Merge 145565b542 into 8edaaee117

2026-03-22 15:12:08 +01:00 · 2025-10-03 23:01:53 +02:00
122 changed files with 3953 additions and 1135 deletions
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -1,105 +0,0 @@
 name: Build and Push Image
 on:
  workflow_call:
    inputs:
      mode:
        description: "Build mode: 'prod' or 'pr'"
        required: true
        type: string
      image_repo:
        description: "Docker image repository (e.g., user/app)"
        required: false
        default: "lukastrkan/cc-app-demo"
        type: string
      context:
        description: "Docker build context path"
        required: false
        default: "7project/backend"
        type: string
      pr_number:
        description: "PR number (required when mode=pr)"
        required: false
        type: string
    secrets:
      DOCKER_USER:
        required: true
      DOCKER_PASSWORD:
        required: true
    outputs:
      digest:
        description: "Built image digest"
        value: ${{ jobs.build.outputs.digest }}
      image_repo:
        description: "Image repository used"
        value: ${{ jobs.build.outputs.image_repo }}
 jobs:
  build:
    runs-on: ubuntu-latest
    outputs:
      digest: ${{ steps.set.outputs.digest }}
      image_repo: ${{ steps.set.outputs.image_repo }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Compute image repo and tags
        id: meta
        env:
          MODE: ${{ inputs.mode }}
          IMAGE_REPO: ${{ inputs.image_repo }}
          PR: ${{ inputs.pr_number }}
        run: |
          set -euo pipefail
          if [ -z "${IMAGE_REPO:-}" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
          echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV
          SHA_SHORT="${GITHUB_SHA::12}"
          case "$MODE" in
            prod)
              TAG1="prod-$SHA_SHORT"
              TAG2="latest"
              ;;
            pr)
              if [ -z "${PR:-}" ]; then echo "pr_number input is required for mode=pr"; exit 1; fi
              TAG1="pr-$PR"
              TAG2="pr-$PR-$SHA_SHORT"
              ;;
            *)
              echo "Unknown mode '$MODE' (expected 'prod' or 'pr')"; exit 1;
              ;;
          esac
          echo "TAG1=$TAG1" >> $GITHUB_ENV
          echo "TAG2=$TAG2" >> $GITHUB_ENV
      - name: Build and push image
        id: build
        uses: docker/build-push-action@v5
        with:
          context: ${{ inputs.context }}
          push: true
          tags: |
            ${{ env.IMAGE_REPO }}:${{ env.TAG1 }}
            ${{ env.IMAGE_REPO }}:${{ env.TAG2 }}
          platforms: linux/amd64
      - name: Set outputs
        id: set
        env:
          IMAGE_REPO: ${{ env.IMAGE_REPO }}
        run: |
          echo "digest=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
          echo "image_repo=$IMAGE_REPO" >> $GITHUB_OUTPUT
--- a/.github/workflows/deploy-pr.yaml
+++ b/.github/workflows/deploy-pr.yaml
@@ -1,131 +0,0 @@
 name: Deploy Preview (PR)
 on:
  pull_request:
    types: [opened, reopened, synchronize, closed]
 permissions:
  contents: read
  pull-requests: write
 jobs:
  build:
    if: github.event.action != 'closed'
    name: Build and push image (reusable)
    uses: ./.github/workflows/build-image.yaml
    with:
      mode: pr
      image_repo: lukastrkan/cc-app-demo
      context: 7project/backend
      pr_number: ${{ github.event.pull_request.number }}
    secrets: inherit
  deploy:
    if: github.event.action != 'closed'
    name: Helm upgrade/install (PR preview)
    runs-on: vhs
    concurrency:
      group: pr-${{ github.event.pull_request.number }}
      cancel-in-progress: false
    needs: [build]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Helm
        uses: azure/setup-helm@v4
      - name: Setup kubectl
        uses: azure/setup-kubectl@v4
      - name: Configure kubeconfig
        env:
          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
        run: |
          mkdir -p ~/.kube
          if [ -z "$KUBE_CONFIG" ]; then
            echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
          echo "$KUBE_CONFIG" > ~/.kube/config
          chmod 600 ~/.kube/config
      - name: Helm upgrade/install PR preview
        env:
          DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
          RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
          DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
          IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
          DIGEST: ${{ needs.build.outputs.digest }}
        run: |
          PR=${{ github.event.pull_request.number }}
          if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi
          if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi
          if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi
          if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi
          RELEASE=myapp-pr-$PR
          NAMESPACE=pr-$PR
          DOMAIN=pr-$PR.$DEV_BASE_DOMAIN
          if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
          helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \
            -n "$NAMESPACE" --create-namespace \
            -f 7project/charts/myapp-chart/values-dev.yaml \
            --set prNumber="$PR" \
            --set deployment="pr-$PR" \
            --set domain="$DOMAIN" \
            --set image.repository="$IMAGE_REPO" \
            --set image.digest="$DIGEST" \
            --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
            --set-string database.password="$DB_PASSWORD"
      - name: Post preview URL as PR comment
        uses: actions/github-script@v7
        env:
          DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
        with:
          script: |
            const pr = context.payload.pull_request;
            if (!pr) { core.setFailed('No pull_request context'); return; }
            const prNumber = pr.number;
            const domainBase = process.env.DEV_BASE_DOMAIN;
            if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; }
            const domain = `pr-${prNumber}.${domainBase}`;
            const url = `https://${domain}`;
            const marker = '<!-- preview-link -->';
            const body = `${marker}\nPreview environment is running: ${url}\n`;
            const { owner, repo } = context.repo;
            const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 });
            const existing = comments.find(c => c.body && c.body.includes(marker));
            if (existing) {
              await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
            } else {
              await github.rest.issues.createComment({ owner, repo, issue_number: prNumber, body });
            }
  uninstall:
    if: github.event.action == 'closed'
    name: Helm uninstall (PR preview)
    runs-on: vhs
    steps:
      - name: Setup Helm
        uses: azure/setup-helm@v4
      - name: Setup kubectl
        uses: azure/setup-kubectl@v4
      - name: Configure kubeconfig
        env:
          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
        run: |
          mkdir -p ~/.kube
          if [ -z "$KUBE_CONFIG" ]; then
            echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
          echo "$KUBE_CONFIG" > ~/.kube/config
          chmod 600 ~/.kube/config
      - name: Helm uninstall release and cleanup namespace
        run: |
          PR=${{ github.event.pull_request.number }}
          RELEASE=myapp-pr-$PR
          NAMESPACE=pr-$PR
          helm uninstall "$RELEASE" -n "$NAMESPACE" || true
          # Optionally delete the namespace if empty
          kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true
--- a/.github/workflows/deploy-prod.yaml
+++ b/.github/workflows/deploy-prod.yaml
@@ -1,78 +0,0 @@
 name: Deploy Prod
 on:
  push:
    branches: [ "main" ]
    paths:
      - 7project/backend/**
      - 7project/charts/myapp-chart/**
      - .github/workflows/deploy-prod.yaml
      - .github/workflows/build-image.yaml
  workflow_dispatch:
 permissions:
  contents: read
 concurrency:
  group: deploy-prod
  cancel-in-progress: false
 jobs:
  build:
    name: Build and push image (reusable)
    uses: ./.github/workflows/build-image.yaml
    with:
      mode: prod
      image_repo: lukastrkan/cc-app-demo
      context: 7project/backend
    secrets: inherit
  deploy:
    name: Helm upgrade/install (prod)
    runs-on: vhs
    needs: [build]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Helm
        uses: azure/setup-helm@v4
      - name: Setup kubectl
        uses: azure/setup-kubectl@v4
      - name: Configure kubeconfig
        env:
          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
        run: |
          mkdir -p ~/.kube
          if [ -z "$KUBE_CONFIG" ]; then
            echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
          echo "$KUBE_CONFIG" > ~/.kube/config
          chmod 600 ~/.kube/config
      - name: Helm upgrade/install prod
        env:
          DOMAIN: ${{ secrets.PROD_DOMAIN }}
          RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
          DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
          IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
          DIGEST: ${{ needs.build.outputs.digest }}
        run: |
          if [ -z "$DOMAIN" ]; then
            echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi
          if [ -z "$RABBITMQ_PASSWORD" ]; then
            echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi
          if [ -z "$DB_PASSWORD" ]; then
            echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi
          if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
          helm upgrade --install myapp ./7project/charts/myapp-chart \
            -n prod --create-namespace \
            -f 7project/charts/myapp-chart/values-prod.yaml \
            --set deployment="prod" \
            --set domain="$DOMAIN" \
            --set image.repository="$IMAGE_REPO" \
            --set image.digest="$DIGEST" \
            --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
            --set-string database.password="$DB_PASSWORD" 
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -0,0 +1,54 @@
 name: Build, Push and Update Image in Manifest
 on:
  push:
    branches: [ "main" ]
    paths:
      - 'backend/**'
  workflow_dispatch:
 jobs:
  build-and-update:
    runs-on: kbctl
    permissions:
      contents: write
      packages: write
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Build and push Docker image
        id: build
        uses: docker/build-push-action@v5
        with:
          context: ./backend
          push: true
          tags: ${{ secrets.DOCKER_USER }}/cc-app-demo:latest
      - name: Get image digest
        run: echo "IMAGE_DIGEST=${{ steps.build.outputs.digest }}" >> $GITHUB_ENV
      - name: Update manifests with new image digest
        uses: OpsVerseIO/image-updater-action@0.1.0
        with:
          branch: main
          targetBranch: main
          createPR: 'false'
          message: "${{ github.event.head_commit.message }}"
          token: ${{ secrets.GITHUB_TOKEN }}
          changes: |
            {
              "deployment/app-demo-deployment.yaml": {
                "spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
              },
              "deployment/app-demo-worker-deployment.yaml": {
                "spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
              }
            }
--- a/7project/.gitignore
+++ b/7project/.gitignore
--- a/7project/charts/myapp-chart/Chart.yaml
+++ b/7project/charts/myapp-chart/Chart.yaml
@@ -1,6 +0,0 @@
 apiVersion: v2
 name: myapp-chart
 version: 0.1.0
 description: Helm chart for my app with MariaDB Database CR
 appVersion: "1.0.0"
 type: application
--- a/7project/charts/myapp-chart/templates/NOTES.txt
+++ b/7project/charts/myapp-chart/templates/NOTES.txt
@@ -1,54 +0,0 @@
 Thank you for installing myapp-chart.
 This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access.
 Namespaces per developer (important):
 - Install each developer's environment into their own namespace using Helm's -n/--namespace flag.
 - No hardcoded namespace is used in templates; resources are created in .Release.Namespace.
 - Example namespaces: dev-alice, dev-bob, pr-123, etc.
 Key values:
 - deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER)
 - image.repository/tag or image.digest -> container image
 - domain -> public FQDN used by TunnelBinding (required to expose app)
 - app/worker names, replicas, ports
 Examples:
 - Dev install (Alice):
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n dev-alice --create-namespace \
    -f values-dev.yaml \
    --set domain=alice.demo.example.com \
    --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
    --set-string database.password="$DB_PASSWORD"
 - Dev install (Bob):
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n dev-bob --create-namespace \
    -f values-dev.yaml \
    --set domain=bob.demo.example.com
 - Prod install (different cleanupPolicy):
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n prod --create-namespace \
    -f values-prod.yaml \
    --set domain=app.example.com
 - PR (preview) install with DB name containing PR number (also its own namespace):
  PR=123
  helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \
    -n pr-$PR --create-namespace \
    -f values-dev.yaml \
    --set prNumber=$PR \
    --set deployment=preview-$PR \
    --set domain=pr-$PR.example.com
 - Use a custom deployment identifier to suffix DB name, DB username and Secret name:
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n dev-alice --create-namespace \
    -f values-dev.yaml \
    --set deployment=alice \
    --set domain=alice.demo.example.com
 Render locally (dry run):
  helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30
--- a/7project/charts/myapp-chart/templates/app-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/app-deployment.yaml
@@ -1,68 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Values.app.name }}
 spec:
  replicas: {{ .Values.app.replicas }}
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: {{ .Values.app.name }}
  template:
    metadata:
      labels:
        app: {{ .Values.app.name }}
    spec:
      containers:
        - name: {{ .Values.app.name }}
          image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
          ports:
            - containerPort: {{ .Values.app.port }}
          env:
            - name: MARIADB_HOST
              value: {{ printf "%s.%s.svc.cluster.local" .Values.mariadb.mariaDbRef.name .Values.mariadb.mariaDbRef.namespace | quote }}
            - name: MARIADB_PORT
              value: '3306'
            - name: MARIADB_DB
              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
            - name: MARIADB_USER
              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
            - name: MARIADB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
                  key: password
            - name: RABBITMQ_USERNAME
              value: {{ .Values.rabbitmq.username | quote }}
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
                  key: password
            - name: RABBITMQ_HOST
              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
            - name: RABBITMQ_PORT
              value: {{ .Values.rabbitmq.port | quote }}
            - name: RABBITMQ_VHOST
              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
            - name: MAIL_QUEUE
              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
          livenessProbe:
            httpGet:
              path: /
              port: {{ .Values.app.port }}
            initialDelaySeconds: 10
            periodSeconds: 10
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /
              port: {{ .Values.app.port }}
            initialDelaySeconds: 10
            periodSeconds: 10
            failureThreshold: 3
--- a/7project/charts/myapp-chart/templates/database-grant.yaml
+++ b/7project/charts/myapp-chart/templates/database-grant.yaml
@@ -1,18 +0,0 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Grant
 metadata:
  name: grant
 spec:
  mariaDbRef:
    name: {{ .Values.mariadb.mariaDbRef.name }}
    namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
  privileges:
    - "ALL PRIVILEGES"
  database: {{ required "Set .Values.deployment" .Values.deployment | quote }}
  table: "*"
  username: {{ required "Set .Values.deployment" .Values.deployment | quote }}
  grantOption: true
  host: "%"
  cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
  requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
  retryInterval: {{ .Values.mariadb.retryInterval | quote }}
--- a/7project/charts/myapp-chart/templates/database-secret.yaml
+++ b/7project/charts/myapp-chart/templates/database-secret.yaml
@@ -1,7 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
 type: kubernetes.io/basic-auth
 stringData:
  password: {{ required "Set .Values.database.password" .Values.database.password | quote }}
--- a/7project/charts/myapp-chart/templates/database-user.yaml
+++ b/7project/charts/myapp-chart/templates/database-user.yaml
@@ -1,16 +0,0 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: User
 metadata:
  name: {{ required "Set .Values.deployment" .Values.deployment }}
 spec:
  mariaDbRef:
    name: {{ .Values.mariadb.mariaDbRef.name }}
    namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
  passwordSecretKeyRef:
    name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
    key: password
  maxUserConnections: 20
  host: "%"
  cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
  requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
  retryInterval: {{ .Values.mariadb.retryInterval | quote }}
--- a/7project/charts/myapp-chart/templates/database.yaml
+++ b/7project/charts/myapp-chart/templates/database.yaml
@@ -1,14 +0,0 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Database
 metadata:
  name: {{ required "Set .Values.deployment" .Values.deployment }}
 spec:
  mariaDbRef:
    name: {{ .Values.mariadb.mariaDbRef.name | required "Values mariadb.mariaDbRef.name is required" }}
    namespace: {{ .Values.mariadb.mariaDbRef.namespace | default .Release.Namespace }}
  characterSet: utf8
  collate: utf8_general_ci
  cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
  requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
  retryInterval: {{ .Values.mariadb.retryInterval | quote }}
--- a/7project/charts/myapp-chart/templates/rabbitmq-cluster.yaml
+++ b/7project/charts/myapp-chart/templates/rabbitmq-cluster.yaml
@@ -1,10 +0,0 @@
 apiVersion: rabbitmq.com/v1beta1
 kind: RabbitmqCluster
 metadata:
  name: "rabbitmq-cluster"
  namespace: {{ .Release.Namespace }}
 spec:
  replicas: {{ .Values.rabbitmq.replicas | default 1 }}
  persistence:
    storage: {{ .Values.rabbitmq.storage | default "1Gi" }}
  resources: {}
--- a/7project/charts/myapp-chart/templates/rabbitmq-permission.yaml
+++ b/7project/charts/myapp-chart/templates/rabbitmq-permission.yaml
@@ -1,15 +0,0 @@
 apiVersion: rabbitmq.com/v1beta1
 kind: Permission
 metadata:
  name: {{ printf "%s-permission" (.Values.rabbitmq.username | default "demo-app") }}
  namespace: {{ .Release.Namespace }}
 spec:
  rabbitmqClusterReference:
    name: rabbitmq-cluster
    namespace: {{ .Release.Namespace }}
  vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
  user: {{ .Values.rabbitmq.username | default "demo-app" }}
  permissions:
    configure: ".*"
    read: ".*"
    write: ".*"
--- a/7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
+++ b/7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
@@ -1,12 +0,0 @@
 apiVersion: rabbitmq.com/v1beta1
 kind: Queue
 metadata:
  name: {{ .Values.worker.mailQueueName | replace "_" "-" | lower }}
  namespace: {{ .Release.Namespace }}
 spec:
  rabbitmqClusterReference:
    name: rabbitmq-cluster
    namespace: {{ .Release.Namespace }}
  name: {{ .Values.worker.mailQueueName }}
  vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
  durable: true
--- a/7project/charts/myapp-chart/templates/rabbitmq-user-secret.yaml
+++ b/7project/charts/myapp-chart/templates/rabbitmq-user-secret.yaml
@@ -1,10 +0,0 @@
 {{- if .Values.rabbitmq.password }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
  namespace: {{ .Release.Namespace }}
 stringData:
  password: {{ .Values.rabbitmq.password | quote }}
  username: {{ .Values.rabbitmq.username | quote }}
 {{- end }}
--- a/7project/charts/myapp-chart/templates/rabbitmq-user.yaml
+++ b/7project/charts/myapp-chart/templates/rabbitmq-user.yaml
@@ -1,13 +0,0 @@
 apiVersion: rabbitmq.com/v1beta1
 kind: User
 metadata:
  name: {{ .Values.rabbitmq.username | default "demo-app" }}
  namespace: {{ .Release.Namespace }}
 spec:
  rabbitmqClusterReference:
    name: rabbitmq-cluster
    namespace: {{ .Release.Namespace }}
  tags:
    - management
  importCredentialsSecret:
    name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
--- a/7project/charts/myapp-chart/templates/service.yaml
+++ b/7project/charts/myapp-chart/templates/service.yaml
@@ -1,10 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Values.app.name }}
 spec:
  ports:
    - port: {{ .Values.service.port }}
      targetPort: {{ .Values.app.port }}
  selector:
    app: {{ .Values.app.name }}
--- a/7project/charts/myapp-chart/templates/tunnel.yaml
+++ b/7project/charts/myapp-chart/templates/tunnel.yaml
@@ -1,14 +0,0 @@
 apiVersion: networking.cfargotunnel.com/v1alpha1
 kind: TunnelBinding
 metadata:
  name: guestbook-tunnel-binding
  namespace: {{ .Release.Namespace }}
 subjects:
  - name: app-server
    spec:
      target: {{ printf "http://%s.%s.svc.cluster.local" .Values.app.name .Release.Namespace | quote }}
      fqdn: {{ required "Set .Values.domain via --set domain=example.com" .Values.domain | quote }}
      noTlsVerify: true
 tunnelRef:
  kind: ClusterTunnel
  name: cluster-tunnel
--- a/7project/charts/myapp-chart/templates/worker-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/worker-deployment.yaml
@@ -1,48 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ printf "%s-worker" .Values.app.name }}
 spec:
  replicas: {{ .Values.worker.replicas }}
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: {{ printf "%s-worker" .Values.app.name }}
  template:
    metadata:
      labels:
        app: {{ printf "%s-worker" .Values.app.name }}
    spec:
      containers:
        - name: {{ printf "%s-worker" .Values.app.name }}
          image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
          command:
            - celery
            - -A
            - app.celery_app
            - worker
            - -Q
            - $(MAIL_QUEUE)
            - --loglevel
            - INFO
          env:
            - name: RABBITMQ_USERNAME
              value: {{ .Values.rabbitmq.username | quote }}
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
                  key: password
            - name: RABBITMQ_HOST
              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
            - name: RABBITMQ_PORT
              value: {{ .Values.rabbitmq.port | quote }}
            - name: RABBITMQ_VHOST
              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
            - name: MAIL_QUEUE
              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
--- a/7project/charts/myapp-chart/values-dev.yaml
+++ b/7project/charts/myapp-chart/values-dev.yaml
@@ -1,5 +0,0 @@
 env: dev
 mariadb:
  cleanupPolicy: Delete
--- a/7project/charts/myapp-chart/values-prod.yaml
+++ b/7project/charts/myapp-chart/values-prod.yaml
@@ -1,7 +0,0 @@
 env: prod
 app:
  replicas: 3
 worker:
  replicas: 3
--- a/7project/charts/myapp-chart/values.yaml
+++ b/7project/charts/myapp-chart/values.yaml
@@ -1,59 +0,0 @@
 # Base values shared across environments
 env: dev
 # Optional PR number used to suffix DB name, set via --set prNumber=123 in CI
 prNumber: ""
 # Optional deployment identifier used to suffix resource names (db, user, secret)
 # Example: --set deployment=alice or --set deployment=feature123
 deployment: ""
 # Public domain to expose the app under (used by TunnelBinding fqdn)
 # Set at install time: --set domain=example.com
 domain: ""
 image:
  repository: lukastrkan/cc-app-demo
  # You can use a tag or digest. If digest is provided, it takes precedence.
  digest: ""
  pullPolicy: IfNotPresent
 app:
  name: "finance-tracker"
  replicas: 1
  port: 8000
 worker:
  name: app-demo-worker
  replicas: 1
  # Queue name for Celery worker and for CRD Queue
  mailQueueName: "mail_queue"
 service:
  port: 80
 rabbitmq:
  create: true
  replicas: 1
  storage: 5Gi
  # Optional: override the generated cluster name; default is "<app.name>-rabbit[-<deployment>]"
  clusterName: ""
  port: "5672"
  username: demo-app
  password: ""
  vhost: "/"
 mariadb:
  name: app-demo-database
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
  mariaDbRef:
    name: mariadb-repl
    namespace: mariadb-operator
 # Database access resources
 database:
  userName: app-demo-user
  secretName: app-demo-database-secret
  password: ""
--- a/7project/tofu/modules/prometheus/grafana-ui.yaml
+++ b/7project/tofu/modules/prometheus/grafana-ui.yaml
@@ -1,14 +0,0 @@
 apiVersion: networking.cfargotunnel.com/v1alpha1
 kind: TunnelBinding
 metadata:
  name: grafana-tunnel-binding
  namespace: monitoring
 subjects:
  - name: grafana
    spec:
      target: http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local
      fqdn: grafana.${base_domain}
      noTlsVerify: true
 tunnelRef:
  kind: ClusterTunnel
  name: cluster-tunnel
--- a/7project/tofu/modules/prometheus/main.tf
+++ b/7project/tofu/modules/prometheus/main.tf
@@ -1,66 +0,0 @@
 terraform {
  required_providers {
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = "1.19.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "3.0.2"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.38.0"
    }
    kustomization = {
      source  = "kbst/kustomization"
      version = "0.9.6"
    }
    time = {
      source  = "hashicorp/time"
      version = "0.13.1"
    }
  }
 }
 # Create namespace for monitoring
 resource "kubernetes_namespace" "monitoring" {
  metadata {
    name = "monitoring"
    labels = {
      "pod-security.kubernetes.io/enforce" = "privileged"
    }
  }
 }
 # Deploy kube-prometheus-stack
 resource "helm_release" "kube_prometheus_stack" {
  name       = "kube-prometheus-stack"
  repository = "https://prometheus-community.github.io/helm-charts"
  chart      = "kube-prometheus-stack"
  namespace  = kubernetes_namespace.monitoring.metadata[0].name
  version    = "67.2.1" # Check for latest version
  # Wait for CRDs to be created
  wait          = true
  timeout       = 600
  force_update  = false
  recreate_pods = false
  # Reference the values file
  values = [
    file("${path.module}/values.yaml")
  ]
  depends_on = [
    kubernetes_namespace.monitoring
  ]
 }
 resource "kubectl_manifest" "argocd-tunnel-bind" {
  depends_on = [helm_release.kube_prometheus_stack]
  yaml_body = templatefile("${path.module}/grafana-ui.yaml", {
    base_domain = var.cloudflare_domain
  })
 }
--- a/7project/tofu/modules/prometheus/values.yaml
+++ b/7project/tofu/modules/prometheus/values.yaml
@@ -1,189 +0,0 @@
 # Prometheus configuration
 prometheus:
  prometheusSpec:
    retention: 30d
    retentionSize: "45GB"
    # Storage configuration
    storageSpec:
      volumeClaimTemplate:
        spec:
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 50Gi
          # storageClassName: "your-storage-class" # Uncomment and specify if needed
    # Resource limits
    resources:
      requests:
        cpu: 500m
        memory: 2Gi
      limits:
        cpu: 2000m
        memory: 4Gi
    # Scrape interval
    scrapeInterval: 30s
    evaluationInterval: 30s
  # Service configuration
  service:
    type: ClusterIP
    port: 9090
  # Ingress (disabled by default)
  ingress:
    enabled: false
    # ingressClassName: nginx
    # hosts:
    #   - prometheus.example.com
    # tls:
    #   - secretName: prometheus-tls
    #     hosts:
    #       - prometheus.example.com
 # Grafana configuration
 grafana:
  enabled: true
  # Admin credentials
  adminPassword: "admin" # CHANGE THIS IN PRODUCTION!
  # Persistence
  persistence:
    enabled: true
    size: 10Gi
    # storageClassName: "your-storage-class" # Uncomment and specify if needed
  # Resource limits
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 512Mi
  # Service configuration
  service:
    type: ClusterIP
    port: 80
  # Ingress (disabled by default)
  ingress:
    enabled: false
    # ingressClassName: nginx
    # hosts:
    #   - grafana.example.com
    # tls:
    #   - secretName: grafana-tls
    #     hosts:
    #       - grafana.example.com
  # Default dashboards
  defaultDashboardsEnabled: true
  defaultDashboardsTimezone: Europe/Prague
 # Alertmanager configuration
 alertmanager:
  enabled: true
  alertmanagerSpec:
    # Storage configuration
    storage:
      volumeClaimTemplate:
        spec:
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 10Gi
          # storageClassName: "your-storage-class" # Uncomment and specify if needed
    # Resource limits
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        cpu: 500m
        memory: 256Mi
  # Service configuration
  service:
    type: ClusterIP
    port: 9093
  # Ingress (disabled by default)
  ingress:
    enabled: false
    # ingressClassName: nginx
    # hosts:
    #   - alertmanager.example.com
    # tls:
    #   - secretName: alertmanager-tls
    #     hosts:
    #       - alertmanager.example.com
  # Alertmanager configuration
  config:
    global:
      resolve_timeout: 5m
    route:
      group_by: [ 'alertname', 'cluster', 'service' ]
      group_wait: 10s
      group_interval: 10s
      repeat_interval: 12h
      receiver: 'null'
      routes:
        - match:
            alertname: Watchdog
          receiver: 'null'
    receivers:
      - name: 'null'
      # Add your receivers here (email, slack, pagerduty, etc.)
      # - name: 'slack'
      #   slack_configs:
      #     - api_url: 'YOUR_SLACK_WEBHOOK_URL'
      #       channel: '#alerts'
      #       title: '{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}'
      #       text: '{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}'
 # Node Exporter
 nodeExporter:
  enabled: true
 # Kube State Metrics
 kubeStateMetrics:
  enabled: true
 # Prometheus Operator
 prometheusOperator:
  enabled: true
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits:
      cpu: 500m
      memory: 256Mi
 # Service Monitors
 # Automatically discover and monitor services with appropriate labels
 prometheus-node-exporter:
  prometheus:
    monitor:
      enabled: true
 # Additional ServiceMonitors can be defined here
 # additionalServiceMonitors: []
 # Global settings
 global:
  rbac:
    create: true
--- a/7project/tofu/modules/prometheus/variables.tf
+++ b/7project/tofu/modules/prometheus/variables.tf
@@ -1,5 +0,0 @@
 variable "cloudflare_domain" {
  type     = string
  default  = "Base cloudflare domain, e.g. example.com"
  nullable = false
 }
--- a/7project/tofu/modules/rabbitmq/main.tf
+++ b/7project/tofu/modules/rabbitmq/main.tf
@@ -1,85 +0,0 @@
 terraform {
  required_providers {
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = "1.19.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "3.0.2" # Doporučuji použít novější verzi providera
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.38.0" # Doporučuji použít novější verzi providera
    }
    # Ostatní provideři mohou zůstat
  }
 }
 resource "helm_release" "rabbitmq_operator" {
  name       = "rabbitmq-cluster-operator"
  repository = "oci://registry-1.docker.io/bitnamicharts"
  chart      = "rabbitmq-cluster-operator"
  version = "4.4.34"
  namespace        = "rabbitmq-system"
  create_namespace = true
  # Zde můžete přepsat výchozí hodnoty chartu, pokud by bylo potřeba
  # Například sledovat jen určité namespace, nastavit tolerations atd.
  # Pro základní instalaci není potřeba nic měnit.
  # values = [
  #   templatefile("${path.module}/values/operator-values.yaml", {})
  # ]
  set = [
    {
      name  = "rabbitmqImage.repository"
      value = "bitnamilegacy/rabbitmq"
    },
    {
      name  = "clusterOperator.image.repository"
      value = "bitnamilegacy/rabbitmq-cluster-operator"
    },
    {
      name  = "msgTopologyOperator.image.repository"
      value = "bitnamilegacy/rmq-messaging-topology-operator"
    },
    {
      name  = "credentialUpdaterImage.repository"
      value = "bitnamilegacy/rmq-default-credential-updater"
    },
    {
      name  = "clusterOperator.metrics.service.enabled"
      value = "true"
    },
    {
      name  = "clusterOperator.metrics.service.enabled"
      value = "true"
    }
  ]
 }
 resource "kubectl_manifest" "rabbitmq_cluster" {
  yaml_body = templatefile("${path.module}/rabbit-cluster.yaml", {
    replicas = var.rabbitmq_replicas
    password = var.rabbitmq-password
  })
  depends_on = [
    helm_release.rabbitmq_operator
  ]
 }
 resource "kubectl_manifest" "rabbit_ui" {
  yaml_body = templatefile("${path.module}/rabbit-ui.yaml", {
    base_domain = var.base_domain
  })
  depends_on = [
    kubectl_manifest.rabbitmq_cluster
  ]
 }
--- a/7project/tofu/modules/rabbitmq/rabbit-cluster.yaml
+++ b/7project/tofu/modules/rabbitmq/rabbit-cluster.yaml
@@ -1,5 +0,0 @@
 apiVersion: rabbitmq.com/v1beta1
 kind: RabbitmqCluster
 metadata:
  name: 'rabbitmq-cluster'
  namespace: "rabbitmq"
--- a/7project/README.md
+++ b/7project/README.md
--- a/7project/backend/Dockerfile
+++ b/7project/backend/Dockerfile
@@ -1,5 +1,4 @@
 FROM python:3.11-slim
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
--- a/7project/backend/alembic.ini
+++ b/7project