prod deployment
This commit is contained in:
@@ -1,18 +1,27 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
# Base resources (includes all security policies)
|
||||
# No namespace: transformer — kubectl --context=prod is configured with 'ai'
|
||||
# as its default namespace, so all resources without an explicit namespace
|
||||
# land in 'ai' automatically.
|
||||
|
||||
resources:
|
||||
# Base: init.yaml, sandbox namespace, RBAC, admission-policy, sandbox-quotas,
|
||||
# network-policies, gateway.yaml, web.yaml, ingress.yaml, gateway-ingress.yaml
|
||||
- ../base
|
||||
- configs/gateway-config.yaml
|
||||
# Add the 'ai' namespace (base only creates 'sandbox')
|
||||
- namespaces.yaml
|
||||
# Prod infrastructure (postgres, minio, kafka, flink, relay, ingestor, qdrant, dragonfly, iceberg)
|
||||
- infrastructure.yaml
|
||||
# gateway-config ConfigMap is intentionally excluded from kustomize.
|
||||
# It contains an op:// reference for the DB password. Apply via:
|
||||
# bin/config-update prod gateway-config
|
||||
|
||||
# Production patches
|
||||
patches:
|
||||
- path: patches.yaml
|
||||
- path: patch-gateway-rbac-subject.yaml
|
||||
- path: patch-web.yaml
|
||||
- path: patch-gateway-ingress.yaml
|
||||
|
||||
# ConfigMaps for service configs
|
||||
# In production, these might come from external sources
|
||||
# or be managed separately, but we'll include them here for consistency
|
||||
configMapGenerator:
|
||||
- name: relay-config
|
||||
files:
|
||||
@@ -24,23 +33,28 @@ configMapGenerator:
|
||||
files:
|
||||
- config.yaml=configs/flink-config.yaml
|
||||
|
||||
# Secrets (managed via kubectl, not committed)
|
||||
# These are created by bin/secret-update prod
|
||||
# Secrets managed via bin/secret-update prod (op inject | kubectl apply)
|
||||
secretGenerator: []
|
||||
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
# Images
|
||||
images:
|
||||
- name: dexorder/ai-backend
|
||||
newTag: latest
|
||||
- name: dexorder/ai-web
|
||||
- name: dexorder/ai-gateway
|
||||
newName: git.dxod.org/dexorder/dexorder/ai-gateway
|
||||
newTag: latest
|
||||
- name: ghcr.io/dexorder/gateway
|
||||
newName: git.dxod.org/dexorder/dexorder/ai-gateway
|
||||
newTag: latest
|
||||
- name: lifecycle-sidecar
|
||||
newName: ghcr.io/dexorder/lifecycle-sidecar
|
||||
- name: dexorder/ai-web
|
||||
newName: git.dxod.org/dexorder/dexorder/ai-web
|
||||
newTag: latest
|
||||
- name: ghcr.io/dexorder/agent
|
||||
- name: dexorder/ai-flink
|
||||
newName: git.dxod.org/dexorder/dexorder/ai-flink
|
||||
newTag: latest
|
||||
- name: dexorder/ai-relay
|
||||
newName: git.dxod.org/dexorder/dexorder/ai-relay
|
||||
newTag: latest
|
||||
- name: dexorder/ai-ingestor
|
||||
newName: git.dxod.org/dexorder/dexorder/ai-ingestor
|
||||
newTag: latest
|
||||
|
||||
Reference in New Issue
Block a user