New enterprise feature

2025-11-30 09:12:40 +01:00
parent f9d0eec6ec
commit 972db02f6d
176 changed files with 19741 additions and 1361 deletions
--- a/infrastructure/kubernetes/base/components/distribution/distribution-configmap.yaml
+++ b/infrastructure/kubernetes/base/components/distribution/distribution-configmap.yaml
@@ -0,0 +1,78 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: distribution-service-config
+data:
+  # Service settings
+  SERVICE_NAME: "distribution-service"
+  APP_NAME: "Bakery Distribution Service"
+  DESCRIPTION: "Distribution service for enterprise tier bakery management"
+  VERSION: "1.0.0"
+  
+  # Database settings
+  DB_POOL_SIZE: "10"
+  DB_MAX_OVERFLOW: "20"
+  DB_POOL_TIMEOUT: "30"
+  DB_POOL_RECYCLE: "3600"
+  DB_POOL_PRE_PING: "true"
+  DB_ECHO: "false"
+  
+  # Redis settings
+  REDIS_DB: "7"  # Use separate database for distribution service
+  REDIS_MAX_CONNECTIONS: "50"
+  REDIS_RETRY_ON_TIMEOUT: "true"
+  REDIS_SOCKET_KEEPALIVE: "true"
+  
+  # RabbitMQ settings
+  RABBITMQ_EXCHANGE: "bakery_events"
+  RABBITMQ_QUEUE_PREFIX: "distribution"
+  RABBITMQ_RETRY_ATTEMPTS: "3"
+  RABBITMQ_RETRY_DELAY: "5"
+  
+  # Authentication settings
+  JWT_ALGORITHM: "HS256"
+  JWT_ACCESS_TOKEN_EXPIRE_MINUTES: "30"
+  JWT_REFRESH_TOKEN_EXPIRE_DAYS: "7"
+  ENABLE_SERVICE_AUTH: "true"
+  
+  # HTTP client settings
+  HTTP_TIMEOUT: "30"
+  HTTP_RETRIES: "3"
+  HTTP_RETRY_DELAY: "1.0"
+  
+  # CORS settings
+  CORS_ORIGINS: "http://localhost:3000,http://localhost:3001"
+  CORS_ALLOW_CREDENTIALS: "true"
+  CORS_ALLOW_METHODS: "GET,POST,PUT,DELETE,PATCH,OPTIONS"
+  CORS_ALLOW_HEADERS: "*"
+  
+  # Rate limiting
+  RATE_LIMIT_ENABLED: "true"
+  RATE_LIMIT_REQUESTS: "100"
+  RATE_LIMIT_WINDOW: "60"
+  RATE_LIMIT_BURST: "10"
+  
+  # Monitoring and observability
+  LOG_LEVEL: "INFO"
+  PROMETHEUS_ENABLED: "true"
+  PROMETHEUS_PORT: "9090"
+  JAEGER_ENABLED: "false"
+  JAEGER_AGENT_HOST: "jaeger-agent"
+  JAEGER_AGENT_PORT: "6831"
+  
+  # Health check settings
+  HEALTH_CHECK_TIMEOUT: "30"
+  HEALTH_CHECK_INTERVAL: "30"
+  
+  # Business rules
+  MAX_FORECAST_DAYS: "30"
+  MIN_HISTORICAL_DAYS: "60"
+  CONFIDENCE_THRESHOLD: "0.8"
+  
+  # Routing optimization settings
+  VRP_TIME_LIMIT_SECONDS: "30"
+  VRP_DEFAULT_VEHICLE_CAPACITY_KG: "1000"
+  VRP_AVERAGE_SPEED_KMH: "30"
+  
+  # Service-specific settings
+  DISTRIBUTION_SERVICE_URL: "http://distribution-service:8000"
--- a/infrastructure/kubernetes/base/components/distribution/distribution-deployment.yaml
+++ b/infrastructure/kubernetes/base/components/distribution/distribution-deployment.yaml
@@ -0,0 +1,155 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: distribution-service
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: distribution-service
+    app.kubernetes.io/component: microservice
+    app.kubernetes.io/part-of: bakery-ia
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: distribution-service
+      app.kubernetes.io/component: microservice
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: distribution-service
+        app.kubernetes.io/component: microservice
+    spec:
+      initContainers:
+      # Wait for Redis to be ready
+      - name: wait-for-redis
+        image: redis:7.4-alpine
+        command:
+        - sh
+        - -c
+        - |
+          echo "Waiting for Redis to be ready..."
+          until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do
+            echo "Redis not ready yet, waiting..."
+            sleep 2
+          done
+          echo "Redis is ready!"
+        env:
+        - name: REDIS_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: REDIS_HOST
+        - name: REDIS_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: REDIS_PORT
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-secrets
+              key: REDIS_PASSWORD
+        volumeMounts:
+        - name: redis-tls
+          mountPath: /tls
+          readOnly: true
+      - name: wait-for-migration
+        image: postgres:17-alpine
+        command:
+        - sh
+        - -c
+        - |
+          echo "Waiting for distribution database and migrations to be ready..."
+          # Wait for database to be accessible
+          until pg_isready -h $DISTRIBUTION_DB_HOST -p $DISTRIBUTION_DB_PORT -U $DISTRIBUTION_DB_USER; do
+            echo "Database not ready yet, waiting..."
+            sleep 2
+          done
+          echo "Database is ready!"
+          # Give migrations extra time to complete after DB is ready
+          echo "Waiting for migrations to complete..."
+          sleep 10
+          echo "Ready to start service"
+        env:
+        - name: DISTRIBUTION_DB_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: DISTRIBUTION_DB_HOST
+        - name: DISTRIBUTION_DB_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: DB_PORT
+        - name: DISTRIBUTION_DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: database-secrets
+              key: DISTRIBUTION_DB_USER
+      containers:
+      - name: distribution-service
+        image: bakery/distribution-service:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8000
+          name: http
+        envFrom:
+        - configMapRef:
+            name: bakery-config
+        - secretRef:
+            name: database-secrets
+        - secretRef:
+            name: redis-secrets
+        - secretRef:
+            name: rabbitmq-secrets
+        - secretRef:
+            name: jwt-secrets
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8000
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8000
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          timeoutSeconds: 3
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        volumeMounts:
+        - name: redis-tls
+          mountPath: /tls
+          readOnly: true
+      volumes:
+      - name: redis-tls
+        secret:
+          secretName: redis-tls-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: distribution-service
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: distribution-service
+    app.kubernetes.io/component: microservice
+    app.kubernetes.io/part-of: bakery-ia
+spec:
+  selector:
+    app.kubernetes.io/name: distribution-service
+    app.kubernetes.io/component: microservice
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000
+      name: http
+  type: ClusterIP
--- a/infrastructure/kubernetes/base/components/distribution/distribution-service.yaml
+++ b/infrastructure/kubernetes/base/components/distribution/distribution-service.yaml
@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: distribution-service
+  labels:
+    app: distribution-service
+    tier: backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: distribution-service
+  template:
+    metadata:
+      labels:
+        app: distribution-service
+        tier: backend
+    spec:
+      containers:
+      - name: distribution-service
+        image: bakery/distribution-service:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8000
+          name: http
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: database-secret
+              key: url
+        - name: REDIS_URL
+          valueFrom:
+            secretKeyRef:
+              name: redis-secret
+              key: url
+        - name: RABBITMQ_URL
+          valueFrom:
+            secretKeyRef:
+              name: rabbitmq-secret
+              key: url
+        - name: JWT_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: auth-secret
+              key: jwt-secret
+        - name: ENVIRONMENT
+          value: "production"
+        - name: LOG_LEVEL
+          value: "INFO"
+        - name: DB_POOL_SIZE
+          value: "10"
+        - name: DB_MAX_OVERFLOW
+          value: "20"
+        - name: REDIS_MAX_CONNECTIONS
+          value: "50"
+        - name: HTTP_TIMEOUT
+          value: "30"
+        - name: HTTP_RETRIES
+          value: "3"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8000
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8000
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          timeoutSeconds: 3
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: false
+          capabilities:
+            drop:
+            - ALL
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        fsGroup: 2000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: distribution-service
+  labels:
+    app: distribution-service
+    tier: backend
+spec:
+  selector:
+    app.kubernetes.io/name: distribution-service
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000
+      name: http
+  type: ClusterIP