trade-r001-canary
Minimal canary namespace for migration baseline R001 on
sol.
Purpose
- Reserve a dedicated namespace for the first reconstructed trade deployment.
- Put hard upper bounds on namespace-level CPU, memory, object count, and PVC growth before application manifests land.
- Verify that workloads in the namespace can resolve and reach the
shared
trade-infraservices forPostgresandRedis. - Recreate the
R001application surface in a controlled way:Hasura,trade-api, andtrade-frontend.
Current Guardrails
- Namespace:
trade-r001-canary - ResourceQuota:
requests.cpu=2limits.cpu=6requests.memory=4Gilimits.memory=12Gipods=20services=10configmaps=20secrets=30persistentvolumeclaims=4requests.storage=100Gi
- LimitRange:
- default request:
100m,128Mi - default limit:
1,1Gi - per-container maximum:
2,4Gi
- default request:
Notes
- This namespace is intentionally conservative until item
14and the validator protection envelope are fully defined. - Current shared infrastructure endpoints expected by canary
workloads:
postgres-host.trade-infra.svc.cluster.local:5432redis-host.trade-infra.svc.cluster.local:6379
Application Surface
postgresin this namespace is anExternalNamealias that points topostgres-host.trade-infra.svc.cluster.local.Hasurauses the liveR001secrets copied fromtrade-staging, but connects to the hostPostgresonsol.trade-apiandtrade-frontenduse the current live images from Gitea registry and the same bootstrap wrapper/config pattern as the source environment.- The canary workflow re-runs:
postgres-migratehasura-bootstrapbefore it waits forHasura,trade-api, andtrade-frontendto become healthy.
Operator Flow
From the repository root:
./environments/sol/trade-r001-canary/scripts/prepare-sol-postgres.sh
./environments/sol/trade-r001-canary/scripts/create-gitea-registry-secret.sh
./environments/sol/trade-r001-canary/scripts/sync-live-secrets.shAfter the prerequisites are seeded, push to main and let
deploy-trade-r001-canary apply the environment.