admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(k8s): add full K8s staging deployment for all 25 services

Browse Source 
- Add 17 new K8s manifests (15 services + RabbitMQ + MinIO)
- Update secrets.yaml with 24 DB URLs for remote PostgreSQL
- Update configmap.yaml with 25 service discovery URLs
- Update ingress.yaml with routes for all services (Nginx + letsencrypt-prod)
- Update network-policy.yaml with all services + RabbitMQ/MinIO policies
- Update deploy-staging.yml CI/CD for all 25 services via Harbor registry
- Fix mkt-* Dockerfiles (add curl, JwtBearer NuGet package)
- Fix membership/ads-billing PendingModelChangesWarning
- Switch DB connections to remote PostgreSQL (212.28.186.239:30992)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Ho Ngoc Hai
2026-04-10 19:53:09 +07:00
parent 6aa52cdb19
commit 966f5412bd
44 changed files with 3055 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
.github/workflows/deploy-staging.yml vendored
View File

@@ -5,7 +5,7 @@ name: Deploy to Staging
on:
push:
branches:
- develop
- master
paths:
- 'services/iam-service-net/**'
- 'services/merchant-service-net/**'
@@ -15,6 +15,22 @@ on:
- 'services/wallet-service-net/**'
- 'services/catalog-service-net/**'
- 'services/storage-service-net/**'
- 'services/booking-service-net/**'
- 'services/chat-service-net/**'
- 'services/social-service-net/**'
- 'services/promotion-service-net/**'
- 'services/membership-service-net/**'
- 'services/mining-service-net/**'
- 'services/mission-service-net/**'
- 'services/ads-manager-service-net/**'
- 'services/ads-serving-service-net/**'
- 'services/ads-billing-service-net/**'
- 'services/ads-tracking-service-net/**'
- 'services/ads-analytics-service-net/**'
- 'services/mkt-facebook-service-net/**'
- 'services/mkt-whatsapp-service-net/**'
- 'services/mkt-x-service-net/**'
- 'services/mkt-zalo-service-net/**'
- 'apps/web-client-tpos-net/**'
- 'deployments/staging/**'
workflow_dispatch:
@@ -34,10 +50,26 @@ on:
- wallet-service
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-billing-service
- ads-tracking-service
- ads-analytics-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
- pos-web
env:
REGISTRY: docker.io
REGISTRY: harbor.techbi.org
NAMESPACE: staging
jobs:
@@ -73,6 +105,22 @@ jobs:
["services/wallet-service-net"]="wallet-service"
["services/catalog-service-net"]="catalog-service"
["services/storage-service-net"]="storage-service"
["services/booking-service-net"]="booking-service"
["services/chat-service-net"]="chat-service"
["services/social-service-net"]="social-service"
["services/promotion-service-net"]="promotion-service"
["services/membership-service-net"]="membership-service"
["services/mining-service-net"]="mining-service"
["services/mission-service-net"]="mission-service"
["services/ads-manager-service-net"]="ads-manager-service"
["services/ads-serving-service-net"]="ads-serving-service"
["services/ads-billing-service-net"]="ads-billing-service"
["services/ads-tracking-service-net"]="ads-tracking-service"
["services/ads-analytics-service-net"]="ads-analytics-service"
["services/mkt-facebook-service-net"]="mkt-facebook-service"
["services/mkt-whatsapp-service-net"]="mkt-whatsapp-service"
["services/mkt-x-service-net"]="mkt-x-service"
["services/mkt-zalo-service-net"]="mkt-zalo-service"
["apps/web-client-tpos-net"]="pos-web"
)
@@ -85,7 +133,7 @@ jobs:
# EN: If deployment configs changed, deploy all
# VI: Neu cau hinh deployment thay doi, deploy tat ca
if echo "$CHANGED" | grep -q "^deployments/staging/"; then
SERVICES=("\"iam-service\"" "\"merchant-service\"" "\"order-service\"" "\"fnb-engine\"" "\"inventory-service\"" "\"wallet-service\"" "\"catalog-service\"" "\"storage-service\"" "\"pos-web\"")
SERVICES=("\"iam-service\"" "\"merchant-service\"" "\"order-service\"" "\"fnb-engine\"" "\"inventory-service\"" "\"wallet-service\"" "\"catalog-service\"" "\"storage-service\"" "\"booking-service\"" "\"chat-service\"" "\"social-service\"" "\"promotion-service\"" "\"membership-service\"" "\"mining-service\"" "\"mission-service\"" "\"ads-manager-service\"" "\"ads-serving-service\"" "\"ads-billing-service\"" "\"ads-tracking-service\"" "\"ads-analytics-service\"" "\"mkt-facebook-service\"" "\"mkt-whatsapp-service\"" "\"mkt-x-service\"" "\"mkt-zalo-service\"" "\"pos-web\"")
fi
if [ ${#SERVICES[@]} -eq 0 ]; then
@@ -108,9 +156,10 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
- name: Login to Harbor Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
@@ -126,19 +175,51 @@ jobs:
["wallet-service"]="./services/wallet-service-net"
["catalog-service"]="./services/catalog-service-net"
["storage-service"]="./services/storage-service-net"
["booking-service"]="./services/booking-service-net"
["chat-service"]="./services/chat-service-net"
["social-service"]="./services/social-service-net"
["promotion-service"]="./services/promotion-service-net"
["membership-service"]="./services/membership-service-net"
["mining-service"]="./services/mining-service-net"
["mission-service"]="./services/mission-service-net"
["ads-manager-service"]="./services/ads-manager-service-net"
["ads-serving-service"]="./services/ads-serving-service-net"
["ads-billing-service"]="./services/ads-billing-service-net"
["ads-tracking-service"]="./services/ads-tracking-service-net"
["ads-analytics-service"]="./services/ads-analytics-service-net"
["mkt-facebook-service"]="./services/mkt-facebook-service-net"
["mkt-whatsapp-service"]="./services/mkt-whatsapp-service-net"
["mkt-x-service"]="./services/mkt-x-service-net"
["mkt-zalo-service"]="./services/mkt-zalo-service-net"
["pos-web"]="./apps/web-client-tpos-net"
)
declare -A IMAGE_MAP=(
["iam-service"]="goodgo/iam-service-net"
["merchant-service"]="goodgo/merchant-service-net"
["order-service"]="goodgo/order-service-net"
["fnb-engine"]="goodgo/fnb-engine-net"
["inventory-service"]="goodgo/inventory-service-net"
["wallet-service"]="goodgo/wallet-service-net"
["catalog-service"]="goodgo/catalog-service-net"
["storage-service"]="goodgo/storage-service-net"
["pos-web"]="goodgo/web-client-tpos-net"
["iam-service"]="harbor.techbi.org/goodgo/iam-service-net"
["merchant-service"]="harbor.techbi.org/goodgo/merchant-service-net"
["order-service"]="harbor.techbi.org/goodgo/order-service-net"
["fnb-engine"]="harbor.techbi.org/goodgo/fnb-engine-net"
["inventory-service"]="harbor.techbi.org/goodgo/inventory-service-net"
["wallet-service"]="harbor.techbi.org/goodgo/wallet-service-net"
["catalog-service"]="harbor.techbi.org/goodgo/catalog-service-net"
["storage-service"]="harbor.techbi.org/goodgo/storage-service-net"
["booking-service"]="harbor.techbi.org/goodgo/booking-service-net"
["chat-service"]="harbor.techbi.org/goodgo/chat-service-net"
["social-service"]="harbor.techbi.org/goodgo/social-service-net"
["promotion-service"]="harbor.techbi.org/goodgo/promotion-service-net"
["membership-service"]="harbor.techbi.org/goodgo/membership-service-net"
["mining-service"]="harbor.techbi.org/goodgo/mining-service-net"
["mission-service"]="harbor.techbi.org/goodgo/mission-service-net"
["ads-manager-service"]="harbor.techbi.org/goodgo/ads-manager-service-net"
["ads-serving-service"]="harbor.techbi.org/goodgo/ads-serving-service-net"
["ads-billing-service"]="harbor.techbi.org/goodgo/ads-billing-service-net"
["ads-tracking-service"]="harbor.techbi.org/goodgo/ads-tracking-service-net"
["ads-analytics-service"]="harbor.techbi.org/goodgo/ads-analytics-service-net"
["mkt-facebook-service"]="harbor.techbi.org/goodgo/mkt-facebook-service-net"
["mkt-whatsapp-service"]="harbor.techbi.org/goodgo/mkt-whatsapp-service-net"
["mkt-x-service"]="harbor.techbi.org/goodgo/mkt-x-service-net"
["mkt-zalo-service"]="harbor.techbi.org/goodgo/mkt-zalo-service-net"
["pos-web"]="harbor.techbi.org/goodgo/web-client-tpos-net"
)
echo "context=${CONTEXT_MAP[${{ matrix.service }}]}" >> $GITHUB_OUTPUT
@@ -180,7 +261,7 @@ jobs:
--project services/iam-service-net/src/IamService.Infrastructure/IamService.Infrastructure.csproj \
--startup-project services/iam-service-net/src/IamService.API/IamService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_IAM_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_IAM_DATABASE_URL_STAGING }}
- name: Run Merchant migrations
if: contains(needs.detect-changes.outputs.services, 'merchant-service')
@@ -189,7 +270,7 @@ jobs:
--project services/merchant-service-net/src/MerchantService.Infrastructure/MerchantService.Infrastructure.csproj \
--startup-project services/merchant-service-net/src/MerchantService.API/MerchantService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_MERCHANT_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_MERCHANT_DATABASE_URL_STAGING }}
- name: Run Order migrations
if: contains(needs.detect-changes.outputs.services, 'order-service')
@@ -198,7 +279,7 @@ jobs:
--project services/order-service-net/src/OrderService.Infrastructure/OrderService.Infrastructure.csproj \
--startup-project services/order-service-net/src/OrderService.API/OrderService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_ORDER_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_ORDER_DATABASE_URL_STAGING }}
- name: Run FnB Engine migrations
if: contains(needs.detect-changes.outputs.services, 'fnb-engine')
@@ -207,7 +288,7 @@ jobs:
--project services/fnb-engine-net/src/FnbEngine.Infrastructure/FnbEngine.Infrastructure.csproj \
--startup-project services/fnb-engine-net/src/FnbEngine.API/FnbEngine.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_FNB_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_FNB_DATABASE_URL_STAGING }}
- name: Run Inventory migrations
if: contains(needs.detect-changes.outputs.services, 'inventory-service')
@@ -216,7 +297,7 @@ jobs:
--project services/inventory-service-net/src/InventoryService.Infrastructure/InventoryService.Infrastructure.csproj \
--startup-project services/inventory-service-net/src/InventoryService.API/InventoryService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_INVENTORY_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_INVENTORY_DATABASE_URL_STAGING }}
- name: Run Wallet migrations
if: contains(needs.detect-changes.outputs.services, 'wallet-service')
@@ -225,7 +306,7 @@ jobs:
--project services/wallet-service-net/src/WalletService.Infrastructure/WalletService.Infrastructure.csproj \
--startup-project services/wallet-service-net/src/WalletService.API/WalletService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_WALLET_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_WALLET_DATABASE_URL_STAGING }}
- name: Run Catalog migrations
if: contains(needs.detect-changes.outputs.services, 'catalog-service')
@@ -234,7 +315,7 @@ jobs:
--project services/catalog-service-net/src/CatalogService.Infrastructure/CatalogService.Infrastructure.csproj \
--startup-project services/catalog-service-net/src/CatalogService.API/CatalogService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_CATALOG_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_CATALOG_DATABASE_URL_STAGING }}
- name: Run Storage migrations
if: contains(needs.detect-changes.outputs.services, 'storage-service')
@@ -243,7 +324,124 @@ jobs:
--project services/storage-service-net/src/StorageService.Infrastructure/StorageService.Infrastructure.csproj \
--startup-project services/storage-service-net/src/StorageService.API/StorageService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.NEON_STORAGE_DATABASE_URL_STAGING }}
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_STORAGE_DATABASE_URL_STAGING }}
- name: Run Booking migrations
if: contains(needs.detect-changes.outputs.services, 'booking-service')
run: |
dotnet ef database update \
--project services/booking-service-net/src/BookingService.Infrastructure/BookingService.Infrastructure.csproj \
--startup-project services/booking-service-net/src/BookingService.API/BookingService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_BOOKING_DATABASE_URL_STAGING }}
- name: Run Chat migrations
if: contains(needs.detect-changes.outputs.services, 'chat-service')
run: |
dotnet ef database update \
--project services/chat-service-net/src/ChatService.Infrastructure/ChatService.Infrastructure.csproj \
--startup-project services/chat-service-net/src/ChatService.API/ChatService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_CHAT_DATABASE_URL_STAGING }}
- name: Run Social migrations
if: contains(needs.detect-changes.outputs.services, 'social-service')
run: |
dotnet ef database update \
--project services/social-service-net/src/SocialService.Infrastructure/SocialService.Infrastructure.csproj \
--startup-project services/social-service-net/src/SocialService.API/SocialService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_SOCIAL_DATABASE_URL_STAGING }}
- name: Run Promotion migrations
if: contains(needs.detect-changes.outputs.services, 'promotion-service')
run: |
dotnet ef database update \
--project services/promotion-service-net/src/PromotionService.Infrastructure/PromotionService.Infrastructure.csproj \
--startup-project services/promotion-service-net/src/PromotionService.API/PromotionService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_PROMOTION_DATABASE_URL_STAGING }}
- name: Run Membership migrations
if: contains(needs.detect-changes.outputs.services, 'membership-service')
run: |
dotnet ef database update \
--project services/membership-service-net/src/MembershipService.Infrastructure/MembershipService.Infrastructure.csproj \
--startup-project services/membership-service-net/src/MembershipService.API/MembershipService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_MEMBERSHIP_DATABASE_URL_STAGING }}
- name: Run Mining migrations
if: contains(needs.detect-changes.outputs.services, 'mining-service')
run: |
dotnet ef database update \
--project services/mining-service-net/src/MiningService.Infrastructure/MiningService.Infrastructure.csproj \
--startup-project services/mining-service-net/src/MiningService.API/MiningService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_MINING_DATABASE_URL_STAGING }}
- name: Run Mission migrations
if: contains(needs.detect-changes.outputs.services, 'mission-service')
run: |
dotnet ef database update \
--project services/mission-service-net/src/MissionService.Infrastructure/MissionService.Infrastructure.csproj \
--startup-project services/mission-service-net/src/MissionService.API/MissionService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_MISSION_DATABASE_URL_STAGING }}
- name: Run Ads Manager migrations
if: contains(needs.detect-changes.outputs.services, 'ads-manager-service')
run: |
dotnet ef database update \
--project services/ads-manager-service-net/src/AdsManagerService.Infrastructure/AdsManagerService.Infrastructure.csproj \
--startup-project services/ads-manager-service-net/src/AdsManagerService.API/AdsManagerService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_ADS_MANAGER_DATABASE_URL_STAGING }}
- name: Run Ads Serving migrations
if: contains(needs.detect-changes.outputs.services, 'ads-serving-service')
run: |
dotnet ef database update \
--project services/ads-serving-service-net/src/AdsServingService.Infrastructure/AdsServingService.Infrastructure.csproj \
--startup-project services/ads-serving-service-net/src/AdsServingService.API/AdsServingService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_ADS_SERVING_DATABASE_URL_STAGING }}
- name: Run Ads Billing migrations
if: contains(needs.detect-changes.outputs.services, 'ads-billing-service')
run: |
dotnet ef database update \
--project services/ads-billing-service-net/src/AdsBillingService.Infrastructure/AdsBillingService.Infrastructure.csproj \
--startup-project services/ads-billing-service-net/src/AdsBillingService.API/AdsBillingService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_ADS_BILLING_DATABASE_URL_STAGING }}
- name: Run Ads Tracking migrations
if: contains(needs.detect-changes.outputs.services, 'ads-tracking-service')
run: |
dotnet ef database update \
--project services/ads-tracking-service-net/src/AdsTrackingService.Infrastructure/AdsTrackingService.Infrastructure.csproj \
--startup-project services/ads-tracking-service-net/src/AdsTrackingService.API/AdsTrackingService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_ADS_TRACKING_DATABASE_URL_STAGING }}
- name: Run Ads Analytics migrations
if: contains(needs.detect-changes.outputs.services, 'ads-analytics-service')
run: |
dotnet ef database update \
--project services/ads-analytics-service-net/src/AdsAnalyticsService.Infrastructure/AdsAnalyticsService.Infrastructure.csproj \
--startup-project services/ads-analytics-service-net/src/AdsAnalyticsService.API/AdsAnalyticsService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_ADS_ANALYTICS_DATABASE_URL_STAGING }}
- name: Run Mkt Zalo migrations
if: contains(needs.detect-changes.outputs.services, 'mkt-zalo-service')
run: |
dotnet ef database update \
--project services/mkt-zalo-service-net/src/MktZaloService.Infrastructure/MktZaloService.Infrastructure.csproj \
--startup-project services/mkt-zalo-service-net/src/MktZaloService.API/MktZaloService.API.csproj
env:
ConnectionStrings__DefaultConnection: ${{ secrets.REMOTE_MKT_ZALO_DATABASE_URL_STAGING }}
# =========================================================================
# Deploy to Kubernetes
@@ -268,9 +466,11 @@ jobs:
kubectl apply -f deployments/staging/kubernetes/namespace.yaml
kubectl apply -f deployments/staging/kubernetes/configmap.yaml
- name: Deploy Redis
- name: Deploy Infrastructure
run: |
kubectl apply -f deployments/staging/kubernetes/redis.yaml
kubectl apply -f deployments/staging/kubernetes/rabbitmq.yaml
kubectl apply -f deployments/staging/kubernetes/minio.yaml
- name: Deploy services
run: |
@@ -285,6 +485,22 @@ jobs:
["wallet-service"]="wallet-service.yaml"
["catalog-service"]="catalog-service.yaml"
["storage-service"]="storage-service.yaml"
["booking-service"]="booking-service.yaml"
["chat-service"]="chat-service.yaml"
["social-service"]="social-service.yaml"
["promotion-service"]="promotion-service.yaml"
["membership-service"]="membership-service.yaml"
["mining-service"]="mining-service.yaml"
["mission-service"]="mission-service.yaml"
["ads-manager-service"]="ads-manager-service.yaml"
["ads-serving-service"]="ads-serving-service.yaml"
["ads-billing-service"]="ads-billing-service.yaml"
["ads-tracking-service"]="ads-tracking-service.yaml"
["ads-analytics-service"]="ads-analytics-service.yaml"
["mkt-facebook-service"]="mkt-facebook-service.yaml"
["mkt-whatsapp-service"]="mkt-whatsapp-service.yaml"
["mkt-x-service"]="mkt-x-service.yaml"
["mkt-zalo-service"]="mkt-zalo-service.yaml"
["pos-web"]="pos-web.yaml"
)
@@ -307,6 +523,10 @@ jobs:
run: |
kubectl apply -f deployments/staging/kubernetes/ingress.yaml
- name: Apply network policies
run: |
kubectl apply -f deployments/staging/kubernetes/network-policy.yaml
- name: Wait for rollouts
run: |
SERVICES='${{ needs.detect-changes.outputs.services }}'
@@ -320,6 +540,22 @@ jobs:
["wallet-service"]="wallet-service"
["catalog-service"]="catalog-service"
["storage-service"]="storage-service"
["booking-service"]="booking-service"
["chat-service"]="chat-service"
["social-service"]="social-service"
["promotion-service"]="promotion-service"
["membership-service"]="membership-service"
["mining-service"]="mining-service"
["mission-service"]="mission-service"
["ads-manager-service"]="ads-manager-service"
["ads-serving-service"]="ads-serving-service"
["ads-billing-service"]="ads-billing-service"
["ads-tracking-service"]="ads-tracking-service"
["ads-analytics-service"]="ads-analytics-service"
["mkt-facebook-service"]="mkt-facebook-service"
["mkt-whatsapp-service"]="mkt-whatsapp-service"
["mkt-x-service"]="mkt-x-service"
["mkt-zalo-service"]="mkt-zalo-service"
["pos-web"]="pos-web"
)

50
deployments/local/.env
View File

@@ -50,28 +50,28 @@ JAEGER_ENDPOINT=http://jaeger:14268/api/traces
METRICS_ENABLED=true
SEQ_URL=http://localhost:5341
# Database connection strings (local PostgreSQL container)
IAM_DATABASE_URL=Host=postgres;Port=5432;Database=iam_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
STORAGE_DATABASE_URL=Host=postgres;Port=5432;Database=storage_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MEMBERSHIP_DATABASE_URL=Host=postgres;Port=5432;Database=membership_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MERCHANT_DATABASE_URL=Host=postgres;Port=5432;Database=merchant_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
WALLET_DATABASE_URL=Host=postgres;Port=5432;Database=wallet_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
CHAT_DATABASE_URL=Host=postgres;Port=5432;Database=chat_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
SOCIAL_DATABASE_URL=Host=postgres;Port=5432;Database=social_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MINING_DATABASE_URL=Host=postgres;Port=5432;Database=mining_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MISSION_DATABASE_URL=Host=postgres;Port=5432;Database=mission_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
PROMOTION_DATABASE_URL=Host=postgres;Port=5432;Database=promotion_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
CATALOG_DATABASE_URL=Host=postgres;Port=5432;Database=catalog_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
ORDER_DATABASE_URL=Host=postgres;Port=5432;Database=order_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
INVENTORY_DATABASE_URL=Host=postgres;Port=5432;Database=inventory_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
FNB_ENGINE_DATABASE_URL=Host=postgres;Port=5432;Database=fnb_engine;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
BOOKING_DATABASE_URL=Host=postgres;Port=5432;Database=booking_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
ADS_MANAGER_DATABASE_URL=Host=postgres;Port=5432;Database=ads_manager_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
ADS_ANALYTICS_DATABASE_URL=Host=postgres;Port=5432;Database=ads_analytics_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
ADS_SERVING_DATABASE_URL=Host=postgres;Port=5432;Database=ads_serving_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
ADS_BILLING_DATABASE_URL=Host=postgres;Port=5432;Database=ads_billing_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
ADS_TRACKING_DATABASE_URL=Host=postgres;Port=5432;Database=ads_tracking_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MKT_FACEBOOK_DATABASE_URL=Host=postgres;Port=5432;Database=mkt_facebook_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MKT_WHATSAPP_DATABASE_URL=Host=postgres;Port=5432;Database=mkt_whatsapp_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MKT_X_DATABASE_URL=Host=postgres;Port=5432;Database=mkt_x_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
MKT_ZALO_DATABASE_URL=Host=postgres;Port=5432;Database=mkt_zalo_service;Username=goodgo;Password=goodgo-local-2024;SSL Mode=Disable
# Database connection strings (Remote PostgreSQL - 212.28.186.239:30992)
IAM_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=iam_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
STORAGE_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=storage_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MEMBERSHIP_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=membership_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MERCHANT_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=merchant_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
WALLET_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=wallet_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
CHAT_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=chat_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
SOCIAL_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=social_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MINING_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=mining_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MISSION_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=mission_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
PROMOTION_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=promotion_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
CATALOG_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=catalog_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
ORDER_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=order_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
INVENTORY_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=inventory_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
FNB_ENGINE_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=fnb_engine;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
BOOKING_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=booking_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
ADS_MANAGER_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=ads_manager_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
ADS_ANALYTICS_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=ads_analytics_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
ADS_SERVING_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=ads_serving_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
ADS_BILLING_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=ads_billing_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
ADS_TRACKING_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=ads_tracking_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MKT_FACEBOOK_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=mkt_facebook_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MKT_WHATSAPP_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=mkt_whatsapp_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MKT_X_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=mkt_x_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer
MKT_ZALO_DATABASE_URL=Host=212.28.186.239;Port=30992;Database=mkt_zalo_service;Username=cloud_admin;Password=XbnKQ2ONe6pMxxCh;SSL Mode=Prefer

125
deployments/staging/kubernetes/ads-analytics-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Ads Analytics Service - Ads performance analytics, reporting & insights
# VI: Ads Analytics Service - Phan tich hieu suat quang cao, bao cao & thong ke
apiVersion: apps/v1
kind: Deployment
metadata:
name: ads-analytics-service
namespace: staging
labels:
app: ads-analytics-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: ads-analytics-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ads-analytics-service
environment: staging
spec:
containers:
- name: ads-analytics-service
image: harbor.techbi.org/goodgo/ads-analytics-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: ADS_ANALYTICS_DATABASE_URL
- name: AdsAnalyticsService__ServiceName
value: "ads-analytics-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: ads-analytics-service
namespace: staging
labels:
app: ads-analytics-service
environment: staging
spec:
selector:
app: ads-analytics-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ads-analytics-service-hpa
namespace: staging
labels:
app: ads-analytics-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ads-analytics-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

123
deployments/staging/kubernetes/ads-billing-service.yaml Normal file
View File

@@ -0,0 +1,123 @@
# EN: Ads Billing Service - Advertising payment and invoice processing
# VI: Ads Billing Service - Xu ly thanh toan va hoa don quang cao
apiVersion: apps/v1
kind: Deployment
metadata:
name: ads-billing-service
namespace: staging
labels:
app: ads-billing-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: ads-billing-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ads-billing-service
environment: staging
spec:
containers:
- name: ads-billing-service
image: harbor.techbi.org/goodgo/ads-billing-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: ADS_BILLING_DATABASE_URL
- name: AdsBillingService__ServiceName
value: "ads-billing-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: ads-billing-service
namespace: staging
labels:
app: ads-billing-service
environment: staging
spec:
selector:
app: ads-billing-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ads-billing-service-hpa
namespace: staging
labels:
app: ads-billing-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ads-billing-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

125
deployments/staging/kubernetes/ads-manager-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Ads Manager Service - Ads campaign creation & management
# VI: Ads Manager Service - Tao va quan ly chien dich quang cao
apiVersion: apps/v1
kind: Deployment
metadata:
name: ads-manager-service
namespace: staging
labels:
app: ads-manager-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: ads-manager-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ads-manager-service
environment: staging
spec:
containers:
- name: ads-manager-service
image: harbor.techbi.org/goodgo/ads-manager-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: ADS_MANAGER_DATABASE_URL
- name: AdsManagerService__ServiceName
value: "ads-manager-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: ads-manager-service
namespace: staging
labels:
app: ads-manager-service
environment: staging
spec:
selector:
app: ads-manager-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ads-manager-service-hpa
namespace: staging
labels:
app: ads-manager-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ads-manager-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

127
deployments/staging/kubernetes/ads-serving-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
# EN: Ads Serving Service - Ad delivery and targeting engine
# VI: Ads Serving Service - Phan phoi va nham muc tieu quang cao
apiVersion: apps/v1
kind: Deployment
metadata:
name: ads-serving-service
namespace: staging
labels:
app: ads-serving-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: ads-serving-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ads-serving-service
environment: staging
spec:
containers:
- name: ads-serving-service
image: harbor.techbi.org/goodgo/ads-serving-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: ADS_SERVING_DATABASE_URL
- name: AdsServingService__ServiceName
value: "ads-serving-service"
- name: RabbitMQ__Host
value: "rabbitmq"
- name: RabbitMQ__Port
value: "5672"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: ads-serving-service
namespace: staging
labels:
app: ads-serving-service
environment: staging
spec:
selector:
app: ads-serving-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ads-serving-service-hpa
namespace: staging
labels:
app: ads-serving-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ads-serving-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

127
deployments/staging/kubernetes/ads-tracking-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
# EN: Ads Tracking Service - Advertising event tracking and attribution
# VI: Ads Tracking Service - Theo doi su kien va phan bo quang cao
apiVersion: apps/v1
kind: Deployment
metadata:
name: ads-tracking-service
namespace: staging
labels:
app: ads-tracking-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: ads-tracking-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ads-tracking-service
environment: staging
spec:
containers:
- name: ads-tracking-service
image: harbor.techbi.org/goodgo/ads-tracking-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: ADS_TRACKING_DATABASE_URL
- name: AdsTrackingService__ServiceName
value: "ads-tracking-service"
- name: RabbitMQ__Host
value: "rabbitmq"
- name: RabbitMQ__Port
value: "5672"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: ads-tracking-service
namespace: staging
labels:
app: ads-tracking-service
environment: staging
spec:
selector:
app: ads-tracking-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: ads-tracking-service-hpa
namespace: staging
labels:
app: ads-tracking-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: ads-tracking-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

2
deployments/staging/kubernetes/booking-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: booking-service
image: goodgo/booking-service-net:staging
image: harbor.techbi.org/goodgo/booking-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

2
deployments/staging/kubernetes/catalog-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: catalog-service
image: goodgo/catalog-service-net:staging
image: harbor.techbi.org/goodgo/catalog-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

134
deployments/staging/kubernetes/chat-service.yaml Normal file
View File

@@ -0,0 +1,134 @@
# EN: Chat Service - Real-time messaging with SignalR & Redis backplane
# VI: Chat Service - Nhan tin thoi gian thuc voi SignalR & Redis backplane
apiVersion: apps/v1
kind: Deployment
metadata:
name: chat-service
namespace: staging
labels:
app: chat-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: chat-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: chat-service
environment: staging
spec:
containers:
- name: chat-service
image: harbor.techbi.org/goodgo/chat-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: CHAT_DATABASE_URL
# EN: Redis connection for SignalR backplane
# VI: Ket noi Redis cho SignalR backplane
- name: ConnectionStrings__Redis
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: ConnectionStrings__Redis
- name: SignalR__Redis__Enabled
value: "true"
- name: ChatService__ServiceName
value: "chat-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: chat-service
namespace: staging
labels:
app: chat-service
environment: staging
spec:
selector:
app: chat-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: chat-service-hpa
namespace: staging
labels:
app: chat-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: chat-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

24
deployments/staging/kubernetes/configmap.yaml
View File

@@ -36,6 +36,22 @@ data:
WalletService__BaseUrl: "http://wallet-service:8080"
StorageService__BaseUrl: "http://storage-service:8080"
FnbEngine__BaseUrl: "http://fnb-engine:8080"
BookingService__BaseUrl: "http://booking-service:8080"
ChatService__BaseUrl: "http://chat-service:8080"
SocialService__BaseUrl: "http://social-service:8080"
PromotionService__BaseUrl: "http://promotion-service:8080"
MembershipService__BaseUrl: "http://membership-service:8080"
MiningService__BaseUrl: "http://mining-service:8080"
MissionService__BaseUrl: "http://mission-service:8080"
AdsManagerService__BaseUrl: "http://ads-manager-service:8080"
AdsServingService__BaseUrl: "http://ads-serving-service:8080"
AdsBillingService__BaseUrl: "http://ads-billing-service:8080"
AdsTrackingService__BaseUrl: "http://ads-tracking-service:8080"
AdsAnalyticsService__BaseUrl: "http://ads-analytics-service:8080"
MktFacebookService__BaseUrl: "http://mkt-facebook-service:8080"
MktWhatsappService__BaseUrl: "http://mkt-whatsapp-service:8080"
MktXService__BaseUrl: "http://mkt-x-service:8080"
MktZaloService__BaseUrl: "http://mkt-zalo-service:8080"
# EN: Redis Configuration
# VI: Cau hinh Redis
@@ -43,6 +59,14 @@ data:
Redis__Port: "6379"
Redis__Database: "0"
# EN: RabbitMQ Configuration (non-secret)
# VI: Cau hinh RabbitMQ (khong bi mat)
RabbitMQ__Port: "5672"
# EN: MinIO Configuration (non-secret)
# VI: Cau hinh MinIO (khong bi mat)
Storage__MinIO__BucketName: "goodgo-staging"
# EN: CORS Configuration
# VI: Cau hinh CORS
Cors__AllowedOrigins: "https://pos.staging.goodgo.vn,https://staging.goodgo.vn,https://admin.staging.goodgo.vn"

2
deployments/staging/kubernetes/fnb-engine.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: fnb-engine
image: goodgo/fnb-engine-net:staging
image: harbor.techbi.org/goodgo/fnb-engine-net:staging
ports:
- containerPort: 8080
protocol: TCP

2
deployments/staging/kubernetes/iam-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: iam-service
image: goodgo/iam-service-net:staging
image: harbor.techbi.org/goodgo/iam-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

300
deployments/staging/kubernetes/ingress.yaml
View File

@@ -16,18 +16,16 @@ metadata:
environment: staging
platform: goodgo
annotations:
# EN: Traefik Ingress class
# VI: Ingress class cua Traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
# EN: Rate limiting middleware
# VI: Middleware gioi han toc do
traefik.ingress.kubernetes.io/router.middlewares: staging-cors@kubernetescrd,staging-secure-headers@kubernetescrd
# EN: cert-manager TLS
# VI: TLS bang cert-manager
cert-manager.io/cluster-issuer: letsencrypt-staging
# EN: Nginx Ingress class
# VI: Ingress class cua Nginx
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
# EN: cert-manager TLS (Let's Encrypt production)
# VI: TLS bang cert-manager (Let's Encrypt production)
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: traefik
ingressClassName: nginx
tls:
- hosts:
- api.staging.goodgo.vn
@@ -268,6 +266,279 @@ spec:
port:
number: 8080
# ===== Booking Service =====
- path: /api/v1/bookings
pathType: Prefix
backend:
service:
name: booking-service
port:
number: 8080
- path: /api/v1/reservations
pathType: Prefix
backend:
service:
name: booking-service
port:
number: 8080
- path: /api/v1/appointments
pathType: Prefix
backend:
service:
name: booking-service
port:
number: 8080
- path: /api/v1/therapists
pathType: Prefix
backend:
service:
name: booking-service
port:
number: 8080
# ===== Chat Service =====
- path: /api/v1/chats
pathType: Prefix
backend:
service:
name: chat-service
port:
number: 8080
- path: /api/v1/messages
pathType: Prefix
backend:
service:
name: chat-service
port:
number: 8080
- path: /api/v1/conversations
pathType: Prefix
backend:
service:
name: chat-service
port:
number: 8080
# EN: Chat SignalR Hub (WebSocket)
# VI: Chat SignalR Hub (WebSocket)
- path: /hubs/chat
pathType: Prefix
backend:
service:
name: chat-service
port:
number: 8080
# ===== Social Service =====
- path: /api/v1/social
pathType: Prefix
backend:
service:
name: social-service
port:
number: 8080
- path: /api/v1/relationships
pathType: Prefix
backend:
service:
name: social-service
port:
number: 8080
# ===== Promotion Service =====
- path: /api/v1/promotions
pathType: Prefix
backend:
service:
name: promotion-service
port:
number: 8080
- path: /api/v1/vouchers
pathType: Prefix
backend:
service:
name: promotion-service
port:
number: 8080
# ===== Membership Service =====
- path: /api/v1/members
pathType: Prefix
backend:
service:
name: membership-service
port:
number: 8080
- path: /api/v1/levels
pathType: Prefix
backend:
service:
name: membership-service
port:
number: 8080
# ===== Mining Service =====
- path: /api/v1/mining
pathType: Prefix
backend:
service:
name: mining-service
port:
number: 8080
- path: /api/v1/circles
pathType: Prefix
backend:
service:
name: mining-service
port:
number: 8080
- path: /api/v1/referrals
pathType: Prefix
backend:
service:
name: mining-service
port:
number: 8080
# ===== Mission Service =====
- path: /api/v1/missions
pathType: Prefix
backend:
service:
name: mission-service
port:
number: 8080
- path: /api/v1/checkins
pathType: Prefix
backend:
service:
name: mission-service
port:
number: 8080
# ===== Ads Manager Service =====
- path: /api/v1/ads
pathType: Prefix
backend:
service:
name: ads-manager-service
port:
number: 8080
- path: /api/v1/campaigns
pathType: Prefix
backend:
service:
name: ads-manager-service
port:
number: 8080
- path: /api/v1/adsets
pathType: Prefix
backend:
service:
name: ads-manager-service
port:
number: 8080
- path: /api/v1/audiences
pathType: Prefix
backend:
service:
name: ads-manager-service
port:
number: 8080
# ===== Ads Serving Service =====
- path: /api/v1/ads-serving
pathType: Prefix
backend:
service:
name: ads-serving-service
port:
number: 8080
# ===== Ads Billing Service =====
- path: /api/v1/ads-billing
pathType: Prefix
backend:
service:
name: ads-billing-service
port:
number: 8080
- path: /api/v1/ad-invoices
pathType: Prefix
backend:
service:
name: ads-billing-service
port:
number: 8080
# ===== Ads Tracking Service =====
- path: /api/v1/ad-events
pathType: Prefix
backend:
service:
name: ads-tracking-service
port:
number: 8080
- path: /api/v1/pixels
pathType: Prefix
backend:
service:
name: ads-tracking-service
port:
number: 8080
- path: /api/v1/conversions
pathType: Prefix
backend:
service:
name: ads-tracking-service
port:
number: 8080
# ===== Ads Analytics Service =====
- path: /api/v1/ad-analytics
pathType: Prefix
backend:
service:
name: ads-analytics-service
port:
number: 8080
- path: /api/v1/ad-reports
pathType: Prefix
backend:
service:
name: ads-analytics-service
port:
number: 8080
# ===== Marketing Services =====
- path: /api/v1/mkt/facebook
pathType: Prefix
backend:
service:
name: mkt-facebook-service
port:
number: 8080
- path: /api/v1/mkt/whatsapp
pathType: Prefix
backend:
service:
name: mkt-whatsapp-service
port:
number: 8080
- path: /api/v1/mkt/x
pathType: Prefix
backend:
service:
name: mkt-x-service
port:
number: 8080
- path: /api/v1/mkt/zalo
pathType: Prefix
backend:
service:
name: mkt-zalo-service
port:
number: 8080
---
# =============================================================================
# POS Frontend Ingress
@@ -281,11 +552,10 @@ metadata:
environment: staging
platform: goodgo
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: traefik
ingressClassName: nginx
tls:
- hosts:
- pos.staging.goodgo.vn

2
deployments/staging/kubernetes/inventory-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: inventory-service
image: goodgo/inventory-service-net:staging
image: harbor.techbi.org/goodgo/inventory-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

125
deployments/staging/kubernetes/membership-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Membership Service - Membership, loyalty points & tier management
# VI: Membership Service - Quan ly thanh vien, diem tich luy & cap bac
apiVersion: apps/v1
kind: Deployment
metadata:
name: membership-service
namespace: staging
labels:
app: membership-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: membership-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: membership-service
environment: staging
spec:
containers:
- name: membership-service
image: harbor.techbi.org/goodgo/membership-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MEMBERSHIP_DATABASE_URL
- name: MembershipService__ServiceName
value: "membership-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: membership-service
namespace: staging
labels:
app: membership-service
environment: staging
spec:
selector:
app: membership-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: membership-service-hpa
namespace: staging
labels:
app: membership-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: membership-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

2
deployments/staging/kubernetes/merchant-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: merchant-service
image: goodgo/merchant-service-net:staging
image: harbor.techbi.org/goodgo/merchant-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

125
deployments/staging/kubernetes/mining-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Mining Service - Data mining, analytics & business intelligence
# VI: Mining Service - Khai thac du lieu, phan tich & tri tue kinh doanh
apiVersion: apps/v1
kind: Deployment
metadata:
name: mining-service
namespace: staging
labels:
app: mining-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: mining-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: mining-service
environment: staging
spec:
containers:
- name: mining-service
image: harbor.techbi.org/goodgo/mining-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MINING_DATABASE_URL
- name: MiningService__ServiceName
value: "mining-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: mining-service
namespace: staging
labels:
app: mining-service
environment: staging
spec:
selector:
app: mining-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mining-service-hpa
namespace: staging
labels:
app: mining-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mining-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

128
deployments/staging/kubernetes/minio.yaml Normal file
View File

@@ -0,0 +1,128 @@
# EN: MinIO - S3-compatible object storage for file uploads and media
# VI: MinIO - Luu tru doi tuong tuong thich S3 cho file upload va media
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: staging
labels:
app: minio
environment: staging
platform: goodgo
tier: infrastructure
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
environment: staging
spec:
containers:
- name: minio
image: minio/minio:latest
command:
- server
- /data
- "--console-address"
- ":9001"
ports:
- containerPort: 9000
protocol: TCP
- containerPort: 9001
protocol: TCP
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: Storage__MinIO__AccessKey
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: Storage__MinIO__SecretKey
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /minio/health/live
port: 9000
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /minio/health/ready
port: 9000
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
volumeMounts:
- name: minio-data
mountPath: /data
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: minio-pvc
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: staging
labels:
app: minio
environment: staging
spec:
selector:
app: minio
ports:
- name: minio
protocol: TCP
port: 9000
targetPort: 9000
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: minio-console
namespace: staging
labels:
app: minio
environment: staging
spec:
selector:
app: minio
ports:
- name: console
protocol: TCP
port: 9001
targetPort: 9001
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: staging
labels:
app: minio
environment: staging
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

125
deployments/staging/kubernetes/mission-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Mission Service - Gamification missions, challenges & rewards
# VI: Mission Service - Nhiem vu gamification, thu thach & phan thuong
apiVersion: apps/v1
kind: Deployment
metadata:
name: mission-service
namespace: staging
labels:
app: mission-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: mission-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: mission-service
environment: staging
spec:
containers:
- name: mission-service
image: harbor.techbi.org/goodgo/mission-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MISSION_DATABASE_URL
- name: MissionService__ServiceName
value: "mission-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: mission-service
namespace: staging
labels:
app: mission-service
environment: staging
spec:
selector:
app: mission-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mission-service-hpa
namespace: staging
labels:
app: mission-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mission-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

