Production merge with k8 configs

[edinstance]

Summary by CodeRabbit

Release Notes

• New Features

  • Kubernetes deployment infrastructure with complete microservices architecture for flights, aircraft, authentication, and search services.
  • Full observability stack with distributed tracing, metrics collection, and log aggregation.
  • API gateway with health check endpoints and cross-namespace routing.
  • Message queue system with schema registry for event streaming.
  • Search capability powered by OpenSearch with dashboard.

• Chores

  • Updated service configurations with environment variable support for improved flexibility and environment-specific deployments.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This pull request establishes a complete microservices Kubernetes infrastructure including namespaces, ingress control, cross-service networking, persistent storage with databases and caching layers, Apache Kafka messaging, a comprehensive monitoring stack (Grafana, Jaeger, Loki, Prometheus, Mimir, OpenTelemetry), and corresponding application services. It updates CI/CD pipelines, adds health endpoints to the gateway service, refactors Java package namespaces in the search service, and centralises authentication header generation in load tests.

Changes

Cohort / File(s)	Summary
CI/CD Pipeline .github/workflows/build_images.yml	Adds matrix entries for authentication service targets (web, migrate), propagates target value to Docker build step, updates image tagging logic with optional target suffix conditioned on matrix.target
Docker Composition docker-compose.yml, monitoring/docker-compose.yml	Renames service key from graphql-router to router-service; removes -config.file argument from Loki startup command
Kubernetes Namespaces & Networking k8s/00-namespace.yml, k8s/01-ingress-controller.yml, k8s/02-cross-namespace-services.yml, k8s/03-ingress.yml, k8s/cross-namespace-services-aviation.yml	Creates namespaces (aviation, authentication, flights, aircraft, monitoring, messaging, ingress-nginx, search); deploys complete ingress-nginx stack with RBAC, webhook validation, certificate jobs; defines ExternalName services for cross-namespace routing; configures Ingress rules for api.aviation.local with path-based routing to multiple backend services
Kubernetes Documentation k8s/README.md, k8s/aircraft/README.md, k8s/flights/README.md	Adds deployment guidance, component descriptions, and environment variable documentation for the distributed aviation system
Aircraft Service Stack k8s/aircraft/database.yml, k8s/aircraft/cache.yml, k8s/aircraft/migrations.yml, k8s/aircraft/secrets.yml, k8s/aircraft/service.yml	Configures PostgreSQL database (StatefulSet), Redis cache (Deployment), Liquibase migrations Job, Kubernetes Secrets, and service Deployment with init containers for dependency sequencing
Authentication Service Stack k8s/authentication/database.yml, k8s/authentication/keygen.yml, k8s/authentication/migrations.yml, k8s/authentication/secrets.yml, k8s/authentication/service.yml	Establishes PostgreSQL database, cryptography-based key generation Job with PersistentVolumeClaim, migration Job with key/database readiness checks, Secrets for passwords and key credentials, and service Deployment with CORS and OTEL configuration
Flights Service Stack k8s/flights/database.yml, k8s/flights/cache.yml, k8s/flights/migrations.yml, k8s/flights/secrets.yml, k8s/flights/service.yml	Configures PostgreSQL database, Redis cache, migrate-based migrations Job, Secrets, and service Deployment with external service endpoint environment variables
Messaging Infrastructure k8s/messaging/kafka.yml, k8s/messaging/schema-registry.yml, k8s/messaging/schema-loader.yml	Deploys 3-replica Kafka StatefulSet (KRaft mode), Confluent Schema Registry single-replica Deployment, and schema-loader Job for initialisation
Monitoring Stack k8s/monitoring/grafana.yml, k8s/monitoring/jaeger.yml, k8s/monitoring/loki.yml, k8s/monitoring/mimir.yml, k8s/monitoring/otel.yml, k8s/monitoring/promethus.yml	Deploys six monitoring components: Grafana (with Git-cloned provisioning config), Jaeger all-in-one, Loki log aggregation, Mimir metrics, OpenTelemetry Collector, and Prometheus—each with Service and Deployment, config sourced from initContainers cloning Git repos
Router & Gateway Services k8s/router/router-config-job.yml, k8s/router/service.yml, k8s/router/supergraph-job.yml, k8s/gateway/service.yml	Configures router config fetch Job and PersistentVolumeClaim, Apollo Router Deployment with schema/config volumes, supergraph composition Job with ConfigMap federation config, and Gateway service Deployment with routing and OTEL integration
Search Service Stack k8s/search/opensearch.yml, k8s/search/dashboards.yml, k8s/search/init-job.yml, k8s/search/service.yml	Deploys 2-replica OpenSearch StatefulSet, OpenSearch Dashboards Deployment, initialisation Job with dashboard/index setup, and search-service Deployment with Kafka/Schema Registry integration
Authentication Service Configuration services/authentication/authentication/settings.py, services/authentication/docker-compose.yml	Adds CORS configuration properties (CORS_ALLOW_CREDENTIALS, CORS_ALLOWED_HEADERS, CORS_ALLOW_METHODS); updates CORS_ALLOW_ALL_ORIGINS default to False; extends ALLOWED_HOSTS to include host.docker.internal
Gateway Service Implementation services/gateway/src/handling/health_handler.rs, services/gateway/src/handling/mod.rs, services/gateway/src/main.rs	Introduces new health endpoint handler returning JSON status, exports handler from mod.rs, updates routing to include explicit /health route and fallback for unmatched paths
Search Service Package Refactoring services/search/src/main/java/search/config/*.java, services/search/src/main/java/search/consumer/*.java, services/search/src/main/java/search/exceptions/*.java, services/search/src/main/java/search/helpers/*.java, services/search/src/main/java/search/model/*.java, services/search/src/main/java/search/resolver/*.java, services/search/src/main/java/search/service/*.java, services/search/src/test/java/search/ApplicationTests.java	Renames package namespace from aviation.search.* to search.* across 15+ Java files; updates import statements accordingly; changes OpenTelemetry meter name from "aviation.search.graphql" to "search.graphql"
Configuration & Environment router.yml, supergraph.yml, load-tests/src/config.ts	Updates OTLP endpoint configuration to use environment variables with fallbacks; makes subgraph routing URLs environment-variable-driven; updates load-test service endpoints to use api.aviation.local subdomain paths
Load Tests Authentication load-tests/src/helpers/auth_headers.ts, load-tests/src/tests/shells/aircraft.ts, load-tests/src/tests/shells/flights.ts	Introduces centralised buildAuthHeaders helper function; refactors aircraft and flights test shells to use the helper with dynamic useDirectHeaders flag based on target URL

Sequence Diagram(s)

sequenceDiagram
    participant Client as External Client
    participant Ingress as Ingress Controller<br/>(nginx)
    participant Router as Router Service<br/>(Apollo)
    participant Auth as Authentication<br/>Service
    participant Flights as Flights<br/>Service
    participant Aircraft as Aircraft<br/>Service
    participant Search as Search<br/>Service
    participant Gateway as Gateway<br/>Service
    
    Client->>Ingress: /router/{query}
    Ingress->>Router: forward
    Router->>Auth: verify JWT
    Auth-->>Router: token valid
    Router->>Flights: subgraph query
    Router->>Aircraft: subgraph query
    Router->>Search: subgraph query
    Flights-->>Router: response
    Aircraft-->>Router: response
    Search-->>Router: response
    Router-->>Ingress: composed result
    Ingress-->>Client: response
    
    Client->>Ingress: /gateway/{path}
    Ingress->>Gateway: forward
    Gateway->>Router: route to appropriate handler
    Router-->>Gateway: response
    Gateway-->>Ingress: result
    Ingress-->>Client: response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

• Ingress controller setup and RBAC: Review the ServiceAccount, Role, ClusterRole, RoleBinding, and ClusterRoleBinding permissions in k8s/01-ingress-controller.yml, especially webhook validation and certificate generation Jobs.
• Database migration dependency chains: Verify init container ordering and environment variable injection across aircraft, authentication, and flights database/migration manifests; ensure Liquibase and migrate command construction is correct.
• Authentication service key management: Review the keygen Job, PersistentVolumeClaim handling, and password Secret sourcing across authentication manifests; validate readiness sequencing for keys availability.
• Package refactoring scope: Confirm all 15+ Java search service files have consistent package renaming (aviation.search.* → search.*) and that import chains are complete; validate OpenTelemetry meter name change.
• Kubernetes networking: Verify ExternalName service DNS references (e.g., flights-service.flights.svc.cluster.local) and Ingress path routing rules are correctly wired to backend services and ports.
• Load test authentication centralisation: Ensure buildAuthHeaders correctly handles both direct headers and Bearer token modes based on useDirectHeaders flag and target URL detection.

Possibly related PRs

• added target config to build images #40: Updates .github/workflows/build_images.yml with matrix target handling and image tagging logic adjustments—directly overlaps with this PR's CI/CD changes.
• Kubernetes deployment #41: Adds comprehensive Kubernetes manifests for service deployments, namespaces, ingress, and authentication—substantial overlap with this PR's K8s infrastructure additions.
• API Gateway service #28: Modifies Gateway service code and manifests (health endpoints, routing, docker-compose/K8s entries)—directly related to this PR's gateway service changes.

Poem

🐰 The warren now speaks in Kubernetes tongues,
With namespaces blessed and ingress controllers sung,
Authentication keys stored in secrets so deep,
While Kafka and schemas their vigil do keep,
From search to the flights, all services aligned—
One unified cluster of systems designed! ✨

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a3db11 and 8eb82a9.

📒 Files selected for processing (69)

• .github/workflows/build_images.yml (2 hunks)
• docker-compose.yml (1 hunks)
• k8s/00-namespace.yml (1 hunks)
• k8s/01-ingress-controller.yml (1 hunks)
• k8s/02-cross-namespace-services.yml (1 hunks)
• k8s/03-ingress.yml (1 hunks)
• k8s/README.md (1 hunks)
• k8s/aircraft/README.md (1 hunks)
• k8s/aircraft/cache.yml (1 hunks)
• k8s/aircraft/database.yml (1 hunks)
• k8s/aircraft/migrations.yml (1 hunks)
• k8s/aircraft/secrets.yml (1 hunks)
• k8s/aircraft/service.yml (1 hunks)
• k8s/authentication/database.yml (1 hunks)
• k8s/authentication/keygen.yml (1 hunks)
• k8s/authentication/migrations.yml (1 hunks)
• k8s/authentication/secrets.yml (1 hunks)
• k8s/authentication/service.yml (1 hunks)
• k8s/cross-namespace-services-aviation.yml (1 hunks)
• k8s/flights/README.md (1 hunks)
• k8s/flights/cache.yml (1 hunks)
• k8s/flights/database.yml (1 hunks)
• k8s/flights/migrations.yml (1 hunks)
• k8s/flights/secrets.yml (1 hunks)
• k8s/flights/service.yml (1 hunks)
• k8s/gateway/service.yml (1 hunks)
• k8s/messaging/kafka.yml (1 hunks)
• k8s/messaging/schema-loader.yml (1 hunks)
• k8s/messaging/schema-registry.yml (1 hunks)
• k8s/monitoring/grafana.yml (1 hunks)
• k8s/monitoring/jaeger.yml (1 hunks)
• k8s/monitoring/loki.yml (1 hunks)
• k8s/monitoring/mimir.yml (1 hunks)
• k8s/monitoring/otel.yml (1 hunks)
• k8s/monitoring/promethus.yml (1 hunks)
• k8s/router/router-config-job.yml (1 hunks)
• k8s/router/service.yml (1 hunks)
• k8s/router/supergraph-job.yml (1 hunks)
• k8s/search/dashboards.yml (1 hunks)
• k8s/search/init-job.yml (1 hunks)
• k8s/search/opensearch.yml (1 hunks)
• k8s/search/service.yml (1 hunks)
• load-tests/src/config.ts (1 hunks)
• load-tests/src/helpers/auth_headers.ts (1 hunks)
• load-tests/src/tests/shells/aircraft.ts (3 hunks)
• load-tests/src/tests/shells/flights.ts (4 hunks)
• monitoring/docker-compose.yml (0 hunks)
• router.yml (1 hunks)
• services/authentication/authentication/settings.py (1 hunks)
• services/authentication/docker-compose.yml (1 hunks)
• services/gateway/src/handling/health_handler.rs (1 hunks)
• services/gateway/src/handling/mod.rs (1 hunks)
• services/gateway/src/main.rs (2 hunks)
• services/search/src/main/java/search/config/OpenSearchConfig.java (1 hunks)
• services/search/src/main/java/search/config/SearchLogger.java (1 hunks)
• services/search/src/main/java/search/config/metrics/graphql/GraphqlMetricsHelpers.java (1 hunks)
• services/search/src/main/java/search/config/metrics/graphql/GraphqlMetricsInstrumentation.java (2 hunks)
• services/search/src/main/java/search/consumer/FlightEventConsumer.java (1 hunks)
• services/search/src/main/java/search/exceptions/DomainException.java (1 hunks)
• services/search/src/main/java/search/exceptions/ExceptionCategories.java (1 hunks)
• services/search/src/main/java/search/exceptions/GlobalGraphQlExceptionHandler.java (1 hunks)
• services/search/src/main/java/search/exceptions/UnauthorizedException.java (1 hunks)
• services/search/src/main/java/search/helpers/SearchHelpers.java (1 hunks)
• services/search/src/main/java/search/model/FlightDocument.java (1 hunks)
• services/search/src/main/java/search/resolver/FlightSearchResolver.java (1 hunks)
• services/search/src/main/java/search/service/FlightIndexService.java (1 hunks)
• services/search/src/main/java/search/service/FlightSearchService.java (1 hunks)
• services/search/src/test/java/search/ApplicationTests.java (1 hunks)
• supergraph.yml (1 hunks)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}