From b17cdc4b4768d712fe2ab315dfa31e2fa39cc2e9 Mon Sep 17 00:00:00 2001 From: Bakery Admin Date: Thu, 22 Jan 2026 12:31:10 +0100 Subject: [PATCH] Fix resources isues 8 --- PRODUCTION_DEPLOYMENT_GUIDE.md | 32 ++++-- .../prod/k8s-manifests/kustomization.yaml | 6 +- .../monitoring/signoz/signoz-values-dev.yaml | 59 +++++++++- .../monitoring/signoz/signoz-values-prod.yaml | 68 +++++++++++- .../platform/mail/mailu-helm/README.md | 4 +- .../mailersend-credentials-secret.yaml | 104 ++++++++++++++++++ .../configs/mailgun-credentials-secret.yaml | 94 ---------------- .../mailu-helm/scripts/deploy-mailu-prod.sh | 19 +++- .../platform/mail/mailu-helm/values.yaml | 9 +- .../networking/ingress/base/ingress.yaml | 2 + .../ingress/overlays/dev/kustomization.yaml | 2 + .../ingress/overlays/prod/kustomization.yaml | 4 +- 12 files changed, 285 insertions(+), 118 deletions(-) create mode 100644 infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml delete mode 100644 infrastructure/platform/mail/mailu-helm/configs/mailgun-credentials-secret.yaml diff --git a/PRODUCTION_DEPLOYMENT_GUIDE.md b/PRODUCTION_DEPLOYMENT_GUIDE.md index 8c8bd824..f262201e 100644 --- a/PRODUCTION_DEPLOYMENT_GUIDE.md +++ b/PRODUCTION_DEPLOYMENT_GUIDE.md @@ -49,7 +49,7 @@ A complete multi-tenant SaaS platform consisting of: | **Cache** | Redis with TLS | | **Message Broker** | RabbitMQ | | **Object Storage** | MinIO (S3-compatible) | -| **Email** | Mailu (self-hosted) with Mailgun relay | +| **Email** | Mailu (self-hosted) with MailerSend relay | | **Monitoring** | SigNoz (unified observability) | | **CI/CD** | Gitea + Tekton + Flux CD | | **Security** | TLS everywhere, RBAC, Network Policies | @@ -113,7 +113,7 @@ Phase 8: Verification & Validation |---------|----------|-------------| | VPS (20GB RAM, 8 vCPU, 200GB SSD) | clouding.io | €40-80 | | Domain | Namecheap/Cloudflare | ~€1.25 (€15/year) | -| Email Relay | Mailgun (free tier) | €0 | +| Email Relay | MailerSend (free tier: 3K emails/month) | €0 | | SSL Certificates | Let's Encrypt | €0 | | DNS | Cloudflare | €0 | | **Total** | | **€41-81/month** | @@ -137,7 +137,7 @@ Phase 8: Verification & Validation - [ ] **VPS Provider** (clouding.io, Hetzner, DigitalOcean, etc.) - [ ] **Domain Registrar** (Namecheap, Cloudflare, etc.) - [ ] **Cloudflare Account** (recommended for DNS) -- [ ] **Mailgun Account** (for email relay, optional) +- [ ] **MailerSend Account** (for email relay - https://mailersend.com, optional) - [ ] **Stripe Account** (for payments) ### Local Machine Requirements @@ -379,7 +379,7 @@ Add these DNS records pointing to your VPS IP (`200.234.233.87`): | A | registry | 200.234.233.87 | Auto | | A | api | 200.234.233.87 | Auto | | MX | @ | mail.bakewise.ai | 10 | -| TXT | @ | v=spf1 mx a -all | Auto | +| TXT | @ | v=spf1 include:mailersend.net mx a ~all | Auto | | TXT | _dmarc | v=DMARC1; p=reject; rua=mailto:admin@bakewise.ai | Auto | ### Step 2.2: Verify DNS Propagation @@ -1187,7 +1187,7 @@ kubectl logs -n bakery-ia deployment/mailu-front --tail=10 > - Username: `admin@bakewise.ai` > - Password: (from secret above) > -> 6. **Mailgun Relay:** Configure credentials in `mailu-mailgun-credentials-secret.yaml` before deployment. +> 6. **MailerSend Relay:** Configure credentials in `mailersend-credentials-secret.yaml` before deployment. ### Step 7.3.1: Mailu Configuration Notes @@ -1201,19 +1201,33 @@ kubectl logs -n bakery-ia deployment/mailu-front --tail=10 > - **Internal:** Uses self-signed certificates for inter-service communication > - **No replacement needed:** This dual-certificate architecture is intentional and secure -**Configure Mailgun Relay (for outbound email):** +**Configure MailerSend Relay (for outbound email):** ```bash -# Edit the Mailgun credentials secret -nano infrastructure/platform/mail/mailu-helm/configs/mailu-mailgun-credentials-secret.yaml +# 1. Sign up at https://accounts.mailersend.com/signup +# 2. Add your domain (bakewise.ai) and verify DNS records +# 3. Generate SMTP