fix(devops): resolve 4 P2 DevOps improvements (Wave 3 — TEC-263)
- DEVOPS-W-01: Add oliver006/redis_exporter to docker-compose.yml so
the existing prometheus.yml scrape job (redis-exporter:9121) resolves
- DEVOPS-W-04: Add redis-sentinel.yaml with Redis Sentinel HA setup
(1 master StatefulSet + 2 replica StatefulSet + 3 sentinel pods)
replacing the single-instance SPOF redis.yaml in staging K8s
- DEVOPS-W-05: Add network-policy.yaml with default-deny-all NetworkPolicy
+ explicit allow rules for inter-service, Traefik ingress, Redis access,
Prometheus scrape, and external egress (Neon PostgreSQL, AMQP)
- DEVOPS-M-01: Add aquasecurity/trivy-action to docker-build.yml to scan
every built image for CRITICAL/HIGH CVEs; results uploaded to GitHub
Security tab via SARIF
Co-Authored-By: Paperclip <noreply@paperclip.ing>
7b92332710