From 774dcfd1c186f501102146afe8f78f87eb619630 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Mon, 23 Feb 2026 22:19:35 +0000 Subject: [PATCH] add deployment design document --- docs/plans/2026-02-23-deployment-design.md | 63 ++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 docs/plans/2026-02-23-deployment-design.md diff --git a/docs/plans/2026-02-23-deployment-design.md b/docs/plans/2026-02-23-deployment-design.md new file mode 100644 index 0000000..d791a6d --- /dev/null +++ b/docs/plans/2026-02-23-deployment-design.md @@ -0,0 +1,63 @@ +# Trading Bot Deployment Design + +## Overview + +Deploy the trading bot to the existing Kubernetes cluster behind Authentik authentication, accessible at `trading.viktorbarzin.me`. + +## Architecture + +### Deployments (2) + +**trading-bot-frontend** (1 replica, 2 containers): +- `dashboard` — React SPA served by nginx, proxies `/api/*` and `/ws` to localhost:8000 +- `api-gateway` — FastAPI REST API + WebSocket (port 8000) + +**trading-bot-workers** (1 replica, 6 containers): +- `news-fetcher` — Polls RSS feeds + Reddit, publishes to `news:raw` +- `sentiment-analyzer` — Scores articles via FinBERT/Ollama, publishes to `news:scored` +- `signal-generator` — Weighted ensemble of strategies, publishes to `signals:generated` +- `trade-executor` — Risk management + order submission +- `learning-engine` — Computes P&L, adjusts strategy weights +- `market-data` — Watches ticker OHLCV data + +### Networking + +- 1 Service: `trading-bot-frontend` port 80 -> container port 3000 (nginx) +- 1 Ingress: `trading.viktorbarzin.me` via `ingress_factory` with `protected = true` (Authentik forward-auth) +- nginx proxies `/api/*` and `/ws` to api-gateway at localhost:8000 + +### Auth + +- Layer 1: Authentik forward-auth on ingress (gate access to the app) +- Layer 2: WebAuthn/passkey in API gateway (existing app-level auth preserved) + +### Infrastructure Dependencies (reused) + +- PostgreSQL: `postgresql.dbaas.svc.cluster.local:5432` — new DB `trading`, user `trading` +- Redis: `redis.redis.svc.cluster.local:6379` — dedicated DB number +- Ollama: `ollama.ollama.svc.cluster.local:11434` — for sentiment fallback +- TimescaleDB: attempt `CREATE EXTENSION IF NOT EXISTS timescaledb` on existing PG + +### Docker Images + +- `viktorbarzin/trading-bot-service:` — all Python services (single fat image) +- `viktorbarzin/trading-bot-dashboard:` — React SPA + nginx + +### CI/CD + +- Repository: Forgejo at `forgejo.viktorbarzin.me` (personal account) +- CI: Woodpecker at `ci.viktorbarzin.me` (add Forgejo integration) +- Pipeline: build images -> push to Docker Hub -> patch K8s deployments -> verify -> Slack + +### Secrets (in terraform.tfvars) + +- `trading_bot_db_password` — PostgreSQL password +- `trading_bot_alpaca_api_key` — Alpaca broker API key +- `trading_bot_alpaca_secret_key` — Alpaca broker secret +- `trading_bot_jwt_secret` — JWT signing key +- `trading_bot_reddit_client_id` — Reddit API client ID +- `trading_bot_reddit_client_secret` — Reddit API client secret + +### Storage + +- NFS volume at `/mnt/main/trading-bot` for any persistent data