credentials: Email -> Domains -> SMTP -> Generate new user + +# Edit the MailerSend credentials secret +nano infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml # Apply the secret -kubectl apply -f infrastructure/platform/mail/mailu-helm/configs/mailu-mailgun-credentials-secret.yaml -n bakery-ia +kubectl apply -f infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml -n bakery-ia # Restart Mailu to pick up the new relay configuration kubectl rollout restart deployment -n bakery-ia -l app.kubernetes.io/instance=mailu ``` +**MailerSend DNS Records (add to Cloudflare):** + +| Type | Name | Value | +|------|------|-------| +| TXT (SPF) | @ | v=spf1 include:mailersend.net mx a ~all | +| TXT (DKIM) | mlsend._domainkey | (from MailerSend dashboard) | +| TXT (DKIM) | mlsend2._domainkey | (from MailerSend dashboard) | + +> **Note:** MailerSend free tier includes 3,000 emails/month (12,000 with verified domain). + ### Step 7.4: Deploy SigNoz Monitoring ```bash diff --git a/infrastructure/environments/prod/k8s-manifests/kustomization.yaml b/infrastructure/environments/prod/k8s-manifests/kustomization.yaml index 09fa03d7..ce1be2a0 100644 --- a/infrastructure/environments/prod/k8s-manifests/kustomization.yaml +++ b/infrastructure/environments/prod/k8s-manifests/kustomization.yaml @@ -21,9 +21,9 @@ resources: - prod-certificate.yaml - # SigNoz is managed via Helm deployment (see infrastructure/helm/deploy-signoz.sh) - # Monitoring is handled by SigNoz (no separate monitoring components needed) - # SigNoz paths are now included in the main ingress (ingress-https.yaml) + # SigNoz is managed via Helm deployment (see infrastructure/monitoring/signoz/deploy-signoz.sh) + # Monitoring is handled by SigNoz with its own dedicated ingress + # SigNoz creates its own ingress resource for monitoring.bakewise.ai labels: - includeSelectors: false diff --git a/infrastructure/monitoring/signoz/signoz-values-dev.yaml b/infrastructure/monitoring/signoz/signoz-values-dev.yaml index f4e4435d..68a17333 100644 --- a/infrastructure/monitoring/signoz/signoz-values-dev.yaml +++ b/infrastructure/monitoring/signoz/signoz-values-dev.yaml @@ -1,6 +1,6 @@ # SigNoz Helm Chart Values - Development Environment # Optimized for local development with minimal resource usage -# DEPLOYED IN bakery-ia NAMESPACE - Ingress managed by bakery-ingress +# DEPLOYED IN bakery-ia NAMESPACE - Ingress managed by SigNoz Helm chart # # Official Chart: https://github.com/SigNoz/charts # Install Command: helm install signoz signoz/signoz -n bakery-ia -f signoz-values-dev.yaml @@ -10,3 +10,60 @@ global: clusterName: "bakery-ia-dev" domain: "monitoring.bakery-ia.local" # Docker Hub credentials - applied to all sub-charts (including Zookeeper, ClickHouse, etc) + +# Ingress configuration for SigNoz development +frontend: + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" # Disable for local development + nginx.ingress.kubernetes.io/proxy-body-size: "100m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + hosts: + - host: monitoring.bakery-ia.local + paths: + - path: / + pathType: Prefix + tls: [] # No TLS for local development + +# Resource configuration for development +# Minimal resources for local testing +clickhouse: + persistence: + size: 5Gi + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "1Gi" + cpu: "500m" + +otelCollector: + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "250m" + +queryService: + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "250m" + +alertmanager: + resources: + requests: + memory: "128Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "100m" diff --git a/infrastructure/monitoring/signoz/signoz-values-prod.yaml b/infrastructure/monitoring/signoz/signoz-values-prod.yaml index a47e4535..469aaff5 100644 --- a/infrastructure/monitoring/signoz/signoz-values-prod.yaml +++ b/infrastructure/monitoring/signoz/signoz-values-prod.yaml @@ -1,6 +1,6 @@ # SigNoz Helm Chart Values - Production Environment # High-availability configuration with resource