bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New alert service

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-12-05 20:07:01 +01:00
parent 1fe3a73549
commit 667e6e0404
393 changed files with 26002 additions and 61033 deletions
Download Patch File Download Diff File Expand all files Collapse all files

872
Tiltfile
View File

@@ -1,9 +1,17 @@
# Tiltfile for Bakery IA - Secure Local Development
# Includes TLS encryption, strong passwords, PVCs, and audit logging
# =============================================================================
# Bakery IA - Tiltfile for Secure Local Development
# =============================================================================
# Features:
# - TLS encryption for PostgreSQL and Redis
# - Strong 32-character passwords with PersistentVolumeClaims
# - PostgreSQL pgcrypto extension and audit logging
# - Organized resource dependencies and live-reload capabilities
# =============================================================================
# =============================================================================
# SECURITY SETUP
# SECURITY & INITIAL SETUP
# =============================================================================
print("""
======================================
🔐 Bakery IA Secure Development Mode
@@ -20,7 +28,8 @@ Applying security configurations...
""")
# Apply security configurations before loading main manifests
local_resource('security-setup',
local_resource(
'security-setup',
cmd='''
echo "📦 Applying security secrets and configurations..."
kubectl apply -f infrastructure/kubernetes/base/secrets.yaml
@@ -30,195 +39,13 @@ local_resource('security-setup',
kubectl apply -f infrastructure/kubernetes/base/configmaps/postgres-logging-config.yaml
echo "✅ Security configurations applied"
''',
labels=['security'],
auto_init=True)
# =============================================================================
# LOAD KUBERNETES MANIFESTS
# =============================================================================
# Load Kubernetes manifests using Kustomize
k8s_yaml(kustomize('infrastructure/kubernetes/overlays/dev'))
# No registry needed for local development - images are built locally
# Common live update configuration for Python FastAPI services
def python_live_update(service_name, service_path):
return sync(service_path, '/app')
# =============================================================================
# FRONTEND (React + Vite)
# =============================================================================
# Multi-stage build with optimized memory settings for large Vite builds
# Set FRONTEND_DEBUG=true environment variable to build with development mode (no minification)
# for easier debugging of React errors
# Check for FRONTEND_DEBUG environment variable (Starlark uses os.getenv)
frontend_debug_env = os.getenv('FRONTEND_DEBUG', 'false')
frontend_debug = frontend_debug_env.lower() == 'true'
# Log the build mode
if frontend_debug:
print("""
🐛 FRONTEND DEBUG MODE ENABLED
Building frontend with NO minification for easier debugging.
Full React error messages will be displayed.
To disable: unset FRONTEND_DEBUG or set FRONTEND_DEBUG=false
""")
else:
print("""
📦 FRONTEND PRODUCTION MODE
Building frontend with minification for optimized performance.
To enable debug mode: export FRONTEND_DEBUG=true
""")
docker_build(
'bakery/dashboard',
context='./frontend',
dockerfile='./frontend/Dockerfile.kubernetes.debug' if frontend_debug else './frontend/Dockerfile.kubernetes',
# Remove target to build the full image, including the build stage
live_update=[
sync('./frontend/src', '/app/src'),
sync('./frontend/public', '/app/public'),
],
# Increase Node.js memory for build stage
build_args={
'NODE_OPTIONS': '--max-old-space-size=8192'
},
# Ignore test artifacts and reports
ignore=[
'playwright-report/**',
'test-results/**',
'node_modules/**',
'.DS_Store'
]
labels=['00-security'],
auto_init=True
)
# =============================================================================
# GATEWAY
# =============================================================================
docker_build(
'bakery/gateway',
context='.',
dockerfile='./gateway/Dockerfile',
live_update=[
# Fall back to full rebuild if Dockerfile or requirements change
fall_back_on(['./gateway/Dockerfile', './gateway/requirements.txt']),
# Sync Python code changes
sync('./gateway', '/app'),
sync('./shared', '/app/shared'),
# Restart on Python file changes
run('kill -HUP 1', trigger=['./gateway/**/*.py', './shared/**/*.py']),
],
# Ignore common patterns that don't require rebuilds
ignore=[
'.git',
'**/__pycache__',
'**/*.pyc',
'**/.pytest_cache',
'**/node_modules',
'**/.DS_Store'
]
)
