# infrastructure/kubernetes/base/components/external/external-service.yaml # External Data Service v2.0 - Optimized city-based architecture apiVersion: apps/v1 kind: Deployment metadata: name: external-service namespace: bakery-ia labels: app.kubernetes.io/name: external-service app.kubernetes.io/component: microservice app.kubernetes.io/part-of: bakery-ia version: "2.0" spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: external-service app.kubernetes.io/component: microservice template: metadata: labels: app.kubernetes.io/name: external-service app.kubernetes.io/component: microservice version: "2.0" spec: initContainers: # Wait for Redis to be ready - name: wait-for-redis image: redis:7.4-alpine command: - sh - -c - | echo "Waiting for Redis to be ready..." until redis-cli -h $REDIS_HOST -p $REDIS_PORT --tls --cert /tls/redis-cert.pem --key /tls/redis-key.pem --cacert /tls/ca-cert.pem -a "$REDIS_PASSWORD" ping | grep -q PONG; do echo "Redis not ready yet, waiting..." sleep 2 done echo "Redis is ready!" env: - name: REDIS_HOST valueFrom: configMapKeyRef: name: bakery-config key: REDIS_HOST - name: REDIS_PORT valueFrom: configMapKeyRef: name: bakery-config key: REDIS_PORT - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: redis-secrets key: REDIS_PASSWORD volumeMounts: - name: redis-tls mountPath: /tls readOnly: true # Wait for database migration to complete - name: wait-for-migration image: postgres:17-alpine command: - sh - -c - | echo "Waiting for external database and migrations to be ready..." # Wait for database to be accessible until pg_isready -h $EXTERNAL_DB_HOST -p $EXTERNAL_DB_PORT -U $EXTERNAL_DB_USER; do echo "Database not ready yet, waiting..." sleep 2 done echo "Database is ready!" # Verify that migrations have completed by checking for the alembic_version table ATTEMPTS=30 COUNT=0 until [ $COUNT -ge $ATTEMPTS ]; do if PGPASSWORD="$EXTERNAL_DB_PASSWORD" psql -h "$EXTERNAL_DB_HOST" -p "$EXTERNAL_DB_PORT" -U "$EXTERNAL_DB_USER" -d "$EXTERNAL_DB_NAME" -c "\dt alembic_version" > /dev/null 2>&1; then echo "Migrations are complete - alembic_version table exists" exit 0 else echo "Migrations not complete yet, waiting... ($((COUNT + 1))/$ATTEMPTS)" sleep 10 fi COUNT=$((COUNT + 1)) done echo "Timeout waiting for migrations to complete" exit 1 env: - name: EXTERNAL_DB_HOST valueFrom: configMapKeyRef: name: bakery-config key: EXTERNAL_DB_HOST - name: EXTERNAL_DB_PORT valueFrom: configMapKeyRef: name: bakery-config key: DB_PORT - name: EXTERNAL_DB_USER valueFrom: secretKeyRef: name: database-secrets key: EXTERNAL_DB_USER - name: EXTERNAL_DB_PASSWORD valueFrom: secretKeyRef: name: database-secrets key: EXTERNAL_DB_PASSWORD - name: EXTERNAL_DB_NAME value: "external_db" containers: - name: external-service image: bakery/external-service:latest ports: - containerPort: 8000 name: http env: # OpenTelemetry Configuration - name: OTEL_COLLECTOR_ENDPOINT value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4318" - name: OTEL_EXPORTER_OTLP_ENDPOINT valueFrom: configMapKeyRef: name: bakery-config key: OTEL_EXPORTER_OTLP_ENDPOINT - name: OTEL_SERVICE_NAME value: "external-service" - name: ENABLE_TRACING value: "true" # Logging Configuration - name: OTEL_LOGS_EXPORTER value: "otlp" - name: OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED value: "true" # Metrics Configuration - name: ENABLE_OTEL_METRICS value: "true" - name: ENABLE_SYSTEM_METRICS value: "true" envFrom: - configMapRef: name: bakery-config - secretRef: name: database-secrets - secretRef: name: redis-secrets - secretRef: name: rabbitmq-secrets - secretRef: name: jwt-secrets - secretRef: name: external-api-secrets - secretRef: name: payment-secrets - secretRef: name: email-secrets - secretRef: name: monitoring-secrets - secretRef: name: pos-integration-secrets - secretRef: name: whatsapp-secrets resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health/live port: 8000 initialDelaySeconds: 30 timeoutSeconds: 5 periodSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /health/ready port: 8000 initialDelaySeconds: 15 timeoutSeconds: 3 periodSeconds: 5 failureThreshold: 5 volumes: - name: redis-tls secret: secretName: redis-tls-secret defaultMode: 0400 --- apiVersion: v1 kind: Service metadata: name: external-service namespace: bakery-ia labels: app.kubernetes.io/name: external-service app.kubernetes.io/component: microservice spec: type: ClusterIP ports: - port: 8000 targetPort: 8000 protocol: TCP name: http selector: app.kubernetes.io/name: external-service app.kubernetes.io/component: microservice