viktor/trading
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add deployment design document

Browse source
This commit is contained in:
Viktor Barzin 2026-02-23 22:19:35 +00:00
parent b8eaa20d63
commit 774dcfd1c1
No known key found for this signature in database
GPG key ID: 0EB088298288D958
1 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

63
docs/plans/2026-02-23-deployment-design.md Normal file
View file

@ -0,0 +1,63 @@
# Trading Bot Deployment Design
## Overview
Deploy the trading bot to the existing Kubernetes cluster behind Authentik authentication, accessible at `trading.viktorbarzin.me`.
## Architecture
### Deployments (2)
**trading-bot-frontend** (1 replica, 2 containers):
- `dashboard` — React SPA served by nginx, proxies `/api/*` and `/ws` to localhost:8000
- `api-gateway` — FastAPI REST API + WebSocket (port 8000)
**trading-bot-workers** (1 replica, 6 containers):
- `news-fetcher` — Polls RSS feeds + Reddit, publishes to `news:raw`
- `sentiment-analyzer` — Scores articles via FinBERT/Ollama, publishes to `news:scored`
- `signal-generator` — Weighted ensemble of strategies, publishes to `signals:generated`
- `trade-executor` — Risk management + order submission
- `learning-engine` — Computes P&L, adjusts strategy weights
- `market-data` — Watches ticker OHLCV data
### Networking
- 1 Service: `trading-bot-frontend` port 80 -> container port 3000 (nginx)
- 1 Ingress: `trading.viktorbarzin.me` via `ingress_factory` with `protected = true` (Authentik forward-auth)
- nginx proxies `/api/*` and `/ws` to api-gateway at localhost:8000
### Auth
- Layer 1: Authentik forward-auth on ingress (gate access to the app)
- Layer 2: WebAuthn/passkey in API gateway (existing app-level auth preserved)
### Infrastructure Dependencies (reused)
- PostgreSQL: `postgresql.dbaas.svc.cluster.local:5432` — new DB `trading`, user `trading`
- Redis: `redis.redis.svc.cluster.local:6379` — dedicated DB number
- Ollama: `ollama.ollama.svc.cluster.local:11434` — for sentiment fallback
- TimescaleDB: attempt `CREATE EXTENSION IF NOT EXISTS timescaledb` on existing PG
### Docker Images
- `viktorbarzin/trading-bot-service:<build-number>` — all Python services (single fat image)
- `viktorbarzin/trading-bot-dashboard:<build-number>` — React SPA + nginx
### CI/CD
- Repository: Forgejo at `forgejo.viktorbarzin.me` (personal account)
- CI: Woodpecker at `ci.viktorbarzin.me` (add Forgejo integration)
- Pipeline: build images -> push to Docker Hub -> patch K8s deployments -> verify -> Slack
### Secrets (in terraform.tfvars)
- `trading_bot_db_password` — PostgreSQL password
- `trading_bot_alpaca_api_key` — Alpaca broker API key
- `trading_bot_alpaca_secret_key` — Alpaca broker secret
- `trading_bot_jwt_secret` — JWT signing key
- `trading_bot_reddit_client_id` — Reddit API client ID
- `trading_bot_reddit_client_secret` — Reddit API client secret
### Storage
- NFS volume at `/mnt/main/trading-bot` for any persistent data