127
deployments/staging/kubernetes/mkt-facebook-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
# EN: Marketing Facebook Service - Facebook marketing integration and campaign management
# VI: Marketing Facebook Service - Tich hop tiep thi Facebook va quan ly chien dich
apiVersion: apps/v1
kind: Deployment
metadata:
name: mkt-facebook-service
namespace: staging
labels:
app: mkt-facebook-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: mkt-facebook-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: mkt-facebook-service
environment: staging
spec:
containers:
- name: mkt-facebook-service
image: harbor.techbi.org/goodgo/mkt-facebook-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MKT_FACEBOOK_DATABASE_URL
- name: MktFacebookService__ServiceName
value: "mkt-facebook-service"
- name: RabbitMQ__Host
value: "rabbitmq"
- name: RabbitMQ__Port
value: "5672"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: mkt-facebook-service
namespace: staging
labels:
app: mkt-facebook-service
environment: staging
spec:
selector:
app: mkt-facebook-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mkt-facebook-service-hpa
namespace: staging
labels:
app: mkt-facebook-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mkt-facebook-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

127
deployments/staging/kubernetes/mkt-whatsapp-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
# EN: Marketing WhatsApp Service - WhatsApp messaging integration and automation
# VI: Marketing WhatsApp Service - Tich hop nhan tin WhatsApp va tu dong hoa
apiVersion: apps/v1
kind: Deployment
metadata:
name: mkt-whatsapp-service
namespace: staging
labels:
app: mkt-whatsapp-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: mkt-whatsapp-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: mkt-whatsapp-service
environment: staging
spec:
containers:
- name: mkt-whatsapp-service
image: harbor.techbi.org/goodgo/mkt-whatsapp-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MKT_WHATSAPP_DATABASE_URL
- name: MktWhatsappService__ServiceName
value: "mkt-whatsapp-service"
- name: RabbitMQ__Host
value: "rabbitmq"
- name: RabbitMQ__Port
value: "5672"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: mkt-whatsapp-service
namespace: staging
labels:
app: mkt-whatsapp-service
environment: staging
spec:
selector:
app: mkt-whatsapp-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mkt-whatsapp-service-hpa
namespace: staging
labels:
app: mkt-whatsapp-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mkt-whatsapp-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

127
deployments/staging/kubernetes/mkt-x-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
# EN: Marketing X Service - X (Twitter) social media integration and marketing
# VI: Marketing X Service - Tich hop mang xa hoi X (Twitter) va tiep thi
apiVersion: apps/v1
kind: Deployment
metadata:
name: mkt-x-service
namespace: staging
labels:
app: mkt-x-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: mkt-x-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: mkt-x-service
environment: staging
spec:
containers:
- name: mkt-x-service
image: harbor.techbi.org/goodgo/mkt-x-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MKT_X_DATABASE_URL
- name: MktXService__ServiceName
value: "mkt-x-service"
- name: RabbitMQ__Host
value: "rabbitmq"
- name: RabbitMQ__Port
value: "5672"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: mkt-x-service
namespace: staging
labels:
app: mkt-x-service
environment: staging
spec:
selector:
app: mkt-x-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mkt-x-service-hpa
namespace: staging
labels:
app: mkt-x-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mkt-x-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

127
deployments/staging/kubernetes/mkt-zalo-service.yaml Normal file
View File

@@ -0,0 +1,127 @@
# EN: Marketing Zalo Service - Zalo messaging integration and marketing automation
# VI: Marketing Zalo Service - Tich hop nhan tin Zalo va tu dong hoa tiep thi
apiVersion: apps/v1
kind: Deployment
metadata:
name: mkt-zalo-service
namespace: staging
labels:
app: mkt-zalo-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: mkt-zalo-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: mkt-zalo-service
environment: staging
spec:
containers:
- name: mkt-zalo-service
image: harbor.techbi.org/goodgo/mkt-zalo-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: MKT_ZALO_DATABASE_URL
- name: MktZaloService__ServiceName
value: "mkt-zalo-service"
- name: RabbitMQ__Host
value: "rabbitmq"
- name: RabbitMQ__Port
value: "5672"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: mkt-zalo-service
namespace: staging
labels:
app: mkt-zalo-service
environment: staging
spec:
selector:
app: mkt-zalo-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mkt-zalo-service-hpa
namespace: staging
labels:
app: mkt-zalo-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mkt-zalo-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

241
deployments/staging/kubernetes/network-policy.yaml
View File

@@ -8,6 +8,8 @@
# 4. Allow ingress from Traefik (API gateway)
# 5. Allow Prometheus scraping metrics from all services
# 6. Allow Redis access only from application services
# 7. Allow RabbitMQ access from services that use messaging
# 8. Allow MinIO access from storage service
# =============================================================================
# Default Deny — block all ingress + egress by default
@@ -52,8 +54,6 @@ spec:
---
# =============================================================================
# Allow Traefik ingress → microservices (port 8080)
# EN: Traefik runs in kube-system namespace (or traefik namespace).
# VI: Traefik chay trong namespace kube-system (hoac traefik namespace).
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@@ -78,6 +78,21 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-billing-service
- ads-tracking-service
- ads-analytics-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
- pos-web
policyTypes:
- Ingress
@@ -96,8 +111,6 @@ spec:
---
# =============================================================================
# Allow microservices to egress to each other (port 8080)
# EN: Services communicate internally via REST (HTTP/8080).
# VI: Cac service giao tiep noi bo qua REST (HTTP/8080).
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@@ -122,6 +135,21 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-billing-service
- ads-tracking-service
- ads-analytics-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
policyTypes:
- Egress
egress:
@@ -140,6 +168,21 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-billing-service
- ads-tracking-service
- ads-analytics-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
ports:
- port: 8080
protocol: TCP
@@ -147,8 +190,6 @@ spec:
---
# =============================================================================
# Allow Redis access — only from app services (port 6379)
# EN: Redis is accessed only by application pods (not pos-web frontend).
# VI: Redis chi duoc truy cap boi cac pod ung dung (khong phai pos-web frontend).
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@@ -164,6 +205,7 @@ spec:
- key: app
operator: In
values:
- redis
- redis-master
- redis-replica
policyTypes:
@@ -184,6 +226,16 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-tracking-service
- ads-analytics-service
ports:
- port: 6379
protocol: TCP
@@ -268,6 +320,16 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-tracking-service
- ads-analytics-service
policyTypes:
- Egress
egress:
@@ -277,6 +339,7 @@ spec:
- key: app
operator: In
values:
- redis
- redis-master
- redis-replica
- redis-sentinel
@@ -286,11 +349,137 @@ spec:
- port: 26379
protocol: TCP
---
# =============================================================================
# Allow RabbitMQ ingress — from messaging services (port 5672)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-rabbitmq-ingress
namespace: staging
labels:
environment: staging
platform: goodgo
spec:
podSelector:
matchLabels:
app: rabbitmq
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchExpressions:
- key: app
operator: In
values:
- ads-serving-service
- ads-tracking-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
- chat-service
- order-service
ports:
- port: 5672
protocol: TCP
---
# =============================================================================
# Allow microservices to reach RabbitMQ (egress)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-app-to-rabbitmq-egress
namespace: staging
labels:
environment: staging
platform: goodgo
spec:
podSelector:
matchExpressions:
- key: app
operator: In
values:
- ads-serving-service
- ads-tracking-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
- chat-service
- order-service
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
app: rabbitmq
ports:
- port: 5672
protocol: TCP
---
# =============================================================================
# Allow MinIO ingress — from storage service (port 9000)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-minio-ingress
namespace: staging
labels:
environment: staging
platform: goodgo
spec:
podSelector:
matchLabels:
app: minio
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: storage-service
ports:
- port: 9000
protocol: TCP
---
# =============================================================================
# Allow storage-service to reach MinIO (egress)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-app-to-minio-egress
namespace: staging
labels:
environment: staging
platform: goodgo
spec:
podSelector:
matchLabels:
app: storage-service
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
app: minio
ports:
- port: 9000
protocol: TCP
---
# =============================================================================
# Allow Prometheus scrape — port 8080 metrics from all app pods
# EN: Prometheus runs in monitoring namespace and scrapes /metrics.
# VI: Prometheus chay trong namespace monitoring va thu thap /metrics.
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@@ -315,6 +504,21 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-billing-service
- ads-tracking-service
- ads-analytics-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
- pos-web
policyTypes:
- Ingress
@@ -329,9 +533,7 @@ spec:
---
# =============================================================================
# Allow microservices to reach external services (Neon PostgreSQL, etc.)
# EN: Egress to external HTTPS/PostgreSQL (Neon cloud DB, SMTP, etc.)
# VI: Egress ra ngoai HTTPS/PostgreSQL (Neon cloud DB, SMTP, v.v.)
# Allow microservices to reach external services (PostgreSQL, SMTP, etc.)
# =============================================================================
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@@ -356,6 +558,21 @@ spec:
- catalog-service
- storage-service
- booking-service
- chat-service
- social-service
- promotion-service
- membership-service
- mining-service
- mission-service
- ads-manager-service
- ads-serving-service
- ads-billing-service
- ads-tracking-service
- ads-analytics-service
- mkt-facebook-service
- mkt-whatsapp-service
- mkt-x-service
- mkt-zalo-service
policyTypes:
- Egress
egress:
@@ -364,6 +581,8 @@ spec:
protocol: TCP
- port: 5432
protocol: TCP
- port: 30992
protocol: TCP
- port: 5671
protocol: TCP
- port: 5672

2
deployments/staging/kubernetes/order-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: order-service
image: goodgo/order-service-net:staging
image: harbor.techbi.org/goodgo/order-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

2
deployments/staging/kubernetes/pos-web.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: pos-web
image: goodgo/web-client-tpos-net:staging
image: harbor.techbi.org/goodgo/web-client-tpos-net:staging
ports:
- containerPort: 8080
protocol: TCP

125
deployments/staging/kubernetes/promotion-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Promotion Service - Promotions, discounts & coupon management
# VI: Promotion Service - Quan ly khuyen mai, giam gia & ma coupon
apiVersion: apps/v1
kind: Deployment
metadata:
name: promotion-service
namespace: staging
labels:
app: promotion-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: promotion-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: promotion-service
environment: staging
spec:
containers:
- name: promotion-service
image: harbor.techbi.org/goodgo/promotion-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: PROMOTION_DATABASE_URL
- name: PromotionService__ServiceName
value: "promotion-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: promotion-service
namespace: staging
labels:
app: promotion-service
environment: staging
spec:
selector:
app: promotion-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: promotion-service-hpa
namespace: staging
labels:
app: promotion-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: promotion-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

111
deployments/staging/kubernetes/rabbitmq.yaml Normal file
View File

@@ -0,0 +1,111 @@
# EN: RabbitMQ - Message Broker for async communication between microservices
# VI: RabbitMQ - Message Broker cho giao tiep bat dong bo giua cac microservices
apiVersion: apps/v1
kind: Deployment
metadata:
name: rabbitmq
namespace: staging
labels:
app: rabbitmq
environment: staging
platform: goodgo
tier: infrastructure
spec:
replicas: 1
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
environment: staging
spec:
containers:
- name: rabbitmq
image: rabbitmq:3-management-alpine
ports:
- containerPort: 5672
protocol: TCP
- containerPort: 15672
protocol: TCP
env:
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: RabbitMQ__Username
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: RabbitMQ__Password
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "250m"
livenessProbe:
exec:
command:
- rabbitmq-diagnostics
- ping
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
exec:
command:
- rabbitmq-diagnostics
- check_port_connectivity
initialDelaySeconds: 15
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
volumeMounts:
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
volumes:
- name: rabbitmq-data
persistentVolumeClaim:
claimName: rabbitmq-pvc
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
namespace: staging
labels:
app: rabbitmq
environment: staging
spec:
selector:
app: rabbitmq
ports:
- name: amqp
protocol: TCP
port: 5672
targetPort: 5672
- name: management
protocol: TCP
port: 15672
targetPort: 15672
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rabbitmq-pvc
namespace: staging
labels:
app: rabbitmq
environment: staging
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

70
deployments/staging/kubernetes/secrets.yaml
View File

@@ -13,14 +13,30 @@
# Or use sealed-secrets / external-secrets operator in production.
#
# GitHub Secrets used in CI/CD:
# - NEON_IAM_DATABASE_URL_STAGING
# - NEON_MERCHANT_DATABASE_URL_STAGING
# - NEON_ORDER_DATABASE_URL_STAGING
# - NEON_FNB_DATABASE_URL_STAGING
# - NEON_INVENTORY_DATABASE_URL_STAGING
# - NEON_WALLET_DATABASE_URL_STAGING
# - NEON_CATALOG_DATABASE_URL_STAGING
# - NEON_STORAGE_DATABASE_URL_STAGING
# - REMOTE_IAM_DATABASE_URL_STAGING
# - REMOTE_MERCHANT_DATABASE_URL_STAGING
# - REMOTE_ORDER_DATABASE_URL_STAGING
# - REMOTE_FNB_DATABASE_URL_STAGING
# - REMOTE_INVENTORY_DATABASE_URL_STAGING
# - REMOTE_WALLET_DATABASE_URL_STAGING
# - REMOTE_CATALOG_DATABASE_URL_STAGING
# - REMOTE_STORAGE_DATABASE_URL_STAGING
# - REMOTE_BOOKING_DATABASE_URL_STAGING
# - REMOTE_CHAT_DATABASE_URL_STAGING
# - REMOTE_SOCIAL_DATABASE_URL_STAGING
# - REMOTE_PROMOTION_DATABASE_URL_STAGING
# - REMOTE_MEMBERSHIP_DATABASE_URL_STAGING
# - REMOTE_MINING_DATABASE_URL_STAGING
# - REMOTE_MISSION_DATABASE_URL_STAGING
# - REMOTE_ADS_MANAGER_DATABASE_URL_STAGING
# - REMOTE_ADS_SERVING_DATABASE_URL_STAGING
# - REMOTE_ADS_BILLING_DATABASE_URL_STAGING
# - REMOTE_ADS_TRACKING_DATABASE_URL_STAGING
# - REMOTE_ADS_ANALYTICS_DATABASE_URL_STAGING
# - REMOTE_MKT_FACEBOOK_DATABASE_URL_STAGING
# - REMOTE_MKT_WHATSAPP_DATABASE_URL_STAGING
# - REMOTE_MKT_X_DATABASE_URL_STAGING
# - REMOTE_MKT_ZALO_DATABASE_URL_STAGING
# - JWT_SECRET_STAGING
# - JWT_REFRESH_SECRET_STAGING
# - REDIS_PASSWORD_STAGING
@@ -47,17 +63,33 @@ stringData:
# VI: IdentityServer Issuer
IdentityServer__IssuerUri: "https://api.staging.goodgo.vn"
# EN: Neon PostgreSQL Connection Strings (per-service databases)
# VI: Chuoi ket noi Neon PostgreSQL (database rieng cho tung service)
# Format: postgresql://user:password@ep-xxx.region.neon.tech/dbname?sslmode=require
IAM_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/iam_staging?sslmode=require"
MERCHANT_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/merchant_staging?sslmode=require"
ORDER_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/order_staging?sslmode=require"
FNB_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/fnb_staging?sslmode=require"
INVENTORY_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/inventory_staging?sslmode=require"
WALLET_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/wallet_staging?sslmode=require"
CATALOG_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/catalog_staging?sslmode=require"
STORAGE_DATABASE_URL: "PLACEHOLDER-postgresql://user:pass@ep-xxx.region.neon.tech/storage_staging?sslmode=require"
# EN: PostgreSQL Connection Strings (per-service databases)
# VI: Chuoi ket noi PostgreSQL (database rieng cho tung service)
# Format: Host=ip;Port=port;Database=db;Username=user;Password=pass;SSL Mode=Prefer
IAM_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=iam_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MERCHANT_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=merchant_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
ORDER_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=order_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
FNB_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=fnb_engine;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
INVENTORY_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=inventory_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
WALLET_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=wallet_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
CATALOG_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=catalog_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
STORAGE_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=storage_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
BOOKING_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=booking_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
CHAT_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=chat_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
SOCIAL_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=social_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
PROMOTION_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=promotion_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MEMBERSHIP_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=membership_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MINING_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=mining_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MISSION_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=mission_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
ADS_MANAGER_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=ads_manager_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
ADS_SERVING_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=ads_serving_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
ADS_BILLING_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=ads_billing_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
ADS_TRACKING_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=ads_tracking_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
ADS_ANALYTICS_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=ads_analytics_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MKT_FACEBOOK_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=mkt_facebook_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MKT_WHATSAPP_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=mkt_whatsapp_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MKT_X_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=mkt_x_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
MKT_ZALO_DATABASE_URL: "PLACEHOLDER-Host=db-host;Port=30992;Database=mkt_zalo_service;Username=cloud_admin;Password=CHANGE_ME;SSL Mode=Prefer"
# EN: Redis Password
# VI: Mat khau Redis

