d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone

Browse Source 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
This commit is contained in:
defiQUG
2025-11-13 09:32:55 -08:00
parent 92cc41d26d
commit 6a8582e54d
202 changed files with 22699 additions and 981 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
infra/k8s/base/configmap-azure.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: azure-config
namespace: the-order
data:
# Azure Configuration (from .env file)
AZURE_REGION: "westeurope" # Default, override via External Secrets
AZURE_SUBSCRIPTION_ID: "" # Set via External Secrets Operator from Key Vault
AZURE_TENANT_ID: "" # Set via External Secrets Operator from Key Vault
# Storage Configuration
AZURE_STORAGE_ACCOUNT: "" # Set via External Secrets Operator
AZURE_STORAGE_CONTAINER: "images"
AZURE_STORAGE_KEY: "" # Set via External Secrets Operator
# Key Vault Configuration
AZURE_KEY_VAULT_NAME: "" # Set via External Secrets Operator
AZURE_KEY_VAULT_URI: "" # Set via External Secrets Operator
# CDN Configuration
AZURE_CDN_PROFILE: "theorder-cdn"
AZURE_CDN_ENDPOINT: "theorder-cdn-endpoint"
CDN_BASE_URL: "" # Set via External Secrets Operator
# AKS Configuration
AKS_CLUSTER_NAME: "the-order-aks"
AKS_RESOURCE_GROUP: "the-order-rg"
# Database Configuration
DATABASE_HOST: "" # Set via External Secrets Operator
DATABASE_NAME: "theorder"
DATABASE_USER: "theorder_admin"
# DATABASE_PASSWORD set via External Secrets Operator

119
infra/k8s/base/dataroom/deployment.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: dataroom-service
namespace: the-order
labels:
app: dataroom-service
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: dataroom-service
template:
metadata:
labels:
app: dataroom-service
version: v1
spec:
containers:
- name: dataroom
image: theorder/dataroom-service:latest
ports:
- containerPort: 4004
name: http
env:
- name: PORT
value: "4004"
- name: NODE_ENV
valueFrom:
configMapKeyRef:
name: the-order-config
key: ENVIRONMENT
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: the-order-secrets
key: database-url
- name: STORAGE_BUCKET
valueFrom:
secretKeyRef:
name: the-order-secrets
key: storage-bucket
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 4004
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 4004
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health
port: 4004
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 30
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 15"]
---
apiVersion: v1
kind: Service
metadata:
name: dataroom-service
namespace: the-order
spec:
selector:
app: dataroom-service
ports:
- port: 80
targetPort: 4004
protocol: TCP
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: dataroom-service-hpa
namespace: the-order
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: dataroom-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

58
infra/k8s/base/external-secrets.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: azure-keyvault
namespace: the-order
spec:
provider:
azurekv:
tenantId: "${AZURE_TENANT_ID}" # Set via environment variable
vaultUrl: "${AZURE_KEY_VAULT_URI}" # Set via environment variable
authType: WorkloadIdentity
serviceAccountRef:
name: external-secrets-sa
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: azure-secrets
namespace: the-order
spec:
refreshInterval: 1h
secretStoreRef:
name: azure-keyvault
kind: SecretStore
target:
name: the-order-secrets
creationPolicy: Owner
data:
# Database
- secretKey: database-url
remoteRef:
key: database-url
# Azure Storage
- secretKey: storage-account
remoteRef:
key: storage-account
- secretKey: storage-key
remoteRef:
key: storage-key
# Entra VerifiedID
- secretKey: entra-tenant-id
remoteRef:
key: entra-tenant-id
- secretKey: entra-client-id
remoteRef:
key: entra-client-id
- secretKey: entra-client-secret
remoteRef:
key: entra-client-secret
# Payment Gateway
- secretKey: payment-gateway-api-key
remoteRef:
key: payment-gateway-api-key
# Grafana
- secretKey: grafana-admin-password
remoteRef:
key: grafana-admin-password

119
infra/k8s/base/finance/deployment.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: finance-service
namespace: the-order
labels:
app: finance-service
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: finance-service
template:
metadata:
labels:
app: finance-service
version: v1
spec:
containers:
- name: finance
image: theorder/finance-service:latest
ports:
- containerPort: 4003
name: http
env:
- name: PORT
value: "4003"
- name: NODE_ENV
valueFrom:
configMapKeyRef:
name: the-order-config
key: ENVIRONMENT
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: the-order-secrets
key: database-url
- name: PAYMENT_GATEWAY_API_KEY
valueFrom:
secretKeyRef:
name: the-order-secrets
key: payment-gateway-api-key
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 4003
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 4003
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health
port: 4003
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 30
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 15"]
---
apiVersion: v1
kind: Service
metadata:
name: finance-service
namespace: the-order
spec:
selector:
app: finance-service
ports:
- port: 80
targetPort: 4003
protocol: TCP
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: finance-service-hpa
namespace: the-order
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: finance-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

129
infra/k8s/base/identity/deployment.yaml Normal file
View File

@@ -0,0 +1,129 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: identity-service
namespace: the-order
labels:
app: identity-service
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: identity-service
template:
metadata:
labels:
app: identity-service
version: v1
spec:
containers:
- name: identity
image: theorder/identity-service:latest
ports:
- containerPort: 4002
name: http
env:
- name: PORT
value: "4002"
- name: NODE_ENV
valueFrom:
configMapKeyRef:
name: the-order-config
key: ENVIRONMENT
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: the-order-secrets
key: database-url
- name: ENTRA_TENANT_ID
valueFrom:
secretKeyRef:
name: the-order-secrets
key: entra-tenant-id
- name: ENTRA_CLIENT_ID
valueFrom:
secretKeyRef:
name: the-order-secrets
key: entra-client-id
- name: ENTRA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: the-order-secrets
key: entra-client-secret
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 4002
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 4002
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health
port: 4002
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 30
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 15"]
---
apiVersion: v1
kind: Service
metadata:
name: identity-service
namespace: the-order
spec:
selector:
app: identity-service
ports:
- port: 80
targetPort: 4002
protocol: TCP
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: identity-service-hpa
namespace: the-order
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: identity-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

119
infra/k8s/base/intake/deployment.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: intake-service
namespace: the-order
labels:
app: intake-service
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: intake-service
template:
metadata:
labels:
app: intake-service
version: v1
spec:
containers:
- name: intake
image: theorder/intake-service:latest
ports:
- containerPort: 4001
name: http
env:
- name: PORT
value: "4001"
- name: NODE_ENV
valueFrom:
configMapKeyRef:
name: the-order-config
key: ENVIRONMENT
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: the-order-secrets
key: database-url
- name: STORAGE_BUCKET
valueFrom:
secretKeyRef:
name: the-order-secrets
key: storage-bucket
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 4001
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 4001
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health
port: 4001
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 30
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 15"]
---
apiVersion: v1
kind: Service
metadata:
name: intake-service
namespace: the-order
spec:
selector:
app: intake-service
ports:
- port: 80
targetPort: 4001
protocol: TCP
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: intake-service-hpa
namespace: the-order
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: intake-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

11
infra/k8s/base/kustomization.yaml
View File

@@ -7,10 +7,9 @@ resources:
- namespace.yaml
- configmap.yaml
- secrets.yaml
# Add service-specific resources
# - intake/
# - identity/
# - finance/
# - dataroom/
- intake/deployment.yaml
- identity/deployment.yaml
- finance/deployment.yaml
- dataroom/deployment.yaml
- legal-documents/deployment.yaml

114
infra/k8s/base/legal-documents/deployment.yaml Normal file
View File

@@ -0,0 +1,114 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: legal-documents-service
namespace: the-order
labels:
app: legal-documents-service
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: legal-documents-service
template:
metadata:
labels:
app: legal-documents-service
version: v1
spec:
containers:
- name: legal-documents
image: theorder/legal-documents-service:latest
ports:
- containerPort: 4005
name: http
env:
- name: PORT
value: "4005"
- name: NODE_ENV
valueFrom:
configMapKeyRef:
name: the-order-config
key: ENVIRONMENT
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: the-order-secrets
key: database-url
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /health
port: 4005
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 4005
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health
port: 4005
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 30
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 15"]
---
apiVersion: v1
kind: Service
metadata:
name: legal-documents-service
namespace: the-order
spec:
selector:
app: legal-documents-service
ports:
- port: 80
targetPort: 4005
protocol: TCP
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: legal-documents-service-hpa
namespace: the-order
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: legal-documents-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

71
infra/k8s/base/monitoring/grafana-deployment.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: the-order
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
image: grafana/grafana:latest
ports:
- containerPort: 3000
env:
- name: GF_SECURITY_ADMIN_USER
value: admin
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: the-order-secrets
key: grafana-admin-password
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
volumeMounts:
- name: grafana-storage
mountPath: /var/lib/grafana
- name: grafana-dashboards
mountPath: /etc/grafana/provisioning/dashboards
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
volumes:
- name: grafana-storage
emptyDir: {}
- name: grafana-dashboards
configMap:
name: grafana-dashboards
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: the-order
spec:
selector:
app: grafana
ports:
- port: 3000
targetPort: 3000
type: ClusterIP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboards
namespace: the-order
data:
services-overview.json: |
# Dashboard JSON will be mounted from infra/monitoring/grafana-dashboards/

61
infra/k8s/base/monitoring/prometheus-deployment.yaml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: the-order
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus:latest
ports:
- containerPort: 9090
args:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=30d'
volumeMounts:
- name: prometheus-config
mountPath: /etc/prometheus
- name: prometheus-storage
mountPath: /prometheus
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "2Gi"
cpu: "1000m"
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: the-order
spec:
selector:
app: prometheus
ports:
- port: 9090
targetPort: 9090
type: ClusterIP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
namespace: the-order
data:
prometheus.yml: |
# Prometheus configuration will be mounted from infra/monitoring/prometheus-config.yml