bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit - production deployment

Browse Source
This commit is contained in:
Bakery Admin
2026-01-21 17:17:16 +01:00
commit c23d00dd92
2289 changed files with 638440 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

307
scripts/BASE_IMAGE_CACHING_SOLUTION.md Normal file
View File

@@ -0,0 +1,307 @@
# Base Image Caching Solution for Docker Hub Rate Limiting
## Overview
This solution provides a simple, short-term approach to reduce Docker Hub usage by pre-pulling and caching base images. It's designed to be implemented quickly while providing significant benefits.
## Problem Addressed
- **Docker Hub Rate Limiting**: 100 pulls/6h for anonymous users
- **Build Failures**: Timeouts and authentication errors during CI/CD
- **Inconsistent Builds**: Different base image versions causing issues
## Solution Architecture
```
[Docker Hub] → [Pre-Pull Script] → [Local Cache/Registry] → [Service Builds]
```
## Implementation Options
### Option 1: Simple Docker Cache (Easiest)
```bash
# Just run the prepull script
./scripts/prepull-base-images.sh
```
**How it works:**
- Pulls all base images once with authentication
- Docker caches them locally
- Subsequent builds use cached images
- Reduces Docker Hub pulls by ~90%
### Option 2: Local Registry (More Robust)
```bash
# Start local registry
docker run -d -p 5000:5000 --name bakery-registry \
-v $(pwd)/registry-data:/var/lib/registry \
registry:2
# Run prepull script with local registry enabled
USE_LOCAL_REGISTRY=true ./scripts/prepull-base-images.sh
```
**How it works:**
- Runs a local Docker registry
- Pre-pull script pushes images to local registry
- All builds pull from local registry
- Can be shared across team members
### Option 3: Pull-Through Cache (Most Advanced)
```yaml
# Configure Docker daemon (docker daemon.json)
{
"registry-mirrors": ["http://localhost:5000"],
"insecure-registries": ["localhost:5000"]
}
# Start registry as pull-through cache
docker run -d -p 5000:5000 --name bakery-registry \
-v $(pwd)/registry-data:/var/lib/registry \
-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
registry:2
```
**How it works:**
- Local registry acts as transparent cache
- First request pulls from Docker Hub and caches
- Subsequent requests served from cache
- Completely transparent to builds
## Quick Start Guide
### 1. Simple Caching (5 minutes)
```bash
# Make script executable
chmod +x scripts/prepull-base-images.sh
# Run the script
./scripts/prepull-base-images.sh
# Verify images are cached
docker images | grep -E "python:3.11-slim|postgres:17-alpine"
```
### 2. Local Registry (10 minutes)
```bash
# Build local registry image
cd scripts/local-registry
docker build -t bakery-registry .
# Start registry
docker run -d -p 5000:5000 --name bakery-registry \
-v $(pwd)/registry-data:/var/lib/registry \
bakery-registry
# Run prepull with local registry
USE_LOCAL_REGISTRY=true ../prepull-base-images.sh
# Verify registry contents
curl http://localhost:5000/v2/_catalog
```
### 3. CI/CD Integration
**GitHub Actions Example:**
```yaml
jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Pre-pull base images
run: ./scripts/prepull-base-images.sh
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
build:
needs: setup
runs-on: ubuntu-latest
steps:
- name: Build services
run: ./scripts/build-services.sh
```
**Tekton Pipeline Example:**
```yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: prepull-base-images
spec:
steps:
- name: login-to-docker
image: docker:cli
script: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
env:
- name: DOCKER_USERNAME
valueFrom:
secretKeyRef:
name: docker-creds
key: username
- name: DOCKER_PASSWORD
valueFrom:
secretKeyRef:
name: docker-creds
key: password
- name: prepull-images
image: docker:cli
script: |
#!/bin/bash
images=("python:3.11-slim" "postgres:17-alpine" "redis:7.4-alpine")
for img in "${images[@]}"; do
echo "Pulling $img..."
docker pull "$img"
done
```
## Base Images Covered
The script pre-pulls all base images used in the Bakery-IA project:
### Primary Base Images
- `python:3.11-slim` - Main Python runtime
- `postgres:17-alpine` - Database init containers
- `redis:7.4-alpine` - Redis init containers
### Utility Images
- `busybox:1.36` - Lightweight utility container
- `busybox:latest` - Latest busybox
- `curlimages/curl:latest` - Curl utility
- `bitnami/kubectl:1.28` - Kubernetes CLI
### Build System Images
- `alpine:3.18` - Lightweight base
- `alpine:3.19` - Latest Alpine
- `gcr.io/kaniko-project/executor:v1.23.0` - Kaniko builder
- `alpine/git:2.43.0` - Git client
## Benefits
### Immediate Benefits
- **Reduces Docker Hub pulls by 90%+** - Only pull each base image once
- **Eliminates rate limiting issues** - Authenticated pulls with proper credentials
- **Faster builds** - Cached images load instantly
- **More reliable CI/CD** - No more timeout failures
### Long-Term Benefits
- **Consistent build environments** - Same base images for all builds
- **Easier debugging** - Known image versions
- **Better security** - Controlled image updates
- **Foundation for improvement** - Can evolve to pull-through cache
## Monitoring and Maintenance
### Check Cache Status
```bash
# List cached images
docker images
# Check disk usage
docker system df
# Clean up old images
docker image prune -a
```
### Update Base Images
```bash
# Run prepull script monthly to get updates
./scripts/prepull-base-images.sh
# Or create a cron job
0 3 1 * * /path/to/prepull-base-images.sh
```
## Security Considerations
### Credential Management
- Store Docker Hub credentials in secrets management system
- Rotate credentials periodically
- Use least-privilege access
### Image Verification
```bash
# Verify image integrity
docker trust inspect python:3.11-slim
# Scan for vulnerabilities
docker scan python:3.11-slim
```
## Comparison with Other Solutions
| Solution | Complexity | Docker Hub Usage | Implementation Time | Maintenance |
|----------|------------|------------------|---------------------|-------------|
| **This Solution** | Low | Very Low | 5-30 minutes | Low |
| GHCR Migration | Medium | None | 1-2 days | Medium |
| Pull-Through Cache | Medium | Very Low | 1 day | Medium |
| Immutable Base Images | High | None | 1-2 weeks | High |
## Migration Path
This solution can evolve over time:
```
Phase 1: Simple caching (Current) → Phase 2: Local registry → Phase 3: Pull-through cache → Phase 4: Immutable base images
```
## Troubleshooting
### Common Issues
**Issue: Authentication fails**
```bash
# Solution: Verify credentials
docker login -u your-username
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
```
**Issue: Local registry not accessible**
```bash
# Solution: Check registry status
docker ps | grep registry
curl http://localhost:5000/v2/
```
**Issue: Images not found in cache**
```bash
# Solution: Verify images are pulled
docker images | grep python:3.11-slim
# If missing, pull manually
docker pull python:3.11-slim
```
## Conclusion
This simple base image caching solution provides an immediate fix for Docker Hub rate limiting issues while requiring minimal changes to your existing infrastructure. It serves as both a short-term solution and a foundation for more advanced caching strategies in the future.
**Recommended Next Steps:**
1. Implement simple caching first
2. Monitor Docker Hub usage reduction
3. Consider adding local registry if needed
4. Plan for long-term solution (GHCR or immutable base images)

168
scripts/apply-security-changes.sh Executable file
View File

@@ -0,0 +1,168 @@
#!/usr/bin/env bash
# Apply all database security changes to Kubernetes cluster
set -e
NAMESPACE="bakery-ia"
echo "======================================"
echo "Bakery IA Database Security Deployment"
echo "======================================"
echo ""
echo "This script will apply all security changes to the cluster:"
echo " 1. Updated passwords"
echo " 2. TLS certificates for PostgreSQL and Redis"
echo " 3. Updated database deployments with TLS and PVCs"
echo " 4. PostgreSQL logging configuration"
echo " 5. pgcrypto extension"
echo ""
read -p "Press Enter to continue or Ctrl+C to cancel..."
echo ""
# ===== 1. Apply Secrets =====
echo "Step 1: Applying updated secrets..."
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets/postgres-tls-secret.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets/redis-tls-secret.yaml
echo "✓ Secrets applied"
echo ""
# ===== 2. Apply ConfigMaps =====
echo "Step 2: Applying ConfigMaps..."
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/configs/postgres-init-config.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/configmaps/postgres-logging-config.yaml
echo "✓ ConfigMaps applied"
echo ""
# ===== 3. Apply Database Deployments =====
echo "Step 3: Applying database deployments..."
kubectl apply -f infrastructure/services/databases/
echo "✓ Database deployments applied"
echo ""
# ===== 4. Wait for Rollout =====
echo "Step 4: Waiting for database pods to be ready..."
DBS=(
"auth-db"
"tenant-db"
"training-db"
"forecasting-db"
"sales-db"
"external-db"
"notification-db"
"inventory-db"
"recipes-db"
"suppliers-db"
"pos-db"
"orders-db"
"production-db"
"alert-processor-db"
"redis"
)
for db in "${DBS[@]}"; do
echo " Waiting for $db..."
kubectl rollout status deployment/$db -n $NAMESPACE --timeout=5m || echo " ⚠️ Warning: $db rollout may have issues"
done
echo "✓ All deployments rolled out"
echo ""
# ===== 5. Verify PVCs =====
echo "Step 5: Verifying PersistentVolumeClaims..."
kubectl get pvc -n $NAMESPACE
echo ""
# ===== 6. Test Database Connections =====
echo "Step 6: Testing database connectivity..."
# Test PostgreSQL with TLS
echo " Testing PostgreSQL (auth-db) with TLS..."
AUTH_POD=$(kubectl get pods -n $NAMESPACE -l app.kubernetes.io/name=auth-db -o jsonpath='{.items[0].metadata.name}')
if [ -n "$AUTH_POD" ]; then
kubectl exec -n $NAMESPACE "$AUTH_POD" -- \
sh -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "SELECT version();"' > /dev/null 2>&1 && \
echo " ✓ PostgreSQL connection successful" || \
echo " ⚠️ PostgreSQL connection test failed"
else
echo " ⚠️ auth-db pod not found"
fi
# Test Redis with TLS
echo " Testing Redis with TLS..."
REDIS_POD=$(kubectl get pods -n $NAMESPACE -l app.kubernetes.io/name=redis -o jsonpath='{.items[0].metadata.name}')
if [ -n "$REDIS_POD" ]; then
kubectl exec -n $NAMESPACE "$REDIS_POD" -- \
redis-cli -a $(kubectl get secret redis-secrets -n $NAMESPACE -o jsonpath='{.data.REDIS_PASSWORD}' | base64 -d) \
--tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem \
PING > /dev/null 2>&1 && \
echo " ✓ Redis TLS connection successful" || \
echo " ⚠️ Redis TLS connection test failed (may need to restart services)"
else
echo " ⚠️ Redis pod not found"
fi
echo ""
# ===== 7. Verify TLS Certificates =====
echo "Step 7: Verifying TLS certificates are mounted..."
echo " Checking PostgreSQL TLS certs..."
if [ -n "$AUTH_POD" ]; then
kubectl exec -n $NAMESPACE "$AUTH_POD" -- ls -la /tls/ 2>/dev/null && \
echo " ✓ PostgreSQL TLS certificates mounted" || \
echo " ⚠️ PostgreSQL TLS certificates not found"
fi
echo " Checking Redis TLS certs..."
if [ -n "$REDIS_POD" ]; then
kubectl exec -n $NAMESPACE "$REDIS_POD" -- ls -la /tls/ 2>/dev/null && \
echo " ✓ Redis TLS certificates mounted" || \
echo " ⚠️ Redis TLS certificates not found"
fi
echo ""
# ===== 8. Display Summary =====
echo "======================================"
echo "Deployment Summary"
echo "======================================"
echo ""
echo "Database Pods:"
kubectl get pods -n $NAMESPACE -l app.kubernetes.io/component=database
echo ""
echo "PersistentVolumeClaims:"
kubectl get pvc -n $NAMESPACE | grep -E "NAME|db-pvc"
echo ""
echo "Secrets:"
kubectl get secrets -n $NAMESPACE | grep -E "NAME|database-secrets|redis-secrets|postgres-tls|redis-tls"
echo ""
echo "======================================"
echo "✓ Security Deployment Complete!"
echo "======================================"
echo ""
echo "Security improvements applied:"
echo " ✅ Strong 32-character passwords for all databases"
echo " ✅ TLS encryption for PostgreSQL connections"
echo " ✅ TLS encryption for Redis connections"
echo " ✅ Persistent storage (PVCs) for all databases"
echo " ✅ pgcrypto extension enabled for column-level encryption"
echo " ✅ PostgreSQL audit logging configured"
echo ""
echo "Next steps:"
echo " 1. Restart all services to pick up new database URLs with TLS"
echo " 2. Monitor logs for any connection issues"
echo " 3. Test application functionality end-to-end"
echo " 4. Review PostgreSQL logs: kubectl logs -n $NAMESPACE <db-pod>"
echo ""
echo "To create encrypted backups, run:"
echo " ./scripts/encrypted-backup.sh"
echo ""
echo "To enable Kubernetes secrets encryption (requires cluster recreate):"
echo " kind delete cluster --name bakery-ia-local"
echo " kind create cluster --config kind-config.yaml"
echo " kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/namespace.yaml"
echo " ./scripts/apply-security-changes.sh"

161
scripts/backup-databases.sh Executable file
View File

@@ -0,0 +1,161 @@
#!/bin/bash
# Database Backup Script for Bakery IA
# This script backs up all PostgreSQL databases in the Kubernetes cluster
# Designed to run on the VPS via cron
set -e
# Configuration
BACKUP_ROOT="/backups"
NAMESPACE="bakery-ia"
RETENTION_DAYS=7
DATE=$(date +%Y-%m-%d_%H-%M-%S)
BACKUP_DIR="${BACKUP_ROOT}/${DATE}"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Logging
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
}
log_error() {
echo -e "${RED}[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $1${NC}"
}
log_success() {
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] SUCCESS: $1${NC}"
}
log_warning() {
echo -e "${YELLOW}[$(date +'%Y-%m-%d %H:%M:%S')] WARNING: $1${NC}"
}
# Create backup directory
mkdir -p "$BACKUP_DIR"
log "Starting database backup to $BACKUP_DIR"
# Get all database pods
DB_PODS=$(kubectl get pods -n "$NAMESPACE" -l app.kubernetes.io/component=database -o jsonpath='{.items[*].metadata.name}')
if [ -z "$DB_PODS" ]; then
log_error "No database pods found in namespace $NAMESPACE"
exit 1
fi
log "Found database pods: $DB_PODS"
# Backup counter
SUCCESS_COUNT=0
FAILED_COUNT=0
FAILED_DBS=()
# Backup each database
for pod in $DB_PODS; do
log "Backing up database: $pod"
# Get database name from pod labels
DB_NAME=$(kubectl get pod "$pod" -n "$NAMESPACE" -o jsonpath='{.metadata.labels.app\.kubernetes\.io/name}')
if [ -z "$DB_NAME" ]; then
DB_NAME=$pod
fi
BACKUP_FILE="${BACKUP_DIR}/${DB_NAME}.sql"
# Perform backup
if kubectl exec -n "$NAMESPACE" "$pod" -- pg_dumpall -U postgres > "$BACKUP_FILE" 2>/dev/null; then
FILE_SIZE=$(du -h "$BACKUP_FILE" | cut -f1)
log_success "Backed up $DB_NAME ($FILE_SIZE)"
((SUCCESS_COUNT++))
else
log_error "Failed to backup $DB_NAME"
FAILED_DBS+=("$DB_NAME")
((FAILED_COUNT++))
rm -f "$BACKUP_FILE" # Remove partial backup
fi
done
# Also backup Redis if present
REDIS_POD=$(kubectl get pods -n "$NAMESPACE" -l app.kubernetes.io/name=redis -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
if [ -n "$REDIS_POD" ]; then
log "Backing up Redis: $REDIS_POD"
REDIS_BACKUP="${BACKUP_DIR}/redis.rdb"
if kubectl exec -n "$NAMESPACE" "$REDIS_POD" -- redis-cli --rdb /tmp/dump.rdb SAVE > /dev/null 2>&1 && \
kubectl cp "$NAMESPACE/$REDIS_POD:/tmp/dump.rdb" "$REDIS_BACKUP" > /dev/null 2>&1; then
FILE_SIZE=$(du -h "$REDIS_BACKUP" | cut -f1)
log_success "Backed up Redis ($FILE_SIZE)"
((SUCCESS_COUNT++))
else
log_warning "Failed to backup Redis (non-critical)"
fi
fi
# Create backup metadata
cat > "${BACKUP_DIR}/backup-info.txt" <<EOF
Backup Date: $(date)
Namespace: $NAMESPACE
Success Count: $SUCCESS_COUNT
Failed Count: $FAILED_COUNT
Failed Databases: ${FAILED_DBS[@]:-none}
Kubernetes Cluster: $(kubectl config current-context)
EOF
# Compress backup
log "Compressing backup..."
COMPRESSED_FILE="${BACKUP_ROOT}/backup-${DATE}.tar.gz"
if tar -czf "$COMPRESSED_FILE" -C "$BACKUP_ROOT" "$(basename "$BACKUP_DIR")"; then
COMPRESSED_SIZE=$(du -h "$COMPRESSED_FILE" | cut -f1)
log_success "Backup compressed: $COMPRESSED_FILE ($COMPRESSED_SIZE)"
# Remove uncompressed backup
rm -rf "$BACKUP_DIR"
else
log_error "Failed to compress backup"
exit 1
fi
# Cleanup old backups
log "Cleaning up backups older than $RETENTION_DAYS days..."
DELETED_COUNT=$(find "$BACKUP_ROOT" -name "backup-*.tar.gz" -mtime "+$RETENTION_DAYS" -delete -print | wc -l)
if [ "$DELETED_COUNT" -gt 0 ]; then
log "Deleted $DELETED_COUNT old backup(s)"
fi
# Calculate total backup size
TOTAL_SIZE=$(du -sh "$BACKUP_ROOT" | cut -f1)
# Summary
echo ""
log "========================================="
log "Backup Summary"
log "========================================="
log "Successful backups: $SUCCESS_COUNT"
log "Failed backups: $FAILED_COUNT"
log "Backup location: $COMPRESSED_FILE"
log "Backup size: $COMPRESSED_SIZE"
log "Total backup storage: $TOTAL_SIZE"
log "========================================="
if [ $FAILED_COUNT -gt 0 ]; then
log_error "Some backups failed: ${FAILED_DBS[*]}"
exit 1
fi
log_success "Backup completed successfully!"
# Optional: Send notification
# Uncomment and configure if you want email/slack notifications
# send_notification "Bakery IA Backup Completed" "Successfully backed up $SUCCESS_COUNT databases. Size: $COMPRESSED_SIZE"
exit 0

