aitbc1
b4b5a57390
- Add .aitbc.yaml configuration file with test values - Simplify .gitignore by removing merge conflicts and redundant entries - Reorganize .gitignore sections for better clarity - Set chain_id and proposer_id to empty strings in config.py (require explicit configuration) - Add production Helm values configuration - Add production nginx configuration - Update environment variable handling in chain settings
260 lines
4.7 KiB
YAML
260 lines
4.7 KiB
YAML
# Production environment Helm values
|
|
|
|
global:
|
|
environment: prod
|
|
domain: aitbc.bubuit.net
|
|
imageTag: stable
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
# Coordinator API
|
|
coordinator:
|
|
enabled: true
|
|
replicas: 3
|
|
image:
|
|
repository: aitbc/coordinator-api
|
|
tag: stable
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 2Gi
|
|
service:
|
|
type: ClusterIP
|
|
port: 8001
|
|
env:
|
|
LOG_LEVEL: warn
|
|
DATABASE_URL: secretRef:db-credentials
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 10
|
|
targetCPUUtilization: 60
|
|
targetMemoryUtilization: 70
|
|
livenessProbe:
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
|
|
# Explorer Web
|
|
explorer:
|
|
enabled: true
|
|
replicas: 3
|
|
image:
|
|
repository: aitbc/explorer-web
|
|
tag: stable
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
service:
|
|
type: ClusterIP
|
|
port: 3000
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 8
|
|
|
|
# Marketplace Web
|
|
marketplace:
|
|
enabled: true
|
|
replicas: 3
|
|
image:
|
|
repository: aitbc/marketplace-web
|
|
tag: stable
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
service:
|
|
type: ClusterIP
|
|
port: 3001
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 8
|
|
|
|
# Wallet Daemon
|
|
wallet:
|
|
enabled: true
|
|
replicas: 2
|
|
image:
|
|
repository: aitbc/wallet-daemon
|
|
tag: stable
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 2Gi
|
|
service:
|
|
type: ClusterIP
|
|
port: 8002
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 6
|
|
|
|
# Trade Exchange
|
|
exchange:
|
|
enabled: true
|
|
replicas: 2
|
|
image:
|
|
repository: aitbc/trade-exchange
|
|
tag: stable
|
|
resources:
|
|
requests:
|
|
cpu: 250m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
service:
|
|
type: ClusterIP
|
|
port: 8085
|
|
|
|
# PostgreSQL (prod uses RDS Multi-AZ)
|
|
postgresql:
|
|
enabled: false
|
|
external:
|
|
host: secretRef:db-credentials:host
|
|
port: 5432
|
|
database: coordinator
|
|
sslMode: require
|
|
|
|
# Redis (prod uses ElastiCache)
|
|
redis:
|
|
enabled: false
|
|
external:
|
|
host: secretRef:redis-credentials:host
|
|
port: 6379
|
|
auth: true
|
|
|
|
# Ingress
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 10m
|
|
nginx.ingress.kubernetes.io/rate-limit: "100"
|
|
nginx.ingress.kubernetes.io/rate-limit-window: 1m
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
tls:
|
|
- secretName: prod-tls
|
|
hosts:
|
|
- aitbc.bubuit.net
|
|
hosts:
|
|
- host: aitbc.bubuit.net
|
|
paths:
|
|
- path: /api
|
|
service: coordinator
|
|
port: 8001
|
|
- path: /explorer
|
|
service: explorer
|
|
port: 3000
|
|
- path: /marketplace
|
|
service: marketplace
|
|
port: 3001
|
|
- path: /wallet
|
|
service: wallet
|
|
port: 8002
|
|
- path: /Exchange
|
|
service: exchange
|
|
port: 8085
|
|
|
|
# Monitoring
|
|
monitoring:
|
|
enabled: true
|
|
prometheus:
|
|
enabled: true
|
|
retention: 30d
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 2Gi
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 4Gi
|
|
grafana:
|
|
enabled: true
|
|
persistence:
|
|
enabled: true
|
|
size: 10Gi
|
|
alertmanager:
|
|
enabled: true
|
|
config:
|
|
receivers:
|
|
- name: slack
|
|
slack_configs:
|
|
- channel: '#aitbc-alerts'
|
|
send_resolved: true
|
|
|
|
# Logging
|
|
logging:
|
|
enabled: true
|
|
level: warn
|
|
elasticsearch:
|
|
enabled: true
|
|
retention: 30d
|
|
replicas: 3
|
|
|
|
# Pod Disruption Budgets
|
|
podDisruptionBudget:
|
|
coordinator:
|
|
minAvailable: 2
|
|
explorer:
|
|
minAvailable: 2
|
|
marketplace:
|
|
minAvailable: 2
|
|
wallet:
|
|
minAvailable: 1
|
|
|
|
# Network Policies
|
|
networkPolicy:
|
|
enabled: true
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: ingress-nginx
|
|
egress:
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: kube-system
|
|
ports:
|
|
- port: 53
|
|
protocol: UDP
|
|
|
|
# Security
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
readOnlyRootFilesystem: true
|
|
|
|
# Affinity - spread across zones
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app: coordinator
|
|
topologyKey: topology.kubernetes.io/zone
|
|
|
|
# Priority Classes
|
|
priorityClassName: high-priority
|