From c3defa3a10330c78497214b2535e51322aa7aac5 Mon Sep 17 00:00:00 2001 From: Bakery Admin Date: Fri, 23 Jan 2026 21:42:31 +0100 Subject: [PATCH] Fix issues 7 --- frontend/src/api/services/subscription.ts | 2 +- .../templates/task-kaniko-build.yaml | 13 +- .../templates/task-update-gitops.yaml | 126 +++++++----------- .../mailersend-credentials-secret.yaml | 38 +++--- .../platform/mail/mailu-helm/dev/values.yaml | 15 ++- .../platform/mail/mailu-helm/prod/values.yaml | 15 ++- .../platform/mail/mailu-helm/values.yaml | 5 +- 7 files changed, 100 insertions(+), 114 deletions(-) diff --git a/frontend/src/api/services/subscription.ts b/frontend/src/api/services/subscription.ts index fd4992c9..b3b7958e 100644 --- a/frontend/src/api/services/subscription.ts +++ b/frontend/src/api/services/subscription.ts @@ -37,7 +37,7 @@ const CACHE_DURATION = 5 * 60 * 1000; // 5 minutes export class SubscriptionService { private readonly baseUrl = '/tenants'; - private readonly plansUrl = '/plans'; + private readonly plansUrl = '/plans/'; // ============================================================================ // NEW METHODS - Centralized Plans API diff --git a/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml b/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml index 74ba2ff9..8b5a4d66 100644 --- a/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml +++ b/infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml @@ -156,20 +156,19 @@ spec: # Determine Dockerfile path and image name # Folder names are: auth, tenant, gateway, frontend, alert_processor, etc. - # Image names should be: auth-service, tenant-service, gateway, dashboard, alert-processor, etc. + # Image names MUST match what's in the Kubernetes manifests exactly + # The manifests use the folder name directly (with underscores preserved) if [ "$service" = "gateway" ]; then DOCKERFILE_PATH="$WORKSPACE/gateway/Dockerfile" IMAGE_NAME="gateway" elif [ "$service" = "frontend" ]; then DOCKERFILE_PATH="$WORKSPACE/frontend/Dockerfile.kubernetes" - IMAGE_NAME="dashboard" - elif [ "$service" = "alert_processor" ]; then - DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile" - IMAGE_NAME="alert-processor" + IMAGE_NAME="frontend" else DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile" - # Convert folder name to image name: auth -> auth-service, demo_session -> demo-session-service - IMAGE_NAME=$(echo "$service" | sed 's/_/-/g')"-service" + # Use folder name directly - matches manifest image references + # e.g., auth, tenant, ai_insights, alert_processor, demo_session, external + IMAGE_NAME="$service" fi # Check if Dockerfile exists diff --git a/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml b/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml index 2b2431c4..7a8afc83 100644 --- a/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml +++ b/infrastructure/cicd/tekton-helm/templates/task-update-gitops.yaml @@ -88,124 +88,90 @@ spec: # Switch to target branch git checkout "$(params.git-branch)" || git checkout -b "$(params.git-branch)" + # Compute short hash once for job name updates + SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-8) + # Update image tags in Kubernetes manifests + # Service names come from detect-changes task as folder names: auth, tenant, ai_insights, etc. for service in $(echo "$(params.services)" | tr ',' '\n'); do service=$(echo "$service" | xargs) # Trim whitespace if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then + echo "" + echo "============================================" echo "Updating manifest for service: $service" + echo "============================================" - # Format service name for directory (convert from kebab-case to snake_case if needed) - # Handle special cases like demo-session -> demo_session, alert-processor -> alert_processor, etc. - formatted_service=$(echo "$service" | sed 's/-/_/g') + # IMAGE_NAME is the same as the service folder name (matching Kaniko output) + # This ensures consistency: folder name = image name = manifest reference + IMAGE_NAME="$service" + + # Determine manifest paths based on service + # Directory structure uses hyphens: ai-insights, alert-processor, demo-session + # But image names use underscores: ai_insights, alert_processor, demo_session + service_dir=$(echo "$service" | sed 's/_/-/g') - # For gateway and frontend, they have different directory structures if [ "$service" = "gateway" ]; then MANIFEST_PATH="infrastructure/platform/gateway/gateway-service.yaml" - IMAGE_NAME="gateway" # gateway image name is just "gateway" elif [ "$service" = "frontend" ]; then MANIFEST_PATH="infrastructure/services/microservices/frontend/frontend-service.yaml" - IMAGE_NAME="dashboard" # frontend service uses "dashboard" as image name - elif [ "$service" = "alert-processor" ]; then + elif [ "$service" = "alert_processor" ]; then MANIFEST_PATH="infrastructure/services/microservices/alert-processor/alert-processor.yaml" - IMAGE_NAME="alert-processor" + elif [ "$service" = "demo_session" ]; then + # demo-session uses deployment.yaml instead of demo-session-service.yaml + MANIFEST_PATH="infrastructure/services/microservices/demo-session/deployment.yaml" else - # For microservices, convert service name to directory format - # Service names come in as "auth-service", "tenant-service", etc. - # Directory names are "auth", "tenant", etc. (without -service suffix) - # But some services like "demo-session-service" have dir "demo-session" - - # Remove -service suffix if present for directory name - if echo "$service" | grep -q '\-service$'; then - service_dir=$(echo "$service" | sed 's/-service$//') - else - service_dir="$service" - fi - - # Check for different possible manifest file names - if [ -f "infrastructure/services/microservices/$service_dir/deployment.yaml" ]; then - MANIFEST_PATH="infrastructure/services/microservices/$service_dir/deployment.yaml" - elif [ -f "infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml" ]; then - MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml" - elif [ -f "infrastructure/services/microservices/$service_dir/${service}.yaml" ]; then - MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service}.yaml" - else - # Default to the standard naming pattern - MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml" - fi - - # Image name is the service name as-is (e.g., auth-service, tenant-service) - IMAGE_NAME="$service" + # Standard services: auth, tenant, orders, inventory, etc. + # Also handles: ai_insights -> ai-insights, external -> external + MANIFEST_PATH="infrastructure/services/microservices/${service_dir}/${service_dir}-service.yaml" fi # Update the image tag in the deployment YAML if [ -f "$MANIFEST_PATH" ]; then - # Update image reference from registry.bakewise.ai/bakery-admin/image_name:tag to registry/image_name:git_revision - # Use a broad pattern to match any existing tag (including sha256 hashes) + # Update image reference - match the exact image name pattern used in manifests sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MANIFEST_PATH" - - echo "Updated image in: $MANIFEST_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)" + echo "Updated: $MANIFEST_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)" else - echo "Warning: Manifest file not found: $MANIFEST_PATH" - echo " Tried: $MANIFEST_PATH" - echo " Service: $service, service_dir: $service_dir, IMAGE_NAME: $IMAGE_NAME" + echo "Warning: Manifest not found: $MANIFEST_PATH" fi - # Also update migration job if it exists - MIGRATION_JOB_PATH="infrastructure/services/microservices/$service_dir/migrations/${service_dir}-migration-job.yaml" + # Update migration job if it exists + # Migration jobs use the hyphenated directory name + MIGRATION_JOB_PATH="infrastructure/services/microservices/${service_dir}/migrations/${service_dir}-migration-job.yaml" if [ -f "$MIGRATION_JOB_PATH" ]; then # Update migration job image reference sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MIGRATION_JOB_PATH" - # Update job name to include short commit hash (makes it unique and avoids immutable field issues) - # Use first 7 characters to stay under 63 character limit - SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-7) - sed -i "s|name: ${service_dir}-migration|name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH" - # Also update labels to match the short hash - sed -i "s|app.kubernetes.io/name: ${service_dir}-migration-.*|app.kubernetes.io/name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH" - echo "Updated migration job: $MIGRATION_JOB_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)" - echo "Updated job name and labels to include short commit hash for immutability" - else - # Try alternative migration job naming patterns - if [ -f "infrastructure/services/microservices/$service_dir/migrations/${service}-migration-job.yaml" ]; then - MIGRATION_JOB_PATH="infrastructure/services/microservices/$service_dir/migrations/${service}-migration-job.yaml" - sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MIGRATION_JOB_PATH" - # Update job name to include short commit hash (makes it unique and avoids immutable field issues) - # Use first 7 characters to stay under 63 character limit - SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-7) - sed -i "s|name: ${service}-migration|name: ${service}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH" - # Also update labels to match the short hash - sed -i "s|app.kubernetes.io/name: ${service}-migration-.*|app.kubernetes.io/name: ${service}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH" - echo "Updated migration job: $MIGRATION_JOB_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)" - echo "Updated job name and labels to include short commit hash for immutability" - else - echo "Info: No migration job found for $service" - fi + # Update job name to include short commit hash (makes it unique for K8s) + sed -i "s|name: ${service_dir}-migration-[a-f0-9]*|name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH" + # Also update labels to match + sed -i "s|app.kubernetes.io/name: ${service_dir}-migration-[a-f0-9]*|app.kubernetes.io/name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH" + echo "Updated migration: $MIGRATION_JOB_PATH" fi - - # Special case: external-data-init job + + # Special case: external service has additional jobs if [ "$service" = "external" ]; then + # Update external-data-init job EXTERNAL_DATA_INIT_JOB="infrastructure/services/microservices/external/migrations/external-data-init-job.yaml" if [ -f "$EXTERNAL_DATA_INIT_JOB" ]; then - # Update external-data-init job image and name - sed -i "s|image: bakery/external-service:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_INIT_JOB" - sed -i "s|name: external-data-init|name: external-data-init-${SHORT_HASH}|g" "$EXTERNAL_DATA_INIT_JOB" + sed -i "s|image: registry.bakewise.ai/bakery-admin/external:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_INIT_JOB" + sed -i "s|name: external-data-init-[a-f0-9]*|name: external-data-init-${SHORT_HASH}|g" "$EXTERNAL_DATA_INIT_JOB" echo "Updated external-data-init job: $EXTERNAL_DATA_INIT_JOB" fi - + # Update external-data-rotation cronjob EXTERNAL_DATA_ROTATION_JOB="infrastructure/services/microservices/external/cronjobs/external-data-rotation-cronjob.yaml" if [ -f "$EXTERNAL_DATA_ROTATION_JOB" ]; then - sed -i "s|image: bakery/external-service:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_ROTATION_JOB" - sed -i "s|name: external-data-rotation|name: external-data-rotation-${SHORT_HASH}|g" "$EXTERNAL_DATA_ROTATION_JOB" + sed -i "s|image: registry.bakewise.ai/bakery-admin/external:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_ROTATION_JOB" + sed -i "s|name: external-data-rotation-[a-f0-9]*|name: external-data-rotation-${SHORT_HASH}|g" "$EXTERNAL_DATA_ROTATION_JOB" echo "Updated external-data-rotation cronjob: $EXTERNAL_DATA_ROTATION_JOB" fi fi - - # Special case: demo-cleanup-worker - if [ "$service" = "demo-session" ]; then + + # Special case: demo_session service has cleanup worker + if [ "$service" = "demo_session" ]; then DEMO_CLEANUP_WORKER="infrastructure/services/microservices/demo-session/demo-cleanup-worker.yaml" if [ -f "$DEMO_CLEANUP_WORKER" ]; then - sed -i "s|image: bakery/demo-session-service:.*|image: $(params.registry)/demo_session:$(params.git-revision)|g" "$DEMO_CLEANUP_WORKER" - sed -i "s|name: demo-cleanup-worker|name: demo-cleanup-worker-${SHORT_HASH}|g" "$DEMO_CLEANUP_WORKER" + sed -i "s|image: registry.bakewise.ai/bakery-admin/demo_session:.*|image: $(params.registry)/demo_session:$(params.git-revision)|g" "$DEMO_CLEANUP_WORKER" + sed -i "s|name: demo-cleanup-worker-[a-f0-9]*|name: demo-cleanup-worker-${SHORT_HASH}|g" "$DEMO_CLEANUP_WORKER" echo "Updated demo-cleanup-worker: $DEMO_CLEANUP_WORKER" fi fi diff --git a/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml b/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml index 09a98b94..d3e8327b 100644 --- a/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml +++ b/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml @@ -42,6 +42,24 @@ # - Rate limit: 120 requests/minute # # ============================================================================ +# CRITICAL: AFTER UPDATING THIS SECRET +# ============================================================================ +# +# Mailu's Postfix reads SASL credentials ONLY at pod startup. It does NOT +# automatically reload when this secret changes. You MUST do one of: +# +# Option 1: Update the credentials-version annotation in values.yaml and run helm upgrade +# - Edit prod/values.yaml: postfix.podAnnotations.credentials-version +# - Set to current timestamp: date +%s +# - Run: helm upgrade mailu mailu/mailu -f values.yaml -f prod/values.yaml -n bakery-ia +# +# Option 2: Manually restart Postfix pod +# kubectl rollout restart deployment/mailu-postfix -n bakery-ia +# +# Option 3: Delete the Postfix pod (it will be recreated) +# kubectl delete pod -l app.kubernetes.io/component=postfix -n bakery-ia +# +# ============================================================================ # DNS RECORDS REQUIRED FOR MAILERSEND: # ============================================================================ # @@ -84,21 +102,7 @@ stringData: # ============================================================================ # REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS # ============================================================================ + # Key names match Mailu Helm chart defaults (relay-username, relay-password) # - # Option 1: Use stringData (plain text - Kubernetes will encode automatically) - # This is easier for initial setup but shows credentials in the file - # - RELAY_USERNAME: "MS_d34ZtW@bakewise.ai" - RELAY_PASSWORD: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7" - # - # ============================================================================ - # ALTERNATIVE: Use pre-encoded values (more secure for version control) - # ============================================================================ - # Comment out stringData above and uncomment data below: - # - # data: - # # Base64 encoded values - # # echo -n 'your-mailersend-username' | base64 - # RELAY_USERNAME: WU9VUl9NQUlMRVJTRU5EX1NNVFBfVVNFUk5BTUU= - # # echo -n 'your-mailersend-password' | base64 - # RELAY_PASSWORD: WU9VUl9NQUlMRVJTRU5EX1NNVFBfUEFTU1dPUkQ= + relay-username: "MS_d34ZtW@bakewise.ai" + relay-password: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7" diff --git a/infrastructure/platform/mail/mailu-helm/dev/values.yaml b/infrastructure/platform/mail/mailu-helm/dev/values.yaml index 368e78ef..bd44699b 100644 --- a/infrastructure/platform/mail/mailu-helm/dev/values.yaml +++ b/infrastructure/platform/mail/mailu-helm/dev/values.yaml @@ -44,9 +44,18 @@ initialAccount: externalRelay: host: "[smtp.mailgun.org]:587" # Credentials loaded from Kubernetes secret - secretName: "mailu-mailgun-credentials" - usernameKey: "RELAY_USERNAME" - passwordKey: "RELAY_PASSWORD" + # Key names use Helm chart defaults: relay-username, relay-password + existingSecret: "mailu-mailgun-credentials" + +# Postfix configuration +# CRITICAL: podAnnotations ensures Postfix restarts when credentials change +# Without this, Mailu reads SASL credentials only at pod startup and won't pick up secret updates +postfix: + podAnnotations: + # UPDATE THIS VALUE when changing mailu-mailgun-credentials secret + # This triggers a rolling restart of Postfix to reload SASL credentials + # Generate new value: date +%s or use the secret's resourceVersion + credentials-version: "1706054400" # Environment-specific configurations persistence: diff --git a/infrastructure/platform/mail/mailu-helm/prod/values.yaml b/infrastructure/platform/mail/mailu-helm/prod/values.yaml index 7a5671ba..6b9bc52b 100644 --- a/infrastructure/platform/mail/mailu-helm/prod/values.yaml +++ b/infrastructure/platform/mail/mailu-helm/prod/values.yaml @@ -42,9 +42,18 @@ initialAccount: externalRelay: host: "[smtp.mailersend.net]:2525" # Credentials loaded from existing Kubernetes secret - secretName: "mailu-mailersend-credentials" - usernameKey: "RELAY_USERNAME" - passwordKey: "RELAY_PASSWORD" + # Key names use Helm chart defaults (relay-username, relay-password) + existingSecret: "mailu-mailersend-credentials" + +# Postfix configuration +# CRITICAL: podAnnotations ensures Postfix restarts when credentials change +# Without this, Mailu reads SASL credentials only at pod startup and won't pick up secret updates +postfix: + podAnnotations: + # UPDATE THIS VALUE when changing mailu-mailersend-credentials secret + # This triggers a rolling restart of Postfix to reload SASL credentials + # Generate new value: date +%s or use the secret's resourceVersion + credentials-version: "1706054400" # Environment-specific configurations persistence: diff --git a/infrastructure/platform/mail/mailu-helm/values.yaml b/infrastructure/platform/mail/mailu-helm/values.yaml index 2c97ca44..67a9b0ab 100644 --- a/infrastructure/platform/mail/mailu-helm/values.yaml +++ b/infrastructure/platform/mail/mailu-helm/values.yaml @@ -57,9 +57,8 @@ limits: externalRelay: host: "[smtp.mailersend.net]:587" # Use existing secret for credentials (recommended for security) - secretName: "mailu-mailersend-credentials" - usernameKey: "RELAY_USERNAME" - passwordKey: "RELAY_PASSWORD" + # Key names use Helm chart defaults: relay-username, relay-password + existingSecret: "mailu-mailersend-credentials" # Webmail configuration webmail: