bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve the frontend 3

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-10-30 21:08:07 +01:00
parent 36217a2729
commit 63f5c6d512
184 changed files with 21512 additions and 7442 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
infrastructure/kubernetes/base/components/databases/orchestrator-db.yaml Normal file
View File

@@ -0,0 +1,169 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: orchestrator-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
spec:
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:latest
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORCHESTRATOR_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: orchestrator-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: orchestrator-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: orchestrator-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

169
infrastructure/kubernetes/base/components/databases/procurement-db.yaml Normal file
View File

@@ -0,0 +1,169 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: procurement-db
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
spec:
securityContext:
fsGroup: 70
initContainers:
- name: fix-tls-permissions
image: busybox:latest
securityContext:
runAsUser: 0
command: ['sh', '-c']
args:
- |
cp /tls-source/* /tls/
chmod 600 /tls/server-key.pem
chmod 644 /tls/server-cert.pem /tls/ca-cert.pem
chown 70:70 /tls/*
ls -la /tls/
volumeMounts:
- name: tls-certs-source
mountPath: /tls-source
readOnly: true
- name: tls-certs-writable
mountPath: /tls
containers:
- name: postgres
image: postgres:17-alpine
command: ["docker-entrypoint.sh", "-c", "config_file=/etc/postgresql/postgresql.conf"]
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: bakery-config
key: PROCUREMENT_DB_NAME
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DB_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DB_PASSWORD
- name: POSTGRES_INITDB_ARGS
valueFrom:
configMapKeyRef:
name: bakery-config
key: POSTGRES_INITDB_ARGS
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_HOST_SSL
value: "on"
- name: PGSSLCERT
value: /tls/server-cert.pem
- name: PGSSLKEY
value: /tls/server-key.pem
- name: PGSSLROOTCERT
value: /tls/ca-cert.pem
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: tls-certs-writable
mountPath: /tls
- name: postgres-config
mountPath: /etc/postgresql
readOnly: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 3
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: procurement-db-pvc
- name: init-scripts
configMap:
name: postgres-init-config
- name: tls-certs-source
secret:
secretName: postgres-tls
- name: tls-certs-writable
emptyDir: {}
- name: postgres-config
configMap:
name: postgres-logging-config
---
apiVersion: v1
kind: Service
metadata:
name: procurement-db-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: postgres
selector:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: procurement-db-pvc
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-db
app.kubernetes.io/component: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

127
infrastructure/kubernetes/base/components/orchestrator/orchestrator-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: orchestrator-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
spec:
initContainers:
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for orchestrator database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $ORCHESTRATOR_DB_HOST -p $ORCHESTRATOR_DB_PORT -U $ORCHESTRATOR_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: ORCHESTRATOR_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: ORCHESTRATOR_DB_HOST
- name: ORCHESTRATOR_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: ORCHESTRATOR_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DB_USER
containers:
- name: orchestrator-service
image: bakery/orchestrator-service:latest
ports:
- containerPort: 8000
name: http
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
---
apiVersion: v1
kind: Service
metadata:
name: orchestrator-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: orchestrator-service
app.kubernetes.io/component: microservice

127
infrastructure/kubernetes/base/components/procurement/procurement-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: procurement-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
app.kubernetes.io/part-of: bakery-ia
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
template:
metadata:
labels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
spec:
initContainers:
- name: wait-for-migration
image: postgres:17-alpine
command:
- sh
- -c
- |
echo "Waiting for procurement database and migrations to be ready..."
# Wait for database to be accessible
until pg_isready -h $PROCUREMENT_DB_HOST -p $PROCUREMENT_DB_PORT -U $PROCUREMENT_DB_USER; do
echo "Database not ready yet, waiting..."
sleep 2
done
echo "Database is ready!"
# Give migrations extra time to complete after DB is ready
echo "Waiting for migrations to complete..."
sleep 10
echo "Ready to start service"
env:
- name: PROCUREMENT_DB_HOST
valueFrom:
configMapKeyRef:
name: bakery-config
key: PROCUREMENT_DB_HOST
- name: PROCUREMENT_DB_PORT
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_PORT
- name: PROCUREMENT_DB_USER
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DB_USER
containers:
- name: procurement-service
image: bakery/procurement-service:latest
ports:
- containerPort: 8000
name: http
envFrom:
- configMapRef:
name: bakery-config
- secretRef:
name: database-secrets
- secretRef:
name: redis-secrets
- secretRef:
name: rabbitmq-secrets
- secretRef:
name: jwt-secrets
- secretRef:
name: external-api-secrets
- secretRef:
name: payment-secrets
- secretRef:
name: email-secrets
- secretRef:
name: monitoring-secrets
- secretRef:
name: pos-integration-secrets
- secretRef:
name: whatsapp-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 5
---
apiVersion: v1
kind: Service
metadata:
name: procurement-service
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: procurement-service
app.kubernetes.io/component: microservice

