Files
trade-gitops/environments/sol/trade-r001-canary
mpabi b8f1303e66
Some checks failed
deploy-trade-r001-canary / apply (push) Failing after 56s
feat(canary): add ingestor rollout on sol
2026-04-12 17:34:03 +02:00
..

trade-r001-canary

Minimal canary namespace for migration baseline R001 on sol.

Purpose

  • Reserve a dedicated namespace for the first reconstructed trade deployment.
  • Put hard upper bounds on namespace-level CPU, memory, object count, and PVC growth before application manifests land.
  • Verify that workloads in the namespace can resolve and reach the shared trade-infra services for Postgres and Redis.
  • Recreate the R001 application surface in a controlled way: Hasura, trade-api, trade-frontend, and the first canary trade-ingestor path.

Current Guardrails

  • Namespace: trade-r001-canary
  • ResourceQuota:
    • requests.cpu=2
    • limits.cpu=6
    • requests.memory=4Gi
    • limits.memory=12Gi
    • pods=20
    • services=10
    • configmaps=20
    • secrets=30
    • persistentvolumeclaims=4
    • requests.storage=100Gi
  • LimitRange:
    • default request: 100m, 128Mi
    • default limit: 1, 1Gi
    • per-container maximum: 2, 4Gi

Notes

  • This namespace is intentionally conservative until item 14 and the validator protection envelope are fully defined.
  • Current shared infrastructure endpoints expected by canary workloads:
    • postgres-host.trade-infra.svc.cluster.local:5432
    • redis-host.trade-infra.svc.cluster.local:6379

Application Surface

  • postgres in this namespace is an ExternalName alias that points to postgres-host.trade-infra.svc.cluster.local.
  • Hasura uses the live R001 secrets copied from trade-staging, but connects to the host Postgres on sol.
  • trade-api and trade-frontend use the current live images from Gitea registry and the same bootstrap wrapper/config pattern as the source environment.
  • The canary workflow re-runs:
    • postgres-migrate
    • hasura-bootstrap before it waits for Hasura, trade-api, trade-frontend, and trade-ingestor to become healthy.
  • The current canary trade-ingestor is intentionally pinned to the schema already reconstructed on sol and reads from dlob_stats_latest.
  • The exact live R001 ingestor path that reads dlob_*_derived_latest remains a follow-up substep after the DLOB writer chain is reconstructed.

Operator Flow

From the repository root:

./environments/sol/trade-r001-canary/scripts/prepare-sol-postgres.sh
./environments/sol/trade-r001-canary/scripts/create-gitea-registry-secret.sh
./environments/sol/trade-r001-canary/scripts/sync-live-secrets.sh

After the prerequisites are seeded, push to main and let deploy-trade-r001-canary apply the environment.