367 lines
11 KiB
YAML
367 lines
11 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
metadata:
|
|
name: bakery-ia-prod
|
|
|
|
# NOTE: Do NOT set a global namespace here.
|
|
# Each resource already has its namespace explicitly defined.
|
|
# A global namespace would incorrectly transform cluster-scoped resources
|
|
# like flux-system and cert-manager namespaces.
|
|
|
|
resources:
|
|
- ../../../environments/common/configs
|
|
- ../../../platform/cert-manager
|
|
- ../../../platform/networking/ingress/overlays/prod
|
|
- ../../../platform/gateway
|
|
- ../../../platform/storage
|
|
- ../../../services/databases
|
|
- ../../../services/microservices
|
|
# NOTE: CI/CD (gitea, tekton, flux) deployed via Helm, not kustomize
|
|
- prod-certificate.yaml
|
|
|
|
|
|
# SigNoz is managed via Helm deployment (see infrastructure/helm/deploy-signoz.sh)
|
|
# Monitoring is handled by SigNoz (no separate monitoring components needed)
|
|
# SigNoz paths are now included in the main ingress (ingress-https.yaml)
|
|
|
|
labels:
|
|
- includeSelectors: false
|
|
pairs:
|
|
environment: production
|
|
tier: production
|
|
|
|
# Production configuration patches
|
|
patches:
|
|
# Override ConfigMap values for production
|
|
- target:
|
|
kind: ConfigMap
|
|
name: bakery-config
|
|
patch: |-
|
|
- op: replace
|
|
path: /data/ENVIRONMENT
|
|
value: "production"
|
|
- op: replace
|
|
path: /data/DEBUG
|
|
value: "false"
|
|
- op: replace
|
|
path: /data/LOG_LEVEL
|
|
value: "INFO"
|
|
- op: replace
|
|
path: /data/PROFILING_ENABLED
|
|
value: "false"
|
|
- op: replace
|
|
path: /data/MOCK_EXTERNAL_APIS
|
|
value: "false"
|
|
- op: add
|
|
path: /data/REQUEST_TIMEOUT
|
|
value: "30"
|
|
- op: add
|
|
path: /data/MAX_CONNECTIONS
|
|
value: "100"
|
|
- op: replace
|
|
path: /data/ENABLE_TRACING
|
|
value: "true"
|
|
- op: replace
|
|
path: /data/ENABLE_METRICS
|
|
value: "true"
|
|
- op: replace
|
|
path: /data/ENABLE_LOGS
|
|
value: "true"
|
|
- op: add
|
|
path: /data/OTEL_EXPORTER_OTLP_ENDPOINT
|
|
value: "http://signoz-otel-collector.bakery-ia.svc.cluster.local:4317"
|
|
- op: add
|
|
path: /data/OTEL_EXPORTER_OTLP_PROTOCOL
|
|
value: "grpc"
|
|
- op: add
|
|
path: /data/OTEL_SERVICE_NAME
|
|
value: "bakery-ia"
|
|
- op: add
|
|
path: /data/OTEL_RESOURCE_ATTRIBUTES
|
|
value: "deployment.environment=production,cluster.name=bakery-ia-prod"
|
|
- op: add
|
|
path: /data/SIGNOZ_ENDPOINT
|
|
value: "http://signoz.signoz.svc.cluster.local:8080"
|
|
- op: add
|
|
path: /data/SIGNOZ_FRONTEND_URL
|
|
value: "https://monitoring.bakewise.ai"
|
|
- op: add
|
|
path: /data/SIGNOZ_ROOT_URL
|
|
value: "https://monitoring.bakewise.ai"
|
|
- op: add
|
|
path: /data/RATE_LIMIT_ENABLED
|
|
value: "true"
|
|
- op: add
|
|
path: /data/RATE_LIMIT_PER_MINUTE
|
|
value: "60"
|
|
- op: add
|
|
path: /data/CORS_ORIGINS
|
|
value: "https://bakewise.ai"
|
|
- op: add
|
|
path: /data/CORS_ALLOW_CREDENTIALS
|
|
value: "true"
|
|
- op: add
|
|
path: /data/VITE_API_URL
|
|
value: "/api"
|
|
- op: add
|
|
path: /data/VITE_ENVIRONMENT
|
|
value: "production"
|
|
# Add imagePullSecrets to all Deployments for gitea registry authentication
|
|
- target:
|
|
kind: Deployment
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/spec/imagePullSecrets
|
|
value:
|
|
- name: gitea-registry-secret
|
|
|
|
# Add imagePullSecrets to all StatefulSets for gitea registry authentication
|
|
- target:
|
|
kind: StatefulSet
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/spec/imagePullSecrets
|
|
value:
|
|
- name: gitea-registry-secret
|
|
|
|
# Add imagePullSecrets to all Jobs for gitea registry authentication
|
|
- target:
|
|
kind: Job
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/spec/imagePullSecrets
|
|
value:
|
|
- name: gitea-registry-secret
|
|
|
|
# Add imagePullSecrets to all CronJobs for gitea registry authentication
|
|
- target:
|
|
kind: CronJob
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/jobTemplate/spec/template/spec/imagePullSecrets
|
|
value:
|
|
- name: gitea-registry-secret
|
|
# SigNoz resource patches for production
|
|
# SigNoz ClickHouse production configuration
|
|
- target:
|
|
group: apps
|
|
version: v1
|
|
kind: StatefulSet
|
|
name: signoz-clickhouse
|
|
namespace: bakery-ia
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/replicas
|
|
value: 2
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/resources
|
|
value:
|
|
requests:
|
|
memory: "2Gi"
|
|
cpu: "500m"
|
|
limits:
|
|
memory: "4Gi"
|
|
cpu: "1000m"
|
|
# SigNoz Main Service production configuration (v0.106.0+ unified service)
|
|
- target:
|
|
group: apps
|
|
version: v1
|
|
kind: StatefulSet
|
|
name: signoz
|
|
namespace: bakery-ia
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/replicas
|
|
value: 2
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/resources
|
|
value:
|
|
requests:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
limits:
|
|
memory: "4Gi"
|
|
cpu: "2000m"
|
|
# SigNoz AlertManager production configuration
|
|
- target:
|
|
group: apps
|
|
version: v1
|
|
kind: Deployment
|
|
name: signoz-alertmanager
|
|
namespace: bakery-ia
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/replicas
|
|
value: 2
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/resources
|
|
value:
|
|
requests:
|
|
memory: "512Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "1Gi"
|
|
cpu: "500m"
|
|
|
|
images:
|
|
# Application services
|
|
- name: bakery/auth-service
|
|
newName: registry.bakewise.ai/bakery-admin/auth-service
|
|
newTag: latest
|
|
- name: bakery/tenant-service
|
|
newName: registry.bakewise.ai/bakery-admin/tenant-service
|
|
newTag: latest
|
|
- name: bakery/training-service
|
|
newName: registry.bakewise.ai/bakery-admin/training-service
|
|
newTag: latest
|
|
- name: bakery/forecasting-service
|
|
newName: registry.bakewise.ai/bakery-admin/forecasting-service
|
|
newTag: latest
|
|
- name: bakery/sales-service
|
|
newName: registry.bakewise.ai/bakery-admin/sales-service
|
|
newTag: latest
|
|
- name: bakery/external-service
|
|
newName: registry.bakewise.ai/bakery-admin/external-service
|
|
newTag: latest
|
|
- name: bakery/notification-service
|
|
newName: registry.bakewise.ai/bakery-admin/notification-service
|
|
newTag: latest
|
|
- name: bakery/inventory-service
|
|
newName: registry.bakewise.ai/bakery-admin/inventory-service
|
|
newTag: latest
|
|
- name: bakery/recipes-service
|
|
newName: registry.bakewise.ai/bakery-admin/recipes-service
|
|
newTag: latest
|
|
- name: bakery/suppliers-service
|
|
newName: registry.bakewise.ai/bakery-admin/suppliers-service
|
|
newTag: latest
|
|
- name: bakery/pos-service
|
|
newName: registry.bakewise.ai/bakery-admin/pos-service
|
|
newTag: latest
|
|
- name: bakery/orders-service
|
|
newName: registry.bakewise.ai/bakery-admin/orders-service
|
|
newTag: latest
|
|
- name: bakery/production-service
|
|
newName: registry.bakewise.ai/bakery-admin/production-service
|
|
newTag: latest
|
|
- name: bakery/alert-processor
|
|
newName: registry.bakewise.ai/bakery-admin/alert-processor
|
|
newTag: latest
|
|
- name: bakery/gateway
|
|
newName: registry.bakewise.ai/bakery-admin/gateway
|
|
newTag: latest
|
|
- name: bakery/dashboard
|
|
newName: registry.bakewise.ai/bakery-admin/dashboard
|
|
newTag: latest
|
|
# Missing services (added to fix ImagePullBackOff errors)
|
|
- name: bakery/ai-insights-service
|
|
newName: registry.bakewise.ai/bakery-admin/ai-insights-service
|
|
newTag: latest
|
|
- name: bakery/demo-session-service
|
|
newName: registry.bakewise.ai/bakery-admin/demo-session-service
|
|
newTag: latest
|
|
- name: bakery/distribution-service
|
|
newName: registry.bakewise.ai/bakery-admin/distribution-service
|
|
newTag: latest
|
|
- name: bakery/orchestrator-service
|
|
newName: registry.bakewise.ai/bakery-admin/orchestrator-service
|
|
newTag: latest
|
|
- name: bakery/procurement-service
|
|
newName: registry.bakewise.ai/bakery-admin/procurement-service
|
|
newTag: latest
|
|
# =============================================================================
|
|
# Database images (cached in gitea registry for consistency)
|
|
- name: postgres
|
|
newName: registry.bakewise.ai/bakery-admin/postgres
|
|
newTag: "17-alpine"
|
|
- name: redis
|
|
newName: registry.bakewise.ai/bakery-admin/redis
|
|
newTag: "7.4-alpine"
|
|
- name: rabbitmq
|
|
newName: registry.bakewise.ai/bakery-admin/rabbitmq
|
|
newTag: "4.1-management-alpine"
|
|
# Utility images
|
|
- name: busybox
|
|
newName: registry.bakewise.ai/bakery-admin/busybox
|
|
newTag: "1.36"
|
|
- name: curlimages/curl
|
|
newName: registry.bakewise.ai/bakery-admin/curlimages_curl
|
|
newTag: latest
|
|
- name: bitnami/kubectl
|
|
newName: registry.bakewise.ai/bakery-admin/bitnami_kubectl
|
|
newTag: latest
|
|
|
|
# Alpine variants
|
|
- name: alpine
|
|
newName: registry.bakewise.ai/bakery-admin/alpine
|
|
newTag: "3.19"
|
|
- name: alpine/git
|
|
newName: registry.bakewise.ai/bakery-admin/alpine_git
|
|
newTag: 2.43.0
|
|
# CI/CD images (cached in gitea registry for consistency)
|
|
- name: gcr.io/kaniko-project/executor
|
|
newName: registry.bakewise.ai/bakery-admin/gcr.io_kaniko-project_executor
|
|
newTag: v1.23.0
|
|
- name: gcr.io/go-containerregistry/crane
|
|
newName: registry.bakewise.ai/bakery-admin/gcr.io_go-containerregistry_crane
|
|
newTag: latest
|
|
- name: registry.k8s.io/kustomize/kustomize
|
|
newName: registry.bakewise.ai/bakery-admin/registry.k8s.io_kustomize_kustomize
|
|
newTag: v5.3.0
|
|
# Storage images
|
|
- name: minio/minio
|
|
newName: registry.bakewise.ai/bakery-admin/minio_minio
|
|
newTag: RELEASE.2024-11-07T00-52-20Z
|
|
- name: minio/mc
|
|
newName: registry.bakewise.ai/bakery-admin/minio_mc
|
|
newTag: RELEASE.2024-11-17T19-35-25Z
|
|
# NOTE: nominatim image override removed - nominatim is now deployed via Helm
|
|
# Python base image
|
|
- name: python
|
|
newName: registry.bakewise.ai/bakery-admin/python
|
|
newTag: 3.11-slim
|
|
|
|
# Replica counts for single-node VPS deployment (8 CPU cores)
|
|
# Set to 1 replica per service to fit resource constraints
|
|
# Scale up when adding more nodes to the cluster
|
|
replicas:
|
|
- name: auth-service
|
|
count: 1
|
|
- name: tenant-service
|
|
count: 1
|
|
- name: training-service
|
|
count: 1
|
|
- name: forecasting-service
|
|
count: 1
|
|
- name: sales-service
|
|
count: 1
|
|
- name: external-service
|
|
count: 1
|
|
- name: notification-service
|
|
count: 1
|
|
- name: inventory-service
|
|
count: 1
|
|
- name: recipes-service
|
|
count: 1
|
|
- name: suppliers-service
|
|
count: 1
|
|
- name: pos-service
|
|
count: 1
|
|
- name: orders-service
|
|
count: 1
|
|
- name: production-service
|
|
count: 1
|
|
- name: alert-processor
|
|
count: 1
|
|
- name: procurement-service
|
|
count: 1
|
|
- name: orchestrator-service
|
|
count: 1
|
|
- name: ai-insights-service
|
|
count: 1
|
|
- name: gateway
|
|
count: 1
|
|
- name: frontend
|
|
count: 1
|