38
infrastructure/kubernetes/base/configmap.yaml
View File

@@ -56,6 +56,8 @@ data:
POS_DB_HOST: "pos-db-service"
ORDERS_DB_HOST: "orders-db-service"
PRODUCTION_DB_HOST: "production-db-service"
PROCUREMENT_DB_HOST: "procurement-db-service"
ORCHESTRATOR_DB_HOST: "orchestrator-db-service"
ALERT_PROCESSOR_DB_HOST: "alert-processor-db-service"
# Database Configuration
@@ -73,6 +75,8 @@ data:
POS_DB_NAME: "pos_db"
ORDERS_DB_NAME: "orders_db"
PRODUCTION_DB_NAME: "production_db"
PROCUREMENT_DB_NAME: "procurement_db"
ORCHESTRATOR_DB_NAME: "orchestrator_db"
ALERT_PROCESSOR_DB_NAME: "alert_processor_db"
POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
@@ -352,10 +356,42 @@ data:
OTEL_EXPORTER_OTLP_ENDPOINT: "http://jaeger-collector.monitoring:4317"
OTEL_SERVICE_NAME: "bakery-ia"
# ================================================================
# REPLENISHMENT PLANNING SETTINGS
# ================================================================
REPLENISHMENT_PROJECTION_HORIZON_DAYS: "7"
REPLENISHMENT_SERVICE_LEVEL: "0.95"
REPLENISHMENT_BUFFER_DAYS: "1"
# Safety Stock
SAFETY_STOCK_SERVICE_LEVEL: "0.95"
SAFETY_STOCK_METHOD: "statistical"
# MOQ
MOQ_CONSOLIDATION_WINDOW_DAYS: "7"
MOQ_ALLOW_EARLY_ORDERING: "true"
# Supplier Selection
SUPPLIER_PRICE_WEIGHT: "0.40"
SUPPLIER_LEAD_TIME_WEIGHT: "0.20"
SUPPLIER_QUALITY_WEIGHT: "0.20"
SUPPLIER_RELIABILITY_WEIGHT: "0.20"
SUPPLIER_DIVERSIFICATION_THRESHOLD: "1000"
SUPPLIER_MAX_SINGLE_PERCENTAGE: "0.70"
# Circuit Breakers
CIRCUIT_BREAKER_FAILURE_THRESHOLD: "5"
CIRCUIT_BREAKER_TIMEOUT_DURATION: "60"
CIRCUIT_BREAKER_SUCCESS_THRESHOLD: "2"
# Saga
SAGA_TIMEOUT_SECONDS: "600"
SAGA_ENABLE_COMPENSATION: "true"
# ================================================================
# EXTERNAL DATA SERVICE V2 SETTINGS
# ================================================================
EXTERNAL_ENABLED_CITIES: "madrid"
EXTERNAL_RETENTION_MONTHS: "6" # Reduced from 24 to avoid memory issues during init
EXTERNAL_CACHE_TTL_DAYS: "7"
EXTERNAL_REDIS_URL: "rediss://redis-service:6379/0?ssl_cert_reqs=none"
EXTERNAL_REDIS_URL: "rediss://redis-service:6379/0?ssl_cert_reqs=none"