# =============================================================================
# MICROSERVICES - Python FastAPI Services
# =============================================================================
# Helper function to create docker build with live updates for Python services
def build_python_service(service_name, service_path):
docker_build(
'bakery/' + service_name,
context='.',
dockerfile='./services/' + service_path + '/Dockerfile',
live_update=[
# Fall back to full image build if Dockerfile or requirements change
fall_back_on(['./services/' + service_path + '/Dockerfile',
'./services/' + service_path + '/requirements.txt']),
# Sync service code
sync('./services/' + service_path, '/app'),
# Sync shared libraries (includes updated TLS connection code)
sync('./shared', '/app/shared'),
# Sync scripts
sync('./scripts', '/app/scripts'),
# Install new dependencies if requirements.txt changes
run('pip install --no-cache-dir -r requirements.txt',
trigger=['./services/' + service_path + '/requirements.txt']),
# Restart uvicorn on Python file changes (HUP signal triggers graceful reload)
run('kill -HUP 1',
trigger=[
'./services/' + service_path + '/**/*.py',
'./shared/**/*.py'
]),
],
# Ignore common patterns that don't require rebuilds
ignore=[
'.git',
'**/__pycache__',
'**/*.pyc',
'**/.pytest_cache',
'**/node_modules',
'**/.DS_Store'
]
)
# Build all microservices
build_python_service('auth-service', 'auth')
build_python_service('tenant-service', 'tenant')
build_python_service('training-service', 'training')
build_python_service('forecasting-service', 'forecasting')
build_python_service('sales-service', 'sales')
build_python_service('external-service', 'external')
build_python_service('notification-service', 'notification')
build_python_service('inventory-service', 'inventory')
build_python_service('recipes-service', 'recipes')
build_python_service('suppliers-service', 'suppliers')
build_python_service('pos-service', 'pos')
build_python_service('orders-service', 'orders')
build_python_service('production-service', 'production')
build_python_service('procurement-service', 'procurement') # NEW: Sprint 3
build_python_service('orchestrator-service', 'orchestrator') # NEW: Sprint 2
build_python_service('ai-insights-service', 'ai_insights') # NEW: AI Insights Platform
build_python_service('alert-processor', 'alert_processor') # Unified Alert Service with enrichment
build_python_service('demo-session-service', 'demo_session')
build_python_service('distribution-service', 'distribution') # NEW: Distribution Service for Enterprise Tier
# =============================================================================
# RESOURCE DEPENDENCIES & ORDERING
# =============================================================================
# Security setup must complete before databases start
k8s_resource('auth-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('tenant-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('training-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('forecasting-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('sales-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('external-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('notification-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('inventory-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('recipes-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('suppliers-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('pos-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('orders-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('production-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('procurement-db', resource_deps=['security-setup'], labels=['databases']) # NEW: Sprint 3
k8s_resource('orchestrator-db', resource_deps=['security-setup'], labels=['databases']) # NEW: Sprint 2
k8s_resource('ai-insights-db', resource_deps=['security-setup'], labels=['databases']) # NEW: AI Insights Platform
k8s_resource('alert-processor-db', resource_deps=['security-setup'], labels=['databases']) # Unified Alert Service
k8s_resource('demo-session-db', resource_deps=['security-setup'], labels=['databases'])
k8s_resource('distribution-db', resource_deps=['security-setup'], labels=['databases']) # NEW: Distribution Service
k8s_resource('redis', resource_deps=['security-setup'], labels=['infrastructure'])
k8s_resource('rabbitmq', labels=['infrastructure'])
# Verify TLS certificates are mounted correctly
local_resource('verify-tls',
local_resource(
'verify-tls',
cmd='''
echo "🔍 Verifying TLS configuration..."
sleep 5 # Wait for pods to be ready
@@ -248,10 +75,12 @@ local_resource('verify-tls',
resource_deps=['auth-db', 'redis'],
auto_init=True,
trigger_mode=TRIGGER_MODE_MANUAL,
labels=['security'])
labels=['00-security']
)
# Verify PVCs are bound
local_resource('verify-pvcs',
local_resource(
'verify-pvcs',
cmd='''
echo "🔍 Verifying PersistentVolumeClaims..."
kubectl get pvc -n bakery-ia | grep -E "NAME|db-pvc" || echo " ⚠️ PVCs not yet bound"
@@ -262,289 +91,365 @@ local_resource('verify-pvcs',
resource_deps=['auth-db'],
auto_init=True,
trigger_mode=TRIGGER_MODE_MANUAL,
labels=['security'])
# Nominatim geocoding service (excluded in dev via kustomize patches)
# Uncomment these if you want to test nominatim locally
# k8s_resource('nominatim',
# resource_deps=['nominatim-init'],
# labels=['infrastructure'])
# k8s_resource('nominatim-init',
# labels=['data-init'])
# Monitoring stack
#k8s_resource('prometheus',
# labels=['monitoring'])
#k8s_resource('grafana',
# resource_deps=['prometheus'],
# labels=['monitoring'])
#k8s_resource('jaeger',
# labels=['monitoring'])
# Migration jobs depend on databases
k8s_resource('auth-migration', resource_deps=['auth-db'], labels=['migrations'])
k8s_resource('tenant-migration', resource_deps=['tenant-db'], labels=['migrations'])
k8s_resource('training-migration', resource_deps=['training-db'], labels=['migrations'])
k8s_resource('forecasting-migration', resource_deps=['forecasting-db'], labels=['migrations'])
k8s_resource('sales-migration', resource_deps=['sales-db'], labels=['migrations'])
k8s_resource('external-migration', resource_deps=['external-db'], labels=['migrations'])
k8s_resource('notification-migration', resource_deps=['notification-db'], labels=['migrations'])
k8s_resource('inventory-migration', resource_deps=['inventory-db'], labels=['migrations'])
k8s_resource('recipes-migration', resource_deps=['recipes-db'], labels=['migrations'])
k8s_resource('suppliers-migration', resource_deps=['suppliers-db'], labels=['migrations'])
k8s_resource('pos-migration', resource_deps=['pos-db'], labels=['migrations'])
k8s_resource('orders-migration', resource_deps=['orders-db'], labels=['migrations'])
k8s_resource('production-migration', resource_deps=['production-db'], labels=['migrations'])
k8s_resource('procurement-migration', resource_deps=['procurement-db'], labels=['migrations']) # NEW: Sprint 3
k8s_resource('orchestrator-migration', resource_deps=['orchestrator-db'], labels=['migrations']) # NEW: Sprint 2
k8s_resource('ai-insights-migration', resource_deps=['ai-insights-db'], labels=['migrations']) # NEW: AI Insights Platform
k8s_resource('alert-processor-migration', resource_deps=['alert-processor-db'], labels=['migrations'])
k8s_resource('demo-session-migration', resource_deps=['demo-session-db'], labels=['migrations'])
k8s_resource('distribution-migration', resource_deps=['distribution-db'], labels=['migrations']) # NEW: Distribution Service
labels=['00-security']
)
# =============================================================================
# DEMO INITIALIZATION JOBS
# LOAD KUBERNETES MANIFESTS
# =============================================================================
# Demo seed jobs run in strict order to ensure data consistency across services
# Weight 5: Seed users (auth service) - includes staff users
k8s_resource('demo-seed-users',
resource_deps=['auth-migration'],
labels=['demo-init'])
# Weight 10: Seed tenants (tenant service)
k8s_resource('demo-seed-tenants',
resource_deps=['tenant-migration', 'demo-seed-users'],
labels=['demo-init'])
# Weight 15: Seed tenant members (links staff users to tenants)
k8s_resource('demo-seed-tenant-members',
resource_deps=['tenant-migration', 'demo-seed-tenants', 'demo-seed-users'],
labels=['demo-init'])
# Weight 10: Seed subscriptions (creates enterprise subscriptions for demo tenants)
k8s_resource('demo-seed-subscriptions',
resource_deps=['tenant-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Seed pilot coupon (runs after tenant migration)
k8s_resource('tenant-seed-pilot-coupon',
resource_deps=['tenant-migration'],
labels=['demo-init'])
# Weight 15: Seed inventory - CRITICAL: All other seeds depend on this
k8s_resource('demo-seed-inventory',
resource_deps=['inventory-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Weight 15: Seed recipes (uses ingredient IDs from inventory)
k8s_resource('demo-seed-recipes',
resource_deps=['recipes-migration', 'demo-seed-inventory'],
labels=['demo-init'])
# Weight 15: Seed suppliers (uses ingredient IDs for price lists)
k8s_resource('demo-seed-suppliers',
resource_deps=['suppliers-migration', 'demo-seed-inventory'],
labels=['demo-init'])
# Weight 15: Seed sales (uses finished product IDs from inventory)
k8s_resource('demo-seed-sales',
resource_deps=['sales-migration', 'demo-seed-inventory'],
labels=['demo-init'])
# Weight 15: Seed AI models (creates training/forecasting model records)
k8s_resource('demo-seed-ai-models',
resource_deps=['training-migration', 'demo-seed-inventory'],
labels=['demo-init'])
# Weight 20: Seed stock batches (inventory service)
k8s_resource('demo-seed-stock',
resource_deps=['inventory-migration', 'demo-seed-inventory'],
labels=['demo-init'])
# Weight 22: Seed quality check templates (production service)
k8s_resource('demo-seed-quality-templates',
resource_deps=['production-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Weight 25: Seed customers (orders service)
k8s_resource('demo-seed-customers',
resource_deps=['orders-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Weight 25: Seed equipment (production service)
k8s_resource('demo-seed-equipment',
resource_deps=['production-migration', 'demo-seed-tenants', 'demo-seed-quality-templates'],
labels=['demo-init'])
# Weight 30: Seed production batches (production service)
k8s_resource('demo-seed-production-batches',
resource_deps=['production-migration', 'demo-seed-recipes', 'demo-seed-equipment'],
labels=['demo-init'])
# Weight 30: Seed orders with line items (orders service)
k8s_resource('demo-seed-orders',
resource_deps=['orders-migration', 'demo-seed-customers'],
labels=['demo-init'])
# Weight 35: Seed procurement plans (procurement service)
k8s_resource('demo-seed-procurement-plans',
resource_deps=['procurement-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Weight 40: Seed demand forecasts (forecasting service)
k8s_resource('demo-seed-forecasts',
resource_deps=['forecasting-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Weight 45: Seed orchestration runs (orchestrator service)
k8s_resource('demo-seed-orchestration-runs',
resource_deps=['orchestrator-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Weight 28: Seed alerts (alert processor service) - after orchestration runs as alerts reference recent data
k8s_resource('demo-seed-alerts',
resource_deps=['alert-processor-migration', 'demo-seed-tenants'],
labels=['demo-init'])
k8s_resource('demo-seed-pos-configs',
resource_deps=['demo-seed-tenants'],
labels=['demo-init'])
k8s_resource('demo-seed-purchase-orders',
resource_deps=['procurement-migration', 'demo-seed-tenants'],
labels=['demo-init'])
# Phase 2: Child retail seed jobs (for enterprise demo)
k8s_resource('demo-seed-inventory-retail',
resource_deps=['inventory-migration', 'demo-seed-inventory'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-stock-retail',
resource_deps=['inventory-migration', 'demo-seed-inventory-retail'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-sales-retail',
resource_deps=['sales-migration', 'demo-seed-stock-retail'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-customers-retail',
resource_deps=['orders-migration', 'demo-seed-sales-retail'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-pos-retail',
resource_deps=['pos-migration', 'demo-seed-customers-retail'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-forecasts-retail',
resource_deps=['forecasting-migration', 'demo-seed-pos-retail'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-alerts-retail',
resource_deps=['alert-processor-migration', 'demo-seed-forecasts-retail'],
labels=['demo-init', 'retail'])
k8s_resource('demo-seed-distribution-history',
resource_deps=['distribution-migration', 'demo-seed-alerts-retail'],
labels=['demo-init', 'enterprise'])
k8s_yaml(kustomize('infrastructure/kubernetes/overlays/dev'))
# =============================================================================
# SERVICES
# DOCKER BUILD HELPERS
# =============================================================================
# Services depend on their databases AND migrations
k8s_resource('auth-service',
resource_deps=['auth-migration', 'redis'],
labels=['services'])
# Helper function for Python services with live updates
def build_python_service(service_name, service_path):
docker_build(
'bakery/' + service_name,
context='.',
dockerfile='./services/' + service_path + '/Dockerfile',
live_update=[
# Fall back to full image build if Dockerfile or requirements change
fall_back_on([
'./services/' + service_path + '/Dockerfile',
'./services/' + service_path + '/requirements.txt'
]),
k8s_resource('tenant-service',
resource_deps=['tenant-migration', 'redis'],
labels=['services'])
# Sync service code
sync('./services/' + service_path, '/app'),
k8s_resource('training-service',
resource_deps=['training-migration', 'redis'],
labels=['services'])
# Sync shared libraries
sync('./shared', '/app/shared'),
k8s_resource('forecasting-service',
resource_deps=['forecasting-migration', 'redis'],
labels=['services'])
# Sync scripts
sync('./scripts', '/app/scripts'),
k8s_resource('sales-service',
resource_deps=['sales-migration', 'redis'],
labels=['services'])
# Install new dependencies if requirements.txt changes
run(
'pip install --no-cache-dir -r requirements.txt',
trigger=['./services/' + service_path + '/requirements.txt']
),
k8s_resource('external-service',
resource_deps=['external-migration', 'external-data-init', 'redis'],
labels=['services'])
# Restart uvicorn on Python file changes (HUP signal triggers graceful reload)
run(
'kill -HUP 1',
trigger=[
'./services/' + service_path + '/**/*.py',
'./shared/**/*.py'
]
),
],
# Ignore common patterns that don't require rebuilds
ignore=[
'.git',
'**/__pycache__',
'**/*.pyc',
'**/.pytest_cache',
'**/node_modules',
'**/.DS_Store'
]
)
k8s_resource('notification-service',
resource_deps=['notification-migration', 'redis', 'rabbitmq'],
labels=['services'])
# =============================================================================
# INFRASTRUCTURE IMAGES
# =============================================================================
k8s_resource('inventory-service',
resource_deps=['inventory-migration', 'redis'],
labels=['services'])
# Frontend (React + Vite)
frontend_debug_env = os.getenv('FRONTEND_DEBUG', 'false')
frontend_debug = frontend_debug_env.lower() == 'true'
k8s_resource('recipes-service',
resource_deps=['recipes-migration', 'redis'],
labels=['services'])
if frontend_debug:
print("""
🐛 FRONTEND DEBUG MODE ENABLED
Building frontend with NO minification for easier debugging.
Full React error messages will be displayed.
To disable: unset FRONTEND_DEBUG or set FRONTEND_DEBUG=false
""")
else:
print("""
📦 FRONTEND PRODUCTION MODE
Building frontend with minification for optimized performance.
To enable debug mode: export FRONTEND_DEBUG=true
""")
k8s_resource('suppliers-service',
resource_deps=['suppliers-migration', 'redis'],
labels=['services'])
docker_build(
'bakery/dashboard',
context='./frontend',
dockerfile='./frontend/Dockerfile.kubernetes.debug' if frontend_debug else './frontend/Dockerfile.kubernetes',
live_update=[
sync('./frontend/src', '/app/src'),
sync('./frontend/public', '/app/public'),
],
build_args={
'NODE_OPTIONS': '--max-old-space-size=8192'
},
ignore=[
'playwright-report/**',
'test-results/**',
'node_modules/**',
'.DS_Store'
]
)
k8s_resource('pos-service',
resource_deps=['pos-migration', 'redis'],
labels=['services'])
# Gateway
docker_build(
'bakery/gateway',
context='.',
dockerfile='./gateway/Dockerfile',
live_update=[
fall_back_on(['./gateway/Dockerfile', './gateway/requirements.txt']),
sync('./gateway', '/app'),
sync('./shared', '/app/shared'),
run('kill -HUP 1', trigger=['./gateway/**/*.py', './shared/**/*.py']),
],
ignore=[
'.git',
'**/__pycache__',
'**/*.pyc',
'**/.pytest_cache',
'**/node_modules',
'**/.DS_Store'
]
)
k8s_resource('orders-service',
resource_deps=['orders-migration', 'redis'],
labels=['services'])
# =============================================================================
# MICROSERVICE IMAGES
# =============================================================================
k8s_resource('production-service',
resource_deps=['production-migration', 'redis'],
labels=['services'])
# Core Services
build_python_service('auth-service', 'auth')
build_python_service('tenant-service', 'tenant')
k8s_resource('procurement-service',
resource_deps=['procurement-migration', 'redis'],
labels=['services'])
# Data & Analytics Services
build_python_service('training-service', 'training')
build_python_service('forecasting-service', 'forecasting')
build_python_service('ai-insights-service', 'ai_insights')
k8s_resource('orchestrator-service',
resource_deps=['orchestrator-migration', 'redis'],
labels=['services'])
# Operations Services
build_python_service('sales-service', 'sales')
build_python_service('inventory-service', 'inventory')
build_python_service('production-service', 'production')
build_python_service('procurement-service', 'procurement')
build_python_service('distribution-service', 'distribution')
k8s_resource('ai-insights-service',
resource_deps=['ai-insights-migration', 'redis', 'forecasting-service', 'production-service', 'procurement-service'],
labels=['services'])
# Supporting Services
build_python_service('recipes-service', 'recipes')
build_python_service('suppliers-service', 'suppliers')
build_python_service('pos-service', 'pos')
build_python_service('orders-service', 'orders')
build_python_service('external-service', 'external')
k8s_resource('alert-processor-service',
resource_deps=['alert-processor-migration', 'redis', 'rabbitmq'],
labels=['services'])
# Platform Services
build_python_service('notification-service', 'notification')
build_python_service('alert-processor', 'alert_processor')
build_python_service('orchestrator-service', 'orchestrator')
k8s_resource('alert-processor-api',
resource_deps=['alert-processor-migration'],
labels=['services'])
# Demo Services
build_python_service('demo-session-service', 'demo_session')
k8s_resource('demo-session-service',
resource_deps=['demo-session-migration', 'redis'],
labels=['services'])
# =============================================================================
# INFRASTRUCTURE RESOURCES
# =============================================================================
k8s_resource('demo-cleanup-worker',
resource_deps=['demo-session-service', 'redis'],
labels=['services', 'workers'])
# Redis & RabbitMQ
k8s_resource('redis', resource_deps=['security-setup'], labels=['01-infrastructure'])
k8s_resource('rabbitmq', labels=['01-infrastructure'])
k8s_resource('nominatim', labels=['01-infrastructure'])
k8s_resource('distribution-service',
resource_deps=['distribution-migration', 'redis', 'rabbitmq'],
labels=['services'])
# =============================================================================
# DATABASE RESOURCES
# =============================================================================
k8s_resource('nominatim',
labels=['services'])
# Core Service Databases
k8s_resource('auth-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('tenant-db', resource_deps=['security-setup'], labels=['02-databases'])
# Data & Analytics Databases
k8s_resource('training-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('forecasting-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('ai-insights-db', resource_deps=['security-setup'], labels=['02-databases'])
# Operations Databases
k8s_resource('sales-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('inventory-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('production-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('procurement-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('distribution-db', resource_deps=['security-setup'], labels=['02-databases'])
# Supporting Service Databases
k8s_resource('recipes-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('suppliers-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('pos-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('orders-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('external-db', resource_deps=['security-setup'], labels=['02-databases'])
# Platform Service Databases
k8s_resource('notification-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('alert-processor-db', resource_deps=['security-setup'], labels=['02-databases'])
k8s_resource('orchestrator-db', resource_deps=['security-setup'], labels=['02-databases'])
# Demo Service Databases
k8s_resource('demo-session-db', resource_deps=['security-setup'], labels=['02-databases'])
# =============================================================================
# MIGRATION JOBS
# =============================================================================
# Core Service Migrations
k8s_resource('auth-migration', resource_deps=['auth-db'], labels=['03-migrations'])
k8s_resource('tenant-migration', resource_deps=['tenant-db'], labels=['03-migrations'])
# Data & Analytics Migrations
k8s_resource('training-migration', resource_deps=['training-db'], labels=['03-migrations'])
k8s_resource('forecasting-migration', resource_deps=['forecasting-db'], labels=['03-migrations'])
k8s_resource('ai-insights-migration', resource_deps=['ai-insights-db'], labels=['03-migrations'])
# Operations Migrations
k8s_resource('sales-migration', resource_deps=['sales-db'], labels=['03-migrations'])
k8s_resource('inventory-migration', resource_deps=['inventory-db'], labels=['03-migrations'])
k8s_resource('production-migration', resource_deps=['production-db'], labels=['03-migrations'])
k8s_resource('procurement-migration', resource_deps=['procurement-db'], labels=['03-migrations'])
k8s_resource('distribution-migration', resource_deps=['distribution-db'], labels=['03-migrations'])
# Supporting Service Migrations
k8s_resource('recipes-migration', resource_deps=['recipes-db'], labels=['03-migrations'])
k8s_resource('suppliers-migration', resource_deps=['suppliers-db'], labels=['03-migrations'])
k8s_resource('pos-migration', resource_deps=['pos-db'], labels=['03-migrations'])
k8s_resource('orders-migration', resource_deps=['orders-db'], labels=['03-migrations'])
k8s_resource('external-migration', resource_deps=['external-db'], labels=['03-migrations'])
# Platform Service Migrations
k8s_resource('notification-migration', resource_deps=['notification-db'], labels=['03-migrations'])
k8s_resource('alert-processor-migration', resource_deps=['alert-processor-db'], labels=['03-migrations'])
k8s_resource('orchestrator-migration', resource_deps=['orchestrator-db'], labels=['03-migrations'])
# Demo Service Migrations
k8s_resource('demo-session-migration', resource_deps=['demo-session-db'], labels=['03-migrations'])
# =============================================================================
# DATA INITIALIZATION JOBS
# =============================================================================
k8s_resource('external-data-init', resource_deps=['external-migration', 'redis'], labels=['04-data-init'])
k8s_resource('nominatim-init', labels=['04-data-init'])
# =============================================================================
# DEMO SEED JOBS - PHASE 1: FOUNDATION
# =============================================================================
# Identity & Access (Weight 5-15)
k8s_resource('demo-seed-users', resource_deps=['auth-migration'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-tenants', resource_deps=['tenant-migration', 'demo-seed-users'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-tenant-members', resource_deps=['tenant-migration', 'demo-seed-tenants', 'demo-seed-users'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-subscriptions', resource_deps=['tenant-migration', 'demo-seed-tenants'], labels=['05-demo-foundation'])
k8s_resource('tenant-seed-pilot-coupon', resource_deps=['tenant-migration'], labels=['05-demo-foundation'])
# Core Data (Weight 15-20)
k8s_resource('demo-seed-inventory', resource_deps=['inventory-migration', 'demo-seed-tenants'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-recipes', resource_deps=['recipes-migration', 'demo-seed-inventory'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-suppliers', resource_deps=['suppliers-migration', 'demo-seed-inventory'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-sales', resource_deps=['sales-migration', 'demo-seed-inventory'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-ai-models', resource_deps=['training-migration', 'demo-seed-inventory'], labels=['05-demo-foundation'])
k8s_resource('demo-seed-stock', resource_deps=['inventory-migration', 'demo-seed-inventory'], labels=['05-demo-foundation'])
# =============================================================================
# DEMO SEED JOBS - PHASE 2: OPERATIONS
# =============================================================================
# Production & Quality (Weight 22-30)
k8s_resource('demo-seed-quality-templates', resource_deps=['production-migration', 'demo-seed-tenants'], labels=['06-demo-operations'])
k8s_resource('demo-seed-equipment', resource_deps=['production-migration', 'demo-seed-tenants', 'demo-seed-quality-templates'], labels=['06-demo-operations'])
k8s_resource('demo-seed-production-batches', resource_deps=['production-migration', 'demo-seed-recipes', 'demo-seed-equipment'], labels=['06-demo-operations'])
# Orders & Customers (Weight 25-30)
k8s_resource('demo-seed-customers', resource_deps=['orders-migration', 'demo-seed-tenants'], labels=['06-demo-operations'])
k8s_resource('demo-seed-orders', resource_deps=['orders-migration', 'demo-seed-customers'], labels=['06-demo-operations'])
# Procurement & Planning (Weight 35-40)
k8s_resource('demo-seed-procurement-plans', resource_deps=['procurement-migration', 'demo-seed-tenants'], labels=['06-demo-operations'])
k8s_resource('demo-seed-purchase-orders', resource_deps=['procurement-migration', 'demo-seed-tenants'], labels=['06-demo-operations'])
k8s_resource('demo-seed-forecasts', resource_deps=['forecasting-migration', 'demo-seed-tenants'], labels=['06-demo-operations'])
# Point of Sale
k8s_resource('demo-seed-pos-configs', resource_deps=['demo-seed-tenants'], labels=['06-demo-operations'])
# =============================================================================
# DEMO SEED JOBS - PHASE 3: INTELLIGENCE & ORCHESTRATION
# =============================================================================
k8s_resource('demo-seed-orchestration-runs', resource_deps=['orchestrator-migration', 'demo-seed-tenants'], labels=['07-demo-intelligence'])
# =============================================================================
# DEMO SEED JOBS - PHASE 4: ENTERPRISE (RETAIL LOCATIONS)
# =============================================================================
k8s_resource('demo-seed-inventory-retail', resource_deps=['inventory-migration', 'demo-seed-inventory'], labels=['08-demo-enterprise'])
k8s_resource('demo-seed-stock-retail', resource_deps=['inventory-migration', 'demo-seed-inventory-retail'], labels=['08-demo-enterprise'])
k8s_resource('demo-seed-sales-retail', resource_deps=['sales-migration', 'demo-seed-stock-retail'], labels=['08-demo-enterprise'])
k8s_resource('demo-seed-customers-retail', resource_deps=['orders-migration', 'demo-seed-sales-retail'], labels=['08-demo-enterprise'])
k8s_resource('demo-seed-pos-retail', resource_deps=['pos-migration', 'demo-seed-customers-retail'], labels=['08-demo-enterprise'])
k8s_resource('demo-seed-forecasts-retail', resource_deps=['forecasting-migration', 'demo-seed-pos-retail'], labels=['08-demo-enterprise'])
k8s_resource('demo-seed-distribution-history', resource_deps=['distribution-migration'], labels=['08-demo-enterprise'])
# =============================================================================
# APPLICATION SERVICES
# =============================================================================
# Core Services
k8s_resource('auth-service', resource_deps=['auth-migration', 'redis'], labels=['09-services-core'])
k8s_resource('tenant-service', resource_deps=['tenant-migration', 'redis'], labels=['09-services-core'])
# Data & Analytics Services
k8s_resource('training-service', resource_deps=['training-migration', 'redis'], labels=['10-services-analytics'])
k8s_resource('forecasting-service', resource_deps=['forecasting-migration', 'redis'], labels=['10-services-analytics'])
k8s_resource('ai-insights-service', resource_deps=['ai-insights-migration', 'redis', 'forecasting-service', 'production-service', 'procurement-service'], labels=['10-services-analytics'])
# Operations Services
k8s_resource('sales-service', resource_deps=['sales-migration', 'redis'], labels=['11-services-operations'])
k8s_resource('inventory-service', resource_deps=['inventory-migration', 'redis'], labels=['11-services-operations'])
k8s_resource('production-service', resource_deps=['production-migration', 'redis'], labels=['11-services-operations'])
k8s_resource('procurement-service', resource_deps=['procurement-migration', 'redis'], labels=['11-services-operations'])
k8s_resource('distribution-service', resource_deps=['distribution-migration', 'redis', 'rabbitmq'], labels=['11-services-operations'])
# Supporting Services
k8s_resource('recipes-service', resource_deps=['recipes-migration', 'redis'], labels=['12-services-supporting'])
k8s_resource('suppliers-service', resource_deps=['suppliers-migration', 'redis'], labels=['12-services-supporting'])
k8s_resource('pos-service', resource_deps=['pos-migration', 'redis'], labels=['12-services-supporting'])
k8s_resource('orders-service', resource_deps=['orders-migration', 'redis'], labels=['12-services-supporting'])
k8s_resource('external-service', resource_deps=['external-migration', 'external-data-init', 'redis'], labels=['12-services-supporting'])
# Platform Services
k8s_resource('notification-service', resource_deps=['notification-migration', 'redis', 'rabbitmq'], labels=['13-services-platform'])
k8s_resource('alert-processor', resource_deps=['alert-processor-migration', 'redis', 'rabbitmq'], labels=['13-services-platform'])
k8s_resource('orchestrator-service', resource_deps=['orchestrator-migration', 'redis'], labels=['13-services-platform'])
# Demo Services
k8s_resource('demo-session-service', resource_deps=['demo-session-migration', 'redis'], labels=['14-services-demo'])
k8s_resource('demo-cleanup-worker', resource_deps=['demo-session-service', 'redis'], labels=['14-services-demo'])
# =============================================================================
# FRONTEND & GATEWAY
# =============================================================================
k8s_resource('gateway', resource_deps=['auth-service'], labels=['15-frontend'])
k8s_resource('frontend', resource_deps=['gateway'], labels=['15-frontend'])
# =============================================================================
# CRONJOBS (Remaining K8s CronJobs)
# =============================================================================
k8s_resource('demo-session-cleanup', resource_deps=['demo-session-service'], labels=['16-cronjobs'])
k8s_resource('external-data-rotation', resource_deps=['external-service'], labels=['16-cronjobs'])
# =============================================================================
# CONFIGURATION & PATCHES
# =============================================================================
# Apply environment variable patch to demo-session-service with the inventory image
local_resource('patch-demo-session-env',
local_resource(
'patch-demo-session-env',
cmd='''
# Wait a moment for deployments to stabilize
sleep 2
@@ -559,57 +464,21 @@ local_resource('patch-demo-session-env',
''',
resource_deps=['demo-session-service', 'inventory-service'],
auto_init=True,
labels=['config'])
labels=['17-config']
)
# =============================================================================
# DATA INITIALIZATION JOBS (External Service v2.0)
# =============================================================================
k8s_resource('external-data-init',
resource_deps=['external-migration', 'redis'],
labels=['data-init'])
k8s_resource('nominatim-init',
labels=['data-init'])
# =============================================================================
# CRONJOBS
# =============================================================================
k8s_resource('demo-session-cleanup',
resource_deps=['demo-session-service'],
labels=['cronjobs'])
k8s_resource('external-data-rotation',
resource_deps=['external-service'],
labels=['cronjobs'])
k8s_resource('usage-tracker',
resource_deps=['tenant-service'],
labels=['cronjobs'])
# =============================================================================
# GATEWAY & FRONTEND
# =============================================================================
k8s_resource('gateway',
resource_deps=['auth-service'],
labels=['frontend'])
k8s_resource('frontend',
resource_deps=['gateway'],
labels=['frontend'])
# =============================================================================
# CONFIGURATION
# TILT CONFIGURATION
# =============================================================================
# Update check interval - how often Tilt checks for file changes
# Update settings
update_settings(
max_parallel_updates=2, # Reduce parallel updates to avoid resource exhaustion on local machines
max_parallel_updates=2, # Reduce parallel updates to avoid resource exhaustion
k8s_upsert_timeout_secs=120 # Increase timeout for slower local builds
)
# Watch settings - configure file watching behavior
# Watch settings
watch_settings(
# Ignore patterns that should never trigger rebuilds
ignore=[
'.git/**',
'**/__pycache__/**',
@@ -629,22 +498,22 @@ watch_settings(
'**/dist/**',
'**/build/**',
'**/*.egg-info/**',
# Ignore TLS certificate files (don't trigger rebuilds)
'**/infrastructure/tls/**/*.pem',
'**/infrastructure/tls/**/*.cnf',
'**/infrastructure/tls/**/*.csr',
'**/infrastructure/tls/**/*.srl',
# Ignore temporary files from migrations and other processes
'**/*.tmp',
'**/*.tmp.*',
'**/migrations/versions/*.tmp.*',
# Ignore test artifacts and reports (playwright)
'**/playwright-report/**',
'**/test-results/**',
]
)
# Print security status on startup
# =============================================================================
# STARTUP SUMMARY
# =============================================================================
print("""
✅ Security setup complete!
@@ -655,6 +524,10 @@ Database Security Features Active:
🔒 Column encryption: pgcrypto extension
📋 Audit logging: PostgreSQL query logging
Internal Schedulers Active:
⏰ Alert Priority Recalculation: Hourly @ :15 (alert-processor)
⏰ Usage Tracking: Daily @ 2:00 AM UTC (tenant-service)
Access your application:
Frontend: http://localhost:3000 (or via ingress)
Gateway: http://localhost:8000 (or via ingress)
@@ -664,14 +537,21 @@ Verify security:
kubectl get secrets -n bakery-ia | grep tls
kubectl logs -n bakery-ia <db-pod> | grep SSL
Security documentation:
Verify schedulers:
kubectl exec -it -n bakery-ia deployment/alert-processor -- curl localhost:8000/scheduler/status
kubectl logs -f -n bakery-ia -l app=tenant-service | grep "usage tracking"
Documentation:
docs/SECURITY_IMPLEMENTATION_COMPLETE.md
docs/DATABASE_SECURITY_ANALYSIS_REPORT.md
Useful Commands:
# Work on specific services only
tilt up <service-name> <service-name>
# View logs by label
tilt logs 09-services-core
tilt logs 13-services-platform
======================================
""")
# Optimize for local development
# Note: You may see "too many open files" warnings on macOS with many services.
# This is a Kind/Kubernetes limitation and doesn't affect service functionality.
# To work on specific services only, use: tilt up <service-name> <service-name>