125
deployments/staging/kubernetes/social-service.yaml Normal file
View File

@@ -0,0 +1,125 @@
# EN: Social Service - Social features, posts, interactions & community
# VI: Social Service - Tinh nang xa hoi, bai dang, tuong tac & cong dong
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-service
namespace: staging
labels:
app: social-service
environment: staging
platform: goodgo
tier: backend
spec:
replicas: 2
selector:
matchLabels:
app: social-service
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: social-service
environment: staging
spec:
containers:
- name: social-service
image: harbor.techbi.org/goodgo/social-service-net:staging
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: goodgo-config
- secretRef:
name: goodgo-secrets
env:
# EN: Override service-specific database URL
# VI: Override URL database rieng cho service
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: goodgo-secrets
key: SOCIAL_DATABASE_URL
- name: SocialService__ServiceName
value: "social-service"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
---
apiVersion: v1
kind: Service
metadata:
name: social-service
namespace: staging
labels:
app: social-service
environment: staging
spec:
selector:
app: social-service
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: social-service-hpa
namespace: staging
labels:
app: social-service
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: social-service
minReplicas: 2
maxReplicas: 4
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80

2
deployments/staging/kubernetes/storage-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: storage-service
image: goodgo/storage-service-net:staging
image: harbor.techbi.org/goodgo/storage-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

2
deployments/staging/kubernetes/wallet-service.yaml
View File

@@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: wallet-service
image: goodgo/wallet-service-net:staging
image: harbor.techbi.org/goodgo/wallet-service-net:staging
ports:
- containerPort: 8080
protocol: TCP

6
infra/observability/alertmanager/alertmanager.yml
View File

@@ -62,7 +62,7 @@ receivers:
# VI: Canh bao critical — Slack + email
- name: 'critical-receiver'
slack_configs:
- api_url: '${ALERTMANAGER_SLACK_WEBHOOK_URL}'
- api_url: 'https://hooks.slack.com/services/placeholder'
channel: '#alerts-critical'
send_resolved: true
title: ':fire: [CRITICAL] {{ .GroupLabels.alertname }}'
@@ -83,7 +83,7 @@ receivers:
# VI: Canh bao warning — chi Slack
- name: 'warning-receiver'
slack_configs:
- api_url: '${ALERTMANAGER_SLACK_WEBHOOK_URL}'
- api_url: 'https://hooks.slack.com/services/placeholder'
channel: '#alerts-warning'
send_resolved: true
title: ':warning: [WARNING] {{ .GroupLabels.alertname }}'
@@ -98,7 +98,7 @@ receivers:
# VI: Receiver ha tang — doi DevOps
- name: 'infra-receiver'
slack_configs:
- api_url: '${ALERTMANAGER_SLACK_WEBHOOK_URL}'
- api_url: 'https://hooks.slack.com/services/placeholder'
channel: '#alerts-infra'
send_resolved: true
title: ':gear: [INFRA] {{ .GroupLabels.alertname }}'

4
services/ads-billing-service-net/src/AdsBillingService.Infrastructure/DependencyInjection.cs
View File

@@ -1,4 +1,5 @@
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Diagnostics;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using AdsBillingService.Infrastructure.Idempotency;
@@ -27,6 +28,9 @@ public static class DependencyInjection
errorCodesToAdd: null);
});
options.ConfigureWarnings(w =>
w.Ignore(RelationalEventId.PendingModelChangesWarning));
if (Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") == "Development")
{
options.EnableSensitiveDataLogging();

4
services/membership-service-net/src/MembershipService.Infrastructure/DependencyInjection.cs
View File

@@ -1,4 +1,5 @@
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Diagnostics;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using MembershipService.Domain.AggregatesModel.ExperienceAggregate;
@@ -41,6 +42,9 @@ public static class DependencyInjection
errorCodesToAdd: null);
});
options.ConfigureWarnings(w =>
w.Ignore(RelationalEventId.PendingModelChangesWarning));
// EN: Enable sensitive data logging in development only
// VI: Chỉ bật sensitive data logging trong development
if (Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") == "Development")

7
services/mkt-facebook-service-net/Dockerfile
View File

@@ -30,9 +30,10 @@ RUN dotnet publish "FacebookService.API.csproj" -c Release -o /app/publish /p:Us
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app
# EN: Create non-root user for security
# VI: Tạo user non-root cho bảo mật
RUN groupadd -g 1001 dotnetuser && \
# EN: Install curl for health check + create non-root user
# VI: Cài curl cho health check + tạo user non-root
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* && \
groupadd -g 1001 dotnetuser && \
useradd -u 1001 -g dotnetuser -s /bin/sh dotnetuser
# EN: Copy published application

3
services/mkt-facebook-service-net/src/FacebookService.API/FacebookService.API.csproj
View File

@@ -15,6 +15,9 @@
<PackageReference Include="FluentValidation" Version="11.11.0" />
<PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="11.11.0" />
<!-- EN: JWT Bearer authentication / VI: Xác thực JWT Bearer -->
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
<!-- EN: Swagger/OpenAPI / VI: Swagger/OpenAPI -->
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />

7
services/mkt-whatsapp-service-net/Dockerfile
View File

@@ -30,9 +30,10 @@ RUN dotnet publish "WhatsAppService.API.csproj" -c Release -o /app/publish /p:Us
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app
# EN: Create non-root user for security
# VI: Tạo user non-root cho bảo mật
RUN groupadd -g 1001 dotnetuser && \
# EN: Install curl for health check + create non-root user
# VI: Cài curl cho health check + tạo user non-root
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* && \
groupadd -g 1001 dotnetuser && \
useradd -u 1001 -g dotnetuser -s /bin/sh dotnetuser
# EN: Copy published application

3
services/mkt-whatsapp-service-net/src/WhatsAppService.API/WhatsAppService.API.csproj
View File

@@ -15,6 +15,9 @@
<PackageReference Include="FluentValidation" Version="11.11.0" />
<PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="11.11.0" />
<!-- EN: JWT Bearer authentication / VI: Xác thực JWT Bearer -->
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
<!-- EN: Swagger/OpenAPI / VI: Swagger/OpenAPI -->
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />

7
services/mkt-x-service-net/Dockerfile
View File

@@ -30,9 +30,10 @@ RUN dotnet publish "MktXService.API.csproj" -c Release -o /app/publish /p:UseApp
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app
# EN: Create non-root user for security
# VI: Tạo user non-root cho bảo mật
RUN groupadd -g 1001 dotnetuser && \
# EN: Install curl for health check + create non-root user
# VI: Cài curl cho health check + tạo user non-root
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* && \
groupadd -g 1001 dotnetuser && \
useradd -u 1001 -g dotnetuser -s /bin/sh dotnetuser
# EN: Copy published application

3
services/mkt-x-service-net/src/MktXService.API/MktXService.API.csproj
View File

@@ -15,6 +15,9 @@
<PackageReference Include="FluentValidation" Version="11.11.0" />
<PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="11.11.0" />
<!-- EN: JWT Bearer authentication / VI: Xác thực JWT Bearer -->
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
<!-- EN: Swagger/OpenAPI / VI: Swagger/OpenAPI -->
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />

7
services/mkt-zalo-service-net/Dockerfile
View File

@@ -30,9 +30,10 @@ RUN dotnet publish "MktZaloService.API.csproj" -c Release -o /app/publish /p:Use
FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
WORKDIR /app
# EN: Create non-root user for security
# VI: Tạo user non-root cho bảo mật
RUN groupadd -g 1001 dotnetuser && \
# EN: Install curl for health check + create non-root user
# VI: Cài curl cho health check + tạo user non-root
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* && \
groupadd -g 1001 dotnetuser && \
useradd -u 1001 -g dotnetuser -s /bin/sh dotnetuser
# EN: Copy published application

3
services/mkt-zalo-service-net/src/MktZaloService.API/MktZaloService.API.csproj
View File

@@ -15,6 +15,9 @@
<PackageReference Include="FluentValidation" Version="11.11.0" />
<PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="11.11.0" />
<!-- EN: JWT Bearer authentication / VI: Xác thực JWT Bearer -->
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
<!-- EN: Swagger/OpenAPI / VI: Swagger/OpenAPI -->
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />