Fix issues 7

2026-01-23 21:42:31 +01:00
parent e26481e5e8
commit c3defa3a10
7 changed files with 100 additions and 114 deletions
--- a/frontend/src/api/services/subscription.ts
+++ b/frontend/src/api/services/subscription.ts
@@ -37,7 +37,7 @@ const CACHE_DURATION = 5 * 60 * 1000; // 5 minutes

 export class SubscriptionService {
  private readonly baseUrl = '/tenants';
-  private readonly plansUrl = '/plans';
+  private readonly plansUrl = '/plans/';

  // ============================================================================
  // NEW METHODS - Centralized Plans API
--- a/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml
@@ -156,20 +156,19 @@ spec:

            # Determine Dockerfile path and image name
            # Folder names are: auth, tenant, gateway, frontend, alert_processor, etc.
-            # Image names should be: auth-service, tenant-service, gateway, dashboard, alert-processor, etc.
+            # Image names MUST match what's in the Kubernetes manifests exactly
+            # The manifests use the folder name directly (with underscores preserved)
            if [ "$service" = "gateway" ]; then
              DOCKERFILE_PATH="$WORKSPACE/gateway/Dockerfile"
              IMAGE_NAME="gateway"
            elif [ "$service" = "frontend" ]; then
              DOCKERFILE_PATH="$WORKSPACE/frontend/Dockerfile.kubernetes"
-              IMAGE_NAME="dashboard"
-            elif [ "$service" = "alert_processor" ]; then
-              DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"
-              IMAGE_NAME="alert-processor"
+              IMAGE_NAME="frontend"
            else
              DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"
-              # Convert folder name to image name: auth -> auth-service, demo_session -> demo-session-service
-              IMAGE_NAME=$(echo "$service" | sed 's/_/-/g')"-service"
+              # Use folder name directly - matches manifest image references
+              # e.g., auth, tenant, ai_insights, alert_processor, demo_session, external
+              IMAGE_NAME="$service"
            fi

            # Check if Dockerfile exists
--- a/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml
+++ b/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml
@@ -88,124 +88,90 @@ spec:
        # Switch to target branch
        git checkout "$(params.git-branch)" || git checkout -b "$(params.git-branch)"

+        # Compute short hash once for job name updates
+        SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-8)
+
        # Update image tags in Kubernetes manifests
+        # Service names come from detect-changes task as folder names: auth, tenant, ai_insights, etc.
        for service in $(echo "$(params.services)" | tr ',' '\n'); do
          service=$(echo "$service" | xargs)  # Trim whitespace
          if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then
+            echo ""
+            echo "============================================"
            echo "Updating manifest for service: $service"
+            echo "============================================"

-            # Format service name for directory (convert from kebab-case to snake_case if needed)
-            # Handle special cases like demo-session -> demo_session, alert-processor -> alert_processor, etc.
-            formatted_service=$(echo "$service" | sed 's/-/_/g')
+            # IMAGE_NAME is the same as the service folder name (matching Kaniko output)
+            # This ensures consistency: folder name = image name = manifest reference
+            IMAGE_NAME="$service"
+
+            # Determine manifest paths based on service
+            # Directory structure uses hyphens: ai-insights, alert-processor, demo-session
+            # But image names use underscores: ai_insights, alert_processor, demo_session
+            service_dir=$(echo "$service" | sed 's/_/-/g')

-            # For gateway and frontend, they have different directory structures
            if [ "$service" = "gateway" ]; then
              MANIFEST_PATH="infrastructure/platform/gateway/gateway-service.yaml"
-              IMAGE_NAME="gateway"  # gateway image name is just "gateway"
            elif [ "$service" = "frontend" ]; then
              MANIFEST_PATH="infrastructure/services/microservices/frontend/frontend-service.yaml"
-              IMAGE_NAME="dashboard"  # frontend service uses "dashboard" as image name
-            elif [ "$service" = "alert-processor" ]; then
+            elif [ "$service" = "alert_processor" ]; then
              MANIFEST_PATH="infrastructure/services/microservices/alert-processor/alert-processor.yaml"
-              IMAGE_NAME="alert-processor"
+            elif [ "$service" = "demo_session" ]; then
+              # demo-session uses deployment.yaml instead of demo-session-service.yaml
+              MANIFEST_PATH="infrastructure/services/microservices/demo-session/deployment.yaml"
            else
-              # For microservices, convert service name to directory format
-              # Service names come in as "auth-service", "tenant-service", etc.
-              # Directory names are "auth", "tenant", etc. (without -service suffix)
-              # But some services like "demo-session-service" have dir "demo-session"
-
-              # Remove -service suffix if present for directory name
-              if echo "$service" | grep -q '\-service$'; then
-                service_dir=$(echo "$service" | sed 's/-service$//')
-              else
-                service_dir="$service"
-              fi
-
-              # Check for different possible manifest file names
-              if [ -f "infrastructure/services/microservices/$service_dir/deployment.yaml" ]; then
-                MANIFEST_PATH="infrastructure/services/microservices/$service_dir/deployment.yaml"
-              elif [ -f "infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml" ]; then
-                MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml"
-              elif [ -f "infrastructure/services/microservices/$service_dir/${service}.yaml" ]; then
-                MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service}.yaml"
-              else
-                # Default to the standard naming pattern
-                MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml"
-              fi
-
-              # Image name is the service name as-is (e.g., auth-service, tenant-service)
-              IMAGE_NAME="$service"
+              # Standard services: auth, tenant, orders, inventory, etc.
+              # Also handles: ai_insights -> ai-insights, external -> external
+              MANIFEST_PATH="infrastructure/services/microservices/${service_dir}/${service_dir}-service.yaml"
            fi

            # Update the image tag in the deployment YAML
            if [ -f "$MANIFEST_PATH" ]; then
-              # Update image reference from registry.bakewise.ai/bakery-admin/image_name:tag to registry/image_name:git_revision
-              # Use a broad pattern to match any existing tag (including sha256 hashes)
+              # Update image reference - match the exact image name pattern used in manifests
              sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MANIFEST_PATH"
-
-              echo "Updated image in: $MANIFEST_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
+              echo "Updated: $MANIFEST_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
            else
-              echo "Warning: Manifest file not found: $MANIFEST_PATH"
-              echo "  Tried: $MANIFEST_PATH"
-              echo "  Service: $service, service_dir: $service_dir, IMAGE_NAME: $IMAGE_NAME"
+              echo "Warning: Manifest not found: $MANIFEST_PATH"
            fi

-            # Also update migration job if it exists
-            MIGRATION_JOB_PATH="infrastructure/services/microservices/$service_dir/migrations/${service_dir}-migration-job.yaml"
+            # Update migration job if it exists
+            # Migration jobs use the hyphenated directory name
+            MIGRATION_JOB_PATH="infrastructure/services/microservices/${service_dir}/migrations/${service_dir}-migration-job.yaml"
            if [ -f "$MIGRATION_JOB_PATH" ]; then
              # Update migration job image reference
              sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MIGRATION_JOB_PATH"
-              # Update job name to include short commit hash (makes it unique and avoids immutable field issues)
-              # Use first 7 characters to stay under 63 character limit
-              SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-7)
-              sed -i "s|name: ${service_dir}-migration|name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
-              # Also update labels to match the short hash
-              sed -i "s|app.kubernetes.io/name: ${service_dir}-migration-.*|app.kubernetes.io/name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
-              echo "Updated migration job: $MIGRATION_JOB_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
-              echo "Updated job name and labels to include short commit hash for immutability"
-            else
-              # Try alternative migration job naming patterns
-              if [ -f "infrastructure/services/microservices/$service_dir/migrations/${service}-migration-job.yaml" ]; then
-                MIGRATION_JOB_PATH="infrastructure/services/microservices/$service_dir/migrations/${service}-migration-job.yaml"
-                sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MIGRATION_JOB_PATH"
-                # Update job name to include short commit hash (makes it unique and avoids immutable field issues)
-                # Use first 7 characters to stay under 63 character limit
-                SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-7)
-                sed -i "s|name: ${service}-migration|name: ${service}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
-                # Also update labels to match the short hash
-                sed -i "s|app.kubernetes.io/name: ${service}-migration-.*|app.kubernetes.io/name: ${service}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
-                echo "Updated migration job: $MIGRATION_JOB_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
-                echo "Updated job name and labels to include short commit hash for immutability"
-              else
-                echo "Info: No migration job found for $service"
-              fi
+              # Update job name to include short commit hash (makes it unique for K8s)
+              sed -i "s|name: ${service_dir}-migration-[a-f0-9]*|name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
+              # Also update labels to match
+              sed -i "s|app.kubernetes.io/name: ${service_dir}-migration-[a-f0-9]*|app.kubernetes.io/name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
+              echo "Updated migration: $MIGRATION_JOB_PATH"
            fi
-            
-            # Special case: external-data-init job
+
+            # Special case: external service has additional jobs
            if [ "$service" = "external" ]; then
+              # Update external-data-init job
              EXTERNAL_DATA_INIT_JOB="infrastructure/services/microservices/external/migrations/external-data-init-job.yaml"
              if [ -f "$EXTERNAL_DATA_INIT_JOB" ]; then
-                # Update external-data-init job image and name
-                sed -i "s|image: bakery/external-service:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_INIT_JOB"
-                sed -i "s|name: external-data-init|name: external-data-init-${SHORT_HASH}|g" "$EXTERNAL_DATA_INIT_JOB"
+                sed -i "s|image: registry.bakewise.ai/bakery-admin/external:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_INIT_JOB"
+                sed -i "s|name: external-data-init-[a-f0-9]*|name: external-data-init-${SHORT_HASH}|g" "$EXTERNAL_DATA_INIT_JOB"
                echo "Updated external-data-init job: $EXTERNAL_DATA_INIT_JOB"
              fi
-              
+
              # Update external-data-rotation cronjob
              EXTERNAL_DATA_ROTATION_JOB="infrastructure/services/microservices/external/cronjobs/external-data-rotation-cronjob.yaml"
              if [ -f "$EXTERNAL_DATA_ROTATION_JOB" ]; then
-                sed -i "s|image: bakery/external-service:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_ROTATION_JOB"
-                sed -i "s|name: external-data-rotation|name: external-data-rotation-${SHORT_HASH}|g" "$EXTERNAL_DATA_ROTATION_JOB"
+                sed -i "s|image: registry.bakewise.ai/bakery-admin/external:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_ROTATION_JOB"
+                sed -i "s|name: external-data-rotation-[a-f0-9]*|name: external-data-rotation-${SHORT_HASH}|g" "$EXTERNAL_DATA_ROTATION_JOB"
                echo "Updated external-data-rotation cronjob: $EXTERNAL_DATA_ROTATION_JOB"
              fi
            fi
-            
-            # Special case: demo-cleanup-worker
-            if [ "$service" = "demo-session" ]; then
+
+            # Special case: demo_session service has cleanup worker
+            if [ "$service" = "demo_session" ]; then
              DEMO_CLEANUP_WORKER="infrastructure/services/microservices/demo-session/demo-cleanup-worker.yaml"
              if [ -f "$DEMO_CLEANUP_WORKER" ]; then
-                sed -i "s|image: bakery/demo-session-service:.*|image: $(params.registry)/demo_session:$(params.git-revision)|g" "$DEMO_CLEANUP_WORKER"
-                sed -i "s|name: demo-cleanup-worker|name: demo-cleanup-worker-${SHORT_HASH}|g" "$DEMO_CLEANUP_WORKER"
+                sed -i "s|image: registry.bakewise.ai/bakery-admin/demo_session:.*|image: $(params.registry)/demo_session:$(params.git-revision)|g" "$DEMO_CLEANUP_WORKER"
+                sed -i "s|name: demo-cleanup-worker-[a-f0-9]*|name: demo-cleanup-worker-${SHORT_HASH}|g" "$DEMO_CLEANUP_WORKER"
                echo "Updated demo-cleanup-worker: $DEMO_CLEANUP_WORKER"
              fi
            fi
--- a/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml
+++ b/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml
@@ -42,6 +42,24 @@
 # - Rate limit: 120 requests/minute
 #
 # ============================================================================
+# CRITICAL: AFTER UPDATING THIS SECRET
+# ============================================================================
+#
+# Mailu's Postfix reads SASL credentials ONLY at pod startup. It does NOT
+# automatically reload when this secret changes. You MUST do one of:
+#
+# Option 1: Update the credentials-version annotation in values.yaml and run helm upgrade
+#   - Edit prod/values.yaml: postfix.podAnnotations.credentials-version
+#   - Set to current timestamp: date +%s
+#   - Run: helm upgrade mailu mailu/mailu -f values.yaml -f prod/values.yaml -n bakery-ia
+#
+# Option 2: Manually restart Postfix pod
+#   kubectl rollout restart deployment/mailu-postfix -n bakery-ia
+#
+# Option 3: Delete the Postfix pod (it will be recreated)
+#   kubectl delete pod -l app.kubernetes.io/component=postfix -n bakery-ia
+#
+# ============================================================================
 # DNS RECORDS REQUIRED FOR MAILERSEND:
 # ============================================================================
 #
@@ -84,21 +102,7 @@ stringData:
  # ============================================================================
  # REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS
  # ============================================================================
+  # Key names match Mailu Helm chart defaults (relay-username, relay-password)
  #
-  # Option 1: Use stringData (plain text - Kubernetes will encode automatically)
-  # This is easier for initial setup but shows credentials in the file
-  #
-  RELAY_USERNAME: "MS_d34ZtW@bakewise.ai"
-  RELAY_PASSWORD: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"
-  #
-  # ============================================================================
-  # ALTERNATIVE: Use pre-encoded values (more secure for version control)
-  # ============================================================================
-  # Comment out stringData above and uncomment data below:
-  #
-  # data:
-  #   # Base64 encoded values
-  #   # echo -n 'your-mailersend-username' | base64
-  #   RELAY_USERNAME: WU9VUl9NQUlMRVJTRU5EX1NNVFBfVVNFUk5BTUU=
-  #   # echo -n 'your-mailersend-password' | base64
-  #   RELAY_PASSWORD: WU9VUl9NQUlMRVJTRU5EX1NNVFBfUEFTU1dPUkQ=
+  relay-username: "MS_d34ZtW@bakewise.ai"
+  relay-password: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"
--- a/infrastructure/platform/mail/mailu-helm/dev/values.yaml
+++ b/infrastructure/platform/mail/mailu-helm/dev/values.yaml
@@ -44,9 +44,18 @@ initialAccount:
 externalRelay:
  host: "[smtp.mailgun.org]:587"
  # Credentials loaded from Kubernetes secret
-  secretName: "mailu-mailgun-credentials"
-  usernameKey: "RELAY_USERNAME"
-  passwordKey: "RELAY_PASSWORD"
+  # Key names use Helm chart defaults: relay-username, relay-password
+  existingSecret: "mailu-mailgun-credentials"
+
+# Postfix configuration
+# CRITICAL: podAnnotations ensures Postfix restarts when credentials change
+# Without this, Mailu reads SASL credentials only at pod startup and won't pick up secret updates
+postfix:
+  podAnnotations:
+    # UPDATE THIS VALUE when changing mailu-mailgun-credentials secret
+    # This triggers a rolling restart of Postfix to reload SASL credentials
+    # Generate new value: date +%s or use the secret's resourceVersion
+    credentials-version: "1706054400"

 # Environment-specific configurations
 persistence:
--- a/infrastructure/platform/mail/mailu-helm/prod/values.yaml
+++ b/infrastructure/platform/mail/mailu-helm/prod/values.yaml
@@ -42,9 +42,18 @@ initialAccount:
 externalRelay:
  host: "[smtp.mailersend.net]:2525"
  # Credentials loaded from existing Kubernetes secret
-  secretName: "mailu-mailersend-credentials"
-  usernameKey: "RELAY_USERNAME"
-  passwordKey: "RELAY_PASSWORD"
+  # Key names use Helm chart defaults (relay-username, relay-password)
+  existingSecret: "mailu-mailersend-credentials"
+
+# Postfix configuration
+# CRITICAL: podAnnotations ensures Postfix restarts when credentials change
+# Without this, Mailu reads SASL credentials only at pod startup and won't pick up secret updates
+postfix:
+  podAnnotations:
+    # UPDATE THIS VALUE when changing mailu-mailersend-credentials secret
+    # This triggers a rolling restart of Postfix to reload SASL credentials
+    # Generate new value: date +%s or use the secret's resourceVersion
+    credentials-version: "1706054400"

 # Environment-specific configurations
 persistence:
--- a/infrastructure/platform/mail/mailu-helm/values.yaml
+++ b/infrastructure/platform/mail/mailu-helm/values.yaml
@@ -57,9 +57,8 @@ limits:
 externalRelay:
  host: "[smtp.mailersend.net]:587"
  # Use existing secret for credentials (recommended for security)
-  secretName: "mailu-mailersend-credentials"
-  usernameKey: "RELAY_USERNAME"
-  passwordKey: "RELAY_PASSWORD"
+  # Key names use Helm chart defaults: relay-username, relay-password
+  existingSecret: "mailu-mailersend-credentials"

 # Webmail configuration
 webmail: