From 4be7719a0e5510d8578d0004eda6d0bd9acfcd10 Mon Sep 17 00:00:00 2001 From: aitbc Date: Thu, 30 Apr 2026 09:03:46 +0200 Subject: [PATCH] cleanup: remove Helm charts and references from codebase - Remove infra/helm directory (20 files including charts and values) - Remove Helm prerequisite checks from deploy.sh and production-deploy.sh - Remove Helm deployment commands for PostgreSQL, Redis, and Prometheus - Deployment scripts now suggest systemd services instead of Helm - Addresses request to remove Helm support --- infra/helm/charts/blockchain-node/hpa.yaml | 64 ----- infra/helm/charts/coordinator/Chart.yaml | 11 - .../charts/coordinator/templates/_helpers.tpl | 62 ----- .../coordinator/templates/deployment.yaml | 90 ------ .../charts/coordinator/templates/hpa.yaml | 60 ---- .../charts/coordinator/templates/ingress.yaml | 70 ----- .../coordinator/templates/networkpolicy.yaml | 73 ----- .../templates/podsecuritypolicy.yaml | 59 ---- .../charts/coordinator/templates/service.yaml | 21 -- infra/helm/charts/coordinator/values.yaml | 163 ----------- infra/helm/charts/monitoring/Chart.yaml | 19 -- .../monitoring/templates/dashboards.yaml | 13 - infra/helm/charts/monitoring/values.yaml | 124 --------- infra/helm/values/dev.yaml | 77 ------ infra/helm/values/dev/values.yaml | 148 ---------- infra/helm/values/prod.yaml | 140 ---------- infra/helm/values/prod.yaml.example | 44 --- infra/helm/values/prod/values.yaml | 259 ------------------ infra/helm/values/staging.yaml | 98 ------- infra/helm/values/staging/values.yaml | 168 ------------ scripts/deployment/deploy.sh | 29 +- scripts/deployment/production-deploy.sh | 60 +--- 22 files changed, 22 insertions(+), 1830 deletions(-) delete mode 100644 infra/helm/charts/blockchain-node/hpa.yaml delete mode 100644 infra/helm/charts/coordinator/Chart.yaml delete mode 100644 infra/helm/charts/coordinator/templates/_helpers.tpl delete mode 100644 infra/helm/charts/coordinator/templates/deployment.yaml delete mode 100644 infra/helm/charts/coordinator/templates/hpa.yaml delete mode 100644 infra/helm/charts/coordinator/templates/ingress.yaml delete mode 100644 infra/helm/charts/coordinator/templates/networkpolicy.yaml delete mode 100644 infra/helm/charts/coordinator/templates/podsecuritypolicy.yaml delete mode 100644 infra/helm/charts/coordinator/templates/service.yaml delete mode 100644 infra/helm/charts/coordinator/values.yaml delete mode 100644 infra/helm/charts/monitoring/Chart.yaml delete mode 100644 infra/helm/charts/monitoring/templates/dashboards.yaml delete mode 100644 infra/helm/charts/monitoring/values.yaml delete mode 100644 infra/helm/values/dev.yaml delete mode 100644 infra/helm/values/dev/values.yaml delete mode 100644 infra/helm/values/prod.yaml delete mode 100644 infra/helm/values/prod.yaml.example delete mode 100644 infra/helm/values/prod/values.yaml delete mode 100644 infra/helm/values/staging.yaml delete mode 100644 infra/helm/values/staging/values.yaml diff --git a/infra/helm/charts/blockchain-node/hpa.yaml b/infra/helm/charts/blockchain-node/hpa.yaml deleted file mode 100644 index 6b9419e5..00000000 --- a/infra/helm/charts/blockchain-node/hpa.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "aitbc-blockchain-node.fullname" . }} - labels: - {{- include "aitbc-blockchain-node.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "aitbc-blockchain-node.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} - # Custom metrics for blockchain-specific scaling - - type: External - external: - metric: - name: blockchain_transaction_queue_depth - target: - type: AverageValue - averageValue: "100" - - type: External - external: - metric: - name: blockchain_pending_transactions - target: - type: AverageValue - averageValue: "500" - behavior: - scaleDown: - stabilizationWindowSeconds: 600 # Longer stabilization for blockchain - policies: - - type: Percent - value: 5 - periodSeconds: 60 - scaleUp: - stabilizationWindowSeconds: 60 - policies: - - type: Percent - value: 50 - periodSeconds: 60 - - type: Pods - value: 2 - periodSeconds: 60 - selectPolicy: Max -{{- end }} diff --git a/infra/helm/charts/coordinator/Chart.yaml b/infra/helm/charts/coordinator/Chart.yaml deleted file mode 100644 index b009384b..00000000 --- a/infra/helm/charts/coordinator/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: aitbc-coordinator -description: AITBC Coordinator API Helm Chart -type: application -version: 0.1.0 -appVersion: "0.1.0" -dependencies: - - name: postgresql - version: 12.x.x - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled diff --git a/infra/helm/charts/coordinator/templates/_helpers.tpl b/infra/helm/charts/coordinator/templates/_helpers.tpl deleted file mode 100644 index d13588ae..00000000 --- a/infra/helm/charts/coordinator/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "aitbc-coordinator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "aitbc-coordinator.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "aitbc-coordinator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "aitbc-coordinator.labels" -}} -helm.sh/chart: {{ include "aitbc-coordinator.chart" . }} -{{ include "aitbc-coordinator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "aitbc-coordinator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "aitbc-coordinator.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "aitbc-coordinator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "aitbc-coordinator.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/infra/helm/charts/coordinator/templates/deployment.yaml b/infra/helm/charts/coordinator/templates/deployment.yaml deleted file mode 100644 index 89bf5ae7..00000000 --- a/infra/helm/charts/coordinator/templates/deployment.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "aitbc-coordinator.fullname" . }} - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "aitbc-coordinator.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "aitbc-coordinator.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "aitbc-coordinator.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - env: - - name: APP_ENV - value: {{ .Values.config.appEnv }} - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: {{ include "aitbc-coordinator.fullname" . }} - key: database-url - - name: ALLOW_ORIGINS - value: {{ .Values.config.allowOrigins | quote }} - {{- if .Values.config.receiptSigningKeyHex }} - - name: RECEIPT_SIGNING_KEY_HEX - valueFrom: - secretKeyRef: - name: {{ include "aitbc-coordinator.fullname" . }} - key: receipt-signing-key - {{- end }} - {{- if .Values.config.receiptAttestationKeyHex }} - - name: RECEIPT_ATTESTATION_KEY_HEX - valueFrom: - secretKeyRef: - name: {{ include "aitbc-coordinator.fullname" . }} - key: receipt-attestation-key - {{- end }} - volumeMounts: - - name: config - mountPath: /app/.env - subPath: .env - volumes: - - name: config - configMap: - name: {{ include "aitbc-coordinator.fullname" . }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/infra/helm/charts/coordinator/templates/hpa.yaml b/infra/helm/charts/coordinator/templates/hpa.yaml deleted file mode 100644 index 6487444d..00000000 --- a/infra/helm/charts/coordinator/templates/hpa.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "aitbc-coordinator.fullname" . }} - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "aitbc-coordinator.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.customMetrics }} - {{- range .Values.autoscaling.customMetrics }} - - type: External - external: - metric: - name: {{ .name }} - target: - type: AverageValue - averageValue: {{ .targetValue }} - {{- end }} - {{- end }} - behavior: - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Percent - value: 10 - periodSeconds: 60 - scaleUp: - stabilizationWindowSeconds: 0 - policies: - - type: Percent - value: 100 - periodSeconds: 15 - - type: Pods - value: 4 - periodSeconds: 15 - selectPolicy: Max -{{- end }} diff --git a/infra/helm/charts/coordinator/templates/ingress.yaml b/infra/helm/charts/coordinator/templates/ingress.yaml deleted file mode 100644 index ba95830a..00000000 --- a/infra/helm/charts/coordinator/templates/ingress.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "aitbc-coordinator.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class")) }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else -}} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} - annotations: - # Security annotations (always applied) - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.3" - nginx.ingress.kubernetes.io/ssl-ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Frame-Options: DENY"; - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "X-XSS-Protection: 1; mode=block"; - more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; - more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"; - more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload"; - cert-manager.io/cluster-issuer: {{ .Values.ingress.certManager.issuer | default "letsencrypt-prod" }} - # User-provided annotations - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/infra/helm/charts/coordinator/templates/networkpolicy.yaml b/infra/helm/charts/coordinator/templates/networkpolicy.yaml deleted file mode 100644 index 561d2389..00000000 --- a/infra/helm/charts/coordinator/templates/networkpolicy.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "aitbc-coordinator.fullname" . }} - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "aitbc-coordinator.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - - Egress - ingress: - # Allow traffic from ingress controller - - from: - - namespaceSelector: - matchLabels: - name: ingress-nginx - - podSelector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - ports: - - protocol: TCP - port: http - # Allow traffic from monitoring - - from: - - namespaceSelector: - matchLabels: - name: monitoring - - podSelector: - matchLabels: - app.kubernetes.io/name: prometheus - ports: - - protocol: TCP - port: http - # Allow traffic from wallet-daemon - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: wallet-daemon - ports: - - protocol: TCP - port: http - # Allow traffic from same namespace for internal communication - - from: - - podSelector: {} - ports: - - protocol: TCP - port: http - egress: - # Allow DNS resolution - - to: [] - ports: - - protocol: UDP - port: 53 - # Allow PostgreSQL access - - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: postgresql - ports: - - protocol: TCP - port: 5432 - # Allow external API calls (if needed) - - to: [] - ports: - - protocol: TCP - port: 443 - - protocol: TCP - port: 80 -{{- end }} diff --git a/infra/helm/charts/coordinator/templates/podsecuritypolicy.yaml b/infra/helm/charts/coordinator/templates/podsecuritypolicy.yaml deleted file mode 100644 index b0119fe6..00000000 --- a/infra/helm/charts/coordinator/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "aitbc-coordinator.fullname" . }} - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' - readOnlyRootFilesystem: false - securityContext: - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 1000 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "aitbc-coordinator.fullname" }}-psp - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "aitbc-coordinator.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "aitbc-coordinator.fullname" }}-psp - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} -roleRef: - kind: Role - name: {{ include "aitbc-coordinator.fullname" }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: -- kind: ServiceAccount - name: {{ include "aitbc-coordinator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/infra/helm/charts/coordinator/templates/service.yaml b/infra/helm/charts/coordinator/templates/service.yaml deleted file mode 100644 index bdb3615c..00000000 --- a/infra/helm/charts/coordinator/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "aitbc-coordinator.fullname" . }} - labels: - {{- include "aitbc-coordinator.labels" . | nindent 4 }} - {{- if .Values.monitoring.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.service.port }}" - prometheus.io/path: "{{ .Values.monitoring.serviceMonitor.path }}" - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: http - selector: - {{- include "aitbc-coordinator.selectorLabels" . | nindent 4 }} diff --git a/infra/helm/charts/coordinator/values.yaml b/infra/helm/charts/coordinator/values.yaml deleted file mode 100644 index af3e52f4..00000000 --- a/infra/helm/charts/coordinator/values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -# Default values for aitbc-coordinator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: aitbc/coordinator-api - pullPolicy: IfNotPresent - tag: "0.1.0" - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: - fsGroup: 1000 - -securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 1000 - capabilities: - drop: - - ALL - -service: - type: ClusterIP - port: 8011 - targetPort: 8011 - -ingress: - enabled: false - className: nginx - annotations: {} - # cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: coordinator.local - paths: - - path: / - pathType: Prefix - tls: [] - # - secretName: coordinator-tls - # hosts: - # - coordinator.local - -# Pod Security Policy -podSecurityPolicy: - enabled: true - -# Network policies -networkPolicy: - enabled: true - -security: - auth: - enabled: true - requireApiKey: true - apiKeyHeader: "X-API-Key" - tls: - version: "TLSv1.3" - ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" - headers: - frameOptions: "DENY" - contentTypeOptions: "nosniff" - xssProtection: "1; mode=block" - referrerPolicy: "strict-origin-when-cross-origin" - hsts: - enabled: true - maxAge: 31536000 - includeSubDomains: true - preload: true - rateLimit: - enabled: true - requestsPerMinute: 60 - burst: 10 - -resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# Configuration -config: - appEnv: production - databaseUrl: secretRef:db-credentials:url - receiptSigningKeyHex: secretRef:security-keys:receipt-signing - receiptAttestationKeyHex: secretRef:security-keys:receipt-attestation - allowOrigins: "*" - -# PostgreSQL sub-chart configuration -postgresql: - enabled: true - auth: - postgresPassword: secretRef:db-credentials:password - username: aitbc - database: aitbc - existingSecret: db-credentials - primary: - persistence: - enabled: true - size: 20Gi - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 500m - memory: 1Gi - -# Monitoring -monitoring: - enabled: true - serviceMonitor: - enabled: true - interval: 30s - path: /metrics - port: http - -# Health checks -livenessProbe: - httpGet: - path: /v1/health - port: http - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - -readinessProbe: - httpGet: - path: /v1/health - port: http - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 3 diff --git a/infra/helm/charts/monitoring/Chart.yaml b/infra/helm/charts/monitoring/Chart.yaml deleted file mode 100644 index 1a15eb3e..00000000 --- a/infra/helm/charts/monitoring/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: aitbc-monitoring -description: AITBC Monitoring Stack (Prometheus, Grafana, AlertManager) -type: application -version: 0.1.0 -appVersion: "0.1.0" -dependencies: - - name: prometheus - version: 23.1.0 - repository: https://prometheus-community.github.io/helm-charts - condition: prometheus.enabled - - name: grafana - version: 6.58.9 - repository: https://grafana.github.io/helm-charts - condition: grafana.enabled - - name: alertmanager - version: 1.6.1 - repository: https://prometheus-community.github.io/helm-charts - condition: alertmanager.enabled diff --git a/infra/helm/charts/monitoring/templates/dashboards.yaml b/infra/helm/charts/monitoring/templates/dashboards.yaml deleted file mode 100644 index 633159db..00000000 --- a/infra/helm/charts/monitoring/templates/dashboards.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "aitbc-monitoring.fullname" . }}-dashboards - labels: - {{- include "aitbc-monitoring.labels" . | nindent 4 }} - annotations: - grafana.io/dashboard: "1" -data: - blockchain-node-overview.json: | -{{ .Files.Get "dashboards/blockchain-node-overview.json" | indent 4 }} - coordinator-overview.json: | -{{ .Files.Get "dashboards/coordinator-overview.json" | indent 4 }} diff --git a/infra/helm/charts/monitoring/values.yaml b/infra/helm/charts/monitoring/values.yaml deleted file mode 100644 index df6fe76f..00000000 --- a/infra/helm/charts/monitoring/values.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Default values for aitbc-monitoring. - -# Prometheus configuration -prometheus: - enabled: true - server: - enabled: true - global: - scrape_interval: 15s - evaluation_interval: 15s - retention: 30d - persistentVolume: - enabled: true - size: 100Gi - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 1000m - memory: 2Gi - service: - type: ClusterIP - port: 9090 - serviceMonitors: - enabled: true - selector: - release: monitoring - alertmanager: - enabled: false - config: - global: - resolve_timeout: 5m - route: - group_by: ['alertname'] - group_wait: 10s - group_interval: 10s - repeat_interval: 1h - receiver: 'web.hook' - receivers: - - name: 'web.hook' - webhook_configs: - - url: 'http://127.0.0.1:5001/' - -# Grafana configuration -grafana: - enabled: true - adminPassword: admin - persistence: - enabled: true - size: 20Gi - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 500m - memory: 1Gi - service: - type: ClusterIP - port: 3000 - datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - url: http://prometheus-server:9090 - access: proxy - isDefault: true - dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: false - editable: true - options: - path: /var/lib/grafana/dashboards/default - -# Service monitors for AITBC services -serviceMonitors: - coordinator: - enabled: true - interval: 30s - path: /metrics - port: http - blockchainNode: - enabled: true - interval: 30s - path: /metrics - port: http - walletDaemon: - enabled: true - interval: 30s - path: /metrics - port: http - -# Alert rules -alertRules: - enabled: true - groups: - - name: aitbc.rules - rules: - - alert: HighErrorRate - expr: rate(marketplace_errors_total[5m]) / rate(marketplace_requests_total[5m]) > 0.1 - for: 5m - labels: - severity: warning - annotations: - summary: "High error rate detected" - description: "Error rate is above 10% for 5 minutes" - - - alert: CoordinatorDown - expr: up{job="coordinator"} == 0 - for: 1m - labels: - severity: critical - annotations: - summary: "Coordinator is down" - description: "Coordinator API has been down for more than 1 minute" diff --git a/infra/helm/values/dev.yaml b/infra/helm/values/dev.yaml deleted file mode 100644 index cfd7fdfb..00000000 --- a/infra/helm/values/dev.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Development environment values -global: - environment: dev - -coordinator: - replicaCount: 1 - image: - tag: "dev-latest" - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - config: - appEnv: development - allowOrigins: "*" - postgresql: - auth: - postgresPassword: "dev-password" - primary: - persistence: - size: 10Gi - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 512Mi - -monitoring: - prometheus: - server: - retention: 7d - persistentVolume: - size: 20Gi - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 512Mi - grafana: - adminPassword: "dev-admin" - persistence: - size: 5Gi - resources: - limits: - cpu: 250m - memory: 512Mi - requests: - cpu: 125m - memory: 256Mi - -# Additional services -blockchainNode: - replicaCount: 1 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - -walletDaemon: - replicaCount: 1 - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 125m - memory: 128Mi diff --git a/infra/helm/values/dev/values.yaml b/infra/helm/values/dev/values.yaml deleted file mode 100644 index 16843f7f..00000000 --- a/infra/helm/values/dev/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Development environment Helm values - -global: - environment: dev - domain: dev.aitbc.local - imageTag: latest - imagePullPolicy: Always - -# Coordinator API -coordinator: - enabled: true - replicas: 1 - image: - repository: aitbc/coordinator-api - tag: latest - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 512Mi - service: - type: ClusterIP - port: 8001 - env: - LOG_LEVEL: debug - DATABASE_URL: secretRef:db-credentials:url - autoscaling: - enabled: false - -# Explorer Web -explorer: - enabled: true - replicas: 1 - image: - repository: aitbc/explorer-web - tag: latest - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 200m - memory: 256Mi - service: - type: ClusterIP - port: 3000 - -# Marketplace Web -marketplace: - enabled: true - replicas: 1 - image: - repository: aitbc/marketplace-web - tag: latest - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 200m - memory: 256Mi - service: - type: ClusterIP - port: 3001 - -# Wallet Daemon -wallet: - enabled: true - replicas: 1 - image: - repository: aitbc/wallet-daemon - tag: latest - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 512Mi - service: - type: ClusterIP - port: 8002 - -# PostgreSQL (dev uses in-cluster) -postgresql: - enabled: true - auth: - username: aitbc - password: secretRef:db-credentials:password - database: coordinator - existingSecret: db-credentials - primary: - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 512Mi - persistence: - size: 5Gi - -# Redis (for caching) -redis: - enabled: true - auth: - enabled: false - master: - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 200m - memory: 128Mi - -# Ingress -ingress: - enabled: true - className: nginx - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - hosts: - - host: dev.aitbc.local - paths: - - path: /api - service: coordinator - port: 8001 - - path: /explorer - service: explorer - port: 3000 - - path: /marketplace - service: marketplace - port: 3001 - - path: /wallet - service: wallet - port: 8002 - -# Monitoring (disabled in dev) -monitoring: - enabled: false - -# Logging -logging: - enabled: true - level: debug diff --git a/infra/helm/values/prod.yaml b/infra/helm/values/prod.yaml deleted file mode 100644 index 4e99aa4a..00000000 --- a/infra/helm/values/prod.yaml +++ /dev/null @@ -1,140 +0,0 @@ -# Production environment values -global: - environment: production - -coordinator: - replicaCount: 3 - image: - tag: "v0.1.0" - resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 1000m - memory: 1Gi - autoscaling: - enabled: true - minReplicas: 3 - maxReplicas: 20 - targetCPUUtilizationPercentage: 75 - targetMemoryUtilizationPercentage: 80 - config: - appEnv: production - allowOrigins: "https://app.aitbc.io" - postgresql: - auth: - existingSecret: "coordinator-db-secret" - primary: - persistence: - size: 200Gi - storageClass: fast-ssd - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 1000m - memory: 2Gi - readReplicas: - replicaCount: 2 - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 500m - memory: 1Gi - -monitoring: - prometheus: - server: - retention: 90d - persistentVolume: - size: 500Gi - storageClass: fast-ssd - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 1000m - memory: 2Gi - grafana: - adminPassword: "prod-admin-secure-2024" - persistence: - size: 50Gi - storageClass: fast-ssd - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 500m - memory: 1Gi - ingress: - enabled: true - hosts: - - grafana.aitbc.io - -# Additional services -blockchainNode: - replicaCount: 5 - resources: - limits: - cpu: 2000m - memory: 2Gi - requests: - cpu: 1000m - memory: 1Gi - autoscaling: - enabled: true - minReplicas: 5 - maxReplicas: 50 - targetCPUUtilizationPercentage: 70 - -walletDaemon: - replicaCount: 3 - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - autoscaling: - enabled: true - minReplicas: 3 - maxReplicas: 10 - targetCPUUtilizationPercentage: 75 - -# Ingress configuration -ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/rate-limit: "100" - nginx.ingress.kubernetes.io/rate-limit-window: "1m" - hosts: - - host: api.aitbc.io - paths: - - path: / - pathType: Prefix - tls: - - secretName: prod-tls - hosts: - - api.aitbc.io - -# Security -podSecurityPolicy: - enabled: true - -networkPolicy: - enabled: true - -# Backup configuration -backup: - enabled: true - schedule: "0 2 * * *" - retention: "30d" diff --git a/infra/helm/values/prod.yaml.example b/infra/helm/values/prod.yaml.example deleted file mode 100644 index 846c4d97..00000000 --- a/infra/helm/values/prod.yaml.example +++ /dev/null @@ -1,44 +0,0 @@ -# AITBC Production Helm Values -# Copy to prod.yaml and adjust for your cluster - -replicaCount: 1 - -coordinator: - image: aitbc/coordinator-api:latest - port: 8000 - env: - APP_ENV: production - DATABASE_URL: postgresql://aitbc:YOUR_DB_PASSWORD@postgres:5432/aitbc - HMAC_SECRET: YOUR_HMAC_SECRET - ALLOW_ORIGINS: '["https://YOUR_DOMAIN"]' - -blockchain: - image: aitbc/blockchain-node:latest - rpcPort: 9080 - p2pPort: 9090 - env: - NETWORK: mainnet - CONSENSUS_MODE: BALANCED - -ingress: - enabled: true - host: YOUR_DOMAIN - tls: - enabled: true - secretName: aitbc-tls - -resources: - coordinator: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 1000m - memory: 1Gi - blockchain: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 2000m - memory: 4Gi diff --git a/infra/helm/values/prod/values.yaml b/infra/helm/values/prod/values.yaml deleted file mode 100644 index b9a1302e..00000000 --- a/infra/helm/values/prod/values.yaml +++ /dev/null @@ -1,259 +0,0 @@ -# Production environment Helm values - -global: - environment: prod - domain: aitbc.bubuit.net - imageTag: stable - imagePullPolicy: IfNotPresent - -# Coordinator API -coordinator: - enabled: true - replicas: 3 - image: - repository: aitbc/coordinator-api - tag: stable - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 2000m - memory: 2Gi - service: - type: ClusterIP - port: 8001 - env: - LOG_LEVEL: warn - DATABASE_URL: secretRef:db-credentials - autoscaling: - enabled: true - minReplicas: 3 - maxReplicas: 10 - targetCPUUtilization: 60 - targetMemoryUtilization: 70 - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 5 - -# Explorer Web -explorer: - enabled: true - replicas: 3 - image: - repository: aitbc/explorer-web - tag: stable - resources: - requests: - cpu: 200m - memory: 512Mi - limits: - cpu: 1000m - memory: 1Gi - service: - type: ClusterIP - port: 3000 - autoscaling: - enabled: true - minReplicas: 3 - maxReplicas: 8 - -# Marketplace Web -marketplace: - enabled: true - replicas: 3 - image: - repository: aitbc/marketplace-web - tag: stable - resources: - requests: - cpu: 200m - memory: 512Mi - limits: - cpu: 1000m - memory: 1Gi - service: - type: ClusterIP - port: 3001 - autoscaling: - enabled: true - minReplicas: 3 - maxReplicas: 8 - -# Wallet Daemon -wallet: - enabled: true - replicas: 2 - image: - repository: aitbc/wallet-daemon - tag: stable - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 2000m - memory: 2Gi - service: - type: ClusterIP - port: 8002 - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 6 - -# Trade Exchange -exchange: - enabled: true - replicas: 2 - image: - repository: aitbc/trade-exchange - tag: stable - resources: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 1000m - memory: 1Gi - service: - type: ClusterIP - port: 8085 - -# PostgreSQL (prod uses RDS Multi-AZ) -postgresql: - enabled: false - external: - host: secretRef:db-credentials:host - port: 5432 - database: coordinator - sslMode: require - -# Redis (prod uses ElastiCache) -redis: - enabled: false - external: - host: secretRef:redis-credentials:host - port: 6379 - auth: true - -# Ingress -ingress: - enabled: true - className: nginx - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-body-size: 10m - nginx.ingress.kubernetes.io/rate-limit: "100" - nginx.ingress.kubernetes.io/rate-limit-window: 1m - cert-manager.io/cluster-issuer: letsencrypt-prod - tls: - - secretName: prod-tls - hosts: - - aitbc.bubuit.net - hosts: - - host: aitbc.bubuit.net - paths: - - path: /api - service: coordinator - port: 8001 - - path: /explorer - service: explorer - port: 3000 - - path: /marketplace - service: marketplace - port: 3001 - - path: /wallet - service: wallet - port: 8002 - - path: /Exchange - service: exchange - port: 8085 - -# Monitoring -monitoring: - enabled: true - prometheus: - enabled: true - retention: 30d - resources: - requests: - cpu: 500m - memory: 2Gi - limits: - cpu: 2000m - memory: 4Gi - grafana: - enabled: true - persistence: - enabled: true - size: 10Gi - alertmanager: - enabled: true - config: - receivers: - - name: slack - slack_configs: - - channel: '#aitbc-alerts' - send_resolved: true - -# Logging -logging: - enabled: true - level: warn - elasticsearch: - enabled: true - retention: 30d - replicas: 3 - -# Pod Disruption Budgets -podDisruptionBudget: - coordinator: - minAvailable: 2 - explorer: - minAvailable: 2 - marketplace: - minAvailable: 2 - wallet: - minAvailable: 1 - -# Network Policies -networkPolicy: - enabled: true - ingress: - - from: - - namespaceSelector: - matchLabels: - name: ingress-nginx - egress: - - to: - - namespaceSelector: - matchLabels: - name: kube-system - ports: - - port: 53 - protocol: UDP - -# Security -securityContext: - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 1000 - readOnlyRootFilesystem: true - -# Affinity - spread across zones -affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app: coordinator - topologyKey: topology.kubernetes.io/zone - -# Priority Classes -priorityClassName: high-priority diff --git a/infra/helm/values/staging.yaml b/infra/helm/values/staging.yaml deleted file mode 100644 index bf514c9d..00000000 --- a/infra/helm/values/staging.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Staging environment values -global: - environment: staging - -coordinator: - replicaCount: 2 - image: - tag: "staging-latest" - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 70 - config: - appEnv: staging - allowOrigins: "https://staging.aitbc.io" - postgresql: - auth: - postgresPassword: "staging-password" - primary: - persistence: - size: 50Gi - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 500m - memory: 1Gi - -monitoring: - prometheus: - server: - retention: 30d - persistentVolume: - size: 100Gi - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 500m - memory: 1Gi - grafana: - adminPassword: "staging-admin-2024" - persistence: - size: 10Gi - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 250m - memory: 512Mi - -# Additional services -blockchainNode: - replicaCount: 2 - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - -walletDaemon: - replicaCount: 2 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - -# Ingress configuration -ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: api.staging.aitbc.io - paths: - - path: / - pathType: Prefix - tls: - - secretName: staging-tls - hosts: - - api.staging.aitbc.io diff --git a/infra/helm/values/staging/values.yaml b/infra/helm/values/staging/values.yaml deleted file mode 100644 index 764ff906..00000000 --- a/infra/helm/values/staging/values.yaml +++ /dev/null @@ -1,168 +0,0 @@ -# Staging environment Helm values - -global: - environment: staging - domain: staging.aitbc.bubuit.net - imageTag: staging - imagePullPolicy: Always - -# Coordinator API -coordinator: - enabled: true - replicas: 2 - image: - repository: aitbc/coordinator-api - tag: staging - resources: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 1000m - memory: 1Gi - service: - type: ClusterIP - port: 8001 - env: - LOG_LEVEL: info - DATABASE_URL: secretRef:db-credentials - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 4 - targetCPUUtilization: 70 - -# Explorer Web -explorer: - enabled: true - replicas: 2 - image: - repository: aitbc/explorer-web - tag: staging - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 512Mi - service: - type: ClusterIP - port: 3000 - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 4 - -# Marketplace Web -marketplace: - enabled: true - replicas: 2 - image: - repository: aitbc/marketplace-web - tag: staging - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 512Mi - service: - type: ClusterIP - port: 3001 - -# Wallet Daemon -wallet: - enabled: true - replicas: 2 - image: - repository: aitbc/wallet-daemon - tag: staging - resources: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 1000m - memory: 1Gi - service: - type: ClusterIP - port: 8002 - -# PostgreSQL (staging uses RDS) -postgresql: - enabled: false - # Uses external RDS instance - external: - host: secretRef:db-credentials:host - port: 5432 - database: coordinator - -# Redis -redis: - enabled: true - auth: - enabled: true - password: secretRef:redis-password - master: - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 256Mi - persistence: - size: 5Gi - -# Ingress -ingress: - enabled: true - className: nginx - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/cluster-issuer: letsencrypt-staging - tls: - - secretName: staging-tls - hosts: - - staging.aitbc.bubuit.net - hosts: - - host: staging.aitbc.bubuit.net - paths: - - path: /api - service: coordinator - port: 8001 - - path: /explorer - service: explorer - port: 3000 - - path: /marketplace - service: marketplace - port: 3001 - - path: /wallet - service: wallet - port: 8002 - -# Monitoring -monitoring: - enabled: true - prometheus: - enabled: true - retention: 7d - grafana: - enabled: true - -# Logging -logging: - enabled: true - level: info - elasticsearch: - enabled: true - retention: 14d - -# Pod Disruption Budgets -podDisruptionBudget: - coordinator: - minAvailable: 1 - explorer: - minAvailable: 1 diff --git a/scripts/deployment/deploy.sh b/scripts/deployment/deploy.sh index 140bb75e..dea8a616 100755 --- a/scripts/deployment/deploy.sh +++ b/scripts/deployment/deploy.sh @@ -42,12 +42,11 @@ check_prerequisites() { # Check if required tools are installed command -v kubectl >/dev/null 2>&1 || error "kubectl is not installed" - command -v helm >/dev/null 2>&1 || error "Helm is not installed" # Check if kubectl can connect to cluster kubectl cluster-info >/dev/null 2>&1 || error "Cannot connect to Kubernetes cluster" - success "Prerequisites check passed (Docker not required)" + success "Prerequisites check passed (Docker/Helm not required)" } # Build images (skipped - no Docker support) @@ -96,26 +95,14 @@ deploy_kubernetes() { kubectl apply -f k8s/configmaps/ -n ${NAMESPACE} || error "Failed to apply configmaps" # Deploy database - log "Deploying database..." - helm repo add bitnami https://charts.bitnami.com/bitnami - helm upgrade --install postgres bitnami/postgresql \ - --namespace ${NAMESPACE} \ - --set auth.postgresPassword=${POSTGRES_PASSWORD} \ - --set auth.database=aitbc \ - --set primary.persistence.size=20Gi \ - --set primary.resources.requests.memory=2Gi \ - --set primary.resources.requests.cpu=1000m \ - --wait || error "Failed to deploy database" - + log "Skipping Helm-based database deployment - Helm not supported" + log "Database should be deployed via systemd services or external PostgreSQL" + log "Use: sudo apt-get install postgresql for local deployment" + # Deploy Redis - log "Deploying Redis..." - helm upgrade --install redis bitnami/redis \ - --namespace ${NAMESPACE} \ - --set auth.password=${REDIS_PASSWORD} \ - --set master.persistence.size=8Gi \ - --set master.resources.requests.memory=512Mi \ - --set master.resources.requests.cpu=500m \ - --wait || error "Failed to deploy Redis" + log "Skipping Helm-based Redis deployment - Helm not supported" + log "Redis should be deployed via systemd service or external Redis" + log "Use: sudo apt-get install redis-server for local deployment" # Deploy core services log "Deploying core services..." diff --git a/scripts/deployment/production-deploy.sh b/scripts/deployment/production-deploy.sh index c167f6a5..fb1ff89b 100755 --- a/scripts/deployment/production-deploy.sh +++ b/scripts/deployment/production-deploy.sh @@ -92,37 +92,16 @@ build_production_images() { # Deploy database deploy_database() { - log "Deploying database..." - - # Deploy PostgreSQL - helm upgrade --install postgres bitnami/postgresql \ - --namespace $NAMESPACE \ - --set auth.postgresPassword=$POSTGRES_PASSWORD \ - --set auth.database=aitbc_prod \ - --set primary.persistence.size=100Gi \ - --set primary.resources.requests.memory=8Gi \ - --set primary.resources.requests.cpu=2000m \ - --set primary.resources.limits.memory=16Gi \ - --set primary.resources.limits.cpu=4000m \ - --set readReplicas.replicaCount=1 \ - --set readReplicas.persistence.size=50Gi \ - --wait \ - --timeout 10m || error "Failed to deploy PostgreSQL" - + log "Skipping Helm-based database deployment - Helm not supported" + log "Database should be deployed via systemd services or external PostgreSQL" + log "Use: sudo apt-get install postgresql for local deployment" + # Deploy Redis - helm upgrade --install redis bitnami/redis \ - --namespace $NAMESPACE \ - --set auth.password=$REDIS_PASSWORD \ - --set master.persistence.size=20Gi \ - --set master.resources.requests.memory=2Gi \ - --set master.resources.requests.cpu=1000m \ - --set master.resources.limits.memory=4Gi \ - --set master.resources.limits.cpu=2000m \ - --set replica.replicaCount=2 \ - --wait \ - --timeout 5m || error "Failed to deploy Redis" - - success "Database deployed successfully" + log "Skipping Helm-based Redis deployment - Helm not supported" + log "Redis should be deployed via systemd service or external Redis" + log "Use: sudo apt-get install redis-server for local deployment" + + success "Database deployment skipped (use systemd or external services)" } # Deploy core services @@ -397,22 +376,12 @@ EOF # Deploy monitoring deploy_monitoring() { - log "Deploying monitoring stack..." - - # Deploy Prometheus - helm upgrade --install prometheus prometheus-community/kube-prometheus-stack \ - --namespace $NAMESPACE \ - --create-namespace \ - --set prometheus.prometheus.spec.retention=30d \ - --set prometheus.prometheus.spec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage=50Gi \ - --set grafana.adminPassword=$GRAFANA_PASSWORD \ - --set grafana.persistence.size=10Gi \ - --set defaultRules.create=true \ - --wait \ - --timeout 10m || error "Failed to deploy monitoring" - + log "Skipping Helm-based monitoring deployment - Helm not supported" + log "Monitoring should be deployed via systemd services or external monitoring" + log "Use: sudo apt-get install prometheus-node-exporter for local monitoring" + # Import Grafana dashboards - log "Importing Grafana dashboards..." + log "Skipping Grafana dashboard import - requires Helm deployment" # Create dashboard configmaps kubectl create configmap grafana-dashboards \ @@ -508,7 +477,6 @@ main() { # Check prerequisites command -v kubectl >/dev/null 2>&1 || error "kubectl is not installed" - command -v helm >/dev/null 2>&1 || error "Helm is not installed" kubectl cluster-info >/dev/null 2>&1 || error "Cannot connect to Kubernetes cluster" # Run deployment steps