specific with permanent localhost access)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
# Wait for ingress controller to be ready
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=300s
# Configure ingress controller for permanent localhost access
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}'
```
### 3. Deploy with Skaffold (No Port Forwarding Required!)
```bash
# Option A: Development mode with auto-rebuild (Recommended)
skaffold dev --profile=dev
# Option B: One-time deployment
skaffold run --profile=dev
# Option C: Debug mode (still includes port forwarding for individual services)
skaffold debug --profile=debug
# Check deployment status
kubectl get pods -n bakery-ia
kubectl get services -n bakery-ia
kubectl get ingress -n bakery-ia
```
**Note**: With the new configuration, skaffold no longer needs port forwarding for frontend access since localhost:80 and localhost:443 are permanently mapped!
### 4. Access the Application - Permanent Localhost Access! 🎉
**No /etc/hosts modification needed!** The application is now accessible directly via standard localhost URLs:
**Primary Access (Recommended):**
- **Frontend**: http://localhost or https://localhost
- **API Gateway**: http://localhost/api or https://localhost/api
**Named Host Access (Optional):**
If you prefer named hosts, add to your `/etc/hosts` file:
```bash ```bash
echo "127.0.0.1 bakery-ia.local" | sudo tee -a /etc/hosts echo "127.0.0.1 bakery-ia.local" | sudo tee -a /etc/hosts
echo "127.0.0.1 api.bakery-ia.local" | sudo tee -a /etc/hosts echo "127.0.0.1 api.bakery-ia.local" | sudo tee -a /etc/hosts
@@ -216,508 +88,186 @@ echo "127.0.0.1 monitoring.bakery-ia.local" | sudo tee -a /etc/hosts
``` ```
Then access via: Then access via:
- Frontend: http://bakery-ia.local or https://bakery-ia.local - **Frontend**: https://bakery-ia.local
- API Gateway: http://api.bakery-ia.local or https://api.bakery-ia.local - **API**: https://api.bakery-ia.local
- Monitoring: http://monitoring.bakery-ia.local or https://monitoring.bakery-ia.local - **Monitoring**: https://monitoring.bakery-ia.local
## 🔒 HTTPS Configuration (FREE with Let's Encrypt) ### Direct Service Access (Development)
- **Frontend**: http://localhost:3000
- **Gateway**: http://localhost:8000
### Automated HTTPS Setup ## Development Workflow
The quickest way to enable HTTPS is using the automated setup script:
### Start Development Environment
```bash ```bash
# Run the automated HTTPS setup script # Start development mode with hot-reload
./setup-https.sh skaffold dev --profile=dev
# Or one-time deployment
skaffold run --profile=dev
``` ```
This script will: ### Key Features
-Install cert-manager (FREE Let's Encrypt client) -**Hot-reload development** - Automatic rebuilds on code changes
-Install NGINX Ingress Controller -**Permanent localhost access** - No port forwarding needed
-Set up cluster issuers (staging, production, and local CA) -**HTTPS by default** - Local CA certificates for secure development
-Deploy your application with HTTPS support -**Microservices architecture** - All services deployed together
-Generate and configure TLS certificates -**Database management** - PostgreSQL, Redis, and RabbitMQ included
- ✅ Export CA certificate for browser trust
### Manual HTTPS Setup
If you prefer manual setup:
#### 1. Install cert-manager
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s
```
#### 2. Install NGINX Ingress Controller for Kind
```bash
kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s
```
#### 3. Apply Certificate Issuers
```bash
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml
```
#### 4. Deploy with HTTPS
```bash
kubectl apply -k infrastructure/kubernetes/overlays/dev/
kubectl patch ingress bakery-ingress -n bakery-ia --patch-file infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml
```
#### 5. Export CA Certificate for Browser Trust
```bash
kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt
```
### Access HTTPS Application
After HTTPS setup:
- **🔐 Frontend:** https://bakery-ia.local
- **🔐 API Gateway:** https://api.bakery-ia.local
- **🔐 Monitoring:** https://monitoring.bakery-ia.local
### Trust the CA Certificate
**For macOS:**
```bash
open bakery-ia-ca.crt
# In Keychain Access, find "bakery-ia-local-ca" and set to "Always Trust"
```
**For Linux:**
```bash
sudo cp bakery-ia-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
```
### Certificate Management Commands
```bash
# Check certificate status
kubectl get certificates -n bakery-ia
# Check certificate details
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia
# Check cluster issuers
kubectl get clusterissuers
# Check TLS secret
kubectl get secret bakery-ia-tls-cert -n bakery-ia
```
### Switching to Production Let's Encrypt
To use real Let's Encrypt certificates (requires public domain):
1. Update the cluster issuer in `ingress-https-patch.yaml`:
```yaml
cert-manager.io/cluster-issuer: "letsencrypt-production" # Change from local-ca-issuer
```
2. Update email in cluster issuers to your real email
3. Ensure your domain points to your cluster's external IP
### Cleanup HTTPS Setup
```bash
# Run cleanup script
./cleanup-https.sh
# Or manually clean up
kubectl delete -k infrastructure/kubernetes/overlays/dev/
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
rm -f bakery-ia-ca.crt
```
## Port Forwarding for Direct Access
If you prefer to access services directly without ingress:
```bash
# Frontend
kubectl port-forward -n bakery-ia svc/frontend-service 3000:3000
# Gateway
kubectl port-forward -n bakery-ia svc/gateway-service 8000:8000
# Auth Service
kubectl port-forward -n bakery-ia svc/auth-service 8001:8000
# Redis
kubectl port-forward -n bakery-ia svc/redis-service 6379:6379
# Database example (auth-db)
kubectl port-forward -n bakery-ia svc/auth-db-service 5432:5432
```
## Managing the Deployment
### Check Status
### Monitor and Debug
```bash ```bash
# Check all resources # Check all resources
kubectl get all -n bakery-ia kubectl get all -n bakery-ia
# Check specific resource types # View logs
kubectl get pods -n bakery-ia kubectl logs -n bakery-ia deployment/auth-service -f
kubectl get services -n bakery-ia
kubectl get deployments -n bakery-ia
kubectl get pvc -n bakery-ia
# Check logs # Check ingress status
kubectl logs -n bakery-ia deployment/auth-service kubectl get ingress -n bakery-ia
kubectl logs -n bakery-ia deployment/frontend -f # Follow logs
# Debug certificate issues
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia
``` ```
### Update Deployments ## Certificate Management
The platform uses cert-manager for automatic HTTPS certificate generation:
- **Local CA**: For development (default)
- **Let's Encrypt Staging**: For testing
- **Let's Encrypt Production**: For production deployments
### Trust Local Certificates
```bash ```bash
# After making changes to manifests # Export CA certificate
kubectl apply -k infrastructure/kubernetes/overlays/dev/ kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt
# Force restart a deployment # Trust in macOS
kubectl rollout restart -n bakery-ia deployment/auth-service open bakery-ia-ca.crt
# In Keychain Access, set "bakery-ia-local-ca" to "Always Trust"
# Check rollout status
kubectl rollout status -n bakery-ia deployment/auth-service
``` ```
### Scaling Services ## Configuration Management
```bash
# Scale a service
kubectl scale -n bakery-ia deployment/auth-service --replicas=3
# Or edit the kustomization.yaml replicas section and reapply
```
### Clean Up (macOS + Kind + Colima + Skaffold)
```bash
# Option 1: Quick cleanup (development session)
skaffold delete --profile=dev
# Option 2: Clean up HTTPS setup
./cleanup-https.sh
# Option 3: Complete cleanup (everything)
./complete-cleanup.sh
# Option 4: Manual cleanup steps
kubectl delete namespace bakery-ia
kind delete cluster --name bakery-ia-local
colima stop --profile k8s-local
```
**📖 For detailed cleanup options, see [CLEANUP-GUIDE.md](../../CLEANUP-GUIDE.md)**
## Configuration
### Secrets ### Secrets
Base64-encoded secrets are stored in `base/secrets.yaml`. For production:
- Use external secret management (HashiCorp Vault, AWS Secrets Manager)
- Never commit real secrets to version control
The `secrets.yaml` file contains base64-encoded secrets. For production, these should be:
1. Generated securely
2. Managed through external secret management systems
3. Not committed to version control
To encode/decode secrets:
```bash ```bash
# Encode # Encode secrets
echo -n "your-secret-value" | base64 echo -n "your-secret-value" | base64
# Decode # Decode secrets
echo "eW91ci1zZWNyZXQtdmFsdWU=" | base64 -d echo "eW91ci1zZWNyZXQtdmFsdWU=" | base64 -d
``` ```
### Environment-Specific Configuration ### Environment Configuration
Development-specific settings are in `overlays/dev/`:
- **Resource limits**: Reduced for local development
- **Image pull policy**: Never (for local images)
- **Debug settings**: Enabled
- **CORS**: Configured for localhost
Modify the `overlays/dev/` files to customize the development environment: ## Scaling and Resource Management
- `kustomization.yaml`: Image tags, replicas, resource references
- `dev-patches.yaml`: Environment-specific configuration overrides
### Adding New Services ### Scale Services
```bash
# Scale individual service
kubectl scale -n bakery-ia deployment/auth-service --replicas=3
1. Create a new directory under `components/` # Or update kustomization.yaml replicas section
2. Add the service YAML manifest ```
3. Update `base/kustomization.yaml` to include the new resource
4. Update configuration maps and secrets as needed ### Resource Configuration
Development environment uses minimal resources:
- **Databases**: 64Mi-256Mi memory, 25m-200m CPU
- **Services**: 64Mi-256Mi memory, 25m-200m CPU
- **Training Service**: 256Mi-1Gi memory (ML workloads)
## Troubleshooting ## Troubleshooting
### Common Issues ### Common Issues
1. **Images not found**: Ensure images are built and available to the cluster 1. **Images not found**
2. **Pending pods**: Check resource requests and cluster capacity ```bash
3. **CrashLoopBackOff**: Check logs and environment variables # Build images with Skaffold
4. **Service not accessible**: Verify ingress controller is running and localhost ports are mapped skaffold build --profile=dev
5. **Database corruption**: If PostgreSQL databases show "could not locate a valid checkpoint record", delete the PVC and restart the pod to get fresh storage ```
6. **Port conflicts**: If localhost:80 or localhost:443 are already in use, stop other services or change the Kind configuration
7. **HTTPS certificate not issued**: Check cert-manager logs and cluster issuer status
8. **Browser security warnings**: Import and trust the CA certificate (`bakery-ia-ca.crt`)
9. **Certificate pending**: Wait for cert-manager to issue the certificate (usually takes 30-60 seconds)
10. **Kustomize deprecation warnings**: Fixed - using modern `patches` syntax instead of deprecated `patchesStrategicMerge` and `patchesJson6902`
### Database Recovery Commands 2. **Database corruption after restart**
```bash
# Delete corrupted PVC and restart
kubectl delete pod -n bakery-ia -l app.kubernetes.io/name=inventory-db
kubectl delete pvc -n bakery-ia inventory-db-pvc
```
If you encounter database corruption (common after improper cluster shutdown): 3. **HTTPS certificate not issued**
```bash
# Check cert-manager logs
kubectl logs -n cert-manager deployment/cert-manager
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia
```
4. **Port conflicts**
```bash
# Check what's using ports 80/443
sudo lsof -i :80 -i :443
```
### Debug Commands
```bash ```bash
# Check which databases are failing # Get cluster events
kubectl get pods -n bakery-ia | grep -E "(db|CrashLoopBackOff)"
# For each corrupted database (example with inventory-db):
kubectl delete pod -n bakery-ia -l app.kubernetes.io/name=inventory-db
kubectl delete pvc -n bakery-ia inventory-db-pvc
# The deployment will automatically recreate with fresh storage
# Repeat for pos-db-pvc and training-db-pvc if needed
```
### Debugging Commands
```bash
# Describe resources for detailed information
kubectl describe pod -n bakery-ia <pod-name>
kubectl describe deployment -n bakery-ia <deployment-name>
# Get events
kubectl get events -n bakery-ia --sort-by='.firstTimestamp' kubectl get events -n bakery-ia --sort-by='.firstTimestamp'
# Execute commands in pods # Resource usage
kubectl exec -n bakery-ia -it <pod-name> -- bash
kubectl exec -n bakery-ia -it <pod-name> -- env
# Check resource usage
kubectl top pods -n bakery-ia kubectl top pods -n bakery-ia
kubectl top nodes kubectl top nodes
# HTTPS/Certificate debugging # Execute in pod
kubectl logs -n cert-manager deployment/cert-manager kubectl exec -n bakery-ia -it <pod-name> -- bash
kubectl describe clusterissuer letsencrypt-staging
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia
kubectl get challenges -n bakery-ia
kubectl get certificaterequests -n bakery-ia
``` ```
## Production Considerations ## Cleanup
For production deployment, consider:
1. **Resource Limits**: Set appropriate CPU and memory limits
2. **Persistent Volumes**: Use proper storage classes for databases
3. **Secrets Management**: Use external secret management (HashiCorp Vault, AWS Secrets Manager, etc.)
4. **Monitoring**: Deploy Prometheus and Grafana
5. **Backup**: Implement database backup strategies
6. **High Availability**: Use multiple replicas and anti-affinity rules
7. **Security**: Network policies, RBAC, pod security policies
8. **TLS/HTTPS**: Use production Let's Encrypt certificates for public domains
9. **CI/CD**: Integrate with your deployment pipeline
## Next Steps
1. Add monitoring with Prometheus and Grafana
2. Implement proper logging with ELK stack or similar
3. Add health checks and metrics endpoints
4. Implement automated testing
5. Set up CI/CD pipelines for automated deployments
## 🚀 Complete Setup Guide (macOS + Kind + Colima) - New Permanent Solution!
### Method 1: Permanent Localhost Access (Recommended - No Port Forwarding!)
### Quick Cleanup
```bash ```bash
# 1. Start Colima # Stop Skaffold (Ctrl+C or)
colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local skaffold delete --profile=dev
# 2. Create Kind cluster with permanent port mapping
kind create cluster --config kind-config.yaml
# 3. Install NGINX Ingress Controller with NodePort configuration
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s
# 4. Configure ingress for permanent localhost access
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}'
