Celes Renata
ebea70573b
- Repository structure for all services, infra, lakehouse, dashboards - K8s manifests targeting stonks-oracle namespace with GHCR images - Ingress via Traefik with ca-issuer TLS for internal services - ConfigMap wired to existing cluster services (pg, redis, minio, ollama) - GitHub Actions workflow for lint, test, multi-service container builds - Dockerfile with build-arg CMD per service - Makefile for local build/push/deploy - Steering rules for TDD workflow, K8s conventions, project context - Agent hooks for lint-on-save, test-on-save, k8s-validate, phase-commit - Ruff linter config, all lint issues fixed - 14 passing tests for schemas, config, redis keys - PostgreSQL migrations, Trino catalogs, Superset config, MinIO lifecycle
34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
---
|
|
inclusion: fileMatch
|
|
fileMatchPattern: "infra/k8s/**"
|
|
---
|
|
# Kubernetes Conventions
|
|
|
|
## Namespace
|
|
All Stonks Oracle workloads deploy to `stonks-oracle` namespace.
|
|
|
|
## TLS
|
|
- Internal services: use `ca-issuer` ClusterIssuer (local CA)
|
|
- Public-facing services (Superset, Query API): use `celestium-le-production` ClusterIssuer (Let's Encrypt)
|
|
- Annotate ingress with `cert-manager.io/cluster-issuer`
|
|
|
|
## Ingress
|
|
- Traefik ingress controller
|
|
- Domain pattern: `<service>.celestium.life`
|
|
- Always create both HTTP and HTTPS ingress rules
|
|
|
|
## Service References
|
|
- PostgreSQL: `postgresql-rw.postgresql-service.svc.cluster.local:5432`
|
|
- Redis: `redis-master.redis-service.svc.cluster.local:6379`
|
|
- MinIO API: `minio.minio-service.svc.cluster.local:80`
|
|
- Ollama: `ollama.ollama-service.svc.cluster.local:11434`
|
|
|
|
## Images
|
|
- All images from `ghcr.io/celesrenata/stonks-oracle/<service>:latest`
|
|
- Use `imagePullPolicy: Always` in production
|
|
- Use `imagePullSecrets` referencing `ghcr-secret` if repo is private
|
|
|
|
## Labels
|
|
- `app.kubernetes.io/part-of: stonks-oracle`
|
|
- `app: <service-name>`
|