oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

cleanup: remove Helm charts and references from codebase
All checks were successful
Cross-Node Transaction Testing / transaction-test (push) Successful in 10s
Details
Deploy to Testnet / deploy-testnet (push) Successful in 1m8s
Details
Multi-Node Stress Testing / stress-test (push) Successful in 2s
Details
Node Failover Simulation / failover-test (push) Successful in 3s
Details
Deploy to Testnet / notify-deployment (push) Successful in 2s
Details

Browse Source 
- Remove infra/helm directory (20 files including charts and values)
- Remove Helm prerequisite checks from deploy.sh and production-deploy.sh
- Remove Helm deployment commands for PostgreSQL, Redis, and Prometheus
- Deployment scripts now suggest systemd services instead of Helm
- Addresses request to remove Helm support
This commit is contained in:
aitbc
2026-04-30 09:03:46 +02:00
parent 5bee7f03fb
commit 4be7719a0e
22 changed files with 22 additions and 1830 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
infra/helm/charts/blockchain-node/hpa.yaml
View File

@@ -1,64 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "aitbc-blockchain-node.fullname" . }}
labels:
{{- include "aitbc-blockchain-node.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "aitbc-blockchain-node.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
# Custom metrics for blockchain-specific scaling
- type: External
external:
metric:
name: blockchain_transaction_queue_depth
target:
type: AverageValue
averageValue: "100"
- type: External
external:
metric:
name: blockchain_pending_transactions
target:
type: AverageValue
averageValue: "500"
behavior:
scaleDown:
stabilizationWindowSeconds: 600 # Longer stabilization for blockchain
policies:
- type: Percent
value: 5
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 60
policies:
- type: Percent
value: 50
periodSeconds: 60
- type: Pods
value: 2
periodSeconds: 60
selectPolicy: Max
{{- end }}

11
infra/helm/charts/coordinator/Chart.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v2
name: aitbc-coordinator
description: AITBC Coordinator API Helm Chart
type: application
version: 0.1.0
appVersion: "0.1.0"
dependencies:
- name: postgresql
version: 12.x.x
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled

62
infra/helm/charts/coordinator/templates/_helpers.tpl
View File

@@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "aitbc-coordinator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "aitbc-coordinator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "aitbc-coordinator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "aitbc-coordinator.labels" -}}
helm.sh/chart: {{ include "aitbc-coordinator.chart" . }}
{{ include "aitbc-coordinator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "aitbc-coordinator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "aitbc-coordinator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "aitbc-coordinator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "aitbc-coordinator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

90
infra/helm/charts/coordinator/templates/deployment.yaml
View File

@@ -1,90 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "aitbc-coordinator.fullname" . }}
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "aitbc-coordinator.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "aitbc-coordinator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "aitbc-coordinator.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort }}
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: APP_ENV
value: {{ .Values.config.appEnv }}
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: {{ include "aitbc-coordinator.fullname" . }}
key: database-url
- name: ALLOW_ORIGINS
value: {{ .Values.config.allowOrigins | quote }}
{{- if .Values.config.receiptSigningKeyHex }}
- name: RECEIPT_SIGNING_KEY_HEX
valueFrom:
secretKeyRef:
name: {{ include "aitbc-coordinator.fullname" . }}
key: receipt-signing-key
{{- end }}
{{- if .Values.config.receiptAttestationKeyHex }}
- name: RECEIPT_ATTESTATION_KEY_HEX
valueFrom:
secretKeyRef:
name: {{ include "aitbc-coordinator.fullname" . }}
key: receipt-attestation-key
{{- end }}
volumeMounts:
- name: config
mountPath: /app/.env
subPath: .env
volumes:
- name: config
configMap:
name: {{ include "aitbc-coordinator.fullname" . }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

60
infra/helm/charts/coordinator/templates/hpa.yaml
View File

@@ -1,60 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "aitbc-coordinator.fullname" . }}
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "aitbc-coordinator.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.customMetrics }}
{{- range .Values.autoscaling.customMetrics }}
- type: External
external:
metric:
name: {{ .name }}
target:
type: AverageValue
averageValue: {{ .targetValue }}
{{- end }}
{{- end }}
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 10
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15
- type: Pods
value: 4
periodSeconds: 15
selectPolicy: Max
{{- end }}

70
infra/helm/charts/coordinator/templates/ingress.yaml
View File

@@ -1,70 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "aitbc-coordinator.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class")) }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else -}}
apiVersion: networking.k8s.io/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
annotations:
# Security annotations (always applied)
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.3"
nginx.ingress.kubernetes.io/ssl-ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Frame-Options: DENY";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
cert-manager.io/cluster-issuer: {{ .Values.ingress.certManager.issuer | default "letsencrypt-prod" }}
# User-provided annotations
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

73
infra/helm/charts/coordinator/templates/networkpolicy.yaml
View File

@@ -1,73 +0,0 @@
{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "aitbc-coordinator.fullname" . }}
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "aitbc-coordinator.selectorLabels" . | nindent 6 }}
policyTypes:
- Ingress
- Egress
ingress:
# Allow traffic from ingress controller
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
- podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- protocol: TCP
port: http
# Allow traffic from monitoring
- from:
- namespaceSelector:
matchLabels:
name: monitoring
- podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- protocol: TCP
port: http
# Allow traffic from wallet-daemon
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: wallet-daemon
ports:
- protocol: TCP
port: http
# Allow traffic from same namespace for internal communication
- from:
- podSelector: {}
ports:
- protocol: TCP
port: http
egress:
# Allow DNS resolution
- to: []
ports:
- protocol: UDP
port: 53
# Allow PostgreSQL access
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: postgresql
ports:
- protocol: TCP
port: 5432
# Allow external API calls (if needed)
- to: []
ports:
- protocol: TCP
port: 443
- protocol: TCP
port: 80
{{- end }}

59
infra/helm/charts/coordinator/templates/podsecuritypolicy.yaml
View File

@@ -1,59 +0,0 @@
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "aitbc-coordinator.fullname" . }}
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
readOnlyRootFilesystem: false
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "aitbc-coordinator.fullname" }}-psp
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ include "aitbc-coordinator.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "aitbc-coordinator.fullname" }}-psp
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
roleRef:
kind: Role
name: {{ include "aitbc-coordinator.fullname" }}-psp
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "aitbc-coordinator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

21
infra/helm/charts/coordinator/templates/service.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "aitbc-coordinator.fullname" . }}
labels:
{{- include "aitbc-coordinator.labels" . | nindent 4 }}
{{- if .Values.monitoring.enabled }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.service.port }}"
prometheus.io/path: "{{ .Values.monitoring.serviceMonitor.path }}"
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: http
selector:
{{- include "aitbc-coordinator.selectorLabels" . | nindent 4 }}

163
infra/helm/charts/coordinator/values.yaml
View File

@@ -1,163 +0,0 @@
# Default values for aitbc-coordinator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: aitbc/coordinator-api
pullPolicy: IfNotPresent
tag: "0.1.0"
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
capabilities:
drop:
- ALL
service:
type: ClusterIP
port: 8011
targetPort: 8011
ingress:
enabled: false
className: nginx
annotations: {}
# cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: coordinator.local
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: coordinator-tls
# hosts:
# - coordinator.local
# Pod Security Policy
podSecurityPolicy:
enabled: true
# Network policies
networkPolicy:
enabled: true
security:
auth:
enabled: true
requireApiKey: true
apiKeyHeader: "X-API-Key"
tls:
version: "TLSv1.3"
ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
headers:
frameOptions: "DENY"
contentTypeOptions: "nosniff"
xssProtection: "1; mode=block"
referrerPolicy: "strict-origin-when-cross-origin"
hsts:
enabled: true
maxAge: 31536000
includeSubDomains: true
preload: true
rateLimit:
enabled: true
requestsPerMinute: 60
burst: 10
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
# Configuration
config:
appEnv: production
databaseUrl: secretRef:db-credentials:url
receiptSigningKeyHex: secretRef:security-keys:receipt-signing
receiptAttestationKeyHex: secretRef:security-keys:receipt-attestation
allowOrigins: "*"
# PostgreSQL sub-chart configuration
postgresql:
enabled: true
auth:
postgresPassword: secretRef:db-credentials:password
username: aitbc
database: aitbc
existingSecret: db-credentials
primary:
persistence:
enabled: true
size: 20Gi
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
# Monitoring
monitoring:
enabled: true
serviceMonitor:
enabled: true
interval: 30s
path: /metrics
port: http
# Health checks
livenessProbe:
httpGet:
path: /v1/health
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /v1/health
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3

19
infra/helm/charts/monitoring/Chart.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v2
name: aitbc-monitoring
description: AITBC Monitoring Stack (Prometheus, Grafana, AlertManager)
type: application
version: 0.1.0
appVersion: "0.1.0"
dependencies:
- name: prometheus
version: 23.1.0
repository: https://prometheus-community.github.io/helm-charts
condition: prometheus.enabled
- name: grafana
version: 6.58.9
repository: https://grafana.github.io/helm-charts
condition: grafana.enabled
- name: alertmanager
version: 1.6.1
repository: https://prometheus-community.github.io/helm-charts
condition: alertmanager.enabled

13
infra/helm/charts/monitoring/templates/dashboards.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "aitbc-monitoring.fullname" . }}-dashboards
labels:
{{- include "aitbc-monitoring.labels" . | nindent 4 }}
annotations:
grafana.io/dashboard: "1"
data:
blockchain-node-overview.json: |
{{ .Files.Get "dashboards/blockchain-node-overview.json" | indent 4 }}
coordinator-overview.json: |
{{ .Files.Get "dashboards/coordinator-overview.json" | indent 4 }}

124
infra/helm/charts/monitoring/values.yaml
View File

@@ -1,124 +0,0 @@
# Default values for aitbc-monitoring.
# Prometheus configuration
prometheus:
enabled: true
server:
enabled: true
global:
scrape_interval: 15s
evaluation_interval: 15s
retention: 30d
persistentVolume:
enabled: true
size: 100Gi
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
service:
type: ClusterIP
port: 9090
serviceMonitors:
enabled: true
selector:
release: monitoring
alertmanager:
enabled: false
config:
global:
resolve_timeout: 5m
route:
group_by: ['alertname']
group_wait: 10s
group_interval: 10s
repeat_interval: 1h
receiver: 'web.hook'
receivers:
- name: 'web.hook'
webhook_configs:
- url: 'http://127.0.0.1:5001/'
# Grafana configuration
grafana:
enabled: true
adminPassword: admin
persistence:
enabled: true
size: 20Gi
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
service:
type: ClusterIP
port: 3000
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://prometheus-server:9090
access: proxy
isDefault: true
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
# Service monitors for AITBC services
serviceMonitors:
coordinator:
enabled: true
interval: 30s
path: /metrics
port: http
blockchainNode:
enabled: true
interval: 30s
path: /metrics
port: http
walletDaemon:
enabled: true
interval: 30s
path: /metrics
port: http
# Alert rules
alertRules:
enabled: true
groups:
- name: aitbc.rules
rules:
- alert: HighErrorRate
expr: rate(marketplace_errors_total[5m]) / rate(marketplace_requests_total[5m]) > 0.1
for: 5m
labels:
severity: warning
annotations:
summary: "High error rate detected"
description: "Error rate is above 10% for 5 minutes"
- alert: CoordinatorDown
expr: up{job="coordinator"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Coordinator is down"
description: "Coordinator API has been down for more than 1 minute"

77
infra/helm/values/dev.yaml
View File

@@ -1,77 +0,0 @@
# Development environment values
global:
environment: dev
coordinator:
replicaCount: 1
image:
tag: "dev-latest"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
config:
appEnv: development
allowOrigins: "*"
postgresql:
auth:
postgresPassword: "dev-password"
primary:
persistence:
size: 10Gi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
monitoring:
prometheus:
server:
retention: 7d
persistentVolume:
size: 20Gi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
grafana:
adminPassword: "dev-admin"
persistence:
size: 5Gi
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 125m
memory: 256Mi
# Additional services
blockchainNode:
replicaCount: 1
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
walletDaemon:
replicaCount: 1
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 125m
memory: 128Mi

148
infra/helm/values/dev/values.yaml
View File

@@ -1,148 +0,0 @@
# Development environment Helm values
global:
environment: dev
domain: dev.aitbc.local
imageTag: latest
imagePullPolicy: Always
# Coordinator API
coordinator:
enabled: true
replicas: 1
image:
repository: aitbc/coordinator-api
tag: latest
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
service:
type: ClusterIP
port: 8001
env:
LOG_LEVEL: debug
DATABASE_URL: secretRef:db-credentials:url
autoscaling:
enabled: false
# Explorer Web
explorer:
enabled: true
replicas: 1
image:
repository: aitbc/explorer-web
tag: latest
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
service:
type: ClusterIP
port: 3000
# Marketplace Web
marketplace:
enabled: true
replicas: 1
image:
repository: aitbc/marketplace-web
tag: latest
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
service:
type: ClusterIP
port: 3001
# Wallet Daemon
wallet:
enabled: true
replicas: 1
image:
repository: aitbc/wallet-daemon
tag: latest
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
service:
type: ClusterIP
port: 8002
# PostgreSQL (dev uses in-cluster)
postgresql:
enabled: true
auth:
username: aitbc
password: secretRef:db-credentials:password
database: coordinator
existingSecret: db-credentials
primary:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
persistence:
size: 5Gi
# Redis (for caching)
redis:
enabled: true
auth:
enabled: false
master:
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
# Ingress
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
hosts:
- host: dev.aitbc.local
paths:
- path: /api
service: coordinator
port: 8001
- path: /explorer
service: explorer
port: 3000
- path: /marketplace
service: marketplace
port: 3001
- path: /wallet
service: wallet
port: 8002
# Monitoring (disabled in dev)
monitoring:
enabled: false
# Logging
logging:
enabled: true
level: debug

140
infra/helm/values/prod.yaml
View File

@@ -1,140 +0,0 @@
# Production environment values
global:
environment: production
coordinator:
replicaCount: 3
image:
tag: "v0.1.0"
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 20
targetCPUUtilizationPercentage: 75
targetMemoryUtilizationPercentage: 80
config:
appEnv: production
allowOrigins: "https://app.aitbc.io"
postgresql:
auth:
existingSecret: "coordinator-db-secret"
primary:
persistence:
size: 200Gi
storageClass: fast-ssd
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
readReplicas:
replicaCount: 2
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
monitoring:
prometheus:
server:
retention: 90d
persistentVolume:
size: 500Gi
storageClass: fast-ssd
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
grafana:
adminPassword: "prod-admin-secure-2024"
persistence:
size: 50Gi
storageClass: fast-ssd
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
ingress:
enabled: true
hosts:
- grafana.aitbc.io
# Additional services
blockchainNode:
replicaCount: 5
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
minReplicas: 5
maxReplicas: 50
targetCPUUtilizationPercentage: 70
walletDaemon:
replicaCount: 3
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
targetCPUUtilizationPercentage: 75
# Ingress configuration
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/rate-limit: "100"
nginx.ingress.kubernetes.io/rate-limit-window: "1m"
hosts:
- host: api.aitbc.io
paths:
- path: /
pathType: Prefix
tls:
- secretName: prod-tls
hosts:
- api.aitbc.io
# Security
podSecurityPolicy:
enabled: true
networkPolicy:
enabled: true
# Backup configuration
backup:
enabled: true
schedule: "0 2 * * *"
retention: "30d"

44
infra/helm/values/prod.yaml.example
View File

@@ -1,44 +0,0 @@
# AITBC Production Helm Values
# Copy to prod.yaml and adjust for your cluster
replicaCount: 1
coordinator:
image: aitbc/coordinator-api:latest
port: 8000
env:
APP_ENV: production
DATABASE_URL: postgresql://aitbc:YOUR_DB_PASSWORD@postgres:5432/aitbc
HMAC_SECRET: YOUR_HMAC_SECRET
ALLOW_ORIGINS: '["https://YOUR_DOMAIN"]'
blockchain:
image: aitbc/blockchain-node:latest
rpcPort: 9080
p2pPort: 9090
env:
NETWORK: mainnet
CONSENSUS_MODE: BALANCED
ingress:
enabled: true
host: YOUR_DOMAIN
tls:
enabled: true
secretName: aitbc-tls
resources:
coordinator:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
blockchain:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 4Gi

259
infra/helm/values/prod/values.yaml
View File

@@ -1,259 +0,0 @@
# Production environment Helm values
global:
environment: prod
domain: aitbc.bubuit.net
imageTag: stable
imagePullPolicy: IfNotPresent
# Coordinator API
coordinator:
enabled: true
replicas: 3
image:
repository: aitbc/coordinator-api
tag: stable
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 2Gi
service:
type: ClusterIP
port: 8001
env:
LOG_LEVEL: warn
DATABASE_URL: secretRef:db-credentials
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
targetCPUUtilization: 60
targetMemoryUtilization: 70
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
# Explorer Web
explorer:
enabled: true
replicas: 3
image:
repository: aitbc/explorer-web
tag: stable
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
service:
type: ClusterIP
port: 3000
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 8
# Marketplace Web
marketplace:
enabled: true
replicas: 3
image:
repository: aitbc/marketplace-web
tag: stable
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
service:
type: ClusterIP
port: 3001
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 8
# Wallet Daemon
wallet:
enabled: true
replicas: 2
image:
repository: aitbc/wallet-daemon
tag: stable
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2000m
memory: 2Gi
service:
type: ClusterIP
port: 8002
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 6
# Trade Exchange
exchange:
enabled: true
replicas: 2
image:
repository: aitbc/trade-exchange
tag: stable
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
service:
type: ClusterIP
port: 8085
# PostgreSQL (prod uses RDS Multi-AZ)
postgresql:
enabled: false
external:
host: secretRef:db-credentials:host
port: 5432
database: coordinator
sslMode: require
# Redis (prod uses ElastiCache)
redis:
enabled: false
external:
host: secretRef:redis-credentials:host
port: 6379
auth: true
# Ingress
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: 10m
nginx.ingress.kubernetes.io/rate-limit: "100"
nginx.ingress.kubernetes.io/rate-limit-window: 1m
cert-manager.io/cluster-issuer: letsencrypt-prod
tls:
- secretName: prod-tls
hosts:
- aitbc.bubuit.net
hosts:
- host: aitbc.bubuit.net
paths:
- path: /api
service: coordinator
port: 8001
- path: /explorer
service: explorer
port: 3000
- path: /marketplace
service: marketplace
port: 3001
- path: /wallet
service: wallet
port: 8002
- path: /Exchange
service: exchange
port: 8085
# Monitoring
monitoring:
enabled: true
prometheus:
enabled: true
retention: 30d
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 2000m
memory: 4Gi
grafana:
enabled: true
persistence:
enabled: true
size: 10Gi
alertmanager:
enabled: true
config:
receivers:
- name: slack
slack_configs:
- channel: '#aitbc-alerts'
send_resolved: true
# Logging
logging:
enabled: true
level: warn
elasticsearch:
enabled: true
retention: 30d
replicas: 3
# Pod Disruption Budgets
podDisruptionBudget:
coordinator:
minAvailable: 2
explorer:
minAvailable: 2
marketplace:
minAvailable: 2
wallet:
minAvailable: 1
# Network Policies
networkPolicy:
enabled: true
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
egress:
- to:
- namespaceSelector:
matchLabels:
name: kube-system
ports:
- port: 53
protocol: UDP
# Security
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
readOnlyRootFilesystem: true
# Affinity - spread across zones
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: coordinator
topologyKey: topology.kubernetes.io/zone
# Priority Classes
priorityClassName: high-priority

98
infra/helm/values/staging.yaml
View File

@@ -1,98 +0,0 @@
# Staging environment values
global:
environment: staging
coordinator:
replicaCount: 2
image:
tag: "staging-latest"
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 5
targetCPUUtilizationPercentage: 70
config:
appEnv: staging
allowOrigins: "https://staging.aitbc.io"
postgresql:
auth:
postgresPassword: "staging-password"
primary:
persistence:
size: 50Gi
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
monitoring:
prometheus:
server:
retention: 30d
persistentVolume:
size: 100Gi
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
grafana:
adminPassword: "staging-admin-2024"
persistence:
size: 10Gi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
# Additional services
blockchainNode:
replicaCount: 2
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
walletDaemon:
replicaCount: 2
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
# Ingress configuration
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: api.staging.aitbc.io
paths:
- path: /
pathType: Prefix
tls:
- secretName: staging-tls
hosts:
- api.staging.aitbc.io

168
infra/helm/values/staging/values.yaml
View File

@@ -1,168 +0,0 @@
# Staging environment Helm values
global:
environment: staging
domain: staging.aitbc.bubuit.net
imageTag: staging
imagePullPolicy: Always
# Coordinator API
coordinator:
enabled: true
replicas: 2
image:
repository: aitbc/coordinator-api
tag: staging
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
service:
type: ClusterIP
port: 8001
env:
LOG_LEVEL: info
DATABASE_URL: secretRef:db-credentials
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 4
targetCPUUtilization: 70
# Explorer Web
explorer:
enabled: true
replicas: 2
image:
repository: aitbc/explorer-web
tag: staging
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
service:
type: ClusterIP
port: 3000
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 4
# Marketplace Web
marketplace:
enabled: true
replicas: 2
image:
repository: aitbc/marketplace-web
tag: staging
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
service:
type: ClusterIP
port: 3001
# Wallet Daemon
wallet:
enabled: true
replicas: 2
image:
repository: aitbc/wallet-daemon
tag: staging
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
service:
type: ClusterIP
port: 8002
# PostgreSQL (staging uses RDS)
postgresql:
enabled: false
# Uses external RDS instance
external:
host: secretRef:db-credentials:host
port: 5432
database: coordinator
# Redis
redis:
enabled: true
auth:
enabled: true
password: secretRef:redis-password
master:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
persistence:
size: 5Gi
# Ingress
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt-staging
tls:
- secretName: staging-tls
hosts:
- staging.aitbc.bubuit.net
hosts:
- host: staging.aitbc.bubuit.net
paths:
- path: /api
service: coordinator
port: 8001
- path: /explorer
service: explorer
port: 3000
- path: /marketplace
service: marketplace
port: 3001
- path: /wallet
service: wallet
port: 8002
# Monitoring
monitoring:
enabled: true
prometheus:
enabled: true
retention: 7d
grafana:
enabled: true
# Logging
logging:
enabled: true
level: info
elasticsearch:
enabled: true
retention: 14d
# Pod Disruption Budgets
podDisruptionBudget:
coordinator:
minAvailable: 1
explorer:
minAvailable: 1

29
scripts/deployment/deploy.sh
View File

@@ -42,12 +42,11 @@ check_prerequisites() {
# Check if required tools are installed
command -v kubectl >/dev/null 2>&1 || error "kubectl is not installed"
command -v helm >/dev/null 2>&1 || error "Helm is not installed"
# Check if kubectl can connect to cluster
kubectl cluster-info >/dev/null 2>&1 || error "Cannot connect to Kubernetes cluster"
success "Prerequisites check passed (Docker not required)"
success "Prerequisites check passed (Docker/Helm not required)"
}
# Build images (skipped - no Docker support)
@@ -96,26 +95,14 @@ deploy_kubernetes() {
kubectl apply -f k8s/configmaps/ -n ${NAMESPACE} || error "Failed to apply configmaps"
# Deploy database
log "Deploying database..."
helm repo add bitnami https://charts.bitnami.com/bitnami
helm upgrade --install postgres bitnami/postgresql \
--namespace ${NAMESPACE} \
--set auth.postgresPassword=${POSTGRES_PASSWORD} \
--set auth.database=aitbc \
--set primary.persistence.size=20Gi \
--set primary.resources.requests.memory=2Gi \
--set primary.resources.requests.cpu=1000m \
--wait || error "Failed to deploy database"
log "Skipping Helm-based database deployment - Helm not supported"
log "Database should be deployed via systemd services or external PostgreSQL"
log "Use: sudo apt-get install postgresql for local deployment"
# Deploy Redis
log "Deploying Redis..."
helm upgrade --install redis bitnami/redis \
--namespace ${NAMESPACE} \
--set auth.password=${REDIS_PASSWORD} \
--set master.persistence.size=8Gi \
--set master.resources.requests.memory=512Mi \
--set master.resources.requests.cpu=500m \
--wait || error "Failed to deploy Redis"
log "Skipping Helm-based Redis deployment - Helm not supported"
log "Redis should be deployed via systemd service or external Redis"
log "Use: sudo apt-get install redis-server for local deployment"
# Deploy core services
log "Deploying core services..."

60
scripts/deployment/production-deploy.sh
View File

@@ -92,37 +92,16 @@ build_production_images() {
# Deploy database
deploy_database() {
log "Deploying database..."
# Deploy PostgreSQL
helm upgrade --install postgres bitnami/postgresql \
--namespace $NAMESPACE \
--set auth.postgresPassword=$POSTGRES_PASSWORD \
--set auth.database=aitbc_prod \
--set primary.persistence.size=100Gi \
--set primary.resources.requests.memory=8Gi \
--set primary.resources.requests.cpu=2000m \
--set primary.resources.limits.memory=16Gi \
--set primary.resources.limits.cpu=4000m \
--set readReplicas.replicaCount=1 \
--set readReplicas.persistence.size=50Gi \
--wait \
--timeout 10m || error "Failed to deploy PostgreSQL"
log "Skipping Helm-based database deployment - Helm not supported"
log "Database should be deployed via systemd services or external PostgreSQL"
log "Use: sudo apt-get install postgresql for local deployment"
# Deploy Redis
helm upgrade --install redis bitnami/redis \
--namespace $NAMESPACE \
--set auth.password=$REDIS_PASSWORD \
--set master.persistence.size=20Gi \
--set master.resources.requests.memory=2Gi \
--set master.resources.requests.cpu=1000m \
--set master.resources.limits.memory=4Gi \
--set master.resources.limits.cpu=2000m \
--set replica.replicaCount=2 \
--wait \
--timeout 5m || error "Failed to deploy Redis"
success "Database deployed successfully"
log "Skipping Helm-based Redis deployment - Helm not supported"
log "Redis should be deployed via systemd service or external Redis"
log "Use: sudo apt-get install redis-server for local deployment"
success "Database deployment skipped (use systemd or external services)"
}
# Deploy core services
@@ -397,22 +376,12 @@ EOF
# Deploy monitoring
deploy_monitoring() {
log "Deploying monitoring stack..."
# Deploy Prometheus
helm upgrade --install prometheus prometheus-community/kube-prometheus-stack \
--namespace $NAMESPACE \
--create-namespace \
--set prometheus.prometheus.spec.retention=30d \
--set prometheus.prometheus.spec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage=50Gi \
--set grafana.adminPassword=$GRAFANA_PASSWORD \
--set grafana.persistence.size=10Gi \
--set defaultRules.create=true \
--wait \
--timeout 10m || error "Failed to deploy monitoring"
log "Skipping Helm-based monitoring deployment - Helm not supported"
log "Monitoring should be deployed via systemd services or external monitoring"
log "Use: sudo apt-get install prometheus-node-exporter for local monitoring"
# Import Grafana dashboards
log "Importing Grafana dashboards..."
log "Skipping Grafana dashboard import - requires Helm deployment"
# Create dashboard configmaps
kubectl create configmap grafana-dashboards \
@@ -508,7 +477,6 @@ main() {
# Check prerequisites
command -v kubectl >/dev/null 2>&1 || error "kubectl is not installed"
command -v helm >/dev/null 2>&1 || error "Helm is not installed"
kubectl cluster-info >/dev/null 2>&1 || error "Cannot connect to Kubernetes cluster"
# Run deployment steps