prod fixes

bin/init

@@ -107,8 +107,13 @@ if [[ "$ENV" == "dev" ]]; then
 else
     # Prod: prompt for credentials
     read -p "Admin email: " USER_EMAIL
-    read -s -p "Admin password (min 8 chars): " USER_PASSWORD
+    read -rs -p "Admin password (min 8 chars): " USER_PASSWORD
     echo ""
+    echo -e "${BLUE}Password captured: ${#USER_PASSWORD} characters${NC}"
+    if [[ ${#USER_PASSWORD} -lt 8 ]]; then
+        echo -e "${RED}✗ Password must be at least 8 characters${NC}"
+        exit 1
+    fi
     read -p "Admin display name: " USER_NAME
     read -p "License type [free|pro|enterprise] (default: pro): " LICENSE_TYPE
     LICENSE_TYPE="${LICENSE_TYPE:-pro}"
@@ -131,18 +136,35 @@ else
     sleep 3
 
     echo -e "${GREEN}→${NC} Registering user via API..."
+    PAYLOAD=$(jq -n \
+        --arg email "$USER_EMAIL" \
+        --arg password "$USER_PASSWORD" \
+        --arg name "$USER_NAME" \
+        '{email: $email, password: $password, name: $name}')
+
     HTTP_CODE=$(curl -s -o /tmp/dexorder-init-response.json -w "%{http_code}" \
         -X POST "$BASE_URL/api/auth/register" \
         -H "Content-Type: application/json" \
-        -d "{\"email\":\"$USER_EMAIL\",\"password\":\"$USER_PASSWORD\",\"name\":\"$USER_NAME\"}")
+        -d "$PAYLOAD")
 
     if [[ "$HTTP_CODE" == "200" || "$HTTP_CODE" == "201" ]]; then
         echo -e "${GREEN}✓ User registered via API${NC}"
     elif [[ "$HTTP_CODE" == "400" ]]; then
-        echo -e "${YELLOW}⚠️  API returned 400 (user may already exist), continuing...${NC}"
+        RESPONSE=$(cat /tmp/dexorder-init-response.json 2>/dev/null)
+        # Check if this is a "user already exists" 400 vs a validation error
+        if echo "$RESPONSE" | grep -qi "already exist\|user already\|duplicate"; then
+            echo -e "${YELLOW}⚠️  User already exists, continuing...${NC}"
+        else
+            echo -e "${RED}✗ Registration failed (400):${NC}"
+            echo "$RESPONSE"
+            rm -f /tmp/dexorder-init-response.json
+            exit 1
+        fi
     else
-        echo -e "${YELLOW}⚠️  API returned HTTP $HTTP_CODE${NC}"
+        echo -e "${RED}✗ API returned HTTP $HTTP_CODE${NC}"
         cat /tmp/dexorder-init-response.json 2>/dev/null || true
+        rm -f /tmp/dexorder-init-response.json
+        exit 1
     fi
     rm -f /tmp/dexorder-init-response.json
 

deploy/k8s/base/gateway-ingress.yaml

@@ -4,14 +4,9 @@ kind: Ingress
 metadata:
   name: gateway-ingress
   annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
     nginx.ingress.kubernetes.io/rewrite-target: /$1
 spec:
   ingressClassName: nginx
-  tls:
-  - hosts:
-    - dexorder.ai
-    secretName: gateway-tls
   rules:
   - host: dexorder.ai
     http:

deploy/k8s/prod/configs/flink-config.yaml

@@ -26,5 +26,5 @@ iceberg_table_prefix: "market"
 hadoop_conf_dir: "/etc/hadoop/conf"
 
 # Flink configuration
-flink_parallelism: 2
+flink_parallelism: 1
 flink_checkpoint_interval_ms: 60000

deploy/k8s/prod/configs/gateway-config.yaml

@@ -33,6 +33,7 @@ data:
       sandbox_image: git.dxod.org/dexorder/dexorder/ai-sandbox:latest
       sidecar_image: git.dxod.org/dexorder/dexorder/ai-lifecycle-sidecar:latest
       image_pull_policy: Always
+      storage_class: ceph-block
 
     # DragonflyDB (Redis-compatible, for hot storage and session management)
     redis:

deploy/k8s/prod/configs/relay-config.yaml

@@ -12,7 +12,7 @@ ingestor_work_port: 5555           # PUB - Distribute work with exchange prefix
 ingestor_response_port: 5556       # ROUTER - Receive responses from ingestors
 
 # Flink connection
-flink_market_data_endpoint: "tcp://flink-jobmanager:5557"  # XSUB - Subscribe to Flink market data
+flink_market_data_endpoint: "tcp://flink-jobmanager:5558"  # XSUB - Subscribe to Flink market data
 
 # Timeouts and limits
 request_timeout_secs: 30           # Timeout for pending client requests

deploy/k8s/prod/infrastructure.yaml

@@ -140,6 +140,8 @@ spec:
       labels:
         app: kafka
     spec:
+      securityContext:
+        fsGroup: 1001
       containers:
       - name: kafka
         image: apache/kafka:3.9.0
@@ -153,7 +155,7 @@ spec:
         - -c
         - |
           CLUSTER_ID="dexorder-prod-cluster"
-          LOG_DIR="/var/lib/kafka/data"
+          LOG_DIR="/var/lib/kafka/data/kraft-logs"
 
           # Ensure log directory exists
           mkdir -p $LOG_DIR
@@ -240,6 +242,8 @@ spec:
               key: password
         - name: POSTGRES_DB
           value: iceberg
+        - name: PGDATA
+          value: /var/lib/postgresql/data/pgdata
         volumeMounts:
         - name: postgres-data
           mountPath: /var/lib/postgresql/data