k8s redesign complete

Makefile

@@ -1,9 +1,9 @@
-.PHONY: help setup start stop clean test test-frontend logs shell-backend shell-frontend migrate rebuild etl-load-manual etl-validate-json etl-shell
+.PHONY: help setup start stop clean test test-frontend logs shell-backend shell-frontend migrate rebuild traefik-dashboard traefik-logs service-discovery network-inspect health-check-all mobile-setup db-shell-app db-shell-platform db-shell-vehicles
 
 help:
-	@echo "MotoVaultPro - Production-Ready Modified Feature Capsule Architecture"
+	@echo "MotoVaultPro - Kubernetes-Ready Docker Compose Architecture"
 	@echo "Commands:"
-	@echo "  make setup         - Initial project setup"
+	@echo "  make setup         - Initial project setup (K8s-ready environment)"
 	@echo "  make start         - Start all services (production mode)"
 	@echo "  make rebuild       - Rebuild and restart containers (production)"
 	@echo "  make stop          - Stop all services"
@@ -17,31 +17,48 @@ help:
 	@echo "  make shell-frontend- Open shell in frontend container"
 	@echo "  make migrate       - Run database migrations"
 	@echo ""
-	@echo "Vehicle ETL Commands:"
-	@echo "  make etl-load-manual   - Load vehicle data from JSON files (append mode)"
-	@echo "  make etl-load-clear    - Load vehicle data from JSON files (clear mode)"
-	@echo "  make etl-validate-json - Validate JSON files without loading"
-	@echo "  make etl-shell         - Open shell in ETL container"
+	@echo "K8s-Ready Architecture Commands:"
+	@echo "  make traefik-dashboard - Access Traefik service discovery dashboard"
+	@echo "  make traefik-logs      - View Traefik access and error logs"
+	@echo "  make service-discovery - Show discovered services and routes"
+	@echo "  make network-inspect   - Inspect 4-tier network topology"
+	@echo "  make health-check-all  - Check health of all services"
+	@echo "  make mobile-setup      - Setup instructions for mobile testing"
+	@echo ""
+	@echo "Database Access (Container-Only):"
+	@echo "  make db-shell-app      - Application database shell"
+	@echo "  make db-shell-platform - Platform database shell"
+	@echo "  make db-shell-vehicles - Vehicles database shell"
 
 setup:
-	@echo "Setting up MotoVaultPro development environment..."
+	@echo "Setting up MotoVaultPro K8s-ready development environment..."
 	@echo "1. Checking if .env file exists..."
 	@if [ ! -f .env ]; then \
-		echo "ERROR: .env file not found. Please create .env file with required environment variables."; \
-		echo "See .env.example for reference."; \
-		exit 1; \
+		echo "WARNING: .env file not found. Using defaults for development."; \
+		echo "Create .env file for custom configuration."; \
 	fi
-	@echo "2. Building and starting all containers..."
+	@echo "2. Checking SSL certificates..."
+	@if [ ! -f certs/motovaultpro.com.crt ]; then \
+		echo "Generating multi-domain SSL certificate..."; \
+		$(MAKE) generate-certs; \
+	fi
+	@echo "3. Building and starting all containers with 4-tier network isolation..."
 	@docker compose up -d --build --remove-orphans
-	@echo "3. Running database migrations..."
-	@sleep 10  # Wait for databases to be ready
+	@echo "4. Running database migrations..."
+	@sleep 15  # Wait for databases to be ready
 	@docker compose exec admin-backend node dist/_system/migrations/run-all.js
 	@echo ""
-	@echo "✅ Setup complete!"
+	@echo "✅ K8s-ready setup complete!"
 	@echo "Access application at: https://admin.motovaultpro.com"
 	@echo "Access platform landing at: https://motovaultpro.com"
-	@echo "Backend API health: http://localhost:3001/health"
+	@echo "Traefik dashboard at: http://localhost:8080"
 	@echo ""
+	@echo "Network Architecture:"
+	@echo "  - 4-tier isolation: frontend, backend, database, platform"
+	@echo "  - All traffic routed through Traefik (no direct service access)"
+	@echo "  - Development database access: ports 5432, 5433, 5434, 6379, 6380, 6381"
+	@echo ""
+	@echo "Mobile setup: make mobile-setup"
 	@echo "Remember to add to /etc/hosts:"
 	@echo "127.0.0.1 motovaultpro.com admin.motovaultpro.com"
 
@@ -93,22 +110,267 @@ rebuild:
 	@docker compose up -d --build --remove-orphans
 	@echo "Containers rebuilt and restarted!"
 
-# Vehicle ETL Commands
-etl-load-manual:
-	@echo "Loading vehicle data from JSON files (append mode)..."
-	@docker compose --profile manual run --rm mvp-platform-vehicles-etl-manual python -m etl load-manual --sources-dir etl/sources/makes --mode append --verbose
-	@echo "Manual JSON loading completed!"
+# Database Shell Access (K8s-equivalent: kubectl exec)
+db-shell-app:
+	@echo "Opening application database shell..."
+	@docker compose exec admin-postgres psql -U postgres -d motovaultpro
 
-etl-load-clear:
-	@echo "Loading vehicle data from JSON files (clear mode - WARNING: destructive)..."
-	@docker compose --profile manual run --rm mvp-platform-vehicles-etl-manual python -m etl load-manual --sources-dir etl/sources/makes --mode clear --verbose
-	@echo "Manual JSON loading completed!"
+db-shell-platform:
+	@echo "Opening platform database shell..."
+	@docker compose exec platform-postgres psql -U platform_user -d platform
 
-etl-validate-json:
-	@echo "Validating JSON vehicle data files..."
-	@docker compose --profile manual run --rm mvp-platform-vehicles-etl-manual python -m etl validate-json --sources-dir etl/sources/makes --verbose
-	@echo "JSON validation completed!"
+db-shell-vehicles:
+	@echo "Opening vehicles database shell..."
+	@docker compose exec mvp-platform-vehicles-db psql -U mvp_platform_user -d vehicles
 
-etl-shell:
-	@echo "Opening shell in ETL container..."
-	@docker compose --profile manual run --rm mvp-platform-vehicles-etl-manual sh
+# K8s-Ready Architecture Commands
+traefik-dashboard:
+	@echo "Traefik Service Discovery Dashboard:"
+	@echo "  Dashboard: http://localhost:8080"
+	@echo "  API: http://localhost:8080/api"
+	@echo ""
+	@echo "Available routes:"
+	@curl -s http://localhost:8080/api/http/routers 2>/dev/null | jq -r '.[].name' | grep -v internal | sed 's/^/  - /' || echo "  (Traefik not ready yet)"
+
+traefik-logs:
+	@echo "Traefik access and error logs:"
+	@docker compose logs -f traefik
+
+service-discovery:
+	@echo "🔍 Service Discovery Status:"
+	@echo ""
+	@echo "Discovered Services:"
+	@curl -s http://localhost:8080/api/http/services 2>/dev/null | jq -r '.[].name' | grep -v internal | sed 's/^/  ✅ /' || echo "  ❌ Traefik not ready yet"
+	@echo ""
+	@echo "Active Routes:"
+	@curl -s http://localhost:8080/api/http/routers 2>/dev/null | jq -r '.[].name' | grep -v internal | sed 's/^/  ➡️  /' || echo "  ❌ No routes discovered yet"
+
+network-inspect:
+	@echo "🌐 K8s-Ready Network Architecture:"
+	@echo ""
+	@echo "Created Networks:"
+	@docker network ls --filter name=motovaultpro --format "table {{.Name}}\t{{.Driver}}\t{{.Scope}}" | grep -v default || echo "Networks not created yet"
+	@echo ""
+	@echo "Network Isolation Details:"
+	@echo "  🔐 frontend    - Public-facing (Traefik + frontend services)"
+	@echo "  🔒 backend     - API services (internal isolation)"
+	@echo "  🗄️  database    - Data persistence (internal isolation)"
+	@echo "  🏗️  platform    - Platform microservices (internal isolation)"
+
+health-check-all:
+	@echo "🏥 Service Health Status:"
+	@docker compose ps --format "table {{.Service}}\t{{.Status}}\t{{.Health}}"
+	@echo ""
+	@echo "Network Connectivity Test:"
+	@echo "  Traefik API: $$(curl -s -o /dev/null -w '%{http_code}' http://localhost:8080/api/http/services 2>/dev/null || echo 'FAIL')"
+	@echo ""
+	@echo "Service Discovery Status:"
+	@echo "  Discovered Services: $$(curl -s http://localhost:8080/api/http/services 2>/dev/null | jq '. | length' || echo '0')"
+	@echo "  Active Routes: $$(curl -s http://localhost:8080/api/http/routers 2>/dev/null | jq '. | length' || echo '0')"
+
+# Enhanced monitoring commands for Phase 2
+metrics:
+	@echo "📊 Prometheus Metrics Collection:"
+	@echo ""
+	@echo "Traefik Metrics:"
+	@curl -s http://localhost:8080/metrics | grep "traefik_" | head -5 || echo "Metrics not available"
+	@echo ""
+	@echo "Service Response Times (last 5min):"
+	@curl -s http://localhost:8080/metrics | grep "traefik_service_request_duration" | head -3 || echo "No duration metrics yet"
+
+service-auth-test:
+	@echo "🔐 Service-to-Service Authentication Test:"
+	@echo ""
+	@echo "Testing platform API authentication..."
+	@echo "  Vehicles API: $$(curl -k -s -o /dev/null -w '%{http_code}' -H 'X-API-Key: mvp-platform-vehicles-secret-key' https://admin.motovaultpro.com/api/platform/vehicles/health 2>/dev/null || echo 'FAIL')"
+	@echo "  Tenants API: $$(curl -k -s -o /dev/null -w '%{http_code}' -H 'X-API-Key: mvp-platform-tenants-secret-key' https://admin.motovaultpro.com/api/platform/tenants/health 2>/dev/null || echo 'FAIL')"
+
+middleware-test:
+	@echo "🛡️ Middleware Security Test:"
+	@echo ""
+	@echo "Testing security headers..."
+	@curl -k -s -I https://admin.motovaultpro.com/ | grep -E "(X-Frame-Options|X-Content-Type-Options|Strict-Transport-Security)" || echo "Security headers not applied"
+	@echo ""
+	@echo "Testing rate limiting..."
+	@for i in $$(seq 1 3); do curl -k -s -o /dev/null -w "Request $$i: %{http_code}\n" https://admin.motovaultpro.com/; done
+
+network-security-test:
+	@echo "🔒 Network Security Isolation Test:"
+	@echo ""
+	@echo "Testing network isolation:"
+	@docker network inspect motovaultpro_backend motovaultpro_database motovaultpro_platform | jq '.[].Options."com.docker.network.bridge.enable_icc"' | head -3 | sed 's/^/  Network ICC: /'
+	@echo ""
+	@echo "Internal network test:"
+	@echo "  Backend → Platform: $$(docker compose exec admin-backend nc -zv mvp-platform-vehicles-api 8000 2>&1 | grep -q 'open' && echo 'CONNECTED' || echo 'ISOLATED')"
+
+# Mobile Testing Support
+mobile-setup:
+	@echo "📱 Mobile Testing Setup (K8s-Ready Architecture):"
+	@echo ""
+	@echo "1. Connect mobile device to same network as development machine"
+	@echo "2. Development machine IP: $$(hostname -I | awk '{print $$1}' 2>/dev/null || echo 'unknown')"
+	@echo "3. Add to mobile device DNS/hosts (if rooted):"
+	@echo "   $$(hostname -I | awk '{print $$1}' 2>/dev/null) motovaultpro.com"
+	@echo "   $$(hostname -I | awk '{print $$1}' 2>/dev/null) admin.motovaultpro.com"
+	@echo "4. Install and trust certificate from: https://$$(hostname -I | awk '{print $$1}' 2>/dev/null)/certs/motovaultpro.com.crt"
+	@echo "5. Access applications:"
+	@echo "   🌐 Landing: https://motovaultpro.com"
+	@echo "   📱 Admin App: https://admin.motovaultpro.com"
+	@echo ""
+	@echo "Certificate Generation (if needed): make generate-certs"
+
+# SSL Certificate Generation
+generate-certs:
+	@echo "Generating multi-domain SSL certificate for mobile compatibility..."
+	@mkdir -p certs
+	@openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+		-keyout certs/motovaultpro.com.key \
+		-out certs/motovaultpro.com.crt \
+		-config <(echo '[dn]'; echo 'CN=motovaultpro.com'; echo '[req]'; echo 'distinguished_name = dn'; echo '[SAN]'; echo 'subjectAltName=DNS:motovaultpro.com,DNS:admin.motovaultpro.com,DNS:*.motovaultpro.com,IP:127.0.0.1,IP:172.30.1.64') \
+		-extensions SAN
+	@echo "✅ Certificate generated with SAN for mobile compatibility (includes $(shell hostname -I | awk '{print $$1}'))"
+
+# Configuration Management Commands (Phase 3)
+config-validate:
+	@echo "🔍 K8s-Equivalent Configuration Validation:"
+	@./scripts/config-validator.sh
+
+config-setup:
+	@echo "📝 Setting up K8s-equivalent configuration and secrets:"
+	@./scripts/config-validator.sh --generate-templates
+	@echo ""
+	@echo "Next steps:"
+	@echo "  1. Update secret values: edit files in secrets/app/ and secrets/platform/"
+	@echo "  2. Validate configuration: make config-validate"
+	@echo "  3. Deploy with new config: make deploy-with-config"
+
+config-status:
+	@echo "📊 Configuration Management Status:"
+	@echo ""
+	@echo "ConfigMaps (K8s equivalent):"
+	@find config -name "*.yml" -exec echo "  ✅ {}" \; 2>/dev/null || echo "  ❌ No config files found"
+	@echo ""
+	@echo "Secrets (K8s equivalent):"
+	@find secrets -name "*.txt" | grep -v example | wc -l | sed 's/^/  📁 Secret files: /'
+	@echo ""
+	@echo "Docker Compose mounts:"
+	@grep -c "config.*yml\|/run/secrets" docker-compose.yml | sed 's/^/  🔗 Configuration mounts: /' || echo "  ❌ No configuration mounts found"
+
+deploy-with-config:
+	@echo "🚀 Deploying with K8s-equivalent configuration management:"
+	@echo "1. Validating configuration..."
+	@./scripts/config-validator.sh
+	@echo ""
+	@echo "2. Stopping existing services..."
+	@docker compose down
+	@echo ""
+	@echo "3. Starting services with file-based configuration..."
+	@docker compose up -d --build
+	@echo ""
+	@echo "4. Verifying configuration loading..."
+	@sleep 10
+	@make health-check-all
+
+config-reload:
+	@echo "🔄 Hot-reloading configuration (K8s ConfigMap equivalent):"
+	@echo "Restarting services that support configuration hot-reload..."
+	@docker compose restart traefik
+	@echo "✅ Configuration reloaded for supported services"
+	@echo "⚠️  Note: Some services may require full restart for config changes"
+
+config-backup:
+	@echo "💾 Backing up current configuration:"
+	@mkdir -p backups/config-$$(date +%Y%m%d-%H%M%S)
+	@cp -r config secrets backups/config-$$(date +%Y%m%d-%H%M%S)/
+	@echo "✅ Configuration backed up to backups/config-$$(date +%Y%m%d-%H%M%S)/"
+
+config-diff:
+	@echo "🔍 Configuration diff from defaults:"
+	@echo "App configuration changes:"
+	@diff -u config/app/production.yml.example config/app/production.yml || echo "  (No example file to compare)"
+	@echo ""
+	@echo "Secret files status:"
+	@ls -la secrets/app/*.txt | grep -v example || echo "  No secrets found"
+
+# Enhanced log commands with filtering
+logs-traefik:
+	@docker compose logs -f traefik
+
+logs-platform:
+	@docker compose logs -f mvp-platform-vehicles-api mvp-platform-tenants mvp-platform-landing
+
+logs-backend-full:
+	@docker compose logs -f admin-backend admin-postgres admin-redis admin-minio
+
+# Phase 4: Optimization & Monitoring Commands
+resource-optimization:
+	@echo "🔧 Resource Optimization Analysis:"
+	@echo ""
+	@echo "Current Resource Usage:"
+	@docker stats --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}" | head -15
+	@echo ""
+	@echo "Resource Recommendations:"
+	@echo "  🔍 Checking for over-allocated services..."
+	@docker stats --no-stream | awk 'NR>1 {if ($$3 ~ /%/ && $$3+0 < 50) print "  ⬇️  "$1" can reduce CPU allocation (using "$3")"}' | head -5
+	@docker stats --no-stream | awk 'NR>1 {if ($$7 ~ /%/ && $$7+0 < 50) print "  ⬇️  "$1" can reduce memory allocation (using "$7")"}' | head -5
+
+performance-baseline:
+	@echo "📊 Performance Baseline Measurement:"
+	@echo ""
+	@echo "Service Response Times:"
+	@curl -k -s -o /dev/null -w "Admin Frontend: %{time_total}s\n" https://admin.motovaultpro.com/
+	@curl -k -s -o /dev/null -w "Platform Landing: %{time_total}s\n" https://motovaultpro.com/
+	@curl -k -s -H "X-API-Key: mvp-platform-vehicles-secret-key" -o /dev/null -w "Vehicles API: %{time_total}s\n" https://admin.motovaultpro.com/api/platform/vehicles/health
+	@curl -k -s -H "X-API-Key: mvp-platform-tenants-secret-key" -o /dev/null -w "Tenants API: %{time_total}s\n" https://admin.motovaultpro.com/api/platform/tenants/health
+	@echo ""
+	@echo "Database Connections:"
+	@docker compose exec admin-postgres psql -U postgres -d motovaultpro -c "SELECT count(*) as active_connections FROM pg_stat_activity WHERE state = 'active';" -t 2>/dev/null || echo "  Admin DB: Connection check failed"
+	@docker compose exec platform-postgres psql -U platform_user -d platform -c "SELECT count(*) as active_connections FROM pg_stat_activity WHERE state = 'active';" -t 2>/dev/null || echo "  Platform DB: Connection check failed"
+
+monitoring-setup:
+	@echo "📈 Setting up enhanced monitoring configuration..."
+	@echo "Creating monitoring directory structure..."
+	@mkdir -p config/monitoring/alerts logs/monitoring
+	@echo "✅ Monitoring configuration created"
+	@echo ""
+	@echo "To enable full monitoring:"
+	@echo "  1. Review config/monitoring/prometheus.yml"
+	@echo "  2. Deploy with: make deploy-with-monitoring"
+	@echo "  3. Access metrics: make metrics-dashboard"
+
+deploy-with-monitoring:
+	@echo "🚀 Deploying with enhanced monitoring..."
+	@echo "1. Validating configuration..."
+	@./scripts/config-validator.sh
+	@echo ""
+	@echo "2. Restarting services with monitoring configuration..."
+	@docker compose up -d --build --remove-orphans
+	@echo ""
+	@echo "3. Verifying monitoring setup..."
+	@sleep 10
+	@make health-check-all
+	@echo ""
+	@echo "✅ Monitoring deployment complete!"
+
+metrics-dashboard:
+	@echo "📊 Metrics Dashboard Access:"
+	@echo ""
+	@echo "Available metrics endpoints:"
+	@echo "  🔧 Traefik metrics: http://localhost:8080/metrics"
+	@echo "  📈 Service discovery: http://localhost:8080/api"
+	@echo ""
+	@echo "Sample Traefik metrics:"
+	@curl -s http://localhost:8080/metrics | grep "traefik_" | head -5 || echo "  Metrics not available yet"
+
+capacity-planning:
+	@echo "🎯 Capacity Planning Analysis:"
+	@echo ""
+	@echo "Current Deployment Footprint:"
+	@echo "  Services: $$(docker compose ps --format '{{.Service}}' | wc -l) containers"
+	@echo "  Networks: $$(docker network ls --filter name=motovaultpro | wc -l) isolated networks"
+	@echo "  Memory Allocation: $$(docker stats --no-stream --format '{{.MemUsage}}' | sed 's/MiB.*//' | awk '{sum+=$$1} END {print sum "MiB total"}' 2>/dev/null || echo 'calculating...')"
+	@echo ""
+	@echo "Resource Efficiency:"
+	@docker stats --no-stream --format "{{.Container}}" | wc -l | awk '{print "  Running containers: " $$1}'
+	@echo "  Docker Storage:"
+	@docker system df | grep -v REPOSITORY