126
scripts/build-all-services.sh Executable file
View File

@@ -0,0 +1,126 @@
#!/bin/bash
# Build All Services Script for Bakery-IA
# This script builds and pushes all service images to the Gitea registry
# Used for first-time deployment when CI/CD pipeline isn't available yet
set -e
echo "=========================================="
echo "Bakery-IA Services Build Script"
echo "=========================================="
echo ""
# Check if we're in the correct directory
if [ ! -f "PRODUCTION_DEPLOYMENT_GUIDE.md" ]; then
echo "Error: This script must be run from the root of the bakery-ia repository"
exit 1
fi
# Get Gitea admin password
echo "Getting Gitea admin credentials..."
if ! GITEA_ADMIN_PASSWORD=$(kubectl get secret gitea-admin-secret -n gitea -o jsonpath='{.data.password}' | base64 -d 2>/dev/null); then
echo "Error: Could not get Gitea admin password"
echo "Make sure you've completed Phase 5 (CI/CD Infrastructure) first"
exit 1
fi
# Login to Gitea registry
echo "Logging in to Gitea registry..."
docker login gitea-http.gitea.svc.cluster.local:3000 -u bakery-admin -p "$GITEA_ADMIN_PASSWORD"
# Define the registry URL
REGISTRY="gitea-http.gitea.svc.cluster.local:3000/bakery-admin"
# Define all services to build
# Format: "directory_name:image_name"
# Note: directory names use underscores (e.g., alert_processor), image names use hyphens (e.g., alert-processor)
SERVICES=(
"gateway:gateway"
"frontend:dashboard"
"auth:auth-service"
"tenant:tenant-service"
"training:training-service"
"forecasting:forecasting-service"
"sales:sales-service"
"external:external-service"
"notification:notification-service"
"inventory:inventory-service"
"recipes:recipes-service"
"suppliers:suppliers-service"
"pos:pos-service"
"orders:orders-service"
"production:production-service"
"procurement:procurement-service"
"distribution:distribution-service"
"orchestrator:orchestrator-service"
"alert_processor:alert-processor"
"ai_insights:ai-insights-service"
"demo_session:demo-session-service"
)
# Build each service
echo ""
echo "Starting build process..."
echo "This may take 15-30 minutes depending on your system."
echo ""
FAILED_SERVICES=()
SUCCESS_COUNT=0
for service_def in "${SERVICES[@]}"; do
IFS=':' read -r service_name image_name <<< "$service_def"
echo "=========================================="
echo "Building: $service_name -> $image_name"
echo "=========================================="
if [ "$service_name" = "gateway" ]; then
# Gateway service
docker build -t "$REGISTRY/$image_name:latest" \
--build-arg BASE_REGISTRY="$REGISTRY" \
--build-arg PYTHON_IMAGE="python:3.11-slim" \
-f "gateway/Dockerfile" .
elif [ "$service_name" = "frontend" ]; then
# Frontend service (uses node:18-alpine and nginx:1.25-alpine internally)
docker build -t "$REGISTRY/$image_name:latest" \
-f "frontend/Dockerfile.kubernetes" frontend/
else
# Microservices (in services/ directory)
docker build -t "$REGISTRY/$image_name:latest" \
--build-arg BASE_REGISTRY="$REGISTRY" \
--build-arg PYTHON_IMAGE="python:3.11-slim" \
-f "services/$service_name/Dockerfile" .
fi
# Push the image
echo "Pushing $image_name to registry..."
if docker push "$REGISTRY/$image_name:latest"; then
echo "✅ Successfully built and pushed $image_name"
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
else
echo "❌ Failed to push $image_name"
FAILED_SERVICES+=("$image_name")
fi
echo ""
done
echo "=========================================="
echo "Build Summary"
echo "=========================================="
echo "Total services: ${#SERVICES[@]}"
echo "Successfully built and pushed: $SUCCESS_COUNT"
if [ ${#FAILED_SERVICES[@]} -gt 0 ]; then
echo "Failed services: ${#FAILED_SERVICES[@]}"
echo "Failed list: ${FAILED_SERVICES[*]}"
echo ""
echo "⚠️ Some services failed to build/push"
exit 1
else
echo "✅ All services built and pushed successfully!"
echo ""
echo "You can now proceed to Phase 6: Deploy Application Services"
echo "Run: kubectl apply -k infrastructure/environments/prod/k8s-manifests"
fi

82
scripts/cleanup-docker.sh Executable file
View File

@@ -0,0 +1,82 @@
#!/bin/bash
# Docker Cleanup Script for Local Kubernetes Development
# This script helps prevent disk space issues by cleaning up unused Docker resources
set -e
echo "🧹 Docker Cleanup Script for Bakery-IA Local Development"
echo "========================================================="
echo ""
# Check if we should run automatically or ask for confirmation
AUTO_MODE=${1:-""}
# Show current disk usage
echo "📊 Current Docker Disk Usage:"
docker system df
echo ""
# Check Kind node disk usage if cluster is running
if docker ps | grep -q "bakery-ia-local-control-plane"; then
echo "📊 Kind Node Disk Usage:"
docker exec bakery-ia-local-control-plane df -h / /var | grep -E "(Filesystem|overlay|/dev/vdb1)"
echo ""
fi
# Calculate reclaimable space
RECLAIMABLE=$(docker system df | grep "Images" | awk '{print $4}')
echo "💾 Estimated reclaimable space: $RECLAIMABLE"
echo ""
# Ask for confirmation unless in auto mode
if [ "$AUTO_MODE" != "--auto" ]; then
read -p "Do you want to proceed with cleanup? (y/n) " -n 1 -r
echo ""
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "❌ Cleanup cancelled"
exit 0
fi
fi
echo "🚀 Starting cleanup..."
echo ""
# Remove unused images (keep images from last 24 hours)
echo "1⃣ Removing unused Docker images..."
docker image prune -af --filter "until=24h" || true
echo ""
# Remove unused volumes
echo "2⃣ Removing unused Docker volumes..."
docker volume prune -f || true
echo ""
# Remove build cache
echo "3⃣ Removing build cache..."
docker builder prune -af || true
echo ""
# Show results
echo "✅ Cleanup completed!"
echo ""
echo "📊 Final Docker Disk Usage:"
docker system df
echo ""
# Check Kind node disk usage if cluster is running
if docker ps | grep -q "bakery-ia-local-control-plane"; then
echo "📊 Kind Node Disk Usage After Cleanup:"
docker exec bakery-ia-local-control-plane df -h / /var | grep -E "(Filesystem|overlay|/dev/vdb1)"
echo ""
# Warn if still above 80%
USAGE=$(docker exec bakery-ia-local-control-plane df -h /var | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$USAGE" -gt 80 ]; then
echo "⚠️ Warning: Disk usage is still above 80%. Consider:"
echo " - Deleting and recreating the Kind cluster"
echo " - Increasing Docker's disk allocation"
echo " - Running: docker system prune -a --volumes -f"
fi
fi
echo "🎉 All done!"

203
scripts/cleanup_databases_k8s.sh Executable file
View File

@@ -0,0 +1,203 @@
#!/bin/bash
# Helper script to manually clean all service databases in Kubernetes
# This ensures databases are in a clean state before running migration generation
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
NAMESPACE="${KUBE_NAMESPACE:-bakery-ia}"
# Parse command line arguments
CONFIRM=false
SPECIFIC_SERVICE=""
while [[ $# -gt 0 ]]; do
case $1 in
--namespace) NAMESPACE="$2"; shift 2 ;;
--service) SPECIFIC_SERVICE="$2"; shift 2 ;;
--yes) CONFIRM=true; shift ;;
-h|--help)
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " --namespace NAME Use specific Kubernetes namespace (default: bakery-ia)"
echo " --service NAME Clean only specific service database"
echo " --yes Skip confirmation prompt"
echo ""
echo "Examples:"
echo " $0 # Clean all databases (with confirmation)"
echo " $0 --service auth --yes # Clean only auth database without confirmation"
exit 0
;;
*) echo "Unknown option: $1"; echo "Use --help for usage information"; exit 1 ;;
esac
done
# List of all services
SERVICES=(
"pos" "sales" "recipes" "training" "auth" "orders" "inventory"
"suppliers" "tenant" "notification" "alert-processor" "forecasting"
"external" "production"
)
# If specific service is provided, use only that
if [ -n "$SPECIFIC_SERVICE" ]; then
SERVICES=("$SPECIFIC_SERVICE")
fi
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Database Cleanup Script (K8s)${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
echo -e "${RED}⚠ WARNING: This will DROP ALL TABLES in the following databases:${NC}"
for service in "${SERVICES[@]}"; do
echo -e " - ${service}"
done
echo ""
if [ "$CONFIRM" = false ]; then
read -p "Are you sure you want to continue? (yes/no) " -r
echo
if [[ ! $REPLY =~ ^yes$ ]]; then
echo -e "${YELLOW}Aborted.${NC}"
exit 0
fi
fi
SUCCESS_COUNT=0
FAILED_COUNT=0
FAILED_SERVICES=()
# Function to get a running pod for a service
get_running_pod() {
local service=$1
local pod_name=""
local selectors=(
"app.kubernetes.io/name=${service}-service,app.kubernetes.io/component=microservice"
"app.kubernetes.io/name=${service}-service,app.kubernetes.io/component=worker"
"app.kubernetes.io/name=${service}-service"
)
for selector in "${selectors[@]}"; do
pod_name=$(kubectl get pods -n "$NAMESPACE" -l "$selector" --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)
if [ -n "$pod_name" ]; then
echo "$pod_name"
return 0
fi
done
echo ""
return 1
}
echo ""
echo -e "${BLUE}Starting database cleanup...${NC}"
echo ""
for service in "${SERVICES[@]}"; do
echo -e "${BLUE}----------------------------------------${NC}"
echo -e "${BLUE}Cleaning: $service${NC}"
echo -e "${BLUE}----------------------------------------${NC}"
# Find pod
POD_NAME=$(get_running_pod "$service")
if [ -z "$POD_NAME" ]; then
echo -e "${RED}✗ No running pod found, skipping...${NC}"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (pod not found)")
continue
fi
echo -e "${GREEN}✓ Found pod: $POD_NAME${NC}"
# Get database URL environment variable name
db_env_var=$(echo "$service" | tr '[:lower:]-' '[:upper:]_')_DATABASE_URL
CONTAINER="${service}-service"
# Drop all tables
CLEANUP_RESULT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH python3 << 'EOFPYTHON'
import asyncio
import os
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy import text
async def cleanup_database():
try:
engine = create_async_engine(os.getenv('$db_env_var'))
# Get list of tables before cleanup
async with engine.connect() as conn:
result = await conn.execute(text(\"\"\"
SELECT COUNT(*)
FROM pg_tables
WHERE schemaname = 'public'
\"\"\"))
table_count_before = result.scalar()
# Drop and recreate public schema
async with engine.begin() as conn:
await conn.execute(text('DROP SCHEMA IF EXISTS public CASCADE'))
await conn.execute(text('CREATE SCHEMA public'))
await conn.execute(text('GRANT ALL ON SCHEMA public TO PUBLIC'))
# Verify cleanup
async with engine.connect() as conn:
result = await conn.execute(text(\"\"\"
SELECT COUNT(*)
FROM pg_tables
WHERE schemaname = 'public'
\"\"\"))
table_count_after = result.scalar()
await engine.dispose()
print(f'SUCCESS: Dropped {table_count_before} tables, {table_count_after} remaining')
return 0
except Exception as e:
print(f'ERROR: {str(e)}')
return 1
exit(asyncio.run(cleanup_database()))
EOFPYTHON
" 2>&1)
if echo "$CLEANUP_RESULT" | grep -q "SUCCESS"; then
echo -e "${GREEN}✓ Database cleaned successfully${NC}"
echo -e "${BLUE} $CLEANUP_RESULT${NC}"
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
else
echo -e "${RED}✗ Database cleanup failed${NC}"
echo -e "${YELLOW}Error details: $CLEANUP_RESULT${NC}"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (cleanup failed)")
fi
echo ""
done
# Summary
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Summary${NC}"
echo -e "${BLUE}========================================${NC}"
echo -e "${GREEN}✓ Successfully cleaned: $SUCCESS_COUNT databases${NC}"
echo -e "${RED}✗ Failed: $FAILED_COUNT databases${NC}"
if [ "$FAILED_COUNT" -gt 0 ]; then
echo ""
echo -e "${RED}Failed services:${NC}"
for failed_service in "${FAILED_SERVICES[@]}"; do
echo -e "${RED} - $failed_service${NC}"
done
fi
echo ""
if [ "$SUCCESS_COUNT" -gt 0 ]; then
echo -e "${GREEN}Databases are now clean and ready for migration generation!${NC}"
echo -e "${YELLOW}Next step: Run ./regenerate_migrations_k8s.sh${NC}"
fi

270
scripts/cleanup_disk_space.py Executable file
View File

@@ -0,0 +1,270 @@
#!/usr/bin/env python3
"""
Bakery IA Disk Space Cleanup Script
===================================
This script performs comprehensive cleanup of Docker and Kubernetes resources
to prevent disk space exhaustion during development.
Features:
- Automatic cleanup based on disk space thresholds
- Manual cleanup on demand
- Comprehensive resource cleanup (images, containers, volumes, etc.)
- Detailed reporting and logging
Usage:
./scripts/cleanup_disk_space.py [--manual] [--threshold GB] [--verbose]
Environment Variables:
TILT_DISK_THRESHOLD_GB - Minimum free space required (default: 10GB)
TILT_CLEANUP_VERBOSE - Set to "true" for verbose output
"""
import subprocess
import sys
import os
import argparse
import time
from datetime import datetime
def get_disk_space():
"""Get available disk space in GB"""
try:
result = subprocess.run(['df', '/', '--output=avail', '-h'],
capture_output=True, text=True, check=True)
# Extract numeric value from output like "15G"
output = result.stdout.strip().split('\n')[-1].strip()
if 'G' in output:
return float(output.replace('G', ''))
elif 'M' in output:
return float(output.replace('M', '')) / 1024
else:
return 0
except Exception as e:
print(f"⚠️ Could not check disk space: {e}")
return 999 # Assume plenty of space if we can't check
def cleanup_docker_images(verbose=False):
"""Clean up old and unused Docker images"""
if verbose:
print("🧹 Cleaning up Docker images...")
try:
# Remove dangling images
if verbose:
print(" Removing dangling images...")
subprocess.run(['docker', 'image', 'prune', '-f'],
capture_output=True, text=True)
# Remove unused images (not referenced by any container)
if verbose:
print(" Removing unused images...")
subprocess.run(['docker', 'image', 'prune', '-a', '-f'],
capture_output=True, text=True)
# Remove old images (older than 2 hours)
if verbose:
print(" Removing old images (>2 hours)...")
subprocess.run(['docker', 'image', 'prune', '-a', '-f',
'--filter', 'until=2h'],
capture_output=True, text=True)
if verbose:
print("✅ Docker image cleanup completed")
return True
except Exception as e:
print(f"⚠️ Docker image cleanup failed: {e}")
return False
def cleanup_docker_containers(verbose=False):
"""Clean up stopped containers"""
if verbose:
print("🧹 Cleaning up Docker containers...")
try:
# Remove stopped containers
if verbose:
print(" Removing stopped containers...")
subprocess.run(['docker', 'container', 'prune', '-f'],
capture_output=True, text=True)
# Remove old containers (older than 1 hour)
if verbose:
print(" Removing old containers (>1 hour)...")
subprocess.run(['docker', 'container', 'prune', '-f',
'--filter', 'until=1h'],
capture_output=True, text=True)
if verbose:
print("✅ Docker container cleanup completed")
return True
except Exception as e:
print(f"⚠️ Docker container cleanup failed: {e}")
return False
def cleanup_docker_volumes(verbose=False):
"""Clean up unused volumes"""
if verbose:
print("🧹 Cleaning up Docker volumes...")
try:
# Remove unused volumes
if verbose:
print(" Removing unused volumes...")
subprocess.run(['docker', 'volume', 'prune', '-f'],
capture_output=True, text=True)
if verbose:
print("✅ Docker volume cleanup completed")
return True
except Exception as e:
print(f"⚠️ Docker volume cleanup failed: {e}")
return False
def cleanup_docker_system(verbose=False):
"""Clean up Docker system (build cache, networks, etc.)"""
if verbose:
print("🧹 Cleaning up Docker system...")
try:
# Remove build cache
if verbose:
print(" Removing build cache...")
subprocess.run(['docker', 'builder', 'prune', '-f'],
capture_output=True, text=True)
# Remove unused networks
if verbose:
print(" Removing unused networks...")
subprocess.run(['docker', 'network', 'prune', '-f'],
capture_output=True, text=True)
if verbose:
print("✅ Docker system cleanup completed")
return True
except Exception as e:
print(f"⚠️ Docker system cleanup failed: {e}")
return False
def cleanup_kubernetes_resources(verbose=False):
"""Clean up Kubernetes resources"""
if verbose:
print("🧹 Cleaning up Kubernetes resources...")
try:
# Remove completed jobs older than 1 hour
if verbose:
print(" Removing completed jobs (>1 hour)...")
subprocess.run(['kubectl', 'delete', 'jobs', '-n', 'bakery-ia',
'--field-selector=status.successful=1'],
capture_output=True, text=True)
# Remove failed jobs older than 1 hour
if verbose:
print(" Removing failed jobs (>1 hour)...")
subprocess.run(['kubectl', 'delete', 'jobs', '-n', 'bakery-ia',
'--field-selector=status.failed>0'],
capture_output=True, text=True)
if verbose:
print("✅ Kubernetes resource cleanup completed")
return True
except Exception as e:
print(f"⚠️ Kubernetes resource cleanup failed: {e}")
return False
def perform_cleanup(manual=False, threshold_gb=10, verbose=False):
"""Perform comprehensive cleanup"""
print("\n" + "="*60)
print("🚀 STARTING COMPREHENSIVE CLEANUP")
print("="*60)
if manual:
print("🎛️ Mode: MANUAL (forced cleanup)")
else:
print("🎛️ Mode: AUTOMATIC (threshold-based)")
print(f"📊 Threshold: {threshold_gb}GB free space")
# Check disk space before cleanup
free_space_before = get_disk_space()
print(f"📊 Disk space before cleanup: {free_space_before:.1f}GB free")
# Check if cleanup is needed (unless manual)
if not manual and free_space_before >= threshold_gb:
print("✅ Sufficient disk space available, skipping cleanup")
return True
cleanup_results = []
# Perform all cleanup operations
cleanup_results.append(("Docker Images", cleanup_docker_images(verbose)))
cleanup_results.append(("Docker Containers", cleanup_docker_containers(verbose)))
cleanup_results.append(("Docker Volumes", cleanup_docker_volumes(verbose)))
cleanup_results.append(("Docker System", cleanup_docker_system(verbose)))
cleanup_results.append(("Kubernetes Resources", cleanup_kubernetes_resources(verbose)))
# Check disk space after cleanup
free_space_after = get_disk_space()
space_reclaimed = free_space_after - free_space_before
print(f"\n📊 Disk space after cleanup: {free_space_after:.1f}GB free")
print(f"🎯 Space reclaimed: {space_reclaimed:.1f}GB")
# Summary
print("\n📋 CLEANUP SUMMARY:")
for name, success in cleanup_results:
status = "✅ SUCCESS" if success else "❌ FAILED"
print(f" {name}: {status}")
print("="*60)
print("✅ CLEANUP COMPLETED")
print("="*60 + "\n")
return True
def main():
parser = argparse.ArgumentParser(
description='Bakery IA Disk Space Cleanup Script',
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog="""
Examples:
./cleanup_disk_space.py # Automatic cleanup (checks threshold)
./cleanup_disk_space.py --manual # Force cleanup regardless of threshold
./cleanup_disk_space.py --threshold 5 # Use 5GB threshold
./cleanup_disk_space.py --verbose # Verbose output
"""
)
parser.add_argument('--manual', action='store_true',
help='Force cleanup regardless of disk space threshold')
parser.add_argument('--threshold', type=int, default=10,
help='Minimum free space required in GB (default: 10)')
parser.add_argument('--verbose', action='store_true',
help='Enable verbose output')
args = parser.parse_args()
# Get threshold from environment variable if set
env_threshold = os.getenv('TILT_DISK_THRESHOLD_GB')
if env_threshold:
try:
args.threshold = int(env_threshold)
except ValueError:
pass
# Get verbose from environment variable if set
env_verbose = os.getenv('TILT_CLEANUP_VERBOSE', 'false').lower()
if env_verbose == 'true':
args.verbose = True
return perform_cleanup(
manual=args.manual,
threshold_gb=args.threshold,
verbose=args.verbose
)
if __name__ == '__main__':
success = main()
sys.exit(0 if success else 1)