# 5. Deploy with Skaffold
skaffold dev --profile=dev
# 6. Access your application - NO /etc/hosts needed!
# Frontend: http://localhost
# API: http://localhost/api
# HTTPS: https://localhost (with browser security warnings)
``` ```
### Method 2: Legacy Setup with HTTPS and Named Hosts ### Complete Cleanup
```bash ```bash
# 1. Start Colima # Delete everything
colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local kubectl delete namespace bakery-ia
# 2. Create standard Kind cluster
kind create cluster --name bakery-ia-local
# 3. Run automated HTTPS setup (includes cert-manager and ingress)
./setup-https.sh
# 4. Deploy with Skaffold
skaffold dev --profile=dev
# 5. Add hosts entries for named hosts
sudo tee -a /etc/hosts << EOF
127.0.0.1 bakery-ia.local
127.0.0.1 api.bakery-ia.local
127.0.0.1 monitoring.bakery-ia.local
EOF
# 6. Trust CA certificate (for HTTPS)
open bakery-ia-ca.crt
# In Keychain Access, set "bakery-ia-local-ca" to "Always Trust"
```
## 🚀 Skaffold Development Workflow
### Development Mode (Recommended)
```bash
# Start continuous development mode
skaffold dev --profile=dev
```
This will:
-**Build all Docker images** automatically
-**Deploy to your Kind cluster**
-**Watch for file changes** in real-time
-**Automatically rebuild and redeploy** when you save files
-**Stream logs** from all services in one terminal
### Other Skaffold Commands
```bash
# One-time deployment (no file watching)
skaffold run --profile=dev
# Debug mode with port forwarding
skaffold debug --profile=debug
# Force rebuild and deploy
skaffold build --file-output=build.json
skaffold deploy --build-artifacts=build.json
# Clean up deployed resources
skaffold delete
```
### Stopping Skaffold
```bash
# Stop Skaffold (press Ctrl+C in the terminal running skaffold dev)
# Or run:
skaffold delete
# Complete cleanup
kind delete cluster --name bakery-ia-local kind delete cluster --name bakery-ia-local
colima stop --profile k8s-local colima stop --profile k8s-local
``` ```
### 🎯 Key Skaffold Benefits ### Restart Sequence
```bash
# Post-restart startup
colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local
kind create cluster --config kind-config.yaml
skaffold dev --profile=dev
```
1. **🔄 Automated builds**: No manual Docker image building ## Production Considerations
2. **👀 File watching**: Instant rebuilds on code changes
3. **📊 Log streaming**: All service logs in one place
4. **🔗 Port forwarding**: Easy access to services during development
5. **⚡ One command deployment**: `skaffold dev` does everything
### 💡 Pro Tips For production deployment:
- Use `skaffold dev --profile=dev` for daily development - **Security**: Implement RBAC, network policies, pod security standards
- Code changes trigger automatic rebuilds and deployments - **Monitoring**: Deploy Prometheus, Grafana, and alerting
- Logs are automatically streamed to your terminal - **Backup**: Database backup strategies
- Press `Ctrl+C` to stop and clean up everything - **High Availability**: Multi-replica deployments with anti-affinity
- **External Secrets**: Use managed secret services
- **TLS**: Production Let's Encrypt certificates
- **CI/CD**: Automated deployment pipelines
## 🎉 Summary: What You Get ## Next Steps
### 🚀 NEW: Permanent Localhost Access (No Port Forwarding!) 1. Add comprehensive monitoring and logging
-**Direct localhost access** at http://localhost and https://localhost 2. Implement automated testing
-**Standard web ports** 80 and 443 work directly 3. Set up CI/CD pipelines
-**No /etc/hosts modifications** required for basic access 4. Add health checks and metrics endpoints
-**No port forwarding commands** needed during development 5. Implement proper backup strategies
-**Bookmark-friendly URLs** like any standard web application
-**Kind cluster configuration** with permanent port mapping
### Development Environment
-**One-command deployment** with `skaffold dev --profile=dev`
-**Hot-reload development** with automatic rebuilds
-**Complete observability** with streaming logs and metrics
-**Easy cleanup** with `skaffold delete` or cleanup scripts
-**Database corruption protection** with proper PVC management
### FREE HTTPS with Let's Encrypt (Optional)
-**Automated certificate management** with cert-manager
-**Local development certificates** for offline work
-**Production-ready** Let's Encrypt integration
-**Auto-renewal** of certificates before expiration
-**Browser-trusted certificates** with CA import
### Security Features
-**TLS 1.3 encryption** for all traffic (when HTTPS is configured)
-**HTTPS redirects** from HTTP (configurable)
-**Secure headers** via NGINX Ingress
-**Certificate transparency** compliance
### Access URLs - Choose Your Style!
**🌟 Primary Access (New Permanent Solution):**
- **Frontend:** http://localhost or https://localhost
- **API Gateway:** http://localhost/api or https://localhost/api
**🏷️ Named Host Access (Optional with /etc/hosts):**
- **Frontend:** http://bakery-ia.local or https://bakery-ia.local
- **API:** http://api.bakery-ia.local or https://api.bakery-ia.local
- **Monitoring:** http://monitoring.bakery-ia.local or https://monitoring.bakery-ia.local
**🔧 Direct Service Access (Backup):**
- **Frontend Direct:** http://localhost:3000
- **Gateway Direct:** http://localhost:8000
This setup provides production-like development experience with the convenience of standard localhost URLs! 🚀
Pre-Restart Shutdown Sequence:
1. Stop Skaffold:
# If running interactively: Ctrl+C
# If running in background:
pkill -f skaffold
2. Delete Kind cluster:
kind delete cluster --name bakery-ia-local
3. Stop Colima:
colima stop
Post-Restart Startup Sequence:
1. Start Colima:
colima start
2. Create Kind cluster:
kind create cluster --config kind-config.yaml --name bakery-ia-local
3. Start Skaffold with dev profile:
skaffold dev -p dev
What Skaffold Will Do:
- Check existing Docker images (tagged as :dev)
- Skip rebuilds if source code unchanged
- Load images to new Kind cluster
- Deploy using infrastructure/kubernetes/overlays/dev
- Watch for changes and hot-reload
The -p dev profile ensures consistent tagging and deployment configuration
as defined in your skaffold.yaml profiles section.

101
infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml
View File

@@ -69,92 +69,29 @@ spec:
containers: containers:
- name: alert-processor-service - name: alert-processor-service
image: bakery/alert-processor:f246381-dirty image: bakery/alert-processor:f246381-dirty
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: ALERT_PROCESSOR_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: ALERT_PROCESSOR_DB_HOST
- name: ALERT_PROCESSOR_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: ALERT_PROCESSOR_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: ALERT_PROCESSOR_DB_NAME
- name: ALERT_PROCESSOR_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: ALERT_PROCESSOR_DB_USER - secretRef:
- name: ALERT_PROCESSOR_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: ALERT_PROCESSOR_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: RABBITMQ_VHOST - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: RABBITMQ_VHOST - secretRef:
- name: NOTIFICATION_SERVICE_URL name: pos-integration-secrets
valueFrom: - secretRef:
configMapKeyRef: name: whatsapp-secrets
name: bakery-config
key: NOTIFICATION_SERVICE_URL
resources: resources:
requests: requests:
memory: "128Mi" memory: "128Mi"

99
infrastructure/kubernetes/base/components/auth/auth-service.yaml
View File

@@ -25,92 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: AUTH_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: AUTH_DB_HOST
- name: AUTH_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: AUTH_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: AUTH_DB_NAME
- name: AUTH_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: AUTH_DB_USER - secretRef:
- name: AUTH_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: AUTH_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: RABBITMQ_PASSWORD
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: jwt-secrets name: jwt-secrets
key: JWT_SECRET_KEY - secretRef:
- name: JWT_REFRESH_SECRET_KEY name: external-api-secrets
valueFrom: - secretRef:
secretKeyRef: name: payment-secrets
name: jwt-secrets - secretRef:
key: JWT_REFRESH_SECRET_KEY name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/external/external-service.yaml vendored
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: EXTERNAL_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: EXTERNAL_DB_HOST
- name: EXTERNAL_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: EXTERNAL_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: EXTERNAL_DB_NAME
- name: EXTERNAL_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: EXTERNAL_DB_USER - secretRef:
- name: EXTERNAL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: EXTERNAL_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/forecasting/forecasting-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: FORECASTING_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: FORECASTING_DB_HOST
- name: FORECASTING_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: FORECASTING_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: FORECASTING_DB_NAME
- name: FORECASTING_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: FORECASTING_DB_USER - secretRef:
- name: FORECASTING_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: FORECASTING_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

21
infrastructure/kubernetes/base/components/frontend/frontend-service.yaml
View File

@@ -29,26 +29,9 @@ spec:
env: env:
- name: NODE_ENV - name: NODE_ENV
value: "production" value: "production"
- name: VITE_APP_TITLE envFrom:
valueFrom: - configMapRef:
configMapKeyRef:
name: bakery-config name: bakery-config
key: VITE_APP_TITLE
- name: VITE_APP_VERSION
valueFrom:
configMapKeyRef:
name: bakery-config
key: VITE_APP_VERSION
- name: VITE_API_URL
valueFrom:
configMapKeyRef:
name: bakery-config
key: VITE_API_URL
- name: VITE_ENVIRONMENT
valueFrom:
configMapKeyRef:
name: bakery-config
key: VITE_ENVIRONMENT
resources: resources:
requests: requests:
memory: "512Mi" memory: "512Mi"

73
infrastructure/kubernetes/base/components/infrastructure/gateway-service.yaml
View File

@@ -25,62 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG name: database-secrets
valueFrom: - secretRef:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/inventory/inventory-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: INVENTORY_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: INVENTORY_DB_HOST
- name: INVENTORY_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: INVENTORY_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: INVENTORY_DB_NAME
- name: INVENTORY_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: INVENTORY_DB_USER - secretRef:
- name: INVENTORY_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: INVENTORY_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/notification/notification-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: NOTIFICATION_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: NOTIFICATION_DB_HOST
- name: NOTIFICATION_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: NOTIFICATION_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: NOTIFICATION_DB_NAME
- name: NOTIFICATION_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: NOTIFICATION_DB_USER - secretRef:
- name: NOTIFICATION_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: NOTIFICATION_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/orders/orders-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: ORDERS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORDERS_DB_HOST
- name: ORDERS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: ORDERS_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORDERS_DB_NAME
- name: ORDERS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: ORDERS_DB_USER - secretRef:
- name: ORDERS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: ORDERS_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/pos/pos-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: POS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: POS_DB_HOST
- name: POS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: POS_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: POS_DB_NAME
- name: POS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: POS_DB_USER - secretRef:
- name: POS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: POS_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/production/production-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: PRODUCTION_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: PRODUCTION_DB_HOST
- name: PRODUCTION_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: PRODUCTION_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: PRODUCTION_DB_NAME
- name: PRODUCTION_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: PRODUCTION_DB_USER - secretRef:
- name: PRODUCTION_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: PRODUCTION_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/recipes/recipes-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: RECIPES_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RECIPES_DB_HOST
- name: RECIPES_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: RECIPES_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: RECIPES_DB_NAME
- name: RECIPES_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: RECIPES_DB_USER - secretRef:
- name: RECIPES_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: RECIPES_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

101
infrastructure/kubernetes/base/components/sales/sales-service.yaml
View File

@@ -25,92 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: SALES_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: SALES_DB_HOST
- name: SALES_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: SALES_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: SALES_DB_NAME
- name: SALES_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: SALES_DB_USER - secretRef:
- name: SALES_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: SALES_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
- name: GATEWAY_URL name: pos-integration-secrets
valueFrom: - secretRef:
configMapKeyRef: name: whatsapp-secrets
name: bakery-config
key: GATEWAY_URL
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/suppliers/suppliers-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: SUPPLIERS_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: SUPPLIERS_DB_HOST
- name: SUPPLIERS_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: SUPPLIERS_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: SUPPLIERS_DB_NAME
- name: SUPPLIERS_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: SUPPLIERS_DB_USER - secretRef:
- name: SUPPLIERS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

96
infrastructure/kubernetes/base/components/tenant/tenant-service.yaml
View File

@@ -25,87 +25,29 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: TENANT_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: TENANT_DB_HOST
- name: TENANT_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: TENANT_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: TENANT_DB_NAME
- name: TENANT_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: TENANT_DB_USER - secretRef:
- name: TENANT_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: TENANT_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"

102
infrastructure/kubernetes/base/components/training/training-service.yaml
View File

@@ -25,92 +25,30 @@ spec:
ports: ports:
- containerPort: 8000 - containerPort: 8000
name: http name: http
env: envFrom:
- name: ENVIRONMENT - configMapRef:
valueFrom:
configMapKeyRef:
name: bakery-config name: bakery-config
key: ENVIRONMENT - secretRef:
- name: DEBUG
valueFrom:
configMapKeyRef:
name: bakery-config
key: DEBUG
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: bakery-config
key: LOG_LEVEL
- name: TRAINING_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: TRAINING_DB_HOST
- name: TRAINING_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: TRAINING_DB_NAME
valueFrom:
configMapKeyRef:
name: bakery-config
key: TRAINING_DB_NAME
- name: TRAINING_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets name: database-secrets
key: TRAINING_DB_USER - secretRef:
- name: TRAINING_DB_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: TRAINING_DB_PASSWORD
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secrets name: redis-secrets
key: REDIS_PASSWORD - secretRef:
- name: RABBITMQ_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_HOST
- name: RABBITMQ_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: RABBITMQ_PORT
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets name: rabbitmq-secrets
key: RABBITMQ_USER - secretRef:
- name: RABBITMQ_PASSWORD name: jwt-secrets
valueFrom: - secretRef:
secretKeyRef: name: external-api-secrets
name: rabbitmq-secrets - secretRef:
key: RABBITMQ_PASSWORD name: payment-secrets
- name: AUTH_SERVICE_URL - secretRef:
valueFrom: name: email-secrets
configMapKeyRef: - secretRef:
name: bakery-config name: monitoring-secrets
key: AUTH_SERVICE_URL - secretRef:
- name: GATEWAY_URL name: pos-integration-secrets
valueFrom: - secretRef:
configMapKeyRef: name: whatsapp-secrets
name: bakery-config env:
key: GATEWAY_URL
- name: TRAINING_PERSISTENCE_PATH - name: TRAINING_PERSISTENCE_PATH
value: "/app/training_state" value: "/app/training_state"
volumeMounts: volumeMounts:

93
infrastructure/kubernetes/base/ingress.yaml
View File

@@ -1,93 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bakery-ingress
namespace: bakery-ia
labels:
app.kubernetes.io/name: bakery-ia
app.kubernetes.io/component: ingress
annotations:
# Kind-specific nginx ingress controller annotations
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
# CORS configuration for local development
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000,http://bakery-ia.local,http://127.0.0.1:3000"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
ingressClassName: nginx
rules:
- host: bakery-ia.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 3000
- path: /api
pathType: Prefix
backend:
service:
name: gateway-service
port:
number: 8000
- path: /auth
pathType: Prefix
backend:
service:
name: auth-service
port:
number: 8000
- host: api.bakery-ia.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gateway-service
port:
number: 8000
- host: monitoring.bakery-ia.local
http:
paths:
- path: /grafana
pathType: Prefix
backend:
service:
name: grafana-service
port:
number: 3000
- path: /prometheus
pathType: Prefix
backend:
service:
name: prometheus-service
port:
number: 9090
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 3000
- path: /api
pathType: Prefix
backend:
service:
name: gateway-service
port:
number: 8000

2
infrastructure/kubernetes/base/kustomization.yaml
View File

@@ -9,7 +9,7 @@ resources:
- namespace.yaml - namespace.yaml
- configmap.yaml - configmap.yaml
- secrets.yaml - secrets.yaml
- ingress.yaml - ingress-https.yaml
# Infrastructure components # Infrastructure components
- components/databases/redis.yaml - components/databases/redis.yaml

38
infrastructure/kubernetes/overlays/dev/dev-ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bakery-ingress
namespace: bakery-ia
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/enable-cors: "true"
# Development specific annotations
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 3000
- path: /api
pathType: Prefix
backend:
service:
name: gateway-service
port:
number: 8000

41
infrastructure/kubernetes/overlays/dev/dev-patches.yaml
View File

@@ -18,44 +18,3 @@ data:
# Frontend Development Configuration # Frontend Development Configuration
VITE_ENVIRONMENT: "development" VITE_ENVIRONMENT: "development"
VITE_API_URL: "/api" VITE_API_URL: "/api"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bakery-ingress
namespace: bakery-ia
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/enable-cors: "true"
# Development specific annotations
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 3000
- path: /api
pathType: Prefix
backend:
service:
name: gateway-service
port:
number: 8000

62
infrastructure/kubernetes/overlays/dev/https-kustomization.yaml
View File

@@ -1,62 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: bakery-ia-https-dev
# Base configuration
resources:
- ../../base
- ../../base/components/cert-manager/cluster-issuer-staging.yaml
- ../../base/components/cert-manager/cluster-issuer-production.yaml
- ../../base/components/cert-manager/local-ca-issuer.yaml
# Patches
patches:
- path: dev-patches.yaml
- target:
kind: Ingress
name: bakery-ingress
path: ingress-https-patch.yaml
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/part-of: bakery-ia
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/environment: dev-https
# Set image tags for development
images:
- name: bakery/auth-service
newTag: latest
- name: bakery/tenant-service
newTag: latest
- name: bakery/training-service
newTag: latest
- name: bakery/forecasting-service
newTag: latest
- name: bakery/sales-service
newTag: latest
- name: bakery/external-service
newTag: latest
- name: bakery/notification-service
newTag: latest
- name: bakery/inventory-service
newTag: latest
- name: bakery/recipes-service
newTag: latest
- name: bakery/suppliers-service
newTag: latest
- name: bakery/pos-service
newTag: latest
- name: bakery/orders-service
newTag: latest
- name: bakery/production-service
newTag: latest
- name: bakery/alert-processor
newTag: latest
- name: bakery/gateway
newTag: latest
- name: bakery/dashboard
newTag: latest

20
infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bakery-ingress
namespace: bakery-ia
annotations:
# Enable HTTPS redirect
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# Update CORS for HTTPS
nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakery-ia.local,https://api.bakery-ia.local,https://monitoring.bakery-ia.local"
# Cert-manager annotations - using local CA for development
cert-manager.io/cluster-issuer: "local-ca-issuer"
spec:
tls:
- hosts:
- bakery-ia.local
- api.bakery-ia.local
- monitoring.bakery-ia.local
secretName: bakery-ia-tls-cert

1
infrastructure/kubernetes/overlays/dev/kustomization.yaml
View File

@@ -8,6 +8,7 @@ namespace: bakery-ia
resources: resources:
- ../../base - ../../base
- dev-ingress.yaml
patches: patches:
- path: dev-patches.yaml - path: dev-patches.yaml

4
services/auth/Dockerfile
View File

@@ -1,5 +1,5 @@
# Add this stage at the top of each service Dockerfile # Add this stage at the top of each service Dockerfile
FROM python:3.11-slim as shared FROM python:3.11-slim AS shared
WORKDIR /shared WORKDIR /shared
COPY shared/ /shared/ COPY shared/ /shared/
@@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared
COPY services/auth/ . COPY services/auth/ .
# Add shared libraries to Python path # Add shared libraries to Python path
ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}"
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

4
services/forecasting/Dockerfile
View File

@@ -1,5 +1,5 @@
# Add this stage at the top of each service Dockerfile # Add this stage at the top of each service Dockerfile
FROM python:3.11-slim as shared FROM python:3.11-slim AS shared
WORKDIR /shared WORKDIR /shared
COPY shared/ /shared/ COPY shared/ /shared/
@@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared
COPY services/forecasting/ . COPY services/forecasting/ .
# Add shared libraries to Python path # Add shared libraries to Python path
ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}"
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

4
services/notification/Dockerfile
View File

@@ -1,5 +1,5 @@
# Add this stage at the top of each service Dockerfile # Add this stage at the top of each service Dockerfile
FROM python:3.11-slim as shared FROM python:3.11-slim AS shared
WORKDIR /shared WORKDIR /shared
COPY shared/ /shared/ COPY shared/ /shared/
@@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared
COPY services/notification/ . COPY services/notification/ .
# Add shared libraries to Python path # Add shared libraries to Python path
ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}"
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

4
services/orders/app/repositories/order_repository.py
View File

@@ -433,13 +433,13 @@ class OrderRepository(BaseRepository[CustomerOrder, OrderCreate, OrderUpdate]):
func.count(func.distinct(CustomerOrder.customer_id)).label("unique_customers"), func.count(func.distinct(CustomerOrder.customer_id)).label("unique_customers"),
func.sum( func.sum(
case( case(
[(CustomerOrder.order_type == "rush", 1)], (CustomerOrder.order_type == "rush", 1),
else_=0 else_=0
) )
).label("rush_orders"), ).label("rush_orders"),
func.sum( func.sum(
case( case(
[(CustomerOrder.sales_channel == "wholesale", 1)], (CustomerOrder.sales_channel == "wholesale", 1),
else_=0 else_=0
) )
).label("wholesale_orders") ).label("wholesale_orders")

4
services/tenant/Dockerfile
View File

@@ -1,5 +1,5 @@
# Add this stage at the top of each service Dockerfile # Add this stage at the top of each service Dockerfile
FROM python:3.11-slim as shared FROM python:3.11-slim AS shared
WORKDIR /shared WORKDIR /shared
COPY shared/ /shared/ COPY shared/ /shared/
@@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared
COPY services/tenant/ . COPY services/tenant/ .
# Add shared libraries to Python path # Add shared libraries to Python path
ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}"
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

4
services/training/Dockerfile
View File

@@ -1,5 +1,5 @@
# Add this stage at the top of each service Dockerfile # Add this stage at the top of each service Dockerfile
FROM python:3.11-slim as shared FROM python:3.11-slim AS shared
WORKDIR /shared WORKDIR /shared
COPY shared/ /shared/ COPY shared/ /shared/
@@ -27,7 +27,7 @@ COPY --from=shared /shared /app/shared
COPY services/training/ . COPY services/training/ .
# Add shared libraries to Python path # Add shared libraries to Python path
ENV PYTHONPATH="/app:/app/shared:$PYTHONPATH" ENV PYTHONPATH="/app:/app/shared:${PYTHONPATH:-}"
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

527
setup-https.sh
View File

@@ -3,7 +3,8 @@
# Bakery IA HTTPS Setup Script # Bakery IA HTTPS Setup Script
# This script sets up HTTPS with cert-manager and Let's Encrypt for local development # This script sets up HTTPS with cert-manager and Let's Encrypt for local development
set -e # Remove -e to handle errors more gracefully
set -u
echo "🔒 Setting up HTTPS for Bakery IA with cert-manager and Let's Encrypt" echo "🔒 Setting up HTTPS for Bakery IA with cert-manager and Let's Encrypt"
echo "===============================================================" echo "==============================================================="
@@ -64,17 +65,60 @@ check_prerequisites() {
# Check if Colima is running # Check if Colima is running
if ! colima status --profile k8s-local &> /dev/null; then if ! colima status --profile k8s-local &> /dev/null; then
print_error "Colima is not running. Please start it with:" print_warning "Colima is not running. Starting Colima..."
print_error "colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local" colima start --cpu 4 --memory 8 --disk 100 --runtime docker --profile k8s-local
if [ $? -ne 0 ]; then
print_error "Failed to start Colima. Please check your Docker installation."
exit 1
fi
print_success "Colima started successfully"
fi
# Check if cluster is running or exists
local cluster_exists=false
local cluster_running=false
# Check if Kind cluster exists
if kind get clusters | grep -q "bakery-ia-local"; then
cluster_exists=true
print_status "Kind cluster 'bakery-ia-local' already exists"
# Check if kubectl can connect to it
if kubectl cluster-info --context kind-bakery-ia-local &> /dev/null; then
cluster_running=true
print_success "Kubernetes cluster is running and accessible"
else
print_warning "Kind cluster exists but is not accessible via kubectl"
fi
fi
# Handle cluster creation/recreation
if [ "$cluster_exists" = true ] && [ "$cluster_running" = false ]; then
print_warning "Kind cluster exists but is not running. Recreating..."
kind delete cluster --name bakery-ia-local || true
cluster_exists=false
fi
if [ "$cluster_exists" = false ]; then
print_warning "Creating new Kind cluster..."
if [ ! -f "kind-config.yaml" ]; then
print_error "kind-config.yaml not found. Please ensure you're running this script from the project root."
exit 1 exit 1
fi fi
# Check if cluster is running if kind create cluster --config kind-config.yaml; then
if ! kubectl cluster-info &> /dev/null; then print_success "Kind cluster created successfully"
print_error "No Kubernetes cluster found. Please create your Kind cluster first:" else
print_error "kind create cluster --name bakery-ia-local" print_error "Failed to create Kind cluster. Please check your Kind installation."
exit 1 exit 1
fi fi
fi
# Ensure we're using the correct kubectl context
kubectl config use-context kind-bakery-ia-local || {
print_error "Failed to set kubectl context to kind-bakery-ia-local"
exit 1
}
print_success "Prerequisites check passed" print_success "Prerequisites check passed"
} }
@@ -83,48 +127,208 @@ check_prerequisites() {
install_cert_manager() { install_cert_manager() {
print_status "Installing cert-manager..." print_status "Installing cert-manager..."
# Check if cert-manager is already installed
if kubectl get namespace cert-manager &> /dev/null; then
print_warning "cert-manager namespace already exists. Checking if installation is complete..."
# Check if pods are running
if kubectl get pods -n cert-manager | grep -q "Running"; then
print_success "cert-manager is already installed and running"
return 0
else
print_status "cert-manager exists but pods are not ready. Waiting..."
fi
else
# Install cert-manager # Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml print_status "Installing cert-manager from official release..."
if kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml; then
print_success "cert-manager installation started"
else
print_error "Failed to install cert-manager. Please check your internet connection and try again."
exit 1
fi
fi
# Wait for cert-manager to be ready # Wait for cert-manager namespace to be created
print_status "Waiting for cert-manager namespace..."
for i in {1..30}; do
if kubectl get namespace cert-manager &> /dev/null; then
break
fi
sleep 2
done
# Wait for cert-manager pods to be created
print_status "Waiting for cert-manager pods to be created..."
for i in {1..60}; do
if kubectl get pods -n cert-manager &> /dev/null && [ $(kubectl get pods -n cert-manager --no-headers | wc -l) -ge 3 ]; then
print_success "cert-manager pods created"
break
fi
print_status "Waiting for cert-manager pods... (attempt $i/60)"
sleep 5
done
# Wait for cert-manager pods to be ready
print_status "Waiting for cert-manager pods to be ready..." print_status "Waiting for cert-manager pods to be ready..."
kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s
# Use more reliable selectors for cert-manager components
local components=(
"app.kubernetes.io/name=cert-manager"
"app.kubernetes.io/name=cainjector"
"app.kubernetes.io/name=webhook"
)
local component_names=("cert-manager" "cert-manager-cainjector" "cert-manager-webhook")
for i in "${!components[@]}"; do
local selector="${components[$i]}"
local name="${component_names[$i]}"
print_status "Waiting for $name to be ready..."
# First check if pods exist with this selector
local pod_count=0
for attempt in {1..30}; do
pod_count=$(kubectl get pods -n cert-manager -l "$selector" --no-headers 2>/dev/null | wc -l)
if [ "$pod_count" -gt 0 ]; then
break
fi
sleep 2
done
if [ "$pod_count" -eq 0 ]; then
print_warning "No pods found for $name with selector $selector, trying alternative approach..."
# Fallback: wait for any pods containing the component name
if kubectl wait --for=condition=ready pod -n cert-manager --all --timeout=300s 2>/dev/null; then
print_success "All cert-manager pods are ready"
break
else
print_warning "$name pods not found, but continuing..."
continue
fi
fi
# Wait for the specific component to be ready
if kubectl wait --for=condition=ready pod -l "$selector" -n cert-manager --timeout=300s 2>/dev/null; then
print_success "$name is ready"
else
print_warning "$name is taking longer than expected. Checking status..."
kubectl get pods -n cert-manager -l "$selector" 2>/dev/null || true
# Continue anyway, sometimes it works despite timeout
print_warning "Continuing with setup. $name may still be starting..."
fi
done
# Final verification
if kubectl get pods -n cert-manager | grep -q "Running"; then
print_success "cert-manager installed successfully" print_success "cert-manager installed successfully"
else
print_warning "cert-manager installation may not be complete. Current status:"
kubectl get pods -n cert-manager
print_status "Continuing with setup anyway..."
fi
} }
# Install NGINX Ingress Controller # Install NGINX Ingress Controller
install_nginx_ingress() { install_nginx_ingress() {
print_status "Installing NGINX Ingress Controller for Kind..." print_status "Installing NGINX Ingress Controller for Kind..."
# Install NGINX Ingress Controller for Kind (correct URL) # Check if NGINX Ingress is already installed
kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml if kubectl get namespace ingress-nginx &> /dev/null; then
print_warning "NGINX Ingress Controller namespace already exists. Checking status..."
# Check if controller is running
if kubectl get pods -n ingress-nginx -l app.kubernetes.io/component=controller | grep -q "Running"; then
print_success "NGINX Ingress Controller is already running"
else
print_status "NGINX Ingress Controller exists but not ready. Waiting..."
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=300s 2>/dev/null || {
print_warning "Ingress controller taking longer than expected, but continuing..."
}
fi
else
# Install NGINX Ingress Controller for Kind (updated URL)
print_status "Installing NGINX Ingress Controller for Kind..."
if kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml; then
print_success "NGINX Ingress Controller installation started"
# Wait for ingress controller to be ready # Wait for ingress controller to be ready
print_status "Waiting for NGINX Ingress Controller to be ready..." print_status "Waiting for NGINX Ingress Controller to be ready..."
kubectl wait --namespace ingress-nginx \ kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \ --for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \ --selector=app.kubernetes.io/component=controller \
--timeout=300s --timeout=300s 2>/dev/null || {
print_warning "Ingress controller taking longer than expected, but continuing..."
}
else
print_error "Failed to install NGINX Ingress Controller"
exit 1
fi
fi
print_success "NGINX Ingress Controller installed successfully" # Configure ingress for permanent localhost access
print_status "Configuring permanent localhost access..."
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' || true
print_success "NGINX Ingress Controller configured successfully"
} }
# Setup cluster issuers # Setup cluster issuers
setup_cluster_issuers() { setup_cluster_issuers() {
print_status "Setting up cluster issuers..." print_status "Setting up cluster issuers..."
# Apply cluster issuers # Check if cert-manager components exist
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml if [ ! -f "infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml" ]; then
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml print_error "cert-manager component files not found. Please ensure you're running this script from the project root."
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml exit 1
fi
# Wait a bit for the issuers to be created # Apply cluster issuers
sleep 10 print_status "Applying cluster issuers..."
local issuer_files=(
"infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml"
"infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml"
"infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml"
)
for issuer_file in "${issuer_files[@]}"; do
if [ -f "$issuer_file" ]; then
print_status "Applying $issuer_file..."
kubectl apply -f "$issuer_file" || {
print_warning "Failed to apply $issuer_file, but continuing..."
}
else
print_warning "$issuer_file not found, skipping..."
fi
done
# Wait for the issuers to be created
print_status "Waiting for cluster issuers to be ready..."
sleep 15
# Check if issuers are ready # Check if issuers are ready
print_status "Checking cluster issuer status..." print_status "Checking cluster issuer status..."
kubectl get clusterissuers kubectl get clusterissuers 2>/dev/null || print_warning "No cluster issuers found yet"
# Verify that the local CA issuer is ready (if it exists)
if kubectl get clusterissuer local-ca-issuer &> /dev/null; then
for i in {1..10}; do
local issuer_ready=$(kubectl get clusterissuer local-ca-issuer -o jsonpath='{.status.conditions[0].type}' 2>/dev/null || echo "")
if [[ "$issuer_ready" == "Ready" ]]; then
print_success "Local CA issuer is ready"
break
fi
print_status "Waiting for local CA issuer to be ready... (attempt $i/10)"
sleep 10
done
else
print_warning "Local CA issuer not found, skipping readiness check"
fi
print_success "Cluster issuers configured successfully" print_success "Cluster issuers configured successfully"
} }
@@ -140,16 +344,50 @@ deploy_with_https() {
exit 1 exit 1
fi fi
# Deploy with Skaffold (builds and deploys automatically) # Check if skaffold.yaml exists
print_status "Building and deploying with Skaffold..." if [ ! -f "skaffold.yaml" ]; then
skaffold run --profile=dev print_error "skaffold.yaml not found. Please ensure you're running this script from the project root."
exit 1
fi
# Apply the HTTPS ingress patch # Deploy with Skaffold (builds and deploys automatically with HTTPS support)
print_status "Applying HTTPS configuration..." print_status "Building and deploying with Skaffold (dev profile includes HTTPS)..."
kubectl patch ingress bakery-ingress -n bakery-ia --patch-file infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml if skaffold run --profile=dev; then
print_success "Skaffold deployment started"
else
print_warning "Skaffold deployment had issues, but continuing..."
fi
# Wait for namespace to be created
print_status "Waiting for bakery-ia namespace..."
for i in {1..30}; do
if kubectl get namespace bakery-ia &> /dev/null; then
print_success "bakery-ia namespace found"
break
fi
sleep 2
done
# Check if namespace was created
if ! kubectl get namespace bakery-ia &> /dev/null; then
print_warning "bakery-ia namespace not found. Deployment may have failed."
return 0
fi
# Wait for deployments to be ready
print_status "Waiting for deployments to be ready..." print_status "Waiting for deployments to be ready..."
kubectl wait --for=condition=available --timeout=300s deployment --all -n bakery-ia if kubectl wait --for=condition=available --timeout=600s deployment --all -n bakery-ia 2>/dev/null; then
print_success "All deployments are ready"
else
print_warning "Some deployments are taking longer than expected, but continuing..."
fi
# Verify ingress exists
if kubectl get ingress bakery-ingress -n bakery-ia &> /dev/null; then
print_success "HTTPS ingress configured successfully"
else
print_warning "Ingress not found, but continuing with setup..."
fi
print_success "Application deployed with HTTPS support using Skaffold" print_success "Application deployed with HTTPS support using Skaffold"
} }
@@ -159,19 +397,39 @@ check_certificates() {
print_status "Checking certificate status..." print_status "Checking certificate status..."
# Wait for certificate to be issued # Wait for certificate to be issued
sleep 30 print_status "Waiting for certificates to be issued..."
# Check if certificate exists
for i in {1..12}; do
if kubectl get certificate bakery-ia-tls-cert -n bakery-ia &> /dev/null; then
print_success "Certificate found"
break
fi
print_status "Waiting for certificate to be created... (attempt $i/12)"
sleep 10
done
# Wait for certificate to be ready
for i in {1..20}; do
if kubectl get certificate bakery-ia-tls-cert -n bakery-ia -o jsonpath='{.status.conditions[0].type}' 2>/dev/null | grep -q "Ready"; then
print_success "Certificate is ready"
break
fi
print_status "Waiting for certificate to be ready... (attempt $i/20)"
sleep 15
done
echo "" echo ""
echo "Certificate status:" echo "📋 Certificate status:"
kubectl get certificates -n bakery-ia kubectl get certificates -n bakery-ia 2>/dev/null || print_warning "No certificates found"
echo "" echo ""
echo "Certificate details:" echo "🔍 Certificate details:"
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia kubectl describe certificate bakery-ia-tls-cert -n bakery-ia 2>/dev/null || print_warning "Certificate not found"
echo "" echo ""
echo "TLS secret status:" echo "🔐 TLS secret status:"
kubectl get secret bakery-ia-tls-cert -n bakery-ia kubectl get secret bakery-ia-tls-cert -n bakery-ia 2>/dev/null || print_warning "TLS secret not found"
} }
# Update hosts file # Update hosts file
@@ -182,18 +440,37 @@ update_hosts_file() {
EXTERNAL_IP="127.0.0.1" EXTERNAL_IP="127.0.0.1"
# Check if entries exist in hosts file # Check if entries exist in hosts file
if ! grep -q "bakery-ia.local" /etc/hosts; then if ! grep -q "bakery-ia.local" /etc/hosts 2>/dev/null; then
print_warning "Please add the following entries to your /etc/hosts file:" print_warning "Adding entries to /etc/hosts file for named host access..."
echo ""
echo "sudo tee -a /etc/hosts << EOF" # Ask for user permission
read -p "Do you want to add entries to /etc/hosts for named host access? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Add hosts entries with proper error handling
{
echo "$EXTERNAL_IP bakery-ia.local" echo "$EXTERNAL_IP bakery-ia.local"
echo "$EXTERNAL_IP api.bakery-ia.local" echo "$EXTERNAL_IP api.bakery-ia.local"
echo "$EXTERNAL_IP monitoring.bakery-ia.local" echo "$EXTERNAL_IP monitoring.bakery-ia.local"
echo "EOF" } | sudo tee -a /etc/hosts > /dev/null
echo ""
if [ $? -eq 0 ]; then
print_success "Hosts file entries added successfully"
else
print_error "Failed to update hosts file. You may need to add entries manually."
fi
else
print_warning "Skipping hosts file update. You can still access via https://localhost"
fi
else else
print_success "Hosts file entries already exist" print_success "Hosts file entries already exist"
fi fi
echo ""
print_status "Available access methods:"
echo " 🌐 Primary: https://localhost (no hosts file needed)"
echo " 🏷️ Named: https://bakery-ia.local (requires hosts file)"
echo " 🔗 API: https://localhost/api or https://api.bakery-ia.local"
} }
# Export CA certificate for browser trust # Export CA certificate for browser trust
@@ -201,55 +478,171 @@ export_ca_certificate() {
print_status "Exporting CA certificate for browser trust..." print_status "Exporting CA certificate for browser trust..."
# Wait for CA certificate to be created # Wait for CA certificate to be created
for i in {1..10}; do
if kubectl get secret local-ca-key-pair -n cert-manager &> /dev/null; then
print_success "CA certificate secret found"
break
fi
print_status "Waiting for CA certificate secret... (attempt $i/10)"
sleep 10 sleep 10
done
# Extract the CA certificate # Extract the CA certificate
kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt if kubectl get secret local-ca-key-pair -n cert-manager &> /dev/null; then
if kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt 2>/dev/null; then
print_success "CA certificate exported as 'bakery-ia-ca.crt'" print_success "CA certificate exported as 'bakery-ia-ca.crt'"
print_warning "To trust this certificate in your browser:"
echo " 1. Import 'bakery-ia-ca.crt' into your browser's certificate store" # Make the certificate file readable
echo " 2. Mark it as trusted for website authentication" chmod 644 bakery-ia-ca.crt
else
print_warning "Failed to extract CA certificate from secret"
fi
print_warning "To trust this certificate and remove browser warnings:"
echo "" echo ""
print_warning "For macOS: Add to Keychain Access and set to 'Always Trust'" echo "📱 macOS:"
print_warning "For Linux: Add to /usr/local/share/ca-certificates/ and run 'sudo update-ca-certificates'" echo " 1. Double-click 'bakery-ia-ca.crt' to open Keychain Access"
echo " 2. Find 'bakery-ia-local-ca' in the certificates list"
echo " 3. Double-click it and set to 'Always Trust'"
echo ""
echo "🐧 Linux:"
echo " sudo cp bakery-ia-ca.crt /usr/local/share/ca-certificates/"
echo " sudo update-ca-certificates"
echo ""
echo "🪟 Windows:"
echo " 1. Double-click 'bakery-ia-ca.crt'"
echo " 2. Click 'Install Certificate'"
echo " 3. Choose 'Trusted Root Certification Authorities'"
echo ""
else
print_warning "CA certificate secret not found. HTTPS will work but with browser warnings."
print_warning "You can still access the application at https://localhost"
fi
} }
# Display access information # Display access information
display_access_info() { display_access_info() {
print_success "🎉 HTTPS setup completed!" print_success "🎉 HTTPS setup completed!"
