- Scale all 26 services from 2→1 replicas (fit 8.4 available cores)
- HPA min 2→1, max 4→2 for staging
- Rewrite Gitea Actions: batch parallel Kaniko builds (5 per batch)
- Secure credentials via secrets (REPO_PASSWORD, HARBOR_*)
- Kaniko clones from Gitea (already mirrored from GitHub)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace docker build with Kaniko Jobs (runner has no Docker daemon)
- Add batch/jobs RBAC for act_runner to create Kaniko Jobs
- Use MinIO ExternalName pointing to existing minio namespace
- Skip build when only K8s configs changed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add 17 new K8s manifests (15 services + RabbitMQ + MinIO)
- Update secrets.yaml with 24 DB URLs for remote PostgreSQL
- Update configmap.yaml with 25 service discovery URLs
- Update ingress.yaml with routes for all services (Nginx + letsencrypt-prod)
- Update network-policy.yaml with all services + RabbitMQ/MinIO policies
- Update deploy-staging.yml CI/CD for all 25 services via Harbor registry
- Fix mkt-* Dockerfiles (add curl, JwtBearer NuGet package)
- Fix membership/ads-billing PendingModelChangesWarning
- Switch DB connections to remote PostgreSQL (212.28.186.239:30992)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix IAM 401: Change reset-password endpoint to [AllowAnonymous]
(BFF already handles auth, IAM token validation fails across
Docker container boundaries with Duende IdentityServer)
- Fix IAM 500: Add Npgsql.EnableLegacyTimestampBehavior switch to
resolve DateTime Kind=Unspecified issue with Identity UserManager
- Fix handler: Use RemovePassword + AddPassword instead of
ResetPasswordAsync to avoid timestamptz column errors
- Fix validation: Remove mandatory employee code check when editing
(staff created via IAM may not have employeeCode set)
- Fix Dockerfile: Use root repo context to include blazor-ui package
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DEVOPS-C-01: Replace hardcoded :latest with IMAGE_TAG placeholder in all 8
production K8s manifests. Update deploy-production.yml to sed-replace
IMAGE_TAG with commit SHA before kubectl apply (remove now-redundant
kubectl set image step).
DEVOPS-C-02: Configure Alertmanager — create alertmanager.yml with Slack +
email receivers (critical/warning/infra routes, inhibition rules). Add
alertmanager:v0.27.0 service to both docker-compose.observability.yml and
deployments/local/docker-compose.yml. Enable prometheus.yml target
(alertmanager:9093).
DEVOPS-C-03: Remove :latest from docker-build.yml main branch push. Now
only SHA tag is pushed for main; :staging+SHA for develop.
DEVOPS-C-04: Add 4 mkt-* services to deployments/local/docker-compose.yml
with unique host ports (facebook:5021, whatsapp:5022, x:5023, zalo:5024)
to eliminate port 5000 conflicts. Add corresponding Traefik routers and
load-balancer entries in infra/traefik/dynamic/routes.yml
(/api/v1/mkt/{facebook,whatsapp,x,zalo}).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Remove BFF_DB_HOST/PORT/USER/PASS env vars (no more direct DB access)
- Add 9 {ServiceName}__BaseUrl env vars for HTTP proxy pattern
- BFF now communicates via internal Docker network to microservices
- Rewrite StoreList.razor with real data from PosDataService
- Rewrite StoreDetail.razor with real shop data from BFF
- Rewrite StoreSettings.razor with editable form bound to real data
- Add GetShopByIdAsync to PosDataService and BFF endpoint
- Add UpdateShopAsync to MerchantApiService
- Add ShopUpdateDto to MerchantDtos
- Fix BFF DB connection: configurable via env vars (BFF_DB_HOST)
- Add BFF_DB env vars to docker-compose.yml
- Added the Membership Service configuration to the local docker-compose.yml, replacing the previous Social Service setup.
- Implemented IAM Service client with caching and health check capabilities in the Membership Service.
- Created Dependency Injection for IAM Service settings and registered the HttpClient for communication.
- Removed the outdated docker-compose.yml for the previous Social Service.
- Enhanced IAM Service client functionality to validate users, retrieve roles, and manage permissions.
- Added a fixed issuer URI for inter-service communication in the docker-compose.yml and appsettings.json.
- Updated DependencyInjection to utilize the new issuer URI, ensuring consistency across hosts and containers.
- Introduced the Storage Service .NET configuration in the local docker-compose.yml, enabling file storage management with external MinIO and Redis integration.
- Updated environment variables for database connection, storage provider, and IAM service communication.
- Configured health checks and Traefik routing for the new service.
- Changed the IAM service base URL from "http://iam-service:5001" to "http://iam-service-net:8080" in both the local docker-compose.yml and the IamServiceClient class to ensure consistency across configurations.
- Added IAM service configuration to the local docker-compose.yml for streamlined deployment.
- Removed the separate docker-compose.yml file from the IAM service directory to consolidate service definitions.
- Updated `docker-compose.yml` to include a new path prefix for roles in the IAM service routing configuration, enhancing API endpoint coverage for role management.
- Updated `.env` file to enhance shared environment variables, including detailed comments in both English and Vietnamese.
- Modified `docker-compose.yml` to disable the storage service and MinIO configuration, streamlining local development setup.
- Adjusted IAM service environment variables to align with the new `.env` structure, ensuring consistent configuration across services.
- Enhanced observability settings and added feature flags for better control over application behavior during development.
- Cleaned up commented-out sections in the Docker Compose file for clarity and maintainability.
- Modified local `.env` and `.env.local` files to include external Redis configuration and IAM service database connection details.
- Updated `docker-compose.yml` to disable local Redis service in favor of an external Redis instance.
- Added JWT configuration parameters for the IAM service, enhancing security and token management.
- Revised example environment file to reflect new configuration options for external services.
- Enhanced documentation to clarify setup instructions for local development with external dependencies.
- Introduced a new social-service in the Docker Compose configuration for local development, including build context, environment variables, and health checks.
- Updated architecture documentation to reflect the new storage service structure and its components, including user storage quotas and file management.
- Enhanced README files to provide clearer instructions on service setup, configuration, and API endpoints for file storage management.
- Implemented caching mechanisms in the IAM service client for improved performance and reduced latency in user information retrieval.
- Updated appsettings for development to include caching settings for IAM service interactions.
- Added endpoints for sending and confirming email verification, enhancing user account security.
- Integrated two-factor authentication (2FA) with TOTP support, including enabling, verifying, and disabling 2FA.
- Implemented social login functionality for Google and Facebook, allowing users to authenticate using their existing accounts.
- Updated dependency injection to include services for email, 2FA, and social login.
- Enhanced documentation to reflect new features and usage examples for email verification and 2FA.
