Fix issues 7
This commit is contained in:
@@ -156,20 +156,19 @@ spec:
|
||||
|
||||
# Determine Dockerfile path and image name
|
||||
# Folder names are: auth, tenant, gateway, frontend, alert_processor, etc.
|
||||
# Image names should be: auth-service, tenant-service, gateway, dashboard, alert-processor, etc.
|
||||
# Image names MUST match what's in the Kubernetes manifests exactly
|
||||
# The manifests use the folder name directly (with underscores preserved)
|
||||
if [ "$service" = "gateway" ]; then
|
||||
DOCKERFILE_PATH="$WORKSPACE/gateway/Dockerfile"
|
||||
IMAGE_NAME="gateway"
|
||||
elif [ "$service" = "frontend" ]; then
|
||||
DOCKERFILE_PATH="$WORKSPACE/frontend/Dockerfile.kubernetes"
|
||||
IMAGE_NAME="dashboard"
|
||||
elif [ "$service" = "alert_processor" ]; then
|
||||
DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"
|
||||
IMAGE_NAME="alert-processor"
|
||||
IMAGE_NAME="frontend"
|
||||
else
|
||||
DOCKERFILE_PATH="$WORKSPACE/services/$service/Dockerfile"
|
||||
# Convert folder name to image name: auth -> auth-service, demo_session -> demo-session-service
|
||||
IMAGE_NAME=$(echo "$service" | sed 's/_/-/g')"-service"
|
||||
# Use folder name directly - matches manifest image references
|
||||
# e.g., auth, tenant, ai_insights, alert_processor, demo_session, external
|
||||
IMAGE_NAME="$service"
|
||||
fi
|
||||
|
||||
# Check if Dockerfile exists
|
||||
|
||||
@@ -88,124 +88,90 @@ spec:
|
||||
# Switch to target branch
|
||||
git checkout "$(params.git-branch)" || git checkout -b "$(params.git-branch)"
|
||||
|
||||
# Compute short hash once for job name updates
|
||||
SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-8)
|
||||
|
||||
# Update image tags in Kubernetes manifests
|
||||
# Service names come from detect-changes task as folder names: auth, tenant, ai_insights, etc.
|
||||
for service in $(echo "$(params.services)" | tr ',' '\n'); do
|
||||
service=$(echo "$service" | xargs) # Trim whitespace
|
||||
if [ -n "$service" ] && [ "$service" != "none" ] && [ "$service" != "infrastructure" ] && [ "$service" != "shared" ]; then
|
||||
echo ""
|
||||
echo "============================================"
|
||||
echo "Updating manifest for service: $service"
|
||||
echo "============================================"
|
||||
|
||||
# Format service name for directory (convert from kebab-case to snake_case if needed)
|
||||
# Handle special cases like demo-session -> demo_session, alert-processor -> alert_processor, etc.
|
||||
formatted_service=$(echo "$service" | sed 's/-/_/g')
|
||||
# IMAGE_NAME is the same as the service folder name (matching Kaniko output)
|
||||
# This ensures consistency: folder name = image name = manifest reference
|
||||
IMAGE_NAME="$service"
|
||||
|
||||
# Determine manifest paths based on service
|
||||
# Directory structure uses hyphens: ai-insights, alert-processor, demo-session
|
||||
# But image names use underscores: ai_insights, alert_processor, demo_session
|
||||
service_dir=$(echo "$service" | sed 's/_/-/g')
|
||||
|
||||
# For gateway and frontend, they have different directory structures
|
||||
if [ "$service" = "gateway" ]; then
|
||||
MANIFEST_PATH="infrastructure/platform/gateway/gateway-service.yaml"
|
||||
IMAGE_NAME="gateway" # gateway image name is just "gateway"
|
||||
elif [ "$service" = "frontend" ]; then
|
||||
MANIFEST_PATH="infrastructure/services/microservices/frontend/frontend-service.yaml"
|
||||
IMAGE_NAME="dashboard" # frontend service uses "dashboard" as image name
|
||||
elif [ "$service" = "alert-processor" ]; then
|
||||
elif [ "$service" = "alert_processor" ]; then
|
||||
MANIFEST_PATH="infrastructure/services/microservices/alert-processor/alert-processor.yaml"
|
||||
IMAGE_NAME="alert-processor"
|
||||
elif [ "$service" = "demo_session" ]; then
|
||||
# demo-session uses deployment.yaml instead of demo-session-service.yaml
|
||||
MANIFEST_PATH="infrastructure/services/microservices/demo-session/deployment.yaml"
|
||||
else
|
||||
# For microservices, convert service name to directory format
|
||||
# Service names come in as "auth-service", "tenant-service", etc.
|
||||
# Directory names are "auth", "tenant", etc. (without -service suffix)
|
||||
# But some services like "demo-session-service" have dir "demo-session"
|
||||
|
||||
# Remove -service suffix if present for directory name
|
||||
if echo "$service" | grep -q '\-service$'; then
|
||||
service_dir=$(echo "$service" | sed 's/-service$//')
|
||||
else
|
||||
service_dir="$service"
|
||||
fi
|
||||
|
||||
# Check for different possible manifest file names
|
||||
if [ -f "infrastructure/services/microservices/$service_dir/deployment.yaml" ]; then
|
||||
MANIFEST_PATH="infrastructure/services/microservices/$service_dir/deployment.yaml"
|
||||
elif [ -f "infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml" ]; then
|
||||
MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml"
|
||||
elif [ -f "infrastructure/services/microservices/$service_dir/${service}.yaml" ]; then
|
||||
MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service}.yaml"
|
||||
else
|
||||
# Default to the standard naming pattern
|
||||
MANIFEST_PATH="infrastructure/services/microservices/$service_dir/${service_dir}-service.yaml"
|
||||
fi
|
||||
|
||||
# Image name is the service name as-is (e.g., auth-service, tenant-service)
|
||||
IMAGE_NAME="$service"
|
||||
# Standard services: auth, tenant, orders, inventory, etc.
|
||||
# Also handles: ai_insights -> ai-insights, external -> external
|
||||
MANIFEST_PATH="infrastructure/services/microservices/${service_dir}/${service_dir}-service.yaml"
|
||||
fi
|
||||
|
||||
# Update the image tag in the deployment YAML
|
||||
if [ -f "$MANIFEST_PATH" ]; then
|
||||
# Update image reference from registry.bakewise.ai/bakery-admin/image_name:tag to registry/image_name:git_revision
|
||||
# Use a broad pattern to match any existing tag (including sha256 hashes)
|
||||
# Update image reference - match the exact image name pattern used in manifests
|
||||
sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MANIFEST_PATH"
|
||||
|
||||
echo "Updated image in: $MANIFEST_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
|
||||
echo "Updated: $MANIFEST_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
|
||||
else
|
||||
echo "Warning: Manifest file not found: $MANIFEST_PATH"
|
||||
echo " Tried: $MANIFEST_PATH"
|
||||
echo " Service: $service, service_dir: $service_dir, IMAGE_NAME: $IMAGE_NAME"
|
||||
echo "Warning: Manifest not found: $MANIFEST_PATH"
|
||||
fi
|
||||
|
||||
# Also update migration job if it exists
|
||||
MIGRATION_JOB_PATH="infrastructure/services/microservices/$service_dir/migrations/${service_dir}-migration-job.yaml"
|
||||
# Update migration job if it exists
|
||||
# Migration jobs use the hyphenated directory name
|
||||
MIGRATION_JOB_PATH="infrastructure/services/microservices/${service_dir}/migrations/${service_dir}-migration-job.yaml"
|
||||
if [ -f "$MIGRATION_JOB_PATH" ]; then
|
||||
# Update migration job image reference
|
||||
sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MIGRATION_JOB_PATH"
|
||||
# Update job name to include short commit hash (makes it unique and avoids immutable field issues)
|
||||
# Use first 7 characters to stay under 63 character limit
|
||||
SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-7)
|
||||
sed -i "s|name: ${service_dir}-migration|name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
|
||||
# Also update labels to match the short hash
|
||||
sed -i "s|app.kubernetes.io/name: ${service_dir}-migration-.*|app.kubernetes.io/name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
|
||||
echo "Updated migration job: $MIGRATION_JOB_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
|
||||
echo "Updated job name and labels to include short commit hash for immutability"
|
||||
else
|
||||
# Try alternative migration job naming patterns
|
||||
if [ -f "infrastructure/services/microservices/$service_dir/migrations/${service}-migration-job.yaml" ]; then
|
||||
MIGRATION_JOB_PATH="infrastructure/services/microservices/$service_dir/migrations/${service}-migration-job.yaml"
|
||||
sed -i "s|image: registry.bakewise.ai/bakery-admin/${IMAGE_NAME}:.*|image: $(params.registry)/${IMAGE_NAME}:$(params.git-revision)|g" "$MIGRATION_JOB_PATH"
|
||||
# Update job name to include short commit hash (makes it unique and avoids immutable field issues)
|
||||
# Use first 7 characters to stay under 63 character limit
|
||||
SHORT_HASH=$(echo "$(params.git-revision)" | cut -c 1-7)
|
||||
sed -i "s|name: ${service}-migration|name: ${service}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
|
||||
# Also update labels to match the short hash
|
||||
sed -i "s|app.kubernetes.io/name: ${service}-migration-.*|app.kubernetes.io/name: ${service}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
|
||||
echo "Updated migration job: $MIGRATION_JOB_PATH -> $(params.registry)/${IMAGE_NAME}:$(params.git-revision)"
|
||||
echo "Updated job name and labels to include short commit hash for immutability"
|
||||
else
|
||||
echo "Info: No migration job found for $service"
|
||||
fi
|
||||
# Update job name to include short commit hash (makes it unique for K8s)
|
||||
sed -i "s|name: ${service_dir}-migration-[a-f0-9]*|name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
|
||||
# Also update labels to match
|
||||
sed -i "s|app.kubernetes.io/name: ${service_dir}-migration-[a-f0-9]*|app.kubernetes.io/name: ${service_dir}-migration-${SHORT_HASH}|g" "$MIGRATION_JOB_PATH"
|
||||
echo "Updated migration: $MIGRATION_JOB_PATH"
|
||||
fi
|
||||
|
||||
# Special case: external-data-init job
|
||||
|
||||
# Special case: external service has additional jobs
|
||||
if [ "$service" = "external" ]; then
|
||||
# Update external-data-init job
|
||||
EXTERNAL_DATA_INIT_JOB="infrastructure/services/microservices/external/migrations/external-data-init-job.yaml"
|
||||
if [ -f "$EXTERNAL_DATA_INIT_JOB" ]; then
|
||||
# Update external-data-init job image and name
|
||||
sed -i "s|image: bakery/external-service:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_INIT_JOB"
|
||||
sed -i "s|name: external-data-init|name: external-data-init-${SHORT_HASH}|g" "$EXTERNAL_DATA_INIT_JOB"
|
||||
sed -i "s|image: registry.bakewise.ai/bakery-admin/external:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_INIT_JOB"
|
||||
sed -i "s|name: external-data-init-[a-f0-9]*|name: external-data-init-${SHORT_HASH}|g" "$EXTERNAL_DATA_INIT_JOB"
|
||||
echo "Updated external-data-init job: $EXTERNAL_DATA_INIT_JOB"
|
||||
fi
|
||||
|
||||
|
||||
# Update external-data-rotation cronjob
|
||||
EXTERNAL_DATA_ROTATION_JOB="infrastructure/services/microservices/external/cronjobs/external-data-rotation-cronjob.yaml"
|
||||
if [ -f "$EXTERNAL_DATA_ROTATION_JOB" ]; then
|
||||
sed -i "s|image: bakery/external-service:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_ROTATION_JOB"
|
||||
sed -i "s|name: external-data-rotation|name: external-data-rotation-${SHORT_HASH}|g" "$EXTERNAL_DATA_ROTATION_JOB"
|
||||
sed -i "s|image: registry.bakewise.ai/bakery-admin/external:.*|image: $(params.registry)/external:$(params.git-revision)|g" "$EXTERNAL_DATA_ROTATION_JOB"
|
||||
sed -i "s|name: external-data-rotation-[a-f0-9]*|name: external-data-rotation-${SHORT_HASH}|g" "$EXTERNAL_DATA_ROTATION_JOB"
|
||||
echo "Updated external-data-rotation cronjob: $EXTERNAL_DATA_ROTATION_JOB"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Special case: demo-cleanup-worker
|
||||
if [ "$service" = "demo-session" ]; then
|
||||
|
||||
# Special case: demo_session service has cleanup worker
|
||||
if [ "$service" = "demo_session" ]; then
|
||||
DEMO_CLEANUP_WORKER="infrastructure/services/microservices/demo-session/demo-cleanup-worker.yaml"
|
||||
if [ -f "$DEMO_CLEANUP_WORKER" ]; then
|
||||
sed -i "s|image: bakery/demo-session-service:.*|image: $(params.registry)/demo_session:$(params.git-revision)|g" "$DEMO_CLEANUP_WORKER"
|
||||
sed -i "s|name: demo-cleanup-worker|name: demo-cleanup-worker-${SHORT_HASH}|g" "$DEMO_CLEANUP_WORKER"
|
||||
sed -i "s|image: registry.bakewise.ai/bakery-admin/demo_session:.*|image: $(params.registry)/demo_session:$(params.git-revision)|g" "$DEMO_CLEANUP_WORKER"
|
||||
sed -i "s|name: demo-cleanup-worker-[a-f0-9]*|name: demo-cleanup-worker-${SHORT_HASH}|g" "$DEMO_CLEANUP_WORKER"
|
||||
echo "Updated demo-cleanup-worker: $DEMO_CLEANUP_WORKER"
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -42,6 +42,24 @@
|
||||
# - Rate limit: 120 requests/minute
|
||||
#
|
||||
# ============================================================================
|
||||
# CRITICAL: AFTER UPDATING THIS SECRET
|
||||
# ============================================================================
|
||||
#
|
||||
# Mailu's Postfix reads SASL credentials ONLY at pod startup. It does NOT
|
||||
# automatically reload when this secret changes. You MUST do one of:
|
||||
#
|
||||
# Option 1: Update the credentials-version annotation in values.yaml and run helm upgrade
|
||||
# - Edit prod/values.yaml: postfix.podAnnotations.credentials-version
|
||||
# - Set to current timestamp: date +%s
|
||||
# - Run: helm upgrade mailu mailu/mailu -f values.yaml -f prod/values.yaml -n bakery-ia
|
||||
#
|
||||
# Option 2: Manually restart Postfix pod
|
||||
# kubectl rollout restart deployment/mailu-postfix -n bakery-ia
|
||||
#
|
||||
# Option 3: Delete the Postfix pod (it will be recreated)
|
||||
# kubectl delete pod -l app.kubernetes.io/component=postfix -n bakery-ia
|
||||
#
|
||||
# ============================================================================
|
||||
# DNS RECORDS REQUIRED FOR MAILERSEND:
|
||||
# ============================================================================
|
||||
#
|
||||
@@ -84,21 +102,7 @@ stringData:
|
||||
# ============================================================================
|
||||
# REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS
|
||||
# ============================================================================
|
||||
# Key names match Mailu Helm chart defaults (relay-username, relay-password)
|
||||
#
|
||||
# Option 1: Use stringData (plain text - Kubernetes will encode automatically)
|
||||
# This is easier for initial setup but shows credentials in the file
|
||||
#
|
||||
RELAY_USERNAME: "MS_d34ZtW@bakewise.ai"
|
||||
RELAY_PASSWORD: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"
|
||||
#
|
||||
# ============================================================================
|
||||
# ALTERNATIVE: Use pre-encoded values (more secure for version control)
|
||||
# ============================================================================
|
||||
# Comment out stringData above and uncomment data below:
|
||||
#
|
||||
# data:
|
||||
# # Base64 encoded values
|
||||
# # echo -n 'your-mailersend-username' | base64
|
||||
# RELAY_USERNAME: WU9VUl9NQUlMRVJTRU5EX1NNVFBfVVNFUk5BTUU=
|
||||
# # echo -n 'your-mailersend-password' | base64
|
||||
# RELAY_PASSWORD: WU9VUl9NQUlMRVJTRU5EX1NNVFBfUEFTU1dPUkQ=
|
||||
relay-username: "MS_d34ZtW@bakewise.ai"
|
||||
relay-password: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"
|
||||
|
||||
@@ -44,9 +44,18 @@ initialAccount:
|
||||
externalRelay:
|
||||
host: "[smtp.mailgun.org]:587"
|
||||
# Credentials loaded from Kubernetes secret
|
||||
secretName: "mailu-mailgun-credentials"
|
||||
usernameKey: "RELAY_USERNAME"
|
||||
passwordKey: "RELAY_PASSWORD"
|
||||
# Key names use Helm chart defaults: relay-username, relay-password
|
||||
existingSecret: "mailu-mailgun-credentials"
|
||||
|
||||
# Postfix configuration
|
||||
# CRITICAL: podAnnotations ensures Postfix restarts when credentials change
|
||||
# Without this, Mailu reads SASL credentials only at pod startup and won't pick up secret updates
|
||||
postfix:
|
||||
podAnnotations:
|
||||
# UPDATE THIS VALUE when changing mailu-mailgun-credentials secret
|
||||
# This triggers a rolling restart of Postfix to reload SASL credentials
|
||||
# Generate new value: date +%s or use the secret's resourceVersion
|
||||
credentials-version: "1706054400"
|
||||
|
||||
# Environment-specific configurations
|
||||
persistence:
|
||||
|
||||
@@ -42,9 +42,18 @@ initialAccount:
|
||||
externalRelay:
|
||||
host: "[smtp.mailersend.net]:2525"
|
||||
# Credentials loaded from existing Kubernetes secret
|
||||
secretName: "mailu-mailersend-credentials"
|
||||
usernameKey: "RELAY_USERNAME"
|
||||
passwordKey: "RELAY_PASSWORD"
|
||||
# Key names use Helm chart defaults (relay-username, relay-password)
|
||||
existingSecret: "mailu-mailersend-credentials"
|
||||
|
||||
# Postfix configuration
|
||||
# CRITICAL: podAnnotations ensures Postfix restarts when credentials change
|
||||
# Without this, Mailu reads SASL credentials only at pod startup and won't pick up secret updates
|
||||
postfix:
|
||||
podAnnotations:
|
||||
# UPDATE THIS VALUE when changing mailu-mailersend-credentials secret
|
||||
# This triggers a rolling restart of Postfix to reload SASL credentials
|
||||
# Generate new value: date +%s or use the secret's resourceVersion
|
||||
credentials-version: "1706054400"
|
||||
|
||||
# Environment-specific configurations
|
||||
persistence:
|
||||
|
||||
@@ -57,9 +57,8 @@ limits:
|
||||
externalRelay:
|
||||
host: "[smtp.mailersend.net]:587"
|
||||
# Use existing secret for credentials (recommended for security)
|
||||
secretName: "mailu-mailersend-credentials"
|
||||
usernameKey: "RELAY_USERNAME"
|
||||
passwordKey: "RELAY_PASSWORD"
|
||||
# Key names use Helm chart defaults: relay-username, relay-password
|
||||
existingSecret: "mailu-mailersend-credentials"
|
||||
|
||||
# Webmail configuration
|
||||
webmail:
|
||||
|
||||
Reference in New Issue
Block a user