119 lines
3.4 KiB
Markdown
119 lines
3.4 KiB
Markdown
# Bakery-IA Namespace Management
|
|
|
|
## Overview
|
|
|
|
This document explains the namespace strategy for the Bakery-IA platform and how to properly manage namespaces during deployment.
|
|
|
|
## Namespace Architecture
|
|
|
|
The Bakery-IA platform uses the following namespaces:
|
|
|
|
### Core Namespaces
|
|
|
|
1. **`bakery-ia`** - Main application namespace
|
|
- Contains all microservices, databases, and application components
|
|
- Defined in: `infrastructure/namespaces/bakery-ia.yaml`
|
|
|
|
2. **`tekton-pipelines`** - CI/CD pipeline namespace
|
|
- Contains Tekton pipeline resources, tasks, and triggers
|
|
- Defined in: `infrastructure/namespaces/tekton-pipelines.yaml`
|
|
|
|
3. **`flux-system`** - GitOps namespace
|
|
- Contains Flux CD components for GitOps deployments
|
|
- Now defined in Helm chart: `infrastructure/cicd/flux/templates/namespace.yaml`
|
|
|
|
### Infrastructure Namespaces
|
|
|
|
Additional namespaces may be created for:
|
|
- Monitoring components
|
|
- Logging components
|
|
- Security components
|
|
|
|
## Deployment Order
|
|
|
|
**CRITICAL**: Namespaces must be created BEFORE any resources that depend on them.
|
|
|
|
### Correct Deployment Sequence
|
|
|
|
```bash
|
|
# 1. Create namespaces first
|
|
kubectl apply -f infrastructure/namespaces/
|
|
|
|
# 2. Apply common configurations (depends on bakery-ia namespace)
|
|
kubectl apply -f infrastructure/environments/common/configs/
|
|
|
|
# 3. Apply platform components
|
|
kubectl apply -f infrastructure/platform/
|
|
|
|
# 4. Apply CI/CD components (depends on tekton-pipelines)
|
|
kubectl apply -f infrastructure/cicd/
|
|
|
|
# 5. Apply monitoring components
|
|
kubectl apply -f infrastructure/monitoring/
|
|
```
|
|
|
|
## Common Issues and Solutions
|
|
|
|
### Issue: "namespace not found" errors
|
|
|
|
**Symptoms**: Errors like:
|
|
```
|
|
Error from server (NotFound): error when creating "path/to/resource.yaml": namespaces "[namespace-name]" not found
|
|
```
|
|
|
|
**Solutions**:
|
|
|
|
1. **Ensure namespaces are created first** - Use the deployment script that applies namespaces before other resources
|
|
|
|
2. **Check for templating issues** - If you see names like `[redacted secret rabbitmq-secrets:RABBITMQ_USER]-ia`, there may be environment variable substitution happening incorrectly
|
|
|
|
3. **Verify namespace YAML files** - Ensure the namespace files exist and are properly formatted
|
|
|
|
### Issue: Resource conflicts across namespaces
|
|
|
|
**Solution**: Use proper namespace isolation and RBAC policies to prevent cross-namespace conflicts.
|
|
|
|
## Best Practices
|
|
|
|
1. **Namespace Isolation**: Keep resources properly isolated by namespace
|
|
2. **RBAC**: Use namespace-specific RBAC roles and bindings
|
|
3. **Resource Quotas**: Apply resource quotas per namespace
|
|
4. **Network Policies**: Use network policies to control cross-namespace communication
|
|
|
|
## Troubleshooting
|
|
|
|
### Verify namespaces exist
|
|
|
|
```bash
|
|
kubectl get namespaces
|
|
```
|
|
|
|
### Check namespace labels
|
|
|
|
```bash
|
|
kubectl get namespace bakery-ia --show-labels
|
|
```
|
|
|
|
### View namespace events
|
|
|
|
```bash
|
|
kubectl describe namespace bakery-ia
|
|
```
|
|
|
|
## Migration from Old Structure
|
|
|
|
If you're migrating from the old structure where namespaces were scattered across different directories:
|
|
|
|
1. **Remove old namespace files** from:
|
|
- `infrastructure/environments/common/configs/namespace.yaml`
|
|
- `infrastructure/cicd/flux/namespace.yaml`
|
|
|
|
2. **Update kustomization files** to reference the centralized namespace files
|
|
|
|
3. **Use the new deployment script** that follows the correct order
|
|
|
|
## Future Enhancements
|
|
|
|
- Add namespace lifecycle management
|
|
- Implement namespace cleanup scripts
|
|
- Add namespace validation checks to CI/CD pipelines |