trade-r001-canary
Minimal canary namespace for migration baseline R001 on
sol.
Purpose
- Reserve a dedicated namespace for the first reconstructed trade deployment.
- Put hard upper bounds on namespace-level CPU, memory, object count, and PVC growth before application manifests land.
- Verify that workloads in the namespace can resolve and reach the
shared
trade-infraservices forPostgresandRedis. - Recreate the
R001application surface in a controlled way:Hasura,trade-api,trade-frontend, the first canarytrade-ingestorpath, and the first DLOB hot-path components.
Current Guardrails
- Namespace:
trade-r001-canary - ResourceQuota:
requests.cpu=2limits.cpu=6requests.memory=4Gilimits.memory=12Gipods=20services=10configmaps=20secrets=30persistentvolumeclaims=4requests.storage=100Gi
- LimitRange:
- default request:
100m,128Mi - default limit:
1,1Gi - per-container maximum:
2,4Gi
- default request:
Notes
- This namespace is intentionally conservative until item
14and the validator protection envelope are fully defined. - Current shared infrastructure endpoints expected by canary
workloads:
postgres-host.trade-infra.svc.cluster.local:5432redis-host.trade-infra.svc.cluster.local:6379agave-rpc-host.trade-infra.svc.cluster.local:8899agave-ws-host.trade-infra.svc.cluster.local:8900agave-grpc-host.trade-infra.svc.cluster.local:10000
Application Surface
postgresin this namespace is anExternalNamealias that points topostgres-host.trade-infra.svc.cluster.local.Hasurauses the liveR001secrets copied fromtrade-staging, but connects to the hostPostgresonsol.trade-apiandtrade-frontenduse the current live images from Gitea registry and the same bootstrap wrapper/config pattern as the source environment.dlob-publisher-hotnow targets the host validator onsolthroughtrade-infraservices and writesdlob-hot:*into the shared Redis host service.dlob-publisher-allnow targets the same host validator path onsoland writesdlob-all:*into the shared Redis host service.dlob-hot-redis-to-postgres-raw-writeranddlob-hot-postgres-to-postgres-derived-writerrebuild the first live DLOB derived path onsol.dlob-all-redis-to-postgres-derived-writerrebuilds the live full-market derived DLOB path onsol.- The canary workflow re-runs:
postgres-migratehasura-bootstrapbefore it waits forHasura,trade-api,trade-frontend,trade-ingestor, and the DLOB hot/all-path deployments to become healthy.
- The current canary
trade-ingestoris intentionally pinned to the schema already reconstructed onsoland reads fromdlob_stats_latest. - The exact live
R001ingestor path that readsdlob_*_derived_latestremains a follow-up substep after the DLOB writer chain is reconstructed.
Operator Flow
From the repository root:
./environments/sol/trade-infra/scripts/prepare-sol-agave-access.sh
kubectl apply -k environments/sol/trade-infra
./environments/sol/trade-r001-canary/scripts/prepare-sol-postgres.sh
./environments/sol/trade-r001-canary/scripts/create-gitea-registry-secret.sh
./environments/sol/trade-r001-canary/scripts/create-trade-dlob-rpc-secret.sh
./environments/sol/trade-r001-canary/scripts/sync-live-secrets.shAfter the prerequisites are seeded, push to main and let
deploy-trade-r001-canary apply the environment.