63
infrastructure/kubernetes/base/jobs/demo-seed-orchestration-runs-job.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: batch/v1
kind: Job
metadata:
name: demo-seed-orchestration-runs
namespace: bakery-ia
labels:
app: demo-seed
component: initialization
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "45" # After procurement plans (35)
spec:
ttlSecondsAfterFinished: 3600
template:
metadata:
labels:
app: demo-seed-orchestration-runs
spec:
initContainers:
- name: wait-for-orchestrator-migration
image: busybox:1.36
command:
- sh
- -c
- |
echo "⏳ Waiting 30 seconds for orchestrator-migration to complete..."
sleep 30
- name: wait-for-procurement-seed
image: busybox:1.36
command:
- sh
- -c
- |
echo "⏳ Waiting 15 seconds for demo-seed-procurement-plans to complete..."
sleep 15
containers:
- name: seed-orchestration-runs
image: bakery/orchestrator-service:latest
command: ["python", "/app/scripts/demo/seed_demo_orchestration_runs.py"]
env:
- name: ORCHESTRATOR_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DATABASE_URL
- name: DEMO_MODE
value: "production"
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
restartPolicy: OnFailure
serviceAccountName: demo-seed-sa

63
infrastructure/kubernetes/base/jobs/demo-seed-orchestrator-job.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: batch/v1
kind: Job
metadata:
name: demo-seed-orchestrator
namespace: bakery-ia
labels:
app: demo-seed
component: initialization
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "25" # After procurement plans (24)
spec:
ttlSecondsAfterFinished: 3600
template:
metadata:
labels:
app: demo-seed-orchestrator
spec:
initContainers:
- name: wait-for-orchestrator-migration
image: busybox:1.36
command:
- sh
- -c
- |
echo "⏳ Waiting 30 seconds for orchestrator-migration to complete..."
sleep 30
- name: wait-for-procurement-seed
image: busybox:1.36
command:
- sh
- -c
- |
echo "⏳ Waiting 15 seconds for demo-seed-procurement to complete..."
sleep 15
containers:
- name: seed-orchestrator
image: bakery/orchestrator-service:latest
command: ["python", "/app/scripts/demo/seed_demo_orchestration_runs.py"]
env:
- name: ORCHESTRATOR_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DATABASE_URL
- name: DEMO_MODE
value: "production"
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
restartPolicy: OnFailure
serviceAccountName: demo-seed-sa

29
infrastructure/kubernetes/base/jobs/demo-seed-procurement-job.yaml
View File

@@ -1,48 +1,53 @@
apiVersion: batch/v1
kind: Job
metadata:
name: demo-seed-procurement
name: demo-seed-procurement-plans
namespace: bakery-ia
labels:
app: demo-seed
component: initialization
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "35" # After orders (30)
"helm.sh/hook-weight": "21" # After suppliers (20)
spec:
ttlSecondsAfterFinished: 3600
template:
metadata:
labels:
app: demo-seed-procurement
app: demo-seed-procurement-plans
spec:
initContainers:
- name: wait-for-orders-migration
- name: wait-for-procurement-migration
image: busybox:1.36
command:
- sh
- -c
- |
echo "Waiting 30 seconds for orders-migration to complete..."
echo "Waiting 30 seconds for procurement-migration to complete..."
sleep 30
- name: wait-for-tenant-seed
- name: wait-for-suppliers-seed
image: busybox:1.36
command:
- sh
- -c
- |
echo "Waiting 15 seconds for demo-seed-tenants to complete..."
echo "Waiting 15 seconds for demo-seed-suppliers to complete..."
sleep 15
containers:
- name: seed-procurement
image: bakery/orders-service:latest
command: ["python", "/app/scripts/demo/seed_demo_procurement.py"]
- name: seed-procurement-plans
image: bakery/procurement-service:latest
command: ["python", "/app/scripts/demo/seed_demo_procurement_plans.py"]
env:
- name: ORDERS_DATABASE_URL
- name: PROCUREMENT_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORDERS_DATABASE_URL
key: PROCUREMENT_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DATABASE_URL
- name: DEMO_MODE
value: "production"
- name: LOG_LEVEL

24
infrastructure/kubernetes/base/jobs/demo-seed-purchase-orders-job.yaml
View File

@@ -8,7 +8,7 @@ metadata:
component: initialization
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "21"
"helm.sh/hook-weight": "22" # After procurement plans (21)
spec:
ttlSecondsAfterFinished: 3600
template:
@@ -17,39 +17,39 @@ spec:
app: demo-seed-purchase-orders
spec:
initContainers:
- name: wait-for-suppliers-seed
- name: wait-for-procurement-plans-seed
image: busybox:1.36
command:
- sh
- -c
- |
echo "Waiting 45 seconds for demo-seed-suppliers to complete..."
sleep 45
echo "Waiting 30 seconds for demo-seed-procurement-plans to complete..."
sleep 30
containers:
- name: seed-purchase-orders
image: bakery/suppliers-service:latest
image: bakery/procurement-service:latest
command: ["python", "/app/scripts/demo/seed_demo_purchase_orders.py"]
env:
- name: SUPPLIERS_DATABASE_URL
- name: PROCUREMENT_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DATABASE_URL
key: PROCUREMENT_DATABASE_URL
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: SUPPLIERS_DATABASE_URL
key: PROCUREMENT_DATABASE_URL
- name: DEMO_MODE
value: "production"
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
restartPolicy: OnFailure
serviceAccountName: demo-seed-sa

13
infrastructure/kubernetes/base/kustomization.yaml
View File

@@ -36,6 +36,8 @@ resources:
- migrations/production-migration-job.yaml
- migrations/alert-processor-migration-job.yaml
- migrations/demo-session-migration-job.yaml
- migrations/procurement-migration-job.yaml
- migrations/orchestrator-migration-job.yaml
# Demo initialization jobs (in Helm hook weight order)
- jobs/demo-seed-rbac.yaml
@@ -58,6 +60,7 @@ resources:
- jobs/demo-seed-procurement-job.yaml
- jobs/demo-seed-forecasts-job.yaml
- jobs/demo-seed-pos-configs-job.yaml
- jobs/demo-seed-orchestration-runs-job.yaml
# External data initialization job (v2.0)
- jobs/external-data-init-job.yaml
@@ -92,6 +95,8 @@ resources:
- components/databases/pos-db.yaml
- components/databases/orders-db.yaml
- components/databases/production-db.yaml
- components/databases/procurement-db.yaml
- components/databases/orchestrator-db.yaml
- components/databases/alert-processor-db.yaml
# Demo session components
@@ -114,6 +119,8 @@ resources:
- components/pos/pos-service.yaml
- components/orders/orders-service.yaml
- components/production/production-service.yaml
- components/procurement/procurement-service.yaml
- components/orchestrator/orchestrator-service.yaml
- components/alert-processor/alert-processor-service.yaml
- components/alert-processor/alert-processor-api.yaml
@@ -153,6 +160,10 @@ images:
newTag: latest
- name: bakery/production-service
newTag: latest
- name: bakery/procurement-service
newTag: latest
- name: bakery/orchestrator-service
newTag: latest
- name: bakery/alert-processor
newTag: latest
- name: bakery/demo-session-service
@@ -160,4 +171,4 @@ images:
- name: bakery/gateway
newTag: latest
- name: bakery/dashboard
newTag: latest
newTag: latest

55
infrastructure/kubernetes/base/migrations/orchestrator-migration-job.yaml Normal file
View File

@@ -0,0 +1,55 @@
# Enhanced migration job for orchestrator service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: orchestrator-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: orchestrator-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: orchestrator-migration
app.kubernetes.io/component: migration
spec:
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h orchestrator-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/orchestrator-service:dev
command: ["python", "/app/shared/scripts/run_migrations.py", "orchestrator"]
env:
- name: ORCHESTRATOR_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: ORCHESTRATOR_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

55
infrastructure/kubernetes/base/migrations/procurement-migration-job.yaml Normal file
View File

@@ -0,0 +1,55 @@
# Enhanced migration job for procurement service with automatic table creation
apiVersion: batch/v1
kind: Job
metadata:
name: procurement-migration
namespace: bakery-ia
labels:
app.kubernetes.io/name: procurement-migration
app.kubernetes.io/component: migration
app.kubernetes.io/part-of: bakery-ia
spec:
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: procurement-migration
app.kubernetes.io/component: migration
spec:
initContainers:
- name: wait-for-db
image: postgres:17-alpine
command: ["sh", "-c", "until pg_isready -h procurement-db-service -p 5432; do sleep 2; done"]
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
containers:
- name: migrate
image: bakery/procurement-service:dev
command: ["python", "/app/shared/scripts/run_migrations.py", "procurement"]
env:
- name: PROCUREMENT_DATABASE_URL
valueFrom:
secretKeyRef:
name: database-secrets
key: PROCUREMENT_DATABASE_URL
- name: DB_FORCE_RECREATE
valueFrom:
configMapKeyRef:
name: bakery-config
key: DB_FORCE_RECREATE
optional: true
- name: LOG_LEVEL
value: "INFO"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
restartPolicy: OnFailure

6
infrastructure/kubernetes/base/secrets.yaml
View File

@@ -24,6 +24,8 @@ data:
PRODUCTION_DB_USER: cHJvZHVjdGlvbl91c2Vy # production_user
ALERT_PROCESSOR_DB_USER: YWxlcnRfcHJvY2Vzc29yX3VzZXI= # alert_processor_user
DEMO_SESSION_DB_USER: ZGVtb19zZXNzaW9uX3VzZXI= # demo_session_user
ORCHESTRATOR_DB_USER: b3JjaGVzdHJhdG9yX3VzZXI= # orchestrator_user
PROCUREMENT_DB_USER: cHJvY3VyZW1lbnRfdXNlcg== # procurement_user
# Database Passwords (base64 encoded from .env)
AUTH_DB_PASSWORD: djJvOHBqVWRSUVprR1JsbDlOV2JXdGt4WUFGcVBmOWw= # v2o8pjUdRQZkGRll...
@@ -41,6 +43,8 @@ data:
PRODUCTION_DB_PASSWORD: bFNZSDRacFBieHlIQXMweVRzelRWWWRSc3lBUjFKYUc= # lSYH4ZpPbxyHAs0y...
ALERT_PROCESSOR_DB_PASSWORD: T0NqMmtzaHdSNmNZNFFoT3U4SlpsR2RPZnF5Y0ZtV2Y= # OCj2kshwR6cY4QhO...
DEMO_SESSION_DB_PASSWORD: ZGVtb19zZXNzaW9uX3Bhc3MxMjM= # demo_session_pass123
ORCHESTRATOR_DB_PASSWORD: b3JjaGVzdHJhdG9yX3Bhc3MxMjM= # orchestrator_pass123
PROCUREMENT_DB_PASSWORD: cHJvY3VyZW1lbnRfcGFzczEyMw== # procurement_pass123
# Database URLs (base64 encoded)
AUTH_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vYXV0aF91c2VyOnYybzhwalVkUlFaa0dSbGw5TldiV3RreFlBRnFQZjlsQGF1dGgtZGItc2VydmljZTo1NDMyL2F1dGhfZGI= # Updated with new password
@@ -58,6 +62,8 @@ data:
PRODUCTION_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vcHJvZHVjdGlvbl91c2VyOmxTWUg0WnBQYnh5SEFzMHlUc3pUVllkUnN5QVIxSmFHQHByb2R1Y3Rpb24tZGItc2VydmljZTo1NDMyL3Byb2R1Y3Rpb25fZGI= # Updated with new password
ALERT_PROCESSOR_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vYWxlcnRfcHJvY2Vzc29yX3VzZXI6T0NqMmtzaHdSNmNZNFFoT3U4SlpsR2RPZnF5Y0ZtV2ZAYWxlcnQtcHJvY2Vzc29yLWRiLXNlcnZpY2U6NTQzMi9hbGVydF9wcm9jZXNzb3JfZGI= # Updated with new password
DEMO_SESSION_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vZGVtb19zZXNzaW9uX3VzZXI6ZGVtb19zZXNzaW9uX3Bhc3MxMjNAZGVtby1zZXNzaW9uLWRiLXNlcnZpY2U6NTQzMi9kZW1vX3Nlc3Npb25fZGI= # postgresql+asyncpg://demo_session_user:demo_session_pass123@demo-session-db-service:5432/demo_session_db
ORCHESTRATOR_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vb3JjaGVzdHJhdG9yX3VzZXI6b3JjaGVzdHJhdG9yX3Bhc3MxMjNAb3JjaGVzdHJhdG9yLWRiLXNlcnZpY2U6NTQzMi9vcmNoZXN0cmF0b3JfZGI= # postgresql+asyncpg://orchestrator_user:orchestrator_pass123@orchestrator-db-service:5432/orchestrator_db
PROCUREMENT_DATABASE_URL: cG9zdGdyZXNxbCthc3luY3BnOi8vcHJvY3VyZW1lbnRfdXNlcjpwcm9jdXJlbWVudF9wYXNzMTIzQHByb2N1cmVtZW50LWRiLXNlcnZpY2U6NTQzMi9wcm9jdXJlbWVudF9kYg== # postgresql+asyncpg://procurement_user:procurement_pass123@procurement-db-service:5432/procurement_db
---
apiVersion: v1