190
scripts/deploy-production.sh Executable file
View File

@@ -0,0 +1,190 @@
#!/bin/bash
# Production Deployment Script for MicroK8s
# This script helps deploy Bakery IA to a MicroK8s cluster
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}Bakery IA - Production Deployment${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
# Configuration
NAMESPACE="bakery-ia"
KUSTOMIZE_PATH="infrastructure/environments/prod/k8s-manifests"
# Check if kubectl is available
if ! command -v kubectl &> /dev/null; then
echo -e "${RED}Error: kubectl not found. Please install kubectl or setup microk8s alias.${NC}"
exit 1
fi
# Function to check if cluster is accessible
check_cluster() {
echo -e "${YELLOW}Checking cluster connectivity...${NC}"
if ! kubectl cluster-info &> /dev/null; then
echo -e "${RED}Error: Cannot connect to Kubernetes cluster.${NC}"
echo "Please ensure your kubeconfig is set correctly."
exit 1
fi
echo -e "${GREEN}✓ Cluster connection successful${NC}"
echo ""
}
# Function to check required addons
check_addons() {
echo -e "${YELLOW}Checking required MicroK8s addons...${NC}"
# Check if this is MicroK8s
if command -v microk8s &> /dev/null; then
REQUIRED_ADDONS=("dns" "hostpath-storage" "ingress" "cert-manager" "metrics-server")
for addon in "${REQUIRED_ADDONS[@]}"; do
if microk8s status | grep -q "$addon: enabled"; then
echo -e "${GREEN}$addon enabled${NC}"
else
echo -e "${RED}$addon not enabled${NC}"
echo -e "${YELLOW}Enable with: microk8s enable $addon${NC}"
exit 1
fi
done
else
echo -e "${YELLOW}Not running on MicroK8s. Skipping addon check.${NC}"
fi
echo ""
}
# Function to create namespace
create_namespace() {
echo -e "${YELLOW}Creating namespace...${NC}"
if kubectl get namespace $NAMESPACE &> /dev/null; then
echo -e "${GREEN}✓ Namespace $NAMESPACE already exists${NC}"
else
kubectl create namespace $NAMESPACE
echo -e "${GREEN}✓ Namespace $NAMESPACE created${NC}"
fi
echo ""
}
# Function to apply secrets
apply_secrets() {
echo -e "${YELLOW}Applying secrets...${NC}"
echo -e "${RED}WARNING: Ensure production secrets are updated before deployment!${NC}"
read -p "Have you updated production secrets? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo -e "${RED}Deployment cancelled. Please update secrets first.${NC}"
exit 1
fi
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/postgres-tls-secret.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/redis-tls-secret.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/demo-internal-api-key-secret.yaml
echo -e "${GREEN}✓ Secrets applied${NC}"
echo ""
}
# Function to apply kustomization
deploy_application() {
echo -e "${YELLOW}Deploying application...${NC}"
kubectl apply -k $KUSTOMIZE_PATH
echo -e "${GREEN}✓ Application deployed${NC}"
echo ""
}
# Function to wait for deployments
wait_for_deployments() {
echo -e "${YELLOW}Waiting for deployments to be ready...${NC}"
echo "This may take several minutes..."
# Wait for all deployments
kubectl wait --for=condition=available --timeout=600s \
deployment --all -n $NAMESPACE
echo -e "${GREEN}✓ All deployments are ready${NC}"
echo ""
}
# Function to check deployment status
check_status() {
echo -e "${YELLOW}Deployment Status:${NC}"
echo ""
echo "Pods:"
kubectl get pods -n $NAMESPACE
echo ""
echo "Services:"
kubectl get svc -n $NAMESPACE
echo ""
echo "Ingress:"
kubectl get ingress -n $NAMESPACE
echo ""
echo "Persistent Volume Claims:"
kubectl get pvc -n $NAMESPACE
echo ""
echo "Certificates:"
kubectl get certificate -n $NAMESPACE
echo ""
}
# Function to show access information
show_access_info() {
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}Deployment Complete!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo "Access your application at:"
# Get ingress hosts
HOSTS=$(kubectl get ingress bakery-ingress-prod -n $NAMESPACE -o jsonpath='{.spec.rules[*].host}' 2>/dev/null || echo "")
if [ -n "$HOSTS" ]; then
for host in $HOSTS; do
echo " https://$host"
done
else
echo " Configure your domain in prod-ingress.yaml"
fi
echo ""
echo "Useful commands:"
echo " View logs: kubectl logs -f deployment/gateway -n $NAMESPACE"
echo " Check pods: kubectl get pods -n $NAMESPACE"
echo " Check events: kubectl get events -n $NAMESPACE --sort-by='.lastTimestamp'"
echo " Scale: kubectl scale deployment/gateway --replicas=5 -n $NAMESPACE"
echo ""
}
# Main deployment flow
main() {
check_cluster
check_addons
create_namespace
apply_secrets
deploy_application
echo -e "${YELLOW}Do you want to wait for deployments to be ready? (yes/no):${NC}"
read -p "> " wait_confirm
if [ "$wait_confirm" = "yes" ]; then
wait_for_deployments
fi
check_status
show_access_info
}
# Run main function
main

82
scripts/encrypted-backup.sh Executable file
View File

@@ -0,0 +1,82 @@
#!/usr/bin/env bash
# Encrypted PostgreSQL Backup Script
# Creates GPG-encrypted backups of all databases
set -e
BACKUP_DIR="${BACKUP_DIR:-/backups}"
BACKUP_DATE=$(date +%Y%m%d-%H%M%S)
GPG_RECIPIENT="${GPG_RECIPIENT:-backup@bakery-ia.com}"
NAMESPACE="${NAMESPACE:-bakery-ia}"
# Database list
DATABASES=(
"auth-db"
"tenant-db"
"training-db"
"forecasting-db"
"sales-db"
"external-db"
"notification-db"
"inventory-db"
"recipes-db"
"suppliers-db"
"pos-db"
"orders-db"
"production-db"
"alert-processor-db"
)
echo "Starting encrypted backup process..."
echo "Backup date: $BACKUP_DATE"
echo "Backup directory: $BACKUP_DIR"
echo "Namespace: $NAMESPACE"
echo ""
# Create backup directory if it doesn't exist
mkdir -p "$BACKUP_DIR"
for db in "${DATABASES[@]}"; do
echo "Backing up $db..."
# Get pod name
POD=$(kubectl get pods -n "$NAMESPACE" -l "app.kubernetes.io/name=$db" -o jsonpath='{.items[0].metadata.name}')
if [ -z "$POD" ]; then
echo " ⚠️ Warning: Pod not found for $db, skipping"
continue
fi
# Extract database name from environment
DB_NAME=$(kubectl exec -n "$NAMESPACE" "$POD" -- sh -c 'echo $POSTGRES_DB')
DB_USER=$(kubectl exec -n "$NAMESPACE" "$POD" -- sh -c 'echo $POSTGRES_USER')
# Create backup file name
BACKUP_FILE="$BACKUP_DIR/${db}_${DB_NAME}_${BACKUP_DATE}.sql.gz.gpg"
# Perform backup with pg_dump, compress with gzip, encrypt with GPG
kubectl exec -n "$NAMESPACE" "$POD" -- \
sh -c "pg_dump -U $DB_USER -d $DB_NAME" | \
gzip | \
gpg --encrypt --recipient "$GPG_RECIPIENT" --trust-model always > "$BACKUP_FILE"
# Get file size
SIZE=$(du -h "$BACKUP_FILE" | cut -f1)
echo " ✓ Backup complete: $BACKUP_FILE ($SIZE)"
done
echo ""
echo "===================="
echo "✓ Backup process completed!"
echo ""
echo "Total backups created: ${#DATABASES[@]}"
echo "Backup location: $BACKUP_DIR"
echo "Backup date: $BACKUP_DATE"
echo ""
echo "To decrypt a backup:"
echo " gpg --decrypt backup_file.sql.gz.gpg | gunzip > backup.sql"
echo ""
echo "To restore a backup:"
echo " gpg --decrypt backup_file.sql.gz.gpg | gunzip | psql -U user -d database"

58
scripts/generate-passwords.sh Executable file
View File

@@ -0,0 +1,58 @@
#!/usr/bin/env bash
# Script to generate cryptographically secure passwords for all databases
# Generates 32-character random passwords using openssl
set -e
echo "Generating secure passwords for all databases..."
echo ""
# Generate password function
generate_password() {
openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
}
# Generate passwords for all services
SERVICES=(
"AUTH_DB_PASSWORD"
"TRAINING_DB_PASSWORD"
"FORECASTING_DB_PASSWORD"
"SALES_DB_PASSWORD"
"EXTERNAL_DB_PASSWORD"
"TENANT_DB_PASSWORD"
"NOTIFICATION_DB_PASSWORD"
"ALERT_PROCESSOR_DB_PASSWORD"
"INVENTORY_DB_PASSWORD"
"RECIPES_DB_PASSWORD"
"SUPPLIERS_DB_PASSWORD"
"POS_DB_PASSWORD"
"ORDERS_DB_PASSWORD"
"PRODUCTION_DB_PASSWORD"
"REDIS_PASSWORD"
)
echo "Generated Passwords:"
echo "===================="
echo ""
count=0
for service in "${SERVICES[@]}"; do
password=$(generate_password)
echo "$service=$password"
count=$((count + 1))
done
echo ""
echo "===================="
echo ""
echo "Passwords generated successfully!"
echo "Total: $count passwords"
echo ""
echo "Next steps:"
echo "1. Update .env file with these passwords"
echo "2. Update infrastructure/environments/common/configs/secrets.yaml with base64-encoded passwords"
echo "3. Apply new secrets to Kubernetes cluster"
echo ""
echo "To base64 encode a password:"
echo " echo -n 'password' | base64"

129
scripts/generate_subscription_test_report.sh Executable file
View File

@@ -0,0 +1,129 @@
#!/bin/bash
# Script to generate a comprehensive test report for the subscription creation flow
# This script checks all components and generates a detailed report
echo "📊 Generating Subscription Creation Flow Test Report"
echo "===================================================="
echo "Report generated on: $(date)"
echo ""
# Test 1: Check if database migration was applied
echo "🔍 Test 1: Database Migration Check"
echo "-----------------------------------"
POD_NAME=$(kubectl get pods -n bakery-ia -l app=auth-service -o jsonpath='{.items[0].metadata.name}')
MIGRATION_STATUS=$(kubectl exec -n bakery-ia $POD_NAME -- psql -U auth_user -d auth_db -c "SELECT version_num FROM alembic_version" -t -A)
if [[ "$MIGRATION_STATUS" == "20260113_add_payment_columns" ]]; then
echo "✅ PASS: Database migration '20260113_add_payment_columns' is applied"
else
echo "❌ FAIL: Database migration not found. Current version: $MIGRATION_STATUS"
fi
echo ""
# Test 2: Check if payment columns exist in users table
echo "🔍 Test 2: Payment Columns in Users Table"
echo "------------------------------------------"
COLUMNS=$(kubectl exec -n bakery-ia $POD_NAME -- psql -U auth_user -d auth_db -c "\d users" -t -A | grep -E "payment_customer_id|default_payment_method_id")
if [[ -n "$COLUMNS" ]]; then
echo "✅ PASS: Payment columns found in users table"
echo " Found columns:"
echo " $COLUMNS" | sed 's/^/ /'
else
echo "❌ FAIL: Payment columns not found in users table"
fi
echo ""
# Test 3: Check if gateway route exists
echo "🔍 Test 3: Gateway Route Configuration"
echo "--------------------------------------"
GATEWAY_POD=$(kubectl get pods -n bakery-ia -l app=gateway -o jsonpath='{.items[0].metadata.name}')
ROUTE_CHECK=$(kubectl exec -n bakery-ia $GATEWAY_POD -- grep -c "create-for-registration" /app/app/routes/subscription.py)
if [[ "$ROUTE_CHECK" -gt 0 ]]; then
echo "✅ PASS: Gateway route for 'create-for-registration' is configured"
else
echo "❌ FAIL: Gateway route for 'create-for-registration' not found"
fi
echo ""
# Test 4: Check if tenant service endpoint exists
echo "🔍 Test 4: Tenant Service Endpoint"
echo "-----------------------------------"
TENANT_POD=$(kubectl get pods -n bakery-ia -l app=tenant-service -o jsonpath='{.items[0].metadata.name}')
ENDPOINT_CHECK=$(kubectl exec -n bakery-ia $TENANT_POD -- grep -c "create-for-registration" /app/app/api/subscription.py)
if [[ "$ENDPOINT_CHECK" -gt 0 ]]; then
echo "✅ PASS: Tenant service endpoint 'create-for-registration' is configured"
else
echo "❌ FAIL: Tenant service endpoint 'create-for-registration' not found"
fi
echo ""
# Test 5: Test user registration (create a test user)
echo "🔍 Test 5: User Registration Test"
echo "--------------------------------"
TEST_EMAIL="test_$(date +%Y%m%d%H%M%S)@example.com"
REGISTRATION_RESPONSE=$(curl -X POST "https://bakery-ia.local/api/v1/auth/register-with-subscription" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d "{\"email\":\"$TEST_EMAIL\",\"password\":\"SecurePassword123!\",\"full_name\":\"Test User\",\"subscription_plan\":\"basic\",\"payment_method_id\":\"pm_test123\"}" \
-k -s)
if echo "$REGISTRATION_RESPONSE" | grep -q "access_token"; then
echo "✅ PASS: User registration successful"
USER_ID=$(echo "$REGISTRATION_RESPONSE" | python3 -c "import sys, json; print(json.load(sys.stdin)['user']['id'])")
echo " Created user ID: $USER_ID"
else
echo "❌ FAIL: User registration failed"
echo " Response: $REGISTRATION_RESPONSE"
fi
echo ""
# Test 6: Check if user has payment fields
echo "🔍 Test 6: User Payment Fields"
echo "------------------------------"
if [[ -n "$USER_ID" ]]; then
USER_DATA=$(kubectl exec -n bakery-ia $POD_NAME -- psql -U auth_user -d auth_db -c "SELECT payment_customer_id, default_payment_method_id FROM users WHERE id = '$USER_ID'" -t -A)
if [[ -n "$USER_DATA" ]]; then
echo "✅ PASS: User has payment fields in database"
echo " Payment data: $USER_DATA"
else
echo "❌ FAIL: User payment fields not found"
fi
else
echo "⚠️ SKIP: User ID not available from previous test"
fi
echo ""
# Test 7: Check subscription creation in onboarding progress
echo "🔍 Test 7: Subscription in Onboarding Progress"
echo "---------------------------------------------"
if [[ -n "$USER_ID" ]]; then
# This would require authentication, so we'll skip for now
echo "⚠️ SKIP: Requires authentication (would need to implement token handling)"
else
echo "⚠️ SKIP: User ID not available from previous test"
fi
echo ""
# Summary
echo "📋 Test Summary"
echo "==============="
echo "The subscription creation flow test report has been generated."
echo ""
echo "Components tested:"
echo " 1. Database migration"
echo " 2. Payment columns in users table"
echo " 3. Gateway route configuration"
echo " 4. Tenant service endpoint"
echo " 5. User registration"
echo " 6. User payment fields"
echo " 7. Subscription in onboarding progress"
echo ""
echo "For a complete integration test, run:"
echo " ./scripts/run_subscription_integration_test.sh"
echo ""
echo "🎉 Report generation completed!"

22
scripts/local-registry/Dockerfile Normal file
View File

@@ -0,0 +1,22 @@
# Local Docker Registry for Bakery-IA
# Simple registry to cache base images and reduce Docker Hub usage
FROM registry:2
# Configure registry for local development
ENV REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
ENV REGISTRY_HTTP_SECRET=development-secret
ENV REGISTRY_HTTP_ADDR=0.0.0.0:5000
# Create directory for registry data
RUN mkdir -p /var/lib/registry
# Expose registry port
EXPOSE 5000
# Health check
HEALTHCHECK --interval=30s --timeout=3s \
CMD wget -q --spider http://localhost:5000/v2/ || exit 1
# Run registry
CMD ["registry", "serve", "/etc/docker/registry/config.yml"]

324
scripts/prepull-base-images-for-prod.sh Executable file
View File

@@ -0,0 +1,324 @@
#!/bin/bash
# Base Image Pre-Pull Script for Bakery-IA Production
# This script pre-pulls all required base images for production deployment
# Supports both local development and production environments with Gitea registry
set -e
# Function to display usage
usage() {
echo "Usage: $0 [options]"
echo ""
echo "Options:"
echo " -e, --environment ENV Set environment (dev|prod) - default: dev"
echo " -r, --registry REG Custom registry URL - default: localhost:5000 (dev) or gitea registry (prod)"
echo " --skip-auth Skip Docker Hub authentication"
echo " --push-images Push images to registry (default: true for dev, false for prod)"
echo " --no-push-images Don't push images to registry"
echo " -h, --help Show this help message"
echo ""
echo "Examples:"
echo " $0 # Run in dev mode with local registry"
echo " $0 -e prod # Run in production mode with Gitea registry"
echo " $0 -e prod -r registry.example.com:5000 # Run in production with custom registry"
echo " $0 --skip-auth # Skip Docker Hub auth (for air-gapped envs)"
exit 1
}
# Parse command line arguments
ENVIRONMENT="dev"
REGISTRY=""
SKIP_AUTH=false
PUSH_IMAGES=""
while [[ $# -gt 0 ]]; do
case $1 in
-e|--environment)
ENVIRONMENT="$2"
shift 2
;;
-r|--registry)
REGISTRY="$2"
shift 2
;;
--skip-auth)
SKIP_AUTH=true
shift
;;
--push-images)
PUSH_IMAGES=true
shift
;;
--no-push-images)
PUSH_IMAGES=false
shift
;;
-h|--help)
usage
;;
*)
echo "Unknown option: $1"
usage
;;
esac
done
# Function to check if required tools are available
check_required_tools() {
local missing_tools=()
# Check for required tools
for tool in docker curl jq kubectl; do
if ! command -v "$tool" &> /dev/null; then
missing_tools+=("$tool")
fi
done
if [ ${#missing_tools[@]} -gt 0 ]; then
echo "Error: Missing required tools: ${missing_tools[*]}"
echo "Please install them before running this script."
echo ""
echo "On macOS (with Homebrew):"
echo " brew install docker curl jq kubectl"
echo ""
echo "On Ubuntu/Debian:"
echo " sudo apt-get install docker.io curl jq kubectl"
echo ""
echo "On CentOS/RHEL:"
echo " sudo yum install docker curl jq kubectl"
exit 1
fi
}
# Check for required tools
check_required_tools
echo "=========================================="
echo "Bakery-IA Base Image Pre-Pull Script"
echo "Environment: $ENVIRONMENT"
echo "=========================================="
echo ""
# Set defaults based on environment
if [ "$ENVIRONMENT" = "prod" ]; then
# Production environment - use Gitea registry
if [ -z "$REGISTRY" ]; then
# Try to get Gitea registry from Kubernetes
if kubectl get secret gitea-registry-secret -n bakery-ia &>/dev/null; then
# Extract registry URL from the secret
REGISTRY_JSON=$(kubectl get secret gitea-registry-secret -n bakery-ia -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d)
REGISTRY=$(echo "$REGISTRY_JSON" | jq -r '.auths | keys[]' | head -n 1)
echo "Detected Gitea registry: $REGISTRY"
else
echo "Error: Could not detect Gitea registry automatically"
echo "Please specify the registry with -r/--registry option"
echo "Example: $0 -e prod -r gitea-http.gitea.svc.cluster.local:3000"
exit 1
fi
fi
# Default to not pushing images in production - they should be built by CI/CD
if [ -z "$PUSH_IMAGES" ]; then
PUSH_IMAGES=false
fi
elif [ "$ENVIRONMENT" = "dev" ]; then
# Development environment - use local registry
if [ -z "$REGISTRY" ]; then
REGISTRY="localhost:5000"
fi
# Default to pushing images in dev
if [ -z "$PUSH_IMAGES" ]; then
PUSH_IMAGES=true
fi
else
echo "Error: Invalid environment. Use 'dev' or 'prod'"
exit 1
fi
echo "Registry configuration:"
echo " Environment: $ENVIRONMENT"
echo " Registry: $REGISTRY"
echo " Push Images: $PUSH_IMAGES"
echo ""
# Docker Hub credentials (use environment variables or defaults)
DOCKER_USERNAME="${DOCKER_HUB_USERNAME:-uals}"
DOCKER_PASSWORD="${DOCKER_HUB_PASSWORD:-dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A}"
# Authenticate with Docker Hub if not skipping auth
if [ "$SKIP_AUTH" = false ]; then
echo "Authenticating with Docker Hub..."
if ! echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin; then
echo "⚠ Warning: Docker Hub authentication failed. Continuing anyway..."
else
echo "✓ Authentication successful"
fi
else
echo "Skipping Docker Hub authentication (--skip-auth flag set)"
fi
echo ""
# Define all base images used in the project
# These are the base images needed for the services
BASE_IMAGES=(
# Service base images (Python microservices)
"python:3.11-slim"
# Frontend base images (Node.js build + Nginx runtime)
"node:18-alpine"
"nginx:1.25-alpine"
# Database images
"postgres:17-alpine"
"redis:7.4-alpine"
"rabbitmq:4.1-management-alpine"
# Utility images
"busybox:1.36"
"curlimages/curl:latest"
"bitnami/kubectl:latest"
# Alpine variants
"alpine:3.18"
"alpine:3.19"
"alpine/git:2.43.0"
# CI/CD images
"gcr.io/kaniko-project/executor:v1.23.0"
"gcr.io/go-containerregistry/crane:latest"
"registry.k8s.io/kustomize/kustomize:v5.3.0"
# Storage images
"minio/minio:RELEASE.2024-11-07T00-52-20Z"
"minio/mc:RELEASE.2024-11-17T19-35-25Z"
# Geocoding
"mediagis/nominatim:4.4"
# Mail server (Mailu - from GHCR)
"ghcr.io/mailu/nginx:2024.06"
"ghcr.io/mailu/admin:2024.06"
"ghcr.io/mailu/postfix:2024.06"
"ghcr.io/mailu/dovecot:2024.06"
"ghcr.io/mailu/rspamd:2024.06"
)
# If using registry, verify it's running
if [ "$PUSH_IMAGES" = true ]; then
echo "Checking registry at $REGISTRY..."
if curl -s http://$REGISTRY/v2/ >/dev/null 2>&1; then
echo "✓ Registry is accessible"
elif curl -s https://$REGISTRY/v2/ >/dev/null 2>&1; then
echo "✓ Registry is accessible (HTTPS)"
# Update registry to use HTTPS if needed
REGISTRY="https://$REGISTRY"
else
echo "⚠ Registry is not accessible at $REGISTRY"
echo "Will only pull images locally (no registry push)"
PUSH_IMAGES=false
fi
fi
echo ""
echo "Base images to pre-pull:"
echo "----------------------------------------"
for image in "${BASE_IMAGES[@]}"; do
echo " - $image"
done
echo ""
echo "Starting pre-pull process..."
echo "----------------------------------------"
# Track success/failure
FAILED_IMAGES=()
SUCCESS_COUNT=0
# Pull each base image
for image in "${BASE_IMAGES[@]}"; do
echo "Pulling: $image"
# Pull the image
if ! docker pull "$image"; then
echo " ⚠ Failed to pull $image"
FAILED_IMAGES+=("$image")
continue
fi
# Tag for registry if enabled
if [ "$PUSH_IMAGES" = true ]; then
# Extract registry host and image name
if [[ "$REGISTRY" == https://* ]]; then
REGISTRY_HOST=${REGISTRY#https://}
else
REGISTRY_HOST=$REGISTRY
fi
# Format for registry: use bakery-admin namespace and preserve original name/tag
# Extract image name and tag
if [[ "$image" == *:* ]]; then
image_name="${image%:*}"
image_tag="${image#*:}"
else
image_name="$image"
image_tag="latest"
fi
# Replace slashes with underscores for repository name
repo_name="$(echo "$image_name" | sed 's|/|_|g' | tr '[:upper:]' '[:lower:]')"
# Use bakery-admin namespace and preserve original tag
registry_image="$REGISTRY_HOST/bakery-admin/${repo_name}:${image_tag}"
docker tag "$image" "$registry_image"
echo " Tagged as: $registry_image"
# Push to registry
if docker push "$registry_image"; then
echo " ✓ Pushed to registry"
else
echo " ⚠ Failed to push to registry (image still available locally)"
fi
fi
echo " ✓ Successfully pulled $image"
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
echo ""
done
echo "=========================================="
echo "Base Image Pre-Pull Complete!"
echo "=========================================="
echo ""
echo "Summary:"
echo " - Total images: ${#BASE_IMAGES[@]}"
echo " - Successfully pulled: $SUCCESS_COUNT"
if [ ${#FAILED_IMAGES[@]} -gt 0 ]; then
echo " - Failed: ${#FAILED_IMAGES[@]}"
echo " - Failed images: ${FAILED_IMAGES[*]}"
fi
echo " - Environment: $ENVIRONMENT"
if [ "$PUSH_IMAGES" = true ]; then
echo " - Registry: $REGISTRY"
else
echo " - Registry: None (local Docker only)"
fi
echo ""
# Exit with error if any images failed
if [ ${#FAILED_IMAGES[@]} -gt 0 ]; then
echo "⚠ Some images failed to pull. This may be due to Docker Hub rate limits."
echo "Please try again later or configure Docker Hub credentials."
exit 1
fi
echo "✓ All images pulled successfully!"
if [ "$ENVIRONMENT" = "prod" ] && [ "$PUSH_IMAGES" = false ]; then
echo ""
echo "💡 Note: In production mode, images are not pushed to registry."
echo " Images should be built and pushed by your CI/CD pipeline."
echo " Make sure your CI/CD pipeline has built and pushed the required images."
echo ""
echo "💡 To build and push service images to Gitea registry:"
echo " 1. Ensure your CI/CD pipeline is running (Tekton)"
echo " 2. Push a commit to trigger the pipeline: git commit --allow-empty -m 'Trigger build'"
echo " 3. Or manually trigger a pipeline run"
echo ""
echo "💡 Check pipeline status:"
echo " kubectl get pipelineruns -n tekton-pipelines"
echo " kubectl get pods -n tekton-pipelines"
fi

313
scripts/prepull-base-images.sh Executable file
View File

@@ -0,0 +1,313 @@
#!/bin/bash
# Base Image Pre-Pull Script for Bakery-IA
# This script pre-pulls all required base images to reduce Docker Hub usage
# Supports both local development and production environments with Gitea registry
# Run this script before building services to cache base images locally
set -e
# Function to display usage
usage() {
echo "Usage: $0 [options]"
echo ""
echo "Options:"
echo " -e, --environment ENV Set environment (dev|prod) - default: dev"
echo " -r, --registry REG Custom registry URL - default: localhost:5000 (dev) or gitea registry (prod)"
echo " --skip-auth Skip Docker Hub authentication"
echo " --push-images Push images to registry (default: true for dev, false for prod)"
echo " --no-push-images Don't push images to registry"
echo " -h, --help Show this help message"
echo ""
echo "Examples:"
echo " $0 # Run in dev mode with local registry"
echo " $0 -e prod # Run in production mode with Gitea registry"
echo " $0 -e prod -r registry.example.com:5000 # Run in production with custom registry"
echo " $0 --skip-auth # Skip Docker Hub auth (for air-gapped envs)"
exit 1
}
# Parse command line arguments
ENVIRONMENT="dev"
REGISTRY=""
SKIP_AUTH=false
PUSH_IMAGES=""
while [[ $# -gt 0 ]]; do
case $1 in
-e|--environment)
ENVIRONMENT="$2"
shift 2
;;
-r|--registry)
REGISTRY="$2"
shift 2
;;
--skip-auth)
SKIP_AUTH=true
shift
;;
--push-images)
PUSH_IMAGES=true
shift
;;
--no-push-images)
PUSH_IMAGES=false
shift
;;
-h|--help)
usage
;;
*)
echo "Unknown option: $1"
usage
;;
esac
done
# Function to check if required tools are available
check_required_tools() {
local missing_tools=()
# Check for required tools
for tool in docker curl jq kubectl; do
if ! command -v "$tool" &> /dev/null; then
missing_tools+=("$tool")
fi
done
if [ ${#missing_tools[@]} -gt 0 ]; then
echo "Error: Missing required tools: ${missing_tools[*]}"
echo "Please install them before running this script."
echo ""
echo "On macOS (with Homebrew):"
echo " brew install docker curl jq kubectl"
echo ""
echo "On Ubuntu/Debian:"
echo " sudo apt-get install docker.io curl jq kubectl"
echo ""
echo "On CentOS/RHEL:"
echo " sudo yum install docker curl jq kubectl"
exit 1
fi
}
# Check for required tools
check_required_tools
echo "=========================================="
echo "Bakery-IA Base Image Pre-Pull Script"
echo "Environment: $ENVIRONMENT"
echo "=========================================="
echo ""
# Set defaults based on environment
if [ "$ENVIRONMENT" = "prod" ]; then
# Production environment - use Gitea registry
if [ -z "$REGISTRY" ]; then
# Try to get Gitea registry from Kubernetes
if kubectl get secret gitea-registry-secret -n bakery-ia &>/dev/null; then
# Extract registry URL from the secret
REGISTRY_JSON=$(kubectl get secret gitea-registry-secret -n bakery-ia -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d)
REGISTRY=$(echo "$REGISTRY_JSON" | jq -r '.auths | keys[]' | head -n 1)
echo "Detected Gitea registry: $REGISTRY"
else
echo "Error: Could not detect Gitea registry automatically"
echo "Please specify the registry with -r/--registry option"
echo "Example: $0 -e prod -r gitea-http.gitea.svc.cluster.local:3000"
exit 1
fi
fi
# Default to not pushing images in production - they should be built by CI/CD
if [ -z "$PUSH_IMAGES" ]; then
PUSH_IMAGES=false
fi
elif [ "$ENVIRONMENT" = "dev" ]; then
# Development environment - use local registry
if [ -z "$REGISTRY" ]; then
REGISTRY="localhost:5000"
fi
# Default to pushing images in dev
if [ -z "$PUSH_IMAGES" ]; then
PUSH_IMAGES=true
fi
else
echo "Error: Invalid environment. Use 'dev' or 'prod'"
exit 1
fi
echo "Registry configuration:"
echo " Environment: $ENVIRONMENT"
echo " Registry: $REGISTRY"
echo " Push Images: $PUSH_IMAGES"
echo ""
# Docker Hub credentials (use environment variables or defaults)
DOCKER_USERNAME="${DOCKER_HUB_USERNAME:-uals}"
DOCKER_PASSWORD="${DOCKER_HUB_PASSWORD:-dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A}"
# Authenticate with Docker Hub if not skipping auth
if [ "$SKIP_AUTH" = false ]; then
echo "Authenticating with Docker Hub..."
if ! echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin; then
echo "⚠ Warning: Docker Hub authentication failed. Continuing anyway..."
else
echo "✓ Authentication successful"
fi
else
echo "Skipping Docker Hub authentication (--skip-auth flag set)"
fi
echo ""
# Define all base images used in the project
# These are the base images needed for the services
BASE_IMAGES=(
# Service base images (Python microservices)
"python:3.11-slim"
# Frontend base images (Node.js build + Nginx runtime)
"node:18-alpine"
"nginx:1.25-alpine"
# Database images
"postgres:17-alpine"
"redis:7.4-alpine"
"rabbitmq:4.1-management-alpine"
# Utility images
"busybox:1.36"
"curlimages/curl:latest"
"bitnami/kubectl:latest"
# Alpine variants
"alpine:3.18"
"alpine:3.19"
"alpine/git:2.43.0"
# CI/CD images
"gcr.io/kaniko-project/executor:v1.23.0"
"gcr.io/go-containerregistry/crane:latest"
"registry.k8s.io/kustomize/kustomize:v5.3.0"
# Storage images
"minio/minio:RELEASE.2024-11-07T00-52-20Z"
"minio/mc:RELEASE.2024-11-17T19-35-25Z"
# Geocoding
"mediagis/nominatim:4.4"
# Mail server (Mailu - from GHCR)
"ghcr.io/mailu/nginx:2024.06"
"ghcr.io/mailu/admin:2024.06"
"ghcr.io/mailu/postfix:2024.06"
"ghcr.io/mailu/dovecot:2024.06"
"ghcr.io/mailu/rspamd:2024.06"
)
# If using registry, verify it's running
if [ "$PUSH_IMAGES" = true ]; then
echo "Checking registry at $REGISTRY..."
if curl -s http://$REGISTRY/v2/ >/dev/null 2>&1; then
echo "✓ Registry is accessible"
elif curl -s https://$REGISTRY/v2/ >/dev/null 2>&1; then
echo "✓ Registry is accessible (HTTPS)"
# Update registry to use HTTPS if needed
REGISTRY="https://$REGISTRY"
else
echo "⚠ Registry is not accessible at $REGISTRY"
echo "Will only pull images locally (no registry push)"
PUSH_IMAGES=false
fi
fi
echo ""
echo "Base images to pre-pull:"
echo "----------------------------------------"
for image in "${BASE_IMAGES[@]}"; do
echo " - $image"
done
echo ""
echo "Starting pre-pull process..."
echo "----------------------------------------"
# Track success/failure
FAILED_IMAGES=()
SUCCESS_COUNT=0
# Pull each base image
for image in "${BASE_IMAGES[@]}"; do
echo "Pulling: $image"
# Pull the image
if ! docker pull "$image"; then
echo " ⚠ Failed to pull $image"
FAILED_IMAGES+=("$image")
continue
fi
# Tag for registry if enabled
if [ "$PUSH_IMAGES" = true ]; then
# Extract registry host and image name
if [[ "$REGISTRY" == https://* ]]; then
REGISTRY_HOST=${REGISTRY#https://}
else
REGISTRY_HOST=$REGISTRY
fi
# Format for registry: replace /, :, -, and . with _
local_repo="$(echo $image | sed 's|/|_|g' | sed 's|:|_|g' | sed 's|-|_|g' | sed 's|\.|_|g' | tr '[:upper:]' '[:lower:]')"
registry_image="$REGISTRY_HOST/${local_repo}:latest"
docker tag "$image" "$registry_image"
echo " Tagged as: $registry_image"
# Push to registry
if docker push "$registry_image"; then
echo " ✓ Pushed to registry"
else
echo " ⚠ Failed to push to registry (image still available locally)"
fi
fi
echo " ✓ Successfully pulled $image"
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
echo ""
done
echo "=========================================="
echo "Base Image Pre-Pull Complete!"
echo "=========================================="
echo ""
echo "Summary:"
echo " - Total images: ${#BASE_IMAGES[@]}"
echo " - Successfully pulled: $SUCCESS_COUNT"
if [ ${#FAILED_IMAGES[@]} -gt 0 ]; then
echo " - Failed: ${#FAILED_IMAGES[@]}"
echo " - Failed images: ${FAILED_IMAGES[*]}"
fi
echo " - Environment: $ENVIRONMENT"
if [ "$PUSH_IMAGES" = true ]; then
echo " - Registry: $REGISTRY"
else
echo " - Registry: None (local Docker only)"
fi
echo ""
# Exit with error if any images failed
if [ ${#FAILED_IMAGES[@]} -gt 0 ]; then
echo "⚠ Some images failed to pull. This may be due to Docker Hub rate limits."
echo "Please try again later or configure Docker Hub credentials."
exit 1
fi
echo "✓ All images pulled successfully!"
if [ "$ENVIRONMENT" = "prod" ] && [ "$PUSH_IMAGES" = false ]; then
echo ""
echo "💡 Note: In production mode, images are not pushed to registry."
echo " Images should be built and pushed by your CI/CD pipeline."
echo " Make sure your CI/CD pipeline has built and pushed the required images."
echo ""
echo "💡 To build and push service images to Gitea registry:"
echo " 1. Ensure your CI/CD pipeline is running (Tekton)"
echo " 2. Push a commit to trigger the pipeline: git commit --allow-empty -m 'Trigger build'"
echo " 3. Or manually trigger a pipeline run"
echo ""
echo "💡 Check pipeline status:"
echo " kubectl get pipelineruns -n tekton-pipelines"
echo " kubectl get pods -n tekton-pipelines"
fi

166
scripts/regenerate_all_migrations.sh Executable file
View File

@@ -0,0 +1,166 @@
#!/bin/bash
# Convenience script: Clean databases and regenerate all migrations in one command
# This wraps the two-step process into a single workflow
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
NAMESPACE="${KUBE_NAMESPACE:-bakery-ia}"
SKIP_CONFIRMATION=false
APPLY_MIGRATIONS=false
VERBOSE=false
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
--namespace) NAMESPACE="$2"; shift 2 ;;
--yes) SKIP_CONFIRMATION=true; shift ;;
--apply) APPLY_MIGRATIONS=true; shift ;;
--verbose) VERBOSE=true; shift ;;
-h|--help)
echo "Usage: $0 [OPTIONS]"
echo ""
echo "This script performs the complete migration regeneration workflow:"
echo " 1. Clean all service databases"
echo " 2. Generate new migrations from models"
echo " 3. Optionally apply migrations"
echo ""
echo "Options:"
echo " --namespace NAME Use specific Kubernetes namespace (default: bakery-ia)"
echo " --yes Skip all confirmation prompts"
echo " --apply Apply migrations after generation"
echo " --verbose Enable detailed logging"
echo ""
echo "Examples:"
echo " $0 # Interactive mode (with confirmations)"
echo " $0 --yes --verbose # Automated mode with detailed output"
echo " $0 --apply # Generate and apply migrations"
exit 0
;;
*) echo "Unknown option: $1"; echo "Use --help for usage information"; exit 1 ;;
esac
done
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Complete Migration Regeneration Workflow${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
echo -e "${YELLOW}This script will:${NC}"
echo -e "${YELLOW} 1. Clean all service databases (DROP all tables)${NC}"
echo -e "${YELLOW} 2. Generate new migrations from models${NC}"
if [ "$APPLY_MIGRATIONS" = true ]; then
echo -e "${YELLOW} 3. Apply migrations to databases${NC}"
fi
echo ""
echo -e "${YELLOW}Namespace: $NAMESPACE${NC}"
echo ""
if [ "$SKIP_CONFIRMATION" = false ]; then
echo -e "${RED}⚠ WARNING: This will DROP ALL TABLES in all service databases!${NC}"
echo ""
read -p "Continue? (yes/no) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${YELLOW}Aborted.${NC}"
exit 0
fi
fi
echo ""
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Step 1: Cleaning Databases${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
# Build cleanup command
CLEANUP_CMD="./cleanup_databases_k8s.sh --namespace $NAMESPACE"
if [ "$SKIP_CONFIRMATION" = true ]; then
CLEANUP_CMD="$CLEANUP_CMD --yes"
fi
# Run cleanup
if ! $CLEANUP_CMD; then
echo -e "${RED}✗ Database cleanup failed!${NC}"
echo -e "${YELLOW}Cannot proceed with migration generation.${NC}"
exit 1
fi
echo ""
echo -e "${GREEN}✓ Database cleanup completed${NC}"
echo ""
# Wait a moment for database connections to settle
sleep 2
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Step 2: Generating Migrations${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
# Build migration command
MIGRATION_CMD="./regenerate_migrations_k8s.sh --namespace $NAMESPACE"
if [ "$VERBOSE" = true ]; then
MIGRATION_CMD="$MIGRATION_CMD --verbose"
fi
if [ "$APPLY_MIGRATIONS" = true ]; then
MIGRATION_CMD="$MIGRATION_CMD --apply"
fi
# Run migration generation (with automatic 'y' response)
if [ "$SKIP_CONFIRMATION" = true ]; then
echo "y" | $MIGRATION_CMD
else
$MIGRATION_CMD
fi
MIGRATION_EXIT_CODE=$?
echo ""
if [ $MIGRATION_EXIT_CODE -eq 0 ]; then
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}✓ Workflow Completed Successfully!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo -e "${YELLOW}Summary:${NC}"
echo -e " ${GREEN}${NC} Databases cleaned"
echo -e " ${GREEN}${NC} Migrations generated"
if [ "$APPLY_MIGRATIONS" = true ]; then
echo -e " ${GREEN}${NC} Migrations applied"
fi
echo ""
echo -e "${YELLOW}Generated migration files:${NC}"
find services/*/migrations/versions/ -name "*.py" -type f -mmin -5 2>/dev/null | while read file; do
size=$(wc -c < "$file" | tr -d ' ')
echo -e " ${GREEN}${NC} $file ($size bytes)"
done
echo ""
echo -e "${YELLOW}Next steps:${NC}"
echo -e " 1. Review the generated migrations above"
echo -e " 2. Verify migrations contain schema operations (not just 'pass')"
if [ "$APPLY_MIGRATIONS" = false ]; then
echo -e " 3. Apply migrations: ./regenerate_migrations_k8s.sh --apply"
echo -e " 4. Commit migrations: git add services/*/migrations/versions/*.py"
else
echo -e " 3. Commit migrations: git add services/*/migrations/versions/*.py"
fi
else
echo -e "${RED}========================================${NC}"
echo -e "${RED}✗ Migration Generation Failed${NC}"
echo -e "${RED}========================================${NC}"
echo ""
echo -e "${YELLOW}Check the log file for details.${NC}"
echo -e "${YELLOW}Common issues:${NC}"
echo -e " - Pod not running for some services"
echo -e " - Database connectivity issues"
echo -e " - Model import errors"
echo ""
exit 1
fi

796
scripts/regenerate_migrations_k8s.sh Executable file
View File

@@ -0,0 +1,796 @@
#!/bin/bash
# Script to regenerate Alembic migrations using Kubernetes local dev environment
# This script backs up existing migrations and generates new ones based on current models
set -euo pipefail # Exit on error, undefined variables, and pipe failures
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
NAMESPACE="${KUBE_NAMESPACE:-bakery-ia}"
LOG_FILE="migration_script_$(date +%Y%m%d_%H%M%S).log"
BACKUP_RETENTION_DAYS=7
CONTAINER_SUFFIX="service" # Default container name suffix (e.g., pos-service)
# Parse command line arguments
DRY_RUN=false
SKIP_BACKUP=false
APPLY_MIGRATIONS=false
CHECK_EXISTING=false
VERBOSE=false
SKIP_DB_CHECK=false
while [[ $# -gt 0 ]]; do
case $1 in
--dry-run) DRY_RUN=true; shift ;;
--skip-backup) SKIP_BACKUP=true; shift ;;
--apply) APPLY_MIGRATIONS=true; shift ;;
--check-existing) CHECK_EXISTING=true; shift ;;
--verbose) VERBOSE=true; shift ;;
--skip-db-check) SKIP_DB_CHECK=true; shift ;;
--namespace) NAMESPACE="$2"; shift 2 ;;
-h|--help)
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " --dry-run Show what would be done without making changes"
echo " --skip-backup Skip backing up existing migrations"
echo " --apply Automatically apply migrations after generation"
echo " --check-existing Check for and copy existing migrations from pods first"
echo " --verbose Enable detailed logging"
echo " --skip-db-check Skip database connectivity check"
echo " --namespace NAME Use specific Kubernetes namespace (default: bakery-ia)"
echo ""
echo "Examples:"
echo " $0 --namespace dev --dry-run # Simulate migration regeneration"
echo " $0 --apply --verbose # Generate and apply migrations with detailed logs"
echo " $0 --skip-db-check # Skip database connectivity check"
exit 0
;;
*) echo "Unknown option: $1"; echo "Use --help for usage information"; exit 1 ;;
esac
done
# List of all services
SERVICES=(
"pos" "sales" "recipes" "training" "auth" "orders" "inventory"
"suppliers" "tenant" "notification" "alert-processor" "forecasting"
"external" "production" "demo-session"
)
# Backup directory
BACKUP_DIR="migrations_backup_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"
# Initialize log file
touch "$LOG_FILE"
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Starting migration regeneration" >> "$LOG_FILE"
# Function to perform pre-flight checks
preflight_checks() {
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Pre-flight Checks${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
local checks_passed=true
# Check kubectl
echo -e "${YELLOW}Checking kubectl...${NC}"
if ! command -v kubectl &> /dev/null; then
echo -e "${RED}✗ kubectl not found${NC}"
log_message "ERROR" "kubectl not found"
checks_passed=false
else
KUBECTL_VERSION=$(kubectl version --client --short 2>/dev/null | grep -oP 'v\d+\.\d+\.\d+' || echo "unknown")
echo -e "${GREEN}✓ kubectl found (version: $KUBECTL_VERSION)${NC}"
fi
# Check cluster connectivity
echo -e "${YELLOW}Checking Kubernetes cluster connectivity...${NC}"
if ! kubectl cluster-info &> /dev/null; then
echo -e "${RED}✗ Cannot connect to Kubernetes cluster${NC}"
log_message "ERROR" "Cannot connect to Kubernetes cluster"
checks_passed=false
else
CLUSTER_NAME=$(kubectl config current-context 2>/dev/null || echo "unknown")
echo -e "${GREEN}✓ Connected to cluster: $CLUSTER_NAME${NC}"
fi
# Check namespace exists
echo -e "${YELLOW}Checking namespace '$NAMESPACE'...${NC}"
if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
echo -e "${RED}✗ Namespace '$NAMESPACE' not found${NC}"
log_message "ERROR" "Namespace '$NAMESPACE' not found"
checks_passed=false
else
echo -e "${GREEN}✓ Namespace exists${NC}"
fi
# Check if all service pods are running
echo -e "${YELLOW}Checking service pods...${NC}"
local pods_found=0
local pods_running=0
for service in "${SERVICES[@]}"; do
local pod_name=$(kubectl get pods -n "$NAMESPACE" -l "app.kubernetes.io/name=${service}-service" --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
if [ -n "$pod_name" ]; then
pods_found=$((pods_found + 1))
pods_running=$((pods_running + 1))
fi
done
echo -e "${GREEN}✓ Found $pods_running/${#SERVICES[@]} service pods running${NC}"
if [ $pods_running -lt ${#SERVICES[@]} ]; then
echo -e "${YELLOW}⚠ Not all service pods are running${NC}"
echo -e "${YELLOW} Missing services will be skipped${NC}"
fi
# Check database connectivity for running services
echo -e "${YELLOW}Checking database connectivity (sample)...${NC}"
local sample_service="auth"
local sample_pod=$(kubectl get pods -n "$NAMESPACE" -l "app.kubernetes.io/name=${sample_service}-service" --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
if [ -n "$sample_pod" ]; then
local db_check=$(kubectl exec -n "$NAMESPACE" "$sample_pod" -c "${sample_service}-service" -- sh -c "python3 -c 'import asyncpg; print(\"OK\")' 2>/dev/null" || echo "FAIL")
if [ "$db_check" = "OK" ]; then
echo -e "${GREEN}✓ Database drivers available (asyncpg)${NC}"
else
echo -e "${YELLOW}⚠ Database driver check failed${NC}"
fi
else
echo -e "${YELLOW}⚠ Cannot check database connectivity (no sample pod running)${NC}"
fi
# Check local directory structure
echo -e "${YELLOW}Checking local directory structure...${NC}"
local dirs_found=0
for service in "${SERVICES[@]}"; do
local service_dir=$(echo "$service" | tr '-' '_')
if [ -d "services/$service_dir/migrations" ]; then
dirs_found=$((dirs_found + 1))
fi
done
echo -e "${GREEN}✓ Found $dirs_found/${#SERVICES[@]} service migration directories${NC}"
# Check disk space
echo -e "${YELLOW}Checking disk space...${NC}"
local available_space=$(df -h . | tail -1 | awk '{print $4}')
echo -e "${GREEN}✓ Available disk space: $available_space${NC}"
echo ""
if [ "$checks_passed" = false ]; then
echo -e "${RED}========================================${NC}"
echo -e "${RED}Pre-flight checks failed!${NC}"
echo -e "${RED}========================================${NC}"
echo ""
read -p "Continue anyway? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${RED}Aborted.${NC}"
exit 1
fi
else
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}All pre-flight checks passed!${NC}"
echo -e "${GREEN}========================================${NC}"
fi
echo ""
}
# Run pre-flight checks
preflight_checks
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Migration Regeneration Script (K8s)${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
if [ "$DRY_RUN" = true ]; then
echo -e "${YELLOW}🔍 DRY RUN MODE - No changes will be made${NC}"
echo ""
fi
echo -e "${YELLOW}This script will:${NC}"
if [ "$CHECK_EXISTING" = true ]; then
echo -e "${YELLOW}1. Check for existing migrations in pods and copy them${NC}"
fi
if [ "$SKIP_BACKUP" = false ]; then
echo -e "${YELLOW}2. Backup existing migration files${NC}"
fi
echo -e "${YELLOW}3. Generate new migrations in Kubernetes pods${NC}"
echo -e "${YELLOW}4. Copy generated files back to local machine${NC}"
if [ "$APPLY_MIGRATIONS" = true ]; then
echo -e "${YELLOW}5. Apply migrations to databases${NC}"
fi
if [ "$SKIP_BACKUP" = false ]; then
echo -e "${YELLOW}6. Keep the backup in: $BACKUP_DIR${NC}"
fi
echo ""
echo -e "${YELLOW}Using Kubernetes namespace: $NAMESPACE${NC}"
echo -e "${YELLOW}Logs will be saved to: $LOG_FILE${NC}"
echo ""
if [ "$DRY_RUN" = false ]; then
read -p "Continue? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${RED}Aborted.${NC}"
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Aborted by user" >> "$LOG_FILE"
exit 1
fi
fi
# Kubernetes setup already verified in pre-flight checks
# Function to get a running pod for a service
get_running_pod() {
local service=$1
local pod_name=""
local selectors=(
"app.kubernetes.io/name=${service}-service,app.kubernetes.io/component=microservice"
"app.kubernetes.io/name=${service}-service,app.kubernetes.io/component=worker"
"app.kubernetes.io/name=${service}-service"
"app=${service}-service,component=${service}" # Fallback for demo-session
"app=${service}-service" # Additional fallback
)
for selector in "${selectors[@]}"; do
pod_name=$(kubectl get pods -n "$NAMESPACE" -l "$selector" --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)
if [ -n "$pod_name" ]; then
echo "$pod_name"
return 0
fi
done
echo ""
return 1
}
# Function to log messages
log_message() {
local level=$1
local message=$2
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $level: $message" >> "$LOG_FILE"
if [ "$VERBOSE" = true ] || [ "$level" = "ERROR" ]; then
echo -e "${YELLOW}$message${NC}"
fi
}
# Check for existing migrations in pods if requested
if [ "$CHECK_EXISTING" = true ]; then
echo -e "${BLUE}Step 1.5: Checking for existing migrations in pods...${NC}"
echo ""
FOUND_COUNT=0
COPIED_COUNT=0
for service in "${SERVICES[@]}"; do
service_dir=$(echo "$service" | tr '-' '_')
echo -e "${YELLOW}Checking $service...${NC}"
# Find a running pod
POD_NAME=$(get_running_pod "$service")
if [ -z "$POD_NAME" ]; then
echo -e "${YELLOW}⚠ Pod not found, skipping${NC}"
log_message "WARNING" "No running pod found for $service"
continue
fi
# Check container availability
CONTAINER="${service}-${CONTAINER_SUFFIX}"
if ! kubectl get pod -n "$NAMESPACE" "$POD_NAME" -o jsonpath='{.spec.containers[*].name}' | grep -qw "$CONTAINER"; then
echo -e "${RED}✗ Container $CONTAINER not found in pod $POD_NAME, skipping${NC}"
log_message "ERROR" "Container $CONTAINER not found in pod $POD_NAME for $service"
continue
fi
# Check if migration files exist in the pod
EXISTING_FILES=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "ls /app/migrations/versions/*.py 2>/dev/null | grep -v __pycache__ | grep -v __init__.py" 2>/dev/null || echo "")
if [ -n "$EXISTING_FILES" ]; then
FILE_COUNT=$(echo "$EXISTING_FILES" | wc -l | tr -d ' ')
echo -e "${GREEN}✓ Found $FILE_COUNT migration file(s) in pod${NC}"
FOUND_COUNT=$((FOUND_COUNT + 1))
# Create local versions directory
mkdir -p "services/$service_dir/migrations/versions"
# Copy each file
for pod_file in $EXISTING_FILES; do
filename=$(basename "$pod_file")
if [ "$DRY_RUN" = true ]; then
echo -e "${BLUE}[DRY RUN] Would copy: $filename${NC}"
log_message "INFO" "[DRY RUN] Would copy $filename for $service"
else
if kubectl cp -n "$NAMESPACE" "$POD_NAME:$pod_file" "services/$service_dir/migrations/versions/$filename" -c "$CONTAINER" 2>>"$LOG_FILE"; then
echo -e "${GREEN}✓ Copied: $filename${NC}"
COPIED_COUNT=$((COPIED_COUNT + 1))
log_message "INFO" "Copied $filename for $service"
# Display brief summary
echo -e "${BLUE}Preview:${NC}"
grep "def upgrade" "services/$service_dir/migrations/versions/$filename" | head -1
grep "op\." "services/$service_dir/migrations/versions/$filename" | head -3 | sed 's/^/ /'
else
echo -e "${RED}✗ Failed to copy: $filename${NC}"
log_message "ERROR" "Failed to copy $filename for $service"
fi
fi
done
else
echo -e "${YELLOW}⚠ No migration files found in pod${NC}"
log_message "WARNING" "No migration files found in pod for $service"
fi
echo ""
done
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Existing Migrations Check Summary${NC}"
echo -e "${BLUE}========================================${NC}"
echo -e "${GREEN}Services with migrations: $FOUND_COUNT${NC}"
if [ "$DRY_RUN" = false ]; then
echo -e "${GREEN}Files copied: $COPIED_COUNT${NC}"
fi
echo ""
if [ "$FOUND_COUNT" = 0 ] && [ "$DRY_RUN" = false ]; then
read -p "Do you want to continue with regeneration? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${YELLOW}Stopping. Existing migrations have been copied.${NC}"
log_message "INFO" "Stopped after copying existing migrations"
exit 0
fi
fi
fi
# Backup existing migrations
if [ "$SKIP_BACKUP" = false ] && [ "$DRY_RUN" = false ]; then
echo -e "${BLUE}Step 2: Backing up existing migrations...${NC}"
BACKUP_COUNT=0
for service in "${SERVICES[@]}"; do
service_dir=$(echo "$service" | tr '-' '_')
if [ -d "services/$service_dir/migrations/versions" ] && [ -n "$(ls services/$service_dir/migrations/versions/*.py 2>/dev/null)" ]; then
echo -e "${YELLOW}Backing up $service migrations...${NC}"
mkdir -p "$BACKUP_DIR/$service_dir/versions"
cp -r "services/$service_dir/migrations/versions/"*.py "$BACKUP_DIR/$service_dir/versions/" 2>>"$LOG_FILE"
BACKUP_COUNT=$((BACKUP_COUNT + 1))
log_message "INFO" "Backed up migrations for $service to $BACKUP_DIR/$service_dir/versions"
else
echo -e "${YELLOW}No migration files to backup for $service${NC}"
fi
done
if [ "$BACKUP_COUNT" -gt 0 ]; then
echo -e "${GREEN}✓ Backup complete: $BACKUP_DIR ($BACKUP_COUNT services)${NC}"
else
echo -e "${YELLOW}No migrations backed up (no migration files found)${NC}"
fi
echo ""
elif [ "$SKIP_BACKUP" = true ]; then
echo -e "${YELLOW}Skipping backup step (--skip-backup flag)${NC}"
log_message "INFO" "Backup skipped due to --skip-backup flag"
echo ""
fi
# Clean up old backups
find . -maxdepth 1 -type d -name 'migrations_backup_*' -mtime +"$BACKUP_RETENTION_DAYS" -exec rm -rf {} \; 2>/dev/null || true
log_message "INFO" "Cleaned up backups older than $BACKUP_RETENTION_DAYS days"
echo -e "${BLUE}Step 3: Generating new migrations in Kubernetes...${NC}"
echo ""
SUCCESS_COUNT=0
FAILED_COUNT=0
FAILED_SERVICES=()
# Function to process a single service
process_service() {
local service=$1
local service_dir=$(echo "$service" | tr '-' '_')
local db_env_var=$(echo "$service" | tr '[:lower:]-' '[:upper:]_')_DATABASE_URL # e.g., pos -> POS_DATABASE_URL, alert-processor -> ALERT_PROCESSOR_DATABASE_URL
echo -e "${BLUE}----------------------------------------${NC}"
echo -e "${BLUE}Processing: $service${NC}"
echo -e "${BLUE}----------------------------------------${NC}"
log_message "INFO" "Starting migration generation for $service"
# Skip if no local migrations directory and --check-existing is not set
if [ ! -d "services/$service_dir/migrations/versions" ] && [ "$CHECK_EXISTING" = false ]; then
echo -e "${YELLOW}⚠ No local migrations/versions directory for $service, skipping...${NC}"
log_message "WARNING" "No local migrations/versions directory for $service"
return
fi
# Find a running pod
echo -e "${YELLOW}Finding $service pod in namespace $NAMESPACE...${NC}"
POD_NAME=$(get_running_pod "$service")
if [ -z "$POD_NAME" ]; then
echo -e "${RED}✗ No running pod found for $service. Skipping...${NC}"
log_message "ERROR" "No running pod found for $service"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (pod not found)")
return
fi
echo -e "${GREEN}✓ Found pod: $POD_NAME${NC}"
log_message "INFO" "Found pod $POD_NAME for $service"
# Check container availability
CONTAINER="${service}-${CONTAINER_SUFFIX}"
if ! kubectl get pod -n "$NAMESPACE" "$POD_NAME" -o jsonpath='{.spec.containers[*].name}' | grep -qw "$CONTAINER"; then
echo -e "${RED}✗ Container $CONTAINER not found in pod $POD_NAME, skipping${NC}"
log_message "ERROR" "Container $CONTAINER not found in pod $POD_NAME for $service"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (container not found)")
return
fi
# Verify database connectivity
if [ "$SKIP_DB_CHECK" = false ]; then
echo -e "${YELLOW}Verifying database connectivity using $db_env_var...${NC}"
# Check if asyncpg is installed
ASYNCPG_CHECK=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "python3 -c \"import asyncpg; print('asyncpg OK')\" 2>/dev/null" || echo "asyncpg MISSING")
if [[ "$ASYNCPG_CHECK" != "asyncpg OK" ]]; then
echo -e "${YELLOW}Installing asyncpg...${NC}"
kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "python3 -m pip install --quiet asyncpg" 2>>"$LOG_FILE"
fi
# Check for database URL
DB_URL_CHECK=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "env | grep $db_env_var" 2>/dev/null || echo "")
if [ -z "$DB_URL_CHECK" ]; then
echo -e "${RED}✗ Environment variable $db_env_var not found in pod $POD_NAME${NC}"
echo -e "${YELLOW}Available environment variables:${NC}"
kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "env" 2>>"$LOG_FILE" | grep -i "database" || echo "No database-related variables found"
log_message "ERROR" "Environment variable $db_env_var not found for $service in pod $POD_NAME"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (missing $db_env_var)")
return
fi
# Log redacted database URL for debugging
DB_URL=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "echo \$"$db_env_var"" 2>/dev/null | sed 's/\(password=\)[^@]*/\1[REDACTED]/')
log_message "INFO" "Using database URL for $service: $DB_URL"
# Perform async database connectivity check
DB_CHECK_OUTPUT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH python3 -c \"import asyncio; from sqlalchemy.ext.asyncio import create_async_engine; async def check_db(): engine = create_async_engine(os.getenv('$db_env_var')); async with engine.connect() as conn: pass; await engine.dispose(); print('DB OK'); asyncio.run(check_db())\" 2>&1" || echo "DB ERROR")
if [[ "$DB_CHECK_OUTPUT" == *"DB OK"* ]]; then
echo -e "${GREEN}✓ Database connection verified${NC}"
log_message "INFO" "Database connection verified for $service"
else
echo -e "${RED}✗ Database connection failed for $service${NC}"
echo -e "${YELLOW}Error details: $DB_CHECK_OUTPUT${NC}"
log_message "ERROR" "Database connection failed for $service: $DB_CHECK_OUTPUT"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (database connection failed)")
return
fi
else
echo -e "${YELLOW}Skipping database connectivity check (--skip-db-check)${NC}"
log_message "INFO" "Skipped database connectivity check for $service"
fi
# Reset alembic version tracking
echo -e "${YELLOW}Resetting alembic version tracking...${NC}"
kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH alembic downgrade base" 2>&1 | tee -a "$LOG_FILE" | grep -v "^INFO" || true
log_message "INFO" "Attempted alembic downgrade for $service"
# Option 1: Complete database schema reset using CASCADE
echo -e "${YELLOW}Performing complete database schema reset...${NC}"
SCHEMA_DROP_RESULT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH python3 << 'EOFPYTHON'
import asyncio
import os
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy import text
async def reset_database():
try:
engine = create_async_engine(os.getenv('$db_env_var'))
async with engine.begin() as conn:
# Drop and recreate public schema - cleanest approach
await conn.execute(text('DROP SCHEMA IF EXISTS public CASCADE'))
await conn.execute(text('CREATE SCHEMA public'))
await conn.execute(text('GRANT ALL ON SCHEMA public TO PUBLIC'))
await engine.dispose()
print('SUCCESS: Database schema reset complete')
return 0
except Exception as e:
print(f'ERROR: {str(e)}')
return 1
exit(asyncio.run(reset_database()))
EOFPYTHON
" 2>&1)
echo "$SCHEMA_DROP_RESULT" >> "$LOG_FILE"
if echo "$SCHEMA_DROP_RESULT" | grep -q "SUCCESS"; then
echo -e "${GREEN}✓ Database schema reset successfully${NC}"
log_message "INFO" "Database schema reset for $service"
else
echo -e "${RED}✗ Database schema reset failed${NC}"
echo -e "${YELLOW}Error details:${NC}"
echo "$SCHEMA_DROP_RESULT"
log_message "ERROR" "Database schema reset failed for $service: $SCHEMA_DROP_RESULT"
# Try alternative approach: Drop individual tables from database (not just models)
echo -e "${YELLOW}Attempting alternative: dropping all existing tables individually...${NC}"
TABLE_DROP_RESULT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH python3 << 'EOFPYTHON'
import asyncio
import os
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy import text
async def drop_all_tables():
try:
engine = create_async_engine(os.getenv('$db_env_var'))
async with engine.begin() as conn:
# Get all tables from database
result = await conn.execute(text(\"\"\"
SELECT tablename
FROM pg_tables
WHERE schemaname = 'public'
\"\"\"))
tables = [row[0] for row in result]
# Drop each table
for table in tables:
await conn.execute(text(f'DROP TABLE IF EXISTS \"{table}\" CASCADE'))
print(f'SUCCESS: Dropped {len(tables)} tables: {tables}')
await engine.dispose()
return 0
except Exception as e:
print(f'ERROR: {str(e)}')
return 1
exit(asyncio.run(drop_all_tables()))
EOFPYTHON
" 2>&1)
echo "$TABLE_DROP_RESULT" >> "$LOG_FILE"
if echo "$TABLE_DROP_RESULT" | grep -q "SUCCESS"; then
echo -e "${GREEN}✓ All tables dropped successfully${NC}"
log_message "INFO" "All tables dropped for $service"
else
echo -e "${RED}✗ Failed to drop tables${NC}"
echo -e "${YELLOW}Error details:${NC}"
echo "$TABLE_DROP_RESULT"
log_message "ERROR" "Failed to drop tables for $service: $TABLE_DROP_RESULT"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (database cleanup failed)")
return
fi
fi
# Verify database is empty
echo -e "${YELLOW}Verifying database is clean...${NC}"
VERIFY_RESULT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH python3 << 'EOFPYTHON'
import asyncio
import os
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy import text
async def verify_empty():
engine = create_async_engine(os.getenv('$db_env_var'))
async with engine.connect() as conn:
result = await conn.execute(text(\"\"\"
SELECT COUNT(*)
FROM pg_tables
WHERE schemaname = 'public'
\"\"\"))
count = result.scalar()
print(f'Tables remaining: {count}')
await engine.dispose()
return count
exit(asyncio.run(verify_empty()))
EOFPYTHON
" 2>&1)
echo "$VERIFY_RESULT" >> "$LOG_FILE"
echo -e "${BLUE}$VERIFY_RESULT${NC}"
# Initialize alembic version table after schema reset
echo -e "${YELLOW}Initializing alembic version tracking...${NC}"
ALEMBIC_INIT_OUTPUT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH alembic stamp base" 2>&1)
ALEMBIC_INIT_EXIT_CODE=$?
echo "$ALEMBIC_INIT_OUTPUT" >> "$LOG_FILE"
if [ $ALEMBIC_INIT_EXIT_CODE -eq 0 ]; then
echo -e "${GREEN}✓ Alembic version tracking initialized${NC}"
log_message "INFO" "Alembic version tracking initialized for $service"
else
echo -e "${YELLOW}⚠ Alembic initialization warning (may be normal)${NC}"
log_message "WARNING" "Alembic initialization for $service: $ALEMBIC_INIT_OUTPUT"
fi
# Remove old migration files in pod
echo -e "${YELLOW}Removing old migration files in pod...${NC}"
kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "rm -rf /app/migrations/versions/*.py /app/migrations/versions/__pycache__" 2>>"$LOG_FILE" || log_message "WARNING" "Failed to remove old migration files for $service"
# Ensure dependencies
echo -e "${YELLOW}Ensuring python-dateutil and asyncpg are installed...${NC}"
kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "python3 -m pip install --quiet python-dateutil asyncpg" 2>>"$LOG_FILE"
# Generate migration
echo -e "${YELLOW}Running alembic autogenerate in pod...${NC}"
MIGRATION_TIMESTAMP=$(date +%Y%m%d_%H%M)
MIGRATION_OUTPUT=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH python3 -m alembic revision --autogenerate -m \"initial_schema_$MIGRATION_TIMESTAMP\"" 2>&1)
MIGRATION_EXIT_CODE=$?
echo "$MIGRATION_OUTPUT" >> "$LOG_FILE"
if [ $MIGRATION_EXIT_CODE -eq 0 ]; then
echo -e "${GREEN}✓ Migration generated in pod${NC}"
log_message "INFO" "Migration generated for $service"
# Copy migration file
MIGRATION_FILE=$(kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "ls -t /app/migrations/versions/*.py 2>/dev/null | head -1" || echo "")
if [ -z "$MIGRATION_FILE" ]; then
echo -e "${RED}✗ No migration file found in pod${NC}"
log_message "ERROR" "No migration file generated for $service"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (no file generated)")
return
fi
MIGRATION_FILENAME=$(basename "$MIGRATION_FILE")
mkdir -p "services/$service_dir/migrations/versions"
# Copy file with better error handling
echo -e "${YELLOW}Copying migration file from pod...${NC}"
CP_OUTPUT=$(kubectl cp -n "$NAMESPACE" "$POD_NAME:$MIGRATION_FILE" "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" -c "$CONTAINER" 2>&1)
CP_EXIT_CODE=$?
echo "$CP_OUTPUT" >> "$LOG_FILE"
# Verify the file was actually copied
if [ $CP_EXIT_CODE -eq 0 ] && [ -f "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" ]; then
LOCAL_FILE_SIZE=$(wc -c < "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" | tr -d ' ')
if [ "$LOCAL_FILE_SIZE" -gt 0 ]; then
echo -e "${GREEN}✓ Migration file copied: $MIGRATION_FILENAME ($LOCAL_FILE_SIZE bytes)${NC}"
log_message "INFO" "Copied $MIGRATION_FILENAME for $service ($LOCAL_FILE_SIZE bytes)"
SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
# Validate migration content
echo -e "${YELLOW}Validating migration content...${NC}"
if grep -E "op\.(create_table|add_column|create_index|alter_column|drop_table|drop_column|create_foreign_key)" "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" >/dev/null; then
echo -e "${GREEN}✓ Migration contains schema operations${NC}"
log_message "INFO" "Migration contains schema operations for $service"
elif grep -q "pass" "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" && grep -q "def upgrade()" "services/$service_dir/migrations/versions/$MIGRATION_FILENAME"; then
echo -e "${YELLOW}⚠ WARNING: Migration is empty (no schema changes detected)${NC}"
echo -e "${YELLOW}⚠ This usually means tables already exist in database matching the models${NC}"
log_message "WARNING" "Empty migration generated for $service - possible database cleanup issue"
else
echo -e "${GREEN}✓ Migration file created${NC}"
fi
# Display summary
echo -e "${BLUE}Migration summary:${NC}"
grep -E "^def (upgrade|downgrade)" "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" | head -2
echo -e "${BLUE}Operations:${NC}"
grep "op\." "services/$service_dir/migrations/versions/$MIGRATION_FILENAME" | head -5 || echo " (none found)"
else
echo -e "${RED}✗ Migration file is empty (0 bytes)${NC}"
log_message "ERROR" "Migration file is empty for $service"
rm -f "services/$service_dir/migrations/versions/$MIGRATION_FILENAME"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (empty file)")
fi
else
echo -e "${RED}✗ Failed to copy migration file${NC}"
echo -e "${YELLOW}kubectl cp exit code: $CP_EXIT_CODE${NC}"
echo -e "${YELLOW}kubectl cp output: $CP_OUTPUT${NC}"
log_message "ERROR" "Failed to copy migration file for $service: $CP_OUTPUT"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (copy failed)")
fi
else
echo -e "${RED}✗ Failed to generate migration${NC}"
log_message "ERROR" "Failed to generate migration for $service"
FAILED_COUNT=$((FAILED_COUNT + 1))
FAILED_SERVICES+=("$service (generation failed)")
fi
}
# Process services sequentially
for service in "${SERVICES[@]}"; do
process_service "$service"
done
# Summary
echo ""
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Summary${NC}"
echo -e "${BLUE}========================================${NC}"
echo -e "${GREEN}✓ Successful: $SUCCESS_COUNT services${NC}"
echo -e "${RED}✗ Failed: $FAILED_COUNT services${NC}"
if [ "$FAILED_COUNT" -gt 0 ]; then
echo ""
echo -e "${RED}Failed services:${NC}"
for failed_service in "${FAILED_SERVICES[@]}"; do
echo -e "${RED} - $failed_service${NC}"
done
fi
echo ""
echo -e "${YELLOW}Backup location: $BACKUP_DIR${NC}"
echo -e "${YELLOW}Log file: $LOG_FILE${NC}"
echo ""
# Apply migrations if requested
if [ "$APPLY_MIGRATIONS" = true ] && [ "$DRY_RUN" = false ] && [ "$SUCCESS_COUNT" -gt 0 ]; then
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}Applying Migrations${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
APPLIED_COUNT=0
APPLY_FAILED_COUNT=0
for service in "${SERVICES[@]}"; do
service_dir=$(echo "$service" | tr '-' '_')
local db_env_var=$(echo "$service" | tr '[:lower:]-' '[:upper:]_')_DATABASE_URL
if [ ! -d "services/$service_dir/migrations/versions" ] || [ -z "$(ls services/$service_dir/migrations/versions/*.py 2>/dev/null)" ]; then
continue
fi
echo -e "${BLUE}Applying migrations for: $service${NC}"
POD_NAME=$(get_running_pod "$service")
if [ -z "$POD_NAME" ]; then
echo -e "${YELLOW}⚠ Pod not found for $service, skipping...${NC}"
log_message "WARNING" "No running pod found for $service during migration application"
continue
fi
CONTAINER="${service}-${CONTAINER_SUFFIX}"
if ! kubectl get pod -n "$NAMESPACE" "$POD_NAME" -o jsonpath='{.spec.containers[*].name}' | grep -qw "$CONTAINER"; then
echo -e "${RED}✗ Container $CONTAINER not found in pod $POD_NAME, skipping${NC}"
log_message "ERROR" "Container $CONTAINER not found in pod $POD_NAME for $service"
continue
fi
if kubectl exec -n "$NAMESPACE" "$POD_NAME" -c "$CONTAINER" -- sh -c "cd /app && PYTHONPATH=/app:/app/shared:\$PYTHONPATH alembic upgrade head" 2>>"$LOG_FILE"; then
echo -e "${GREEN}✓ Migrations applied successfully for $service${NC}"
log_message "INFO" "Migrations applied for $service"
APPLIED_COUNT=$((APPLIED_COUNT + 1))
else
echo -e "${RED}✗ Failed to apply migrations for $service${NC}"
log_message "ERROR" "Failed to apply migrations for $service"
APPLY_FAILED_COUNT=$((APPLY_FAILED_COUNT + 1))
fi
echo ""
done
echo -e "${BLUE}Migration Application Summary:${NC}"
echo -e "${GREEN}✓ Applied: $APPLIED_COUNT services${NC}"
echo -e "${RED}✗ Failed: $APPLY_FAILED_COUNT services${NC}"
echo ""
fi
# Clean up temporary files
rm -f /tmp/*_migration.log /tmp/*_downgrade.log /tmp/*_apply.log 2>/dev/null || true
log_message "INFO" "Cleaned up temporary files"
echo -e "${BLUE}Next steps:${NC}"
echo -e "${YELLOW}1. Review the generated migrations in services/*/migrations/versions/${NC}"
echo -e "${YELLOW}2. Compare with the backup in $BACKUP_DIR${NC}"
echo -e "${YELLOW}3. Check logs in $LOG_FILE for details${NC}"
echo -e "${YELLOW}4. Test migrations by applying them:${NC}"
echo -e " ${GREEN}kubectl exec -n $NAMESPACE -it <pod-name> -c <service>-${CONTAINER_SUFFIX} -- alembic upgrade head${NC}"
echo -e "${YELLOW}5. Verify tables were created:${NC}"
echo -e " ${GREEN}kubectl exec -n $NAMESPACE -it <pod-name> -c <service>-${CONTAINER_SUFFIX} -- python3 -c \"${NC}"
echo -e " ${GREEN}import asyncio; from sqlalchemy.ext.asyncio import create_async_engine; from sqlalchemy import inspect; async def check_tables(): engine = create_async_engine(os.getenv('<SERVICE>_DATABASE_URL')); async with engine.connect() as conn: print(inspect(conn).get_table_names()); await engine.dispose(); asyncio.run(check_tables())${NC}"
echo -e " ${GREEN}\"${NC}"
echo -e "${YELLOW}6. If issues occur, restore from backup:${NC}"
echo -e " ${GREEN}cp -r $BACKUP_DIR/*/versions/* services/*/migrations/versions/${NC}"
echo ""

145
scripts/run_subscription_integration_test.sh Executable file
View File

@@ -0,0 +1,145 @@
#!/bin/bash
# Script to run the subscription creation integration test inside Kubernetes
# This script creates a test pod that runs the integration test
set -e
echo "🚀 Starting subscription creation integration test..."
# Check if there's already a test pod running
EXISTING_POD=$(kubectl get pod subscription-integration-test -n bakery-ia 2>/dev/null || echo "")
if [ -n "$EXISTING_POD" ]; then
echo "🧹 Cleaning up existing test pod..."
kubectl delete pod subscription-integration-test -n bakery-ia --wait=true
echo "✅ Existing pod cleaned up"
fi
# Determine the correct image to use by checking the existing tenant service deployment
IMAGE=$(kubectl get deployment tenant-service -n bakery-ia -o jsonpath='{.spec.template.spec.containers[0].image}')
if [ -z "$IMAGE" ]; then
echo "❌ Could not determine tenant service image. Is the tenant service deployed?"
exit 1
fi
echo "📦 Using image: $IMAGE"
# Create a test pod that runs the integration test with a simple command
echo "🔧 Creating test pod..."
kubectl run subscription-integration-test \
--image="$IMAGE" \
--namespace=bakery-ia \
--restart=Never \
--env="GATEWAY_URL=http://gateway-service:8000" \
--env="STRIPE_SECRET_KEY=$(kubectl get secret payment-secrets -n bakery-ia -o jsonpath='{.data.STRIPE_SECRET_KEY}' | base64 -d)" \
--command -- /bin/sh -c "
set -e
echo '🧪 Setting up test environment...' &&
cd /app &&
echo '📋 Installing test dependencies...' &&
pip install pytest pytest-asyncio httpx stripe --quiet &&
echo '✅ Dependencies installed' &&
echo '' &&
echo '🔧 Configuring test to use internal gateway service URL...' &&
# Backup original file before modification
cp tests/integration/test_subscription_creation_flow.py tests/integration/test_subscription_creation_flow.py.bak &&
# Update the test file to use the internal gateway service URL
sed -i 's|self.base_url = \"https://bakery-ia.local\"|self.base_url = \"http://gateway-service:8000\"|g' tests/integration/test_subscription_creation_flow.py &&
echo '✅ Test configured for internal Kubernetes networking' &&
echo '' &&
echo '🧪 Running subscription creation integration test...' &&
echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━' &&
python -m pytest tests/integration/test_subscription_creation_flow.py -v --tb=short -s --color=yes &&
TEST_RESULT=\$? &&
echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━' &&
echo '' &&
echo '📋 Restoring original test file...' &&
mv tests/integration/test_subscription_creation_flow.py.bak tests/integration/test_subscription_creation_flow.py &&
echo '✅ Original test file restored' &&
echo '' &&
if [ \$TEST_RESULT -eq 0 ]; then
echo '🎉 Integration test PASSED!'
else
echo '❌ Integration test FAILED!'
fi &&
exit \$TEST_RESULT
"
# Wait for the test pod to start
echo "⏳ Waiting for test pod to start..."
sleep 5
# Follow the logs in real-time
echo "📋 Following test execution logs..."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# Stream logs while the pod is running
kubectl logs -f subscription-integration-test -n bakery-ia 2>/dev/null || true
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
# Wait for the pod to complete with a timeout
echo "⏳ Waiting for test pod to complete..."
TIMEOUT=600 # 10 minutes timeout
COUNTER=0
while [ $COUNTER -lt $TIMEOUT ]; do
POD_STATUS=$(kubectl get pod subscription-integration-test -n bakery-ia -o jsonpath='{.status.phase}' 2>/dev/null)
if [ "$POD_STATUS" == "Succeeded" ] || [ "$POD_STATUS" == "Failed" ]; then
break
fi
sleep 2
COUNTER=$((COUNTER + 2))
done
if [ $COUNTER -ge $TIMEOUT ]; then
echo "⏰ Timeout waiting for test to complete after $TIMEOUT seconds"
echo "📋 Fetching final logs before cleanup..."
kubectl logs subscription-integration-test -n bakery-ia --tail=100
echo "🧹 Cleaning up test pod due to timeout..."
kubectl delete pod subscription-integration-test -n bakery-ia --wait=false
exit 1
fi
# Get the final status
POD_STATUS=$(kubectl get pod subscription-integration-test -n bakery-ia -o jsonpath='{.status.phase}')
CONTAINER_EXIT_CODE=$(kubectl get pod subscription-integration-test -n bakery-ia -o jsonpath='{.status.containerStatuses[0].state.terminated.exitCode}' 2>/dev/null || echo "unknown")
echo ""
echo "📊 Test Results:"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Pod Status: $POD_STATUS"
echo "Exit Code: $CONTAINER_EXIT_CODE"
# Determine if the test passed
if [ "$POD_STATUS" == "Succeeded" ] && [ "$CONTAINER_EXIT_CODE" == "0" ]; then
echo ""
echo "✅ Integration test PASSED!"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
RESULT=0
else
echo ""
echo "❌ Integration test FAILED!"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
# Show additional logs if failed
if [ "$POD_STATUS" == "Failed" ]; then
echo ""
echo "📋 Last 50 lines of logs:"
kubectl logs subscription-integration-test -n bakery-ia --tail=50
fi
RESULT=1
fi
# Clean up the test pod
echo ""
echo "🧹 Cleaning up test pod..."
kubectl delete pod subscription-integration-test -n bakery-ia --wait=false
echo "🏁 Integration test process completed!"
exit $RESULT

649
scripts/setup-https.sh Executable file
View File

@@ -0,0 +1,649 @@
#!/bin/bash
# Bakery IA HTTPS Setup Script
# This script sets up HTTPS with cert-manager and Let's Encrypt for local development
# Remove -e to handle errors more gracefully
set -u
echo "🔒 Setting up HTTPS for Bakery IA with cert-manager and Let's Encrypt"
echo "==============================================================="
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check prerequisites
check_prerequisites() {
print_status "Checking prerequisites..."
# Check required tools
local missing_tools=()
if ! command -v kubectl &> /dev/null; then
missing_tools+=("kubectl")
fi
if ! command -v kind &> /dev/null; then
missing_tools+=("kind")
fi
if ! command -v skaffold &> /dev/null; then
missing_tools+=("skaffold")
fi
if ! command -v colima &> /dev/null; then
missing_tools+=("colima")
fi
# Report missing tools
if [ ${#missing_tools[@]} -ne 0 ]; then
print_error "Missing required tools: ${missing_tools[*]}"
print_error "Please install them with: brew install ${missing_tools[*]}"
exit 1
fi
# Check if Colima is running
if ! colima status --profile k8s-local &> /dev/null; then
print_warning "Colima is not running. Starting Colima..."
colima start --cpu 8 --memory 16 --disk 100 --runtime docker --profile k8s-local
if [ $? -ne 0 ]; then
print_error "Failed to start Colima. Please check your Docker installation."
exit 1
fi
print_success "Colima started successfully"
fi
# Check if cluster is running or exists
local cluster_exists=false
local cluster_running=false
# Check if Kind cluster exists
if kind get clusters | grep -q "bakery-ia-local"; then
cluster_exists=true
print_status "Kind cluster 'bakery-ia-local' already exists"
# Check if kubectl can connect to it
if kubectl cluster-info --context kind-bakery-ia-local &> /dev/null; then
cluster_running=true
print_success "Kubernetes cluster is running and accessible"
else
print_warning "Kind cluster exists but is not accessible via kubectl"
fi
fi
# Handle cluster creation/recreation
if [ "$cluster_exists" = true ] && [ "$cluster_running" = false ]; then
print_warning "Kind cluster exists but is not running. Recreating..."
kind delete cluster --name bakery-ia-local || true
cluster_exists=false
fi
if [ "$cluster_exists" = false ]; then
print_warning "Creating new Kind cluster..."
if [ ! -f "kind-config.yaml" ]; then
print_error "kind-config.yaml not found. Please ensure you're running this script from the project root."
exit 1
fi
if kind create cluster --config kind-config.yaml; then
print_success "Kind cluster created successfully"
else
print_error "Failed to create Kind cluster. Please check your Kind installation."
exit 1
fi
fi
# Ensure we're using the correct kubectl context
kubectl config use-context kind-bakery-ia-local || {
print_error "Failed to set kubectl context to kind-bakery-ia-local"
exit 1
}
print_success "Prerequisites check passed"
}
# Install cert-manager
install_cert_manager() {
print_status "Installing cert-manager..."
# Check if cert-manager is already installed
if kubectl get namespace cert-manager &> /dev/null; then
print_warning "cert-manager namespace already exists. Checking if installation is complete..."
# Check if pods are running
if kubectl get pods -n cert-manager | grep -q "Running"; then
print_success "cert-manager is already installed and running"
return 0
else
print_status "cert-manager exists but pods are not ready. Waiting..."
fi
else
# Install cert-manager
print_status "Installing cert-manager from official release..."
if kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml; then
print_success "cert-manager installation started"
else
print_error "Failed to install cert-manager. Please check your internet connection and try again."
exit 1
fi
fi
# Wait for cert-manager namespace to be created
print_status "Waiting for cert-manager namespace..."
for i in {1..30}; do
if kubectl get namespace cert-manager &> /dev/null; then
break
fi
sleep 2
done
# Wait for cert-manager pods to be created
print_status "Waiting for cert-manager pods to be created..."
for i in {1..60}; do
if kubectl get pods -n cert-manager &> /dev/null && [ $(kubectl get pods -n cert-manager --no-headers | wc -l) -ge 3 ]; then
print_success "cert-manager pods created"
break
fi
print_status "Waiting for cert-manager pods... (attempt $i/60)"
sleep 5
done
# Wait for cert-manager pods to be ready
print_status "Waiting for cert-manager pods to be ready..."
# Use more reliable selectors for cert-manager components
local components=(
"app.kubernetes.io/name=cert-manager"
"app.kubernetes.io/name=cainjector"
"app.kubernetes.io/name=webhook"
)
local component_names=("cert-manager" "cert-manager-cainjector" "cert-manager-webhook")
for i in "${!components[@]}"; do
local selector="${components[$i]}"
local name="${component_names[$i]}"
print_status "Waiting for $name to be ready..."
# First check if pods exist with this selector
local pod_count=0
for attempt in {1..30}; do
pod_count=$(kubectl get pods -n cert-manager -l "$selector" --no-headers 2>/dev/null | wc -l)
if [ "$pod_count" -gt 0 ]; then
break
fi
sleep 2
done
if [ "$pod_count" -eq 0 ]; then
print_warning "No pods found for $name with selector $selector, trying alternative approach..."
# Fallback: wait for any pods containing the component name
if kubectl wait --for=condition=ready pod -n cert-manager --all --timeout=300s 2>/dev/null; then
print_success "All cert-manager pods are ready"
break
else
print_warning "$name pods not found, but continuing..."
continue
fi
fi
# Wait for the specific component to be ready
if kubectl wait --for=condition=ready pod -l "$selector" -n cert-manager --timeout=300s 2>/dev/null; then
print_success "$name is ready"
else
print_warning "$name is taking longer than expected. Checking status..."
kubectl get pods -n cert-manager -l "$selector" 2>/dev/null || true
# Continue anyway, sometimes it works despite timeout
print_warning "Continuing with setup. $name may still be starting..."
fi
done
# Final verification
if kubectl get pods -n cert-manager | grep -q "Running"; then
print_success "cert-manager installed successfully"
else
print_warning "cert-manager installation may not be complete. Current status:"
kubectl get pods -n cert-manager
print_status "Continuing with setup anyway..."
fi
}
# Install NGINX Ingress Controller
install_nginx_ingress() {
print_status "Installing NGINX Ingress Controller for Kind..."
# Check if NGINX Ingress is already installed
if kubectl get namespace ingress-nginx &> /dev/null; then
print_warning "NGINX Ingress Controller namespace already exists. Checking status..."
# Check if controller is running
if kubectl get pods -n ingress-nginx -l app.kubernetes.io/component=controller | grep -q "Running"; then
print_success "NGINX Ingress Controller is already running"
else
print_status "NGINX Ingress Controller exists but not ready. Waiting..."
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=300s 2>/dev/null || {
print_warning "Ingress controller taking longer than expected, but continuing..."
}
fi
else
# Install NGINX Ingress Controller for Kind (updated URL)
print_status "Installing NGINX Ingress Controller for Kind..."
if kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml; then
print_success "NGINX Ingress Controller installation started"
# Wait for ingress controller to be ready
print_status "Waiting for NGINX Ingress Controller to be ready..."
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=300s 2>/dev/null || {
print_warning "Ingress controller taking longer than expected, but continuing..."
}
else
print_error "Failed to install NGINX Ingress Controller"
exit 1
fi
fi
# Configure ingress for permanent localhost access
print_status "Configuring permanent localhost access..."
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort","ports":[{"name":"http","port":80,"targetPort":"http","nodePort":30080},{"name":"https","port":443,"targetPort":"https","nodePort":30443}]}}' || true
print_success "NGINX Ingress Controller configured successfully"
}
# Setup cluster issuers
setup_cluster_issuers() {
print_status "Setting up cluster issuers..."
# Check if cert-manager components exist
if [ ! -f "infrastructure/platform/cert-manager/cluster-issuer-staging.yaml" ]; then
print_error "cert-manager component files not found. Please ensure you're running this script from the project root."
exit 1
fi
# Apply cluster issuers
print_status "Applying cluster issuers..."
local issuer_files=(
"infrastructure/platform/cert-manager/cluster-issuer-staging.yaml"
"infrastructure/platform/cert-manager/local-ca-issuer.yaml"
"infrastructure/platform/cert-manager/cluster-issuer-production.yaml"
)
for issuer_file in "${issuer_files[@]}"; do
if [ -f "$issuer_file" ]; then
print_status "Applying $issuer_file..."
kubectl apply -f "$issuer_file" || {
print_warning "Failed to apply $issuer_file, but continuing..."
}
else
print_warning "$issuer_file not found, skipping..."
fi
done
# Wait for the issuers to be created
print_status "Waiting for cluster issuers to be ready..."
sleep 15
# Check if issuers are ready
print_status "Checking cluster issuer status..."
kubectl get clusterissuers 2>/dev/null || print_warning "No cluster issuers found yet"
# Verify that the local CA issuer is ready (if it exists)
if kubectl get clusterissuer local-ca-issuer &> /dev/null; then
for i in {1..10}; do
local issuer_ready=$(kubectl get clusterissuer local-ca-issuer -o jsonpath='{.status.conditions[0].type}' 2>/dev/null || echo "")
if [[ "$issuer_ready" == "Ready" ]]; then
print_success "Local CA issuer is ready"
break
fi
print_status "Waiting for local CA issuer to be ready... (attempt $i/10)"
sleep 10
done
else
print_warning "Local CA issuer not found, skipping readiness check"
fi
print_success "Cluster issuers configured successfully"
}
# Deploy the application with HTTPS using Skaffold
deploy_with_https() {
print_status "Deploying Bakery IA with HTTPS support using Skaffold..."
# Check if Skaffold is available
if ! command -v skaffold &> /dev/null; then
print_error "Skaffold is not installed. Please install skaffold first:"
print_error "brew install skaffold"
exit 1
fi
# Check if skaffold.yaml exists
if [ ! -f "skaffold.yaml" ]; then
print_error "skaffold.yaml not found. Please ensure you're running this script from the project root."
exit 1
fi
# Deploy with Skaffold (builds and deploys automatically with HTTPS support)
print_status "Building and deploying with Skaffold (dev profile includes HTTPS)..."
if skaffold run --profile=dev; then
print_success "Skaffold deployment started"
else
print_warning "Skaffold deployment had issues, but continuing..."
fi
# Wait for namespace to be created
print_status "Waiting for bakery-ia namespace..."
for i in {1..30}; do
if kubectl get namespace bakery-ia &> /dev/null; then
print_success "bakery-ia namespace found"
break
fi
sleep 2
done
# Check if namespace was created
if ! kubectl get namespace bakery-ia &> /dev/null; then
print_warning "bakery-ia namespace not found. Deployment may have failed."
return 0
fi
# Wait for deployments to be ready
print_status "Waiting for deployments to be ready..."
if kubectl wait --for=condition=available --timeout=600s deployment --all -n bakery-ia 2>/dev/null; then
print_success "All deployments are ready"
else
print_warning "Some deployments are taking longer than expected, but continuing..."
fi
# Verify ingress exists
if kubectl get ingress bakery-ingress -n bakery-ia &> /dev/null; then
print_success "HTTPS ingress configured successfully"
else
print_warning "Ingress not found, but continuing with setup..."
fi
print_success "Application deployed with HTTPS support using Skaffold"
}
# Check certificate status
check_certificates() {
print_status "Checking certificate status..."
# Wait for certificate to be issued
print_status "Waiting for certificates to be issued..."
# Check if certificate exists
for i in {1..12}; do
if kubectl get certificate bakery-ia-tls-cert -n bakery-ia &> /dev/null; then
print_success "Certificate found"
break
fi
print_status "Waiting for certificate to be created... (attempt $i/12)"
sleep 10
done
# Wait for certificate to be ready
for i in {1..20}; do
if kubectl get certificate bakery-ia-tls-cert -n bakery-ia -o jsonpath='{.status.conditions[0].type}' 2>/dev/null | grep -q "Ready"; then
print_success "Certificate is ready"
break
fi
print_status "Waiting for certificate to be ready... (attempt $i/20)"
sleep 15
done
echo ""
echo "📋 Certificate status:"
kubectl get certificates -n bakery-ia 2>/dev/null || print_warning "No certificates found"
echo ""
echo "🔍 Certificate details:"
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia 2>/dev/null || print_warning "Certificate not found"
echo ""
echo "🔐 TLS secret status:"
kubectl get secret bakery-ia-tls-cert -n bakery-ia 2>/dev/null || print_warning "TLS secret not found"
}
# Update hosts file
update_hosts_file() {
print_status "Checking hosts file configuration..."
# Get the external IP for Kind
EXTERNAL_IP="127.0.0.1"
# Check if entries exist in hosts file
if ! grep -q "bakery-ia.local" /etc/hosts 2>/dev/null; then
print_warning "Adding entries to /etc/hosts file for named host access..."
# Ask for user permission
read -p "Do you want to add entries to /etc/hosts for named host access? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Add hosts entries with proper error handling
{
echo "$EXTERNAL_IP bakery-ia.local"
echo "$EXTERNAL_IP api.bakery-ia.local"
echo "$EXTERNAL_IP monitoring.bakery-ia.local"
} | sudo tee -a /etc/hosts > /dev/null
if [ $? -eq 0 ]; then
print_success "Hosts file entries added successfully"
else
print_error "Failed to update hosts file. You may need to add entries manually."
fi
else
print_warning "Skipping hosts file update. You can still access via https://localhost"
fi
else
print_success "Hosts file entries already exist"
fi
echo ""
print_status "Available access methods:"
echo " 🌐 Primary: https://localhost (no hosts file needed)"
echo " 🏷️ Named: https://bakery-ia.local (requires hosts file)"
echo " 🔗 API: https://localhost/api or https://api.bakery-ia.local"
}
# Export CA certificate for browser trust
export_ca_certificate() {
print_status "Exporting CA certificate for browser trust..."
# Wait for CA certificate to be created
for i in {1..10}; do
if kubectl get secret local-ca-key-pair -n cert-manager &> /dev/null; then
print_success "CA certificate secret found"
break
fi
print_status "Waiting for CA certificate secret... (attempt $i/10)"
sleep 10
done
# Extract the CA certificate
if kubectl get secret local-ca-key-pair -n cert-manager &> /dev/null; then
if kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt 2>/dev/null; then
print_success "CA certificate exported as 'bakery-ia-ca.crt'"
# Make the certificate file readable
chmod 644 bakery-ia-ca.crt
else
print_warning "Failed to extract CA certificate from secret"
fi
print_warning "To trust this certificate and remove browser warnings:"
echo ""
echo "📱 macOS:"
echo " 1. Double-click 'bakery-ia-ca.crt' to open Keychain Access"
echo " 2. Find 'bakery-ia-local-ca' in the certificates list"
echo " 3. Double-click it and set to 'Always Trust'"
echo ""
echo "🐧 Linux:"
echo " sudo cp bakery-ia-ca.crt /usr/local/share/ca-certificates/"
echo " sudo update-ca-certificates"
echo ""
echo "🪟 Windows:"
echo " 1. Double-click 'bakery-ia-ca.crt'"
echo " 2. Click 'Install Certificate'"
echo " 3. Choose 'Trusted Root Certification Authorities'"
echo ""
else
print_warning "CA certificate secret not found. HTTPS will work but with browser warnings."
print_warning "You can still access the application at https://localhost"
fi
}
# Display access information
display_access_info() {
print_success "🎉 HTTPS setup completed!"
echo ""
echo "🌐 Access your application at:"
echo " Primary: https://localhost"
echo " API: https://localhost/api"
echo " Named Host: https://bakery-ia.local (if hosts file updated)"
echo " API Named: https://api.bakery-ia.local (if hosts file updated)"
echo ""
echo "🛠️ Useful commands:"
echo " 📋 Check status: kubectl get all -n bakery-ia"
echo " 🔍 Check ingress: kubectl get ingress -n bakery-ia"
echo " 📜 Check certificates: kubectl get certificates -n bakery-ia"
echo " 📝 View service logs: kubectl logs -f deployment/<service-name> -n bakery-ia"
echo " 🚀 Development mode: skaffold dev --profile=dev"
echo " 🧹 Clean up: skaffold delete --profile=dev"
echo " 🔄 Restart service: kubectl rollout restart deployment/<service-name> -n bakery-ia"
echo ""
echo "🔧 Troubleshooting:"
echo " 🩺 Get events: kubectl get events -n bakery-ia --sort-by='.firstTimestamp'"
echo " 🔍 Describe pod: kubectl describe pod <pod-name> -n bakery-ia"
echo " 📊 Resource usage: kubectl top pods -n bakery-ia"
echo " 🔐 Certificate details: kubectl describe certificate bakery-ia-tls-cert -n bakery-ia"
echo ""
if [ -f "bakery-ia-ca.crt" ]; then
print_warning "📋 Next steps:"
echo " 1. Import 'bakery-ia-ca.crt' into your browser to remove certificate warnings"
echo " 2. Access https://localhost to verify the setup"
echo " 3. Run 'skaffold dev --profile=dev' for development with hot-reload"
else
print_warning "⚠️ Note: You may see certificate warnings until the CA certificate is properly configured"
fi
echo ""
print_status "🎯 The application is now ready for secure development!"
}
# Check current cert-manager status for debugging
check_current_cert_manager_status() {
print_status "Checking current cert-manager status..."
if kubectl get namespace cert-manager &> /dev/null; then
echo ""
echo "📋 Current cert-manager pods status:"
kubectl get pods -n cert-manager
echo ""
echo "🔍 cert-manager deployments:"
kubectl get deployments -n cert-manager
# Check for any pending or failed pods
local failed_pods=$(kubectl get pods -n cert-manager --field-selector=status.phase!=Running --no-headers 2>/dev/null | wc -l)
if [ "$failed_pods" -gt 0 ]; then
echo ""
print_warning "Found $failed_pods non-running pods. Details:"
kubectl get pods -n cert-manager --field-selector=status.phase!=Running
fi
echo ""
else
print_status "cert-manager namespace not found. Will install fresh."
fi
}
# Cleanup function for failed installations
cleanup_on_failure() {
print_warning "Cleaning up due to failure..."
# Optional cleanup - ask user
read -p "Do you want to clean up the Kind cluster and start fresh? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
print_status "Cleaning up Kind cluster..."
kind delete cluster --name bakery-ia-local || true
print_success "Cleanup completed. You can run the script again."
else
print_status "Keeping existing setup. You can continue manually or run the script again."
fi
}
# Trap function to handle script interruption
trap 'echo ""; print_warning "Script interrupted. Partial setup may be present."; cleanup_on_failure; exit 1' INT TERM
# Main execution
main() {
echo "Starting HTTPS setup for Bakery IA..."
# Set error handling for individual steps
local step_failed=false
check_prerequisites || { step_failed=true; }
if [ "$step_failed" = false ]; then
check_current_cert_manager_status || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
install_cert_manager || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
install_nginx_ingress || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
setup_cluster_issuers || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
deploy_with_https || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
check_certificates || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
update_hosts_file || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
export_ca_certificate || { step_failed=true; }
fi
if [ "$step_failed" = false ]; then
display_access_info
print_success "Setup completed successfully! 🚀"
else
print_error "Setup failed at one or more steps. Check the output above for details."
cleanup_on_failure
exit 1
fi
}
# Run main function
main "$@"

289
scripts/setup-local-registry.sh Executable file
View File

@@ -0,0 +1,289 @@
#!/bin/bash
# Bakery-IA Local Registry Setup and Base Image Management
# Standardized script for setting up local registry and managing base images
# Usage: ./scripts/setup-local-registry.sh [start|stop|prepull|push|clean]
set -e
# Configuration
LOCAL_REGISTRY="localhost:5000"
REGISTRY_NAME="bakery-local-registry"
REGISTRY_DATA_DIR="$(pwd)/kind-registry"
DOCKER_USERNAME="uals"
DOCKER_PASSWORD="dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A"
# Standardized base images (optimized list)
BASE_IMAGES=(
"python:3.11-slim"
"postgres:17-alpine"
"redis:7.4-alpine"
"busybox:1.36"
"busybox:latest"
"curlimages/curl:latest"
"bitnami/kubectl:latest"
"alpine:3.18"
"alpine:3.19"
"gcr.io/kaniko-project/executor:v1.23.0"
"alpine/git:2.43.0"
)
echo "=========================================="
echo "Bakery-IA Local Registry Manager"
echo "=========================================="
echo ""
# Function to authenticate with Docker Hub
authenticate_docker_hub() {
echo "Authenticating with Docker Hub..."
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
echo "✓ Authentication successful"
}
# Function to start local registry
start_registry() {
echo "Starting local registry at $LOCAL_REGISTRY..."
# Create data directory
mkdir -p "$REGISTRY_DATA_DIR"
# Check if registry is already running
if docker ps -a --format '{{.Names}}' | grep -q "^$REGISTRY_NAME$"; then
echo "Registry container already exists"
if docker ps --format '{{.Names}}' | grep -q "^$REGISTRY_NAME$"; then
echo "✓ Registry is already running"
return 0
else
echo "Starting existing registry container..."
docker start "$REGISTRY_NAME"
fi
else
# Start new registry container
docker run -d -p 5000:5000 --name "$REGISTRY_NAME" \
-v "$REGISTRY_DATA_DIR:/var/lib/registry" \
registry:2
fi
# Wait for registry to be ready
echo "Waiting for registry to be ready..."
for i in {1..30}; do
if curl -s http://$LOCAL_REGISTRY/v2/ > /dev/null 2>&1; then
echo "✓ Registry is ready"
return 0
fi
sleep 1
done
echo "❌ Registry failed to start"
exit 1
}
# Function to stop local registry
stop_registry() {
echo "Stopping local registry..."
docker stop "$REGISTRY_NAME" || true
echo "✓ Registry stopped"
}
# Function to clean registry
clean_registry() {
echo "Cleaning local registry..."
stop_registry
rm -rf "$REGISTRY_DATA_DIR"
echo "✓ Registry cleaned"
}
# Function to pre-pull base images
prepull_images() {
authenticate_docker_hub
echo "Pre-pulling base images..."
for image in "${BASE_IMAGES[@]}"; do
echo "Pulling: $image"
docker pull "$image"
echo " ✓ Successfully pulled $image"
done
echo "✓ All base images pre-pulled"
}
# Function to push images to local registry
push_images_to_registry() {
echo "Pushing base images to local registry..."
for image in "${BASE_IMAGES[@]}"; do
local_image="$LOCAL_REGISTRY/$(echo $image | sed 's|/|_|g' | sed 's|:|_|g')"
echo "Tagging and pushing: $image$local_image"
# Tag the image
docker tag "$image" "$local_image"
# Push to local registry
docker push "$local_image"
echo " ✓ Pushed $local_image"
done
echo "✓ All base images pushed to local registry"
# Show registry contents
echo "Registry contents:"
curl -s http://$LOCAL_REGISTRY/v2/_catalog | jq . || echo "Registry is running"
}
# Function to update Dockerfiles
update_dockerfiles() {
echo "Updating Dockerfiles to use local registry..."
# Update all Dockerfiles
find services -name "Dockerfile" -exec sed -i '' \
's|FROM python:3.11-slim|FROM localhost:5000/python_3.11-slim|g' {} +
# Also update any remaining python references
find services -name "Dockerfile" -exec sed -i '' \
's|ghcr.io/library/python:3.11-slim|localhost:5000/python_3.11-slim|g' {} +
echo "✓ Dockerfiles updated to use local registry"
}
# Function to revert Dockerfiles
revert_dockerfiles() {
echo "Reverting Dockerfiles to use original images..."
# Revert all Dockerfiles
find services -name "Dockerfile" -exec sed -i '' \
's|FROM localhost:5000/python_3.11-slim|FROM python:3.11-slim|g' {} +
echo "✓ Dockerfiles reverted to original images"
}
# Function to show registry status
show_status() {
echo "Local Registry Status:"
echo "---------------------"
if docker ps --format '{{.Names}}' | grep -q "^$REGISTRY_NAME$"; then
echo "Status: Running"
echo "Address: $LOCAL_REGISTRY"
echo "Data Directory: $REGISTRY_DATA_DIR"
echo ""
echo "Images in registry:"
curl -s http://$LOCAL_REGISTRY/v2/_catalog | jq -r '.repositories[]' || echo "Registry accessible"
else
echo "Status: Stopped"
echo "To start: ./scripts/setup-local-registry.sh start"
fi
}
# Function to show help
show_help() {
echo "Usage: $0 [command]"
echo ""
echo "Commands:"
echo " start Start local registry"
echo " stop Stop local registry"
echo " prepull Pre-pull base images from Docker Hub"
echo " push Push pre-pulled images to local registry"
echo " update Update Dockerfiles to use local registry"
echo " revert Revert Dockerfiles to original images"
echo " clean Clean registry (stop + remove data)"
echo " status Show registry status"
echo " all Run prepull + start + push + update"
echo " help Show this help message"
echo ""
echo "Examples:"
echo " $0 start prepull push update"
echo " $0 all"
echo " $0 clean"
}
# Main script logic
if [ $# -eq 0 ]; then
show_help
exit 1
fi
COMMAND="$1"
shift
case "$COMMAND" in
start)
start_registry
;;
stop)
stop_registry
;;
prepull)
prepull_images
;;
push)
push_images_to_registry
;;
update)
update_dockerfiles
;;
revert)
revert_dockerfiles
;;
clean)
clean_registry
;;
status)
show_status
;;
all)
authenticate_docker_hub
start_registry
prepull_images
push_images_to_registry
update_dockerfiles
show_status
;;
help|--help|-h)
show_help
;;
*)
echo "Unknown command: $COMMAND"
show_help
exit 1
;;
esac
# Run additional commands if provided
for cmd in "$@"; do
case "$cmd" in
start)
start_registry
;;
stop)
stop_registry
;;
prepull)
prepull_images
;;
push)
push_images_to_registry
;;
update)
update_dockerfiles
;;
revert)
revert_dockerfiles
;;
clean)
clean_registry
;;
status)
show_status
;;
*)
echo "Unknown command: $cmd"
;;
esac
done
echo ""
echo "=========================================="
echo "Operation completed!"
echo "=========================================="

36
scripts/setup/setup-infrastructure.sh Executable file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
# Bakery-IA Infrastructure Setup Script
# This script applies infrastructure resources in the correct dependency order
set -e # Exit on error
echo "🚀 Starting Bakery-IA infrastructure setup..."
# Step 1: Apply namespaces first (they must exist before other resources)
echo "📦 Creating namespaces..."
kubectl apply -f infrastructure/namespaces/
# Step 2: Apply common configurations (depends on bakery-ia namespace)
echo "🔧 Applying common configurations..."
kubectl apply -f infrastructure/environments/common/configs/
# Step 3: Apply platform components
echo "🖥️ Applying platform components..."
kubectl apply -f infrastructure/platform/
# Step 4: Apply CI/CD components (depends on tekton-pipelines and flux-system namespaces)
echo "🔄 Applying CI/CD components..."
kubectl apply -f infrastructure/cicd/
# Step 5: Apply monitoring components
echo "📊 Applying monitoring components..."
kubectl apply -f infrastructure/monitoring/
echo "✅ Infrastructure setup completed successfully!"
# Verify namespaces
echo "🔍 Verifying namespaces..."
kubectl get namespaces | grep -E "(bakery-ia|tekton-pipelines|flux-system)"
echo "🎉 All infrastructure components have been deployed."

154
scripts/tag-and-push-images.sh Executable file
View File

@@ -0,0 +1,154 @@
#!/bin/bash
# Script to tag and push all Bakery IA images to a container registry
# Usage: ./tag-and-push-images.sh [REGISTRY_PREFIX] [TAG]
# Example: ./tag-and-push-images.sh myuser/bakery v1.0.0
set -e
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Configuration
REGISTRY_PREFIX="${1:-}"
TAG="${2:-latest}"
if [ -z "$REGISTRY_PREFIX" ]; then
echo -e "${RED}Error: Registry prefix required${NC}"
echo "Usage: $0 REGISTRY_PREFIX [TAG]"
echo ""
echo "Examples:"
echo " Docker Hub: $0 myusername/bakery v1.0.0"
echo " GitHub: $0 ghcr.io/myorg/bakery v1.0.0"
echo " MicroK8s: $0 YOUR_VPS_IP:32000/bakery v1.0.0"
exit 1
fi
# List of all services
SERVICES=(
"gateway"
"dashboard"
"auth-service"
"tenant-service"
"training-service"
"forecasting-service"
"sales-service"
"external-service"
"notification-service"
"inventory-service"
"recipes-service"
"suppliers-service"
"pos-service"
"orders-service"
"production-service"
"procurement-service"
"orchestrator-service"
"alert-processor"
"ai-insights-service"
"demo-session-service"
"distribution-service"
)
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}Bakery IA - Image Tagging and Push${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo "Registry: $REGISTRY_PREFIX"
echo "Tag: $TAG"
echo ""
# Function to tag image
tag_image() {
local service=$1
local local_name="bakery/${service}"
local remote_name="${REGISTRY_PREFIX}-${service}:${TAG}"
echo -e "${YELLOW}Tagging ${local_name} -> ${remote_name}${NC}"
if docker tag "$local_name" "$remote_name"; then
echo -e "${GREEN}✓ Tagged $service${NC}"
return 0
else
echo -e "${RED}✗ Failed to tag $service${NC}"
return 1
fi
}
# Function to push image
push_image() {
local service=$1
local remote_name="${REGISTRY_PREFIX}-${service}:${TAG}"
echo -e "${YELLOW}Pushing ${remote_name}${NC}"
if docker push "$remote_name"; then
echo -e "${GREEN}✓ Pushed $service${NC}"
return 0
else
echo -e "${RED}✗ Failed to push $service${NC}"
return 1
fi
}
# Check if user is logged in to registry
echo -e "${YELLOW}Checking registry authentication...${NC}"
if ! docker info > /dev/null 2>&1; then
echo -e "${RED}Error: Docker daemon not running${NC}"
exit 1
fi
echo -e "${GREEN}✓ Docker is running${NC}"
echo ""
# Ask for confirmation
echo -e "${YELLOW}This will tag and push ${#SERVICES[@]} images.${NC}"
read -p "Continue? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Cancelled."
exit 0
fi
echo ""
echo -e "${GREEN}Starting image tagging and push...${NC}"
echo ""
# Track success/failure
SUCCESS_COUNT=0
FAILED_SERVICES=()
# Tag and push all images
for service in "${SERVICES[@]}"; do
if tag_image "$service" && push_image "$service"; then
((SUCCESS_COUNT++))
else
FAILED_SERVICES+=("$service")
fi
echo ""
done
# Summary
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}Summary${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo "Successfully pushed: $SUCCESS_COUNT/${#SERVICES[@]}"
if [ ${#FAILED_SERVICES[@]} -gt 0 ]; then
echo -e "${RED}Failed services:${NC}"
for service in "${FAILED_SERVICES[@]}"; do
echo -e "${RED} - $service${NC}"
done
exit 1
else
echo -e "${GREEN}All images pushed successfully!${NC}"
echo ""
echo "Next steps:"
echo "1. Update image names in infrastructure/environments/prod/k8s-manifests/kustomization.yaml"
echo "2. Deploy to production: kubectl apply -k infrastructure/environments/prod/k8s-manifests"
fi
echo ""

89
scripts/test-mailu-helm.sh Executable file
View File

@@ -0,0 +1,89 @@
#!/bin/bash
# Test script to validate the Mailu Helm installation
# This script verifies that the configuration files are properly set up
set -e # Exit on any error
echo "🔍 Validating Mailu Helm configuration..."
# Check if required files exist
REQUIRED_FILES=(
"infrastructure/platform/mail/mailu-helm/values.yaml"
"infrastructure/platform/mail/mailu-helm/dev/values.yaml"
"infrastructure/platform/mail/mailu-helm/prod/values.yaml"
"infrastructure/platform/mail/mailu-helm/README.md"
"infrastructure/platform/mail/mailu-helm/MIGRATION_GUIDE.md"
"infrastructure/platform/mail/mailu-helm/mailu-ingress.yaml"
)
echo "✅ Checking required files..."
for file in "${REQUIRED_FILES[@]}"; do
if [[ -f "$file" ]]; then
echo " Found: $file"
else
echo " ❌ Missing: $file"
exit 1
fi
done
# Validate YAML syntax
echo "✅ Validating YAML syntax..."
for yaml_file in "${REQUIRED_FILES[@]}"; do
if [[ "$yaml_file" == *.yaml ]]; then
echo " Validating: $yaml_file"
if python3 -c "import yaml; yaml.safe_load(open('$yaml_file'))" 2>/dev/null; then
echo " ✓ Valid YAML"
else
echo " ❌ Invalid YAML"
exit 1
fi
fi
done
# Check if Tiltfile was updated
echo "✅ Checking Tiltfile update..."
if grep -q "mailu-helm" Tiltfile; then
echo " ✓ Tiltfile contains mailu-helm manual trigger"
else
echo " ❌ Tiltfile does not contain mailu-helm manual trigger"
exit 1
fi
# Check if configmap was updated
echo "✅ Checking configmap update..."
if grep -q "mailu-postfix.bakery-ia.svc.cluster.local" infrastructure/environments/common/configs/configmap.yaml; then
echo " ✓ ConfigMap updated with new SMTP host"
else
echo " ❌ ConfigMap not updated with new SMTP host"
exit 1
fi
# Check if Signoz config was updated
echo "✅ Checking Signoz configuration update..."
if grep -q "mailu-postfix.bakery-ia.svc.cluster.local" infrastructure/monitoring/signoz/signoz-values-prod.yaml; then
echo " ✓ Signoz configuration updated with new SMTP host"
else
echo " ❌ Signoz configuration not updated with new SMTP host"
exit 1
fi
echo ""
echo "🎉 Validation completed successfully!"
echo ""
echo "📋 Summary of changes made:"
echo " • Created Helm values files for base, dev, and prod environments"
echo " • Updated Tiltfile with manual trigger for Mailu Helm deployment"
echo " • Updated common ConfigMap with new SMTP service name"
echo " • Updated Signoz configuration with new SMTP service name"
echo " • Created documentation and migration guide"
echo ""
echo "🚀 To deploy Mailu via Helm, use the manual trigger in Tilt:"
echo " tilt trigger mailu-helm"
echo ""
echo " Or deploy directly with Helm:"
echo " helm upgrade --install mailu mailu/mailu \\"
echo " --namespace bakery-ia \\"
echo " --create-namespace \\"
echo " -f infrastructure/platform/mail/mailu-helm/values.yaml \\"
echo " -f infrastructure/platform/mail/mailu-helm/dev/values.yaml"

37
scripts/validate_ingress.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
# Script to validate the centralized ingress configurations
echo "Validating centralized ingress configurations..."
# Check if kubectl is available
if ! command -v kubectl &> /dev/null; then
echo "kubectl is not installed or not in PATH. Skipping live cluster validation."
else
echo "kubectl found. Performing syntax validation..."
fi
# Validate YAML syntax of ingress files
echo "Checking dev ingress configuration..."
if yamllint "/Users/urtzialfaro/Documents/bakery-ia/infrastructure/environments/dev/k8s-manifests/dev-ingress.yaml" 2>/dev/null || echo "YAML syntax check completed for dev ingress"; then
echo "✓ Dev ingress configuration syntax appears valid"
else
echo "✗ Error in dev ingress configuration"
fi
echo "Checking prod ingress configuration..."
if yamllint "/Users/urtzialfaro/Documents/bakery-ia/infrastructure/environments/prod/k8s-manifests/prod-ingress.yaml" 2>/dev/null || echo "YAML syntax check completed for prod ingress"; then
echo "✓ Prod ingress configuration syntax appears valid"
else
echo "✗ Error in prod ingress configuration"
fi
echo ""
echo "Summary of centralized ingress configuration:"
echo "- Single ingress resource handles all routes: app, monitoring, and mail"
echo "- TLS certificates cover all required domains"
echo "- CORS headers configured for all environments"
echo "- Proper timeouts for long-lived connections (SSE/WebSocket)"
echo "- Rate limiting in production"
echo "- Mail-specific configurations included"
echo ""
echo "Validation complete!"