viktor/trading
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
trading/docs/plans/2026-02-23-deployment-design.md
Viktor Barzin 774dcfd1c1
add deployment design document
2026-02-23 22:19:35 +00:00

2.5 KiB
Raw Permalink Blame History

Trading Bot Deployment Design

Overview

Deploy the trading bot to the existing Kubernetes cluster behind Authentik authentication, accessible at trading.viktorbarzin.me.

Architecture

Deployments (2)

trading-bot-frontend (1 replica, 2 containers):

  • dashboard — React SPA served by nginx, proxies /api/* and /ws to localhost:8000
  • api-gateway — FastAPI REST API + WebSocket (port 8000)

trading-bot-workers (1 replica, 6 containers):

  • news-fetcher — Polls RSS feeds + Reddit, publishes to news:raw
  • sentiment-analyzer — Scores articles via FinBERT/Ollama, publishes to news:scored
  • signal-generator — Weighted ensemble of strategies, publishes to signals:generated
  • trade-executor — Risk management + order submission
  • learning-engine — Computes P&L, adjusts strategy weights
  • market-data — Watches ticker OHLCV data

Networking

  • 1 Service: trading-bot-frontend port 80 -> container port 3000 (nginx)
  • 1 Ingress: trading.viktorbarzin.me via ingress_factory with protected = true (Authentik forward-auth)
  • nginx proxies /api/* and /ws to api-gateway at localhost:8000

Auth

  • Layer 1: Authentik forward-auth on ingress (gate access to the app)
  • Layer 2: WebAuthn/passkey in API gateway (existing app-level auth preserved)

Infrastructure Dependencies (reused)

  • PostgreSQL: postgresql.dbaas.svc.cluster.local:5432 — new DB trading, user trading
  • Redis: redis.redis.svc.cluster.local:6379 — dedicated DB number
  • Ollama: ollama.ollama.svc.cluster.local:11434 — for sentiment fallback
  • TimescaleDB: attempt CREATE EXTENSION IF NOT EXISTS timescaledb on existing PG

Docker Images

  • viktorbarzin/trading-bot-service:<build-number> — all Python services (single fat image)
  • viktorbarzin/trading-bot-dashboard:<build-number> — React SPA + nginx

CI/CD

  • Repository: Forgejo at forgejo.viktorbarzin.me (personal account)
  • CI: Woodpecker at ci.viktorbarzin.me (add Forgejo integration)
  • Pipeline: build images -> push to Docker Hub -> patch K8s deployments -> verify -> Slack

Secrets (in terraform.tfvars)

  • trading_bot_db_password — PostgreSQL password
  • trading_bot_alpaca_api_key — Alpaca broker API key
  • trading_bot_alpaca_secret_key — Alpaca broker secret
  • trading_bot_jwt_secret — JWT signing key
  • trading_bot_reddit_client_id — Reddit API client ID
  • trading_bot_reddit_client_secret — Reddit API client secret

Storage

  • NFS volume at /mnt/main/trading-bot for any persistent data