echo "" echo ""
echo "Access your application at:" echo "🌐 Access your application at:"
echo " 🌐 Frontend: https://bakery-ia.local" echo " Primary: https://localhost"
echo " 🔗 API: https://api.bakery-ia.local" echo " API: https://localhost/api"
echo " 📊 Monitoring: https://monitoring.bakery-ia.local" echo " Named Host: https://bakery-ia.local (if hosts file updated)"
echo " API Named: https://api.bakery-ia.local (if hosts file updated)"
echo "" echo ""
echo "Useful commands:" echo "🛠️ Useful commands:"
echo " 📋 Check pods: kubectl get pods -n bakery-ia" echo " 📋 Check status: kubectl get all -n bakery-ia"
echo " 🔍 Check ingress: kubectl get ingress -n bakery-ia" echo " 🔍 Check ingress: kubectl get ingress -n bakery-ia"
echo " 📜 Check certificates: kubectl get certificates -n bakery-ia" echo " 📜 Check certificates: kubectl get certificates -n bakery-ia"
echo " 📝 View logs: kubectl logs -f deployment/<service-name> -n bakery-ia" echo " 📝 View service logs: kubectl logs -f deployment/<service-name> -n bakery-ia"
echo " 🚀 Run Skaffold dev mode: skaffold dev --profile=dev" echo " 🚀 Development mode: skaffold dev --profile=dev"
echo " 🧹 Clean up: skaffold delete" echo " 🧹 Clean up: skaffold delete --profile=dev"
echo " 🔄 Restart service: kubectl rollout restart deployment/<service-name> -n bakery-ia"
echo "" echo ""
print_warning "Note: You may see certificate warnings until you import the CA certificate into your browser" echo "🔧 Troubleshooting:"
echo " 🩺 Get events: kubectl get events -n bakery-ia --sort-by='.firstTimestamp'"
echo " 🔍 Describe pod: kubectl describe pod <pod-name> -n bakery-ia"
echo " 📊 Resource usage: kubectl top pods -n bakery-ia"
echo " 🔐 Certificate details: kubectl describe certificate bakery-ia-tls-cert -n bakery-ia"
echo ""
if [ -f "bakery-ia-ca.crt" ]; then
print_warning "📋 Next steps:"
echo " 1. Import 'bakery-ia-ca.crt' into your browser to remove certificate warnings"
echo " 2. Access https://localhost to verify the setup"
echo " 3. Run 'skaffold dev --profile=dev' for development with hot-reload"
else
print_warning "⚠️ Note: You may see certificate warnings until the CA certificate is properly configured"
fi
echo ""
print_status "🎯 The application is now ready for secure development!"
} }
# Check current cert-manager status for debugging
check_current_cert_manager_status() {
print_status "Checking current cert-manager status..."
if kubectl get namespace cert-manager &> /dev/null; then
echo ""
echo "📋 Current cert-manager pods status:"
kubectl get pods -n cert-manager
echo ""
echo "🔍 cert-manager deployments:"
kubectl get deployments -n cert-manager
# Check for any pending or failed pods
local failed_pods=$(kubectl get pods -n cert-manager --field-selector=status.phase!=Running --no-headers 2>/dev/null | wc -l)
if [ "$failed_pods" -gt 0 ]; then
echo ""
print_warning "Found $failed_pods non-running pods. Details:"
kubectl get pods -n cert-manager --field-selector=status.phase!=Running
fi
echo ""
else
print_status "cert-manager namespace not found. Will install fresh."
fi
}
# Cleanup function for failed installations
cleanup_on_failure() {
print_warning "Cleaning up due to failure..."
# Optional cleanup - ask user
read -p "Do you want to clean up the Kind cluster and start fresh? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
print_status "Cleaning up Kind cluster..."
kind delete cluster --name bakery-ia-local || true
print_success "Cleanup completed. You can run the script again."
else
print_status "Keeping existing setup. You can continue manually or run the script again."
fi
}
# Trap function to handle script interruption
trap 'echo ""; print_warning "Script interrupted. Partial setup may be present."; cleanup_on_failure; exit 1' INT TERM
# Main execution # Main execution
main() { main() {
echo "Starting HTTPS setup for Bakery IA..." echo "Starting HTTPS setup for Bakery IA..."
check_prerequisites # Set error handling for individual steps
install_cert_manager local step_failed=false
install_nginx_ingress
setup_cluster_issuers
deploy_with_https
check_certificates
update_hosts_file
export_ca_certificate
display_access_info
check_prerequisites || { step_failed=true; }
if [ "$step_failed" = false ]; then
check_current_cert_manager_status || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
install_cert_manager || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
install_nginx_ingress || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
setup_cluster_issuers || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
deploy_with_https || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
check_certificates || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
update_hosts_file || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
export_ca_certificate || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
display_access_info
print_success "Setup completed successfully! 🚀" print_success "Setup completed successfully! 🚀"
else
print_error "Setup failed at one or more steps. Check the output above for details."
cleanup_on_failure
exit 1
fi
} }
# Run main function # Run main function

152
skaffold-dev.sh
View File

@@ -1,152 +0,0 @@
#!/bin/bash
# Bakery IA Skaffold Development Script
# Quick setup script for Skaffold development workflow
set -e
echo "🚀 Starting Bakery IA Development Environment with Skaffold"
echo "=========================================================="
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check prerequisites
check_prerequisites() {
print_status "Checking prerequisites..."
local missing_tools=()
if ! command -v skaffold &> /dev/null; then
missing_tools+=("skaffold")
fi
if ! command -v kubectl &> /dev/null; then
missing_tools+=("kubectl")
fi
if ! command -v colima &> /dev/null; then
missing_tools+=("colima")
fi
if ! command -v kind &> /dev/null; then
missing_tools+=("kind")
fi
if [ ${#missing_tools[@]} -ne 0 ]; then
print_error "Missing required tools: ${missing_tools[*]}"
print_error "Install with: brew install ${missing_tools[*]}"
exit 1
fi
# Check if Colima is running
if ! colima status --profile k8s-local &> /dev/null; then
print_warning "Colima is not running. Starting it now..."
colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local
fi
# Check if Kind cluster exists
if ! kind get clusters | grep -q "bakery-ia-local"; then
print_warning "Kind cluster not found. Creating it now..."
kind create cluster --name bakery-ia-local
fi
# Verify cluster is accessible
if ! kubectl cluster-info &> /dev/null; then
print_error "Cannot connect to Kubernetes cluster"
exit 1
fi
print_success "Prerequisites check passed"
}
# Setup development environment
setup_dev_environment() {
print_status "Setting up development environment..."
# Check if NGINX Ingress is installed
if ! kubectl get namespace ingress-nginx &> /dev/null; then
print_status "Installing NGINX Ingress Controller..."
kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=300s
fi
print_success "Development environment ready"
}
# Start Skaffold development mode
start_skaffold_dev() {
print_status "Starting Skaffold development mode..."
print_warning "Starting continuous development mode with Skaffold..."
print_warning "This will:"
echo " - Build all Docker images automatically"
echo " - Deploy to your Kind cluster"
echo " - Watch for file changes and auto-rebuild"
echo " - Stream logs from all services"
echo ""
print_warning "Press Ctrl+C to stop and clean up"
echo ""
# Start Skaffold in development mode
skaffold dev --profile=dev
}
# Display information
display_info() {
print_success "🎉 Skaffold development environment ready!"
echo ""
echo "Next steps:"
echo " 1. Add hosts entries (if not done already):"
echo " sudo tee -a /etc/hosts << EOF"
echo " 127.0.0.1 bakery-ia.local"
echo " 127.0.0.1 api.bakery-ia.local"
echo " 127.0.0.1 monitoring.bakery-ia.local"
echo " EOF"
echo ""
echo " 2. Access your application:"
echo " 🌐 Frontend: http://bakery-ia.local"
echo " 🔗 API: http://api.bakery-ia.local"
echo ""
echo " 3. For HTTPS support, run: ./setup-https.sh"
echo ""
echo "Useful commands:"
echo " 📋 Check pods: kubectl get pods -n bakery-ia"
echo " 📝 View logs: kubectl logs -f deployment/<service-name> -n bakery-ia"
echo " 🧹 Clean up: skaffold delete"
}
# Main execution
main() {
check_prerequisites
setup_dev_environment
display_info
start_skaffold_dev
}
# Run main function
main "$@"