Fix production deployment: Authentik blueprint, env vars, and infrastructure config

2025-12-03 14:15:12 +02:00
parent 586f79e5d0
commit 67de982754
9 changed files with 240 additions and 141 deletions
--- a/infra/base/services.yaml
+++ b/infra/base/services.yaml
@@ -44,6 +44,13 @@ services:
      - "traefik.http.routers.svc-ingestion.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-ingestion.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-ingestion.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-nats

  # Data Extraction Service
  apa-svc-extract:
@@ -77,6 +84,13 @@ services:
      - "traefik.http.routers.svc-extract.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-extract.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-extract.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-nats

  # Knowledge Graph Service
  apa-svc-kg:
@@ -104,6 +118,10 @@ services:
      - "traefik.http.routers.svc-kg.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-kg.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-kg.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-neo4j
+      - apa-nats

  # RAG Retrieval Service
  apa-svc-rag-retriever:
@@ -134,6 +152,11 @@ services:
      - "traefik.http.routers.svc-rag-retriever.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-rag-retriever.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-rag-retriever.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-neo4j
+      - apa-qdrant
+      - apa-nats

  # Forms Service
  apa-svc-forms:
@@ -167,6 +190,14 @@ services:
      - "traefik.http.routers.svc-forms.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-forms.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-forms.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # HMRC Integration Service
  apa-svc-hmrc:
@@ -201,6 +232,14 @@ services:
      - "traefik.http.routers.svc-hmrc.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-hmrc.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-hmrc.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # OCR Service
  apa-svc-ocr:
@@ -234,6 +273,14 @@ services:
      - "traefik.http.routers.svc-ocr.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-ocr.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-ocr.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # RAG Indexer Service
  apa-svc-rag-indexer:
@@ -267,6 +314,14 @@ services:
      - "traefik.http.routers.svc-rag-indexer.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-rag-indexer.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-rag-indexer.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # Reasoning Service
  apa-svc-reason:
@@ -300,6 +355,14 @@ services:
      - "traefik.http.routers.svc-reason.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-reason.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-reason.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # RPA Service
  apa-svc-rpa:
@@ -333,6 +396,14 @@ services:
      - "traefik.http.routers.svc-rpa.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-rpa.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-rpa.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # Normalize & Map Service
  apa-svc-normalize-map:
@@ -366,6 +437,14 @@ services:
      - "traefik.http.routers.svc-normalize-map.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-normalize-map.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-normalize-map.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # Coverage Service
  apa-svc-coverage:
@@ -399,6 +478,14 @@ services:
      - "traefik.http.routers.svc-coverage.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-coverage.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-coverage.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # Firm Connectors Service
  apa-svc-firm-connectors:
@@ -432,6 +519,14 @@ services:
      - "traefik.http.routers.svc-firm-connectors.tls.certresolver=godaddy"
      - "traefik.http.routers.svc-firm-connectors.middlewares=authentik-forwardauth@file,rate-limit@file,strip-api-prefixes@file"
      - "traefik.http.services.svc-firm-connectors.loadbalancer.server.port=8000"
+    depends_on:
+      - apa-vault
+      - apa-postgres
+      - apa-neo4j
+      - apa-redis
+      - apa-minio
+      - apa-qdrant
+      - apa-nats

  # Review UI
  # apa-ui-review: