Celes Renata
ebea70573b
- Repository structure for all services, infra, lakehouse, dashboards - K8s manifests targeting stonks-oracle namespace with GHCR images - Ingress via Traefik with ca-issuer TLS for internal services - ConfigMap wired to existing cluster services (pg, redis, minio, ollama) - GitHub Actions workflow for lint, test, multi-service container builds - Dockerfile with build-arg CMD per service - Makefile for local build/push/deploy - Steering rules for TDD workflow, K8s conventions, project context - Agent hooks for lint-on-save, test-on-save, k8s-validate, phase-commit - Ruff linter config, all lint issues fixed - 14 passing tests for schemas, config, redis keys - PostgreSQL migrations, Trino catalogs, Superset config, MinIO lifecycle
1.1 KiB
1.1 KiB
inclusion, fileMatchPattern
| inclusion | fileMatchPattern |
|---|---|
| fileMatch | infra/k8s/** |
Kubernetes Conventions
Namespace
All Stonks Oracle workloads deploy to stonks-oracle namespace.
TLS
- Internal services: use
ca-issuerClusterIssuer (local CA) - Public-facing services (Superset, Query API): use
celestium-le-productionClusterIssuer (Let's Encrypt) - Annotate ingress with
cert-manager.io/cluster-issuer
Ingress
- Traefik ingress controller
- Domain pattern:
<service>.celestium.life - Always create both HTTP and HTTPS ingress rules
Service References
- PostgreSQL:
postgresql-rw.postgresql-service.svc.cluster.local:5432 - Redis:
redis-master.redis-service.svc.cluster.local:6379 - MinIO API:
minio.minio-service.svc.cluster.local:80 - Ollama:
ollama.ollama-service.svc.cluster.local:11434
Images
- All images from
ghcr.io/celesrenata/stonks-oracle/<service>:latest - Use
imagePullPolicy: Alwaysin production - Use
imagePullSecretsreferencingghcr-secretif repo is private
Labels
app.kubernetes.io/part-of: stonks-oracleapp: <service-name>