optimization -# DEPLOYED IN bakery-ia NAMESPACE - Ingress managed by bakery-ingress-prod +# DEPLOYED IN bakery-ia NAMESPACE - Ingress managed by SigNoz Helm chart # # Official Chart: https://github.com/SigNoz/charts # Install Command: helm install signoz signoz/signoz -n bakery-ia -f signoz-values-prod.yaml @@ -10,3 +10,69 @@ global: clusterName: "bakery-ia-prod" domain: "monitoring.bakewise.ai" # Docker Hub credentials - applied to all sub-charts (including Zookeeper, ClickHouse, etc) + +# Ingress configuration for SigNoz +# Configured to use HTTPS with TLS termination at ingress controller +# Similar to gitea and mailu configurations +frontend: + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "100m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + cert-manager.io/cluster-issuer: "letsencrypt-production" + nginx.ingress.kubernetes.io/limit-rps: "50" + nginx.ingress.kubernetes.io/limit-connections: "25" + hosts: + - host: monitoring.bakewise.ai + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - monitoring.bakewise.ai + secretName: bakery-ia-prod-tls-cert + +# Resource configuration for production +# Optimized for 8 CPU core VPS deployment +clickhouse: + persistence: + size: 20Gi + resources: + requests: + memory: "2Gi" + cpu: "500m" + limits: + memory: "4Gi" + cpu: "1000m" + +otelCollector: + resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "1000m" + +queryService: + resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "1000m" + +alertmanager: + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "1Gi" + cpu: "500m" diff --git a/infrastructure/platform/mail/mailu-helm/README.md b/infrastructure/platform/mail/mailu-helm/README.md index 1cc2eac0..2ae22a74 100644 --- a/infrastructure/platform/mail/mailu-helm/README.md +++ b/infrastructure/platform/mail/mailu-helm/README.md @@ -23,7 +23,7 @@ mailu-helm/ The following critical configurations from the original Kustomize setup have been preserved: - **Domain settings**: Domain and hostnames for both dev and prod -- **External relay**: Mailgun SMTP relay configuration +- **External relay**: MailerSend SMTP relay configuration - **Redis integration**: Connection to shared Redis cluster (database 15) - **Database settings**: PostgreSQL connection details - **Resource limits**: CPU and memory requests/limits matching original setup @@ -39,7 +39,7 @@ The following critical configurations from the original Kustomize setup have bee 2. Kubernetes cluster with storage provisioner 3. Ingress controller (NGINX) - already deployed in your cluster 4. Cert-manager for TLS certificates (optional, depends on your ingress setup) -5. External SMTP relay account (Mailgun) +5. External SMTP relay account (MailerSend - https://mailersend.com) ### Deployment Commands diff --git a/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml b/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml new file mode 100644 index 00000000..09a98b94 --- /dev/null +++ b/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml @@ -0,0 +1,104 @@ +# MailerSend SMTP Credentials Secret for Mailu +# +# This secret stores MailerSend credentials for outbound email relay. +# Mailu uses MailerSend as an external SMTP relay to send all outbound emails. +# +# ============================================================================ +# HOW TO CONFIGURE: +# ============================================================================ +# +# 1. Go to https://accounts.mailersend.com/signup and create an account +# +# 2. Add and verify your domain: +# - For dev: bakery-ia.dev +# - For prod: bakewise.ai +# - Go to Email -> Domains -> Add domain +# - Follow the DNS verification steps (add TXT records) +# +# 3. Generate SMTP credentials: +# - Go to Email -> Domains -> Click on your domain +# - Go to SMTP section +# - Click "Generate new user" +# - Save the generated username and password +# +# 4. Note your SMTP credentials: +# - SMTP hostname: smtp.mailersend.net +# - Port: 587 (TLS/STARTTLS) +# - Username: generated by MailerSend (e.g., MS_xxxxxx@trial-xxxxx.mlsender.net) +# - Password: generated SMTP password +# +# 5. Replace the placeholder values below with your credentials +# +# 6. Apply this secret: +# kubectl apply -f mailersend-credentials-secret.yaml -n bakery-ia +# +# ============================================================================ +# IMPORTANT NOTES: +# ============================================================================ +# +# - MailerSend requires TLS 1.2 or higher (supported by default) +# - SMTP credentials are account-wide (work for any verified domain) +# - Free tier: 3,000 emails/month (12,000 with verified domain) +# - Rate limit: 120 requests/minute +# +# ============================================================================ +# DNS RECORDS REQUIRED FOR MAILERSEND: +# ============================================================================ +# +# Add these DNS records to your domain (Cloudflare) for proper email delivery: +# +# 1. SPF Record (TXT): +# Name: @ +# Value: v=spf1 include:mailersend.net ~all +# +# 2. DKIM Records (TXT): +# MailerSend will provide DKIM keys after domain verification +# Typically: mlsend._domainkey and mlsend2._domainkey +# (check your MailerSend domain settings for exact values) +# +# 3. DMARC Record (TXT): +# Name: _dmarc +# Value: v=DMARC1; p=quarantine; rua=mailto:admin@bakewise.ai +# +# 4. MX Records (for receiving mail via Mailu): +# Priority 10: mail.bakewise.ai +# +# 5. A Record: +# Name: mail +# Value: +# +# ============================================================================ +--- +apiVersion: v1 +kind: Secret +metadata: + name: mailu-mailersend-credentials + namespace: bakery-ia + labels: + app: mailu + component: external-relay + annotations: + description: "MailerSend SMTP credentials for Mailu external relay" +type: Opaque +stringData: + # ============================================================================ + # REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS + # ============================================================================ + # + # Option 1: Use stringData (plain text - Kubernetes will encode automatically) + # This is easier for initial setup but shows credentials in the file + # + RELAY_USERNAME: "MS_d34ZtW@bakewise.ai" + RELAY_PASSWORD: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7" + # + # ============================================================================ + # ALTERNATIVE: Use pre-encoded values (more secure for version control) + # ============================================================================ + # Comment out stringData above and uncomment data below: + # + # data: + # # Base64 encoded values + # # echo -n 'your-mailersend-username' | base64 + # RELAY_USERNAME: WU9VUl9NQUlMRVJTRU5EX1NNVFBfVVNFUk5BTUU= + # # echo -n 'your-mailersend-password' | base64 + # RELAY_PASSWORD: WU9VUl9NQUlMRVJTRU5EX1NNVFBfUEFTU1dPUkQ= diff --git a/infrastructure/platform/mail/mailu-helm/configs/mailgun-credentials-secret.yaml b/infrastructure/platform/mail/mailu-helm/configs/mailgun-credentials-secret.yaml deleted file mode 100644 index cb59b792..00000000 --- a/infrastructure/platform/mail/mailu-helm/configs/mailgun-credentials-secret.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# Mailgun SMTP Credentials Secret for Mailu -# -# This secret stores Mailgun credentials for outbound email relay. -# Mailu uses Mailgun as an external SMTP relay to send all outbound emails. -# -# ============================================================================ -# HOW TO CONFIGURE: -# ============================================================================ -# -# 1. Go to https://www.mailgun.com and create an account -# -# 2. Add and verify your domain: -# - For dev: bakery-ia.dev -# - For prod: bakewise.ai -# -# 3. Go to Domain Settings > SMTP credentials in Mailgun dashboard -# -# 4. Note your SMTP credentials: -# - SMTP hostname: smtp.mailgun.org -# - Port: 587 (TLS/STARTTLS) -# - Username: typically postmaster@yourdomain.com -# - Password: your Mailgun SMTP password (NOT the API key) -# -# 5. Base64 encode your credentials: -# echo -n 'postmaster@bakewise.ai' | base64 -# echo -n 'your-mailgun-smtp-password' | base64 -# -# 6. Replace the placeholder values below with your encoded credentials -# -# 7. Apply this secret: -# kubectl apply -f mailgun-credentials-secret.yaml -n bakery-ia -# -# ============================================================================ -# IMPORTANT NOTES: -# ============================================================================ -# -# - Use the SMTP password from Mailgun, NOT the API key -# - The username format is: postmaster@yourdomain.com -# - For sandbox domains, Mailgun requires adding authorized recipients -# - Production domains need DNS verification (SPF, DKIM records) -# -# ============================================================================ -# DNS RECORDS REQUIRED FOR MAILGUN: -# ============================================================================ -# -# Add these DNS records to your domain for proper email delivery: -# -# 1. SPF Record (TXT): -# Name: @ -# Value: v=spf1 include:mailgun.org ~all -# -# 2. DKIM Records (TXT): -# Mailgun will provide two DKIM keys to add as TXT records -# (check your Mailgun domain settings for exact values) -# -# 3. MX Records (optional, only if receiving via Mailgun): -# Priority 10: mxa.mailgun.org -# Priority 10: mxb.mailgun.org -# -# ============================================================================ ---- -apiVersion: v1 -kind: Secret -metadata: - name: mailu-mailgun-credentials - namespace: bakery-ia - labels: - app: mailu - component: external-relay - annotations: - description: "Mailgun SMTP credentials for Mailu external relay" -type: Opaque -stringData: - # ============================================================================ - # REPLACE THESE VALUES WITH YOUR MAILGUN CREDENTIALS - # ============================================================================ - # - # Option 1: Use stringData (plain text - Kubernetes will encode automatically) - # This is easier for initial setup but shows credentials in the file - # - RELAY_USERNAME: "postmaster@sandboxc1bff891532b4f0c83056a68ae080b4c.mailgun.org" - RELAY_PASSWORD: "2e47104abadad8eb820d00042ea6d5eb-77c6c375-89c7ea55" - # - # ============================================================================ - # ALTERNATIVE: Use pre-encoded values (more secure for version control) - # ============================================================================ - # Comment out stringData above and uncomment data below: - # - # data: - # # Base64 encoded values - # # echo -n 'postmaster@bakewise.ai' | base64 - # RELAY_USERNAME: cG9zdG1hc3RlckBiYWtld2lzZS5haQ== - # # echo -n 'your-password' | base64 - # RELAY_PASSWORD: WU9VUl9NQUlMR1VOX1NNVFBfUEFTU1dPUkQ= diff --git a/infrastructure/platform/mail/mailu-helm/scripts/deploy-mailu-prod.sh b/infrastructure/platform/mail/mailu-helm/scripts/deploy-mailu-prod.sh index 07699bbe..2cbe7903 100755 --- a/infrastructure/platform/mail/mailu-helm/scripts/deploy-mailu-prod.sh +++ b/infrastructure/platform/mail/mailu-helm/scripts/deploy-mailu-prod.sh @@ -274,9 +274,22 @@ echo " CoreDNS is configured with DNS-over-TLS (Cloudflare) for DNSSEC validati echo " CoreDNS IP: $COREDNS_IP" echo "" echo "Next Steps:" -echo " 1. Configure DNS records (A, MX, SPF, DMARC)" -echo " 2. Get DKIM key: kubectl exec -n $NAMESPACE deployment/mailu-admin -- cat /dkim/$DOMAIN.dkim.pub" -echo " 3. Add DKIM TXT record to DNS" +echo " 1. Configure MailerSend:" +echo " - Sign up at https://accounts.mailersend.com/signup" +echo " - Add domain '$DOMAIN' and verify DNS records" +echo " - Generate SMTP credentials (Email -> Domains -> SMTP)" +echo " - Update secret: kubectl edit secret mailu-mailersend-credentials -n $NAMESPACE" +echo "" +echo " 2. Configure DNS records in Cloudflare for '$DOMAIN':" +echo " - A record: mail -> " +echo " - MX record: @ -> mail.$DOMAIN (priority 10)" +echo " - TXT (SPF): @ -> v=spf1 include:mailersend.net ~all" +echo " - TXT (DKIM): mlsend._domainkey -> " +echo " - TXT (DMARC): _dmarc -> v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN" +echo "" +echo " 3. Get Mailu DKIM key (for direct sending):" +echo " kubectl exec -n $NAMESPACE deployment/mailu-admin -- cat /dkim/$DOMAIN.dkim.pub" +echo "" echo " 4. Configure Ingress for mail.$DOMAIN" echo "" echo "To check pod status:" diff --git a/infrastructure/platform/mail/mailu-helm/values.yaml b/infrastructure/platform/mail/mailu-helm/values.yaml index 66430d4f..2c97ca44 100644 --- a/infrastructure/platform/mail/mailu-helm/values.yaml +++ b/infrastructure/platform/mail/mailu-helm/values.yaml @@ -50,13 +50,14 @@ limits: messageRatelimit: value: "200/day" -# External relay configuration (Mailgun) -# Mailu will relay all outbound emails through Mailgun SMTP +# External relay configuration (MailerSend) +# Mailu will relay all outbound emails through MailerSend SMTP # Credentials are loaded from Kubernetes secret for security +# MailerSend requires TLS 1.2+ (supported by default on port 587) externalRelay: - host: "[smtp.mailgun.org]:587" + host: "[smtp.mailersend.net]:587" # Use existing secret for credentials (recommended for security) - secretName: "mailu-mailgun-credentials" + secretName: "mailu-mailersend-credentials" usernameKey: "RELAY_USERNAME" passwordKey: "RELAY_PASSWORD" diff --git a/infrastructure/platform/networking/ingress/base/ingress.yaml b/infrastructure/platform/networking/ingress/base/ingress.yaml index 17fc10c9..bcf42490 100644 --- a/infrastructure/platform/networking/ingress/base/ingress.yaml +++ b/infrastructure/platform/networking/ingress/base/ingress.yaml @@ -56,3 +56,5 @@ spec: # See infrastructure/cicd/gitea/values.yaml for ingress configuration # NOTE: Mail ingress is deployed separately via mailu-helm resource # to avoid 503 errors when Mailu is not running + # NOTE: Monitoring ingress is deployed separately via SigNoz Helm chart + # See infrastructure/monitoring/signoz/signoz-values-prod.yaml for monitoring configuration diff --git a/infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml b/infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml index cca73d78..8a751fa0 100644 --- a/infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml +++ b/infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml @@ -25,3 +25,5 @@ patches: value: "https://localhost,https://localhost:3000,https://localhost:3001,https://127.0.0.1,https://127.0.0.1:3000,https://127.0.0.1:3001,https://bakery-ia.local,https://registry.bakery-ia.local,https://gitea.bakery-ia.local,http://localhost,http://localhost:3000,http://localhost:3001,http://127.0.0.1,http://127.0.0.1:3000" # NOTE: Gitea and Registry ingresses are managed by Gitea Helm chart (infrastructure/cicd/gitea/values.yaml) # NOTE: Mail ingress (mail.bakery-ia.dev) is deployed separately via mailu-helm Tilt resource +# NOTE: Monitoring ingress (monitoring.bakery-ia.local) is deployed separately via SigNoz Helm chart +# See infrastructure/monitoring/signoz/signoz-values-dev.yaml for monitoring configuration diff --git a/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml b/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml index d7d4e28e..25bec54a 100644 --- a/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml +++ b/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml @@ -37,4 +37,6 @@ patches: value: "http01" # NOTE: Gitea and Registry ingresses are managed by Gitea Helm chart # See infrastructure/cicd/gitea/values-prod.yaml for production ingress configuration -# NOTE: mail.bakewise.ai is handled by separate mailu ingress \ No newline at end of file +# NOTE: mail.bakewise.ai is handled by separate mailu ingress +# NOTE: monitoring.bakewise.ai is handled by separate SigNoz ingress +# See infrastructure/monitoring/signoz/signoz-values-prod.yaml for monitoring ingress configuration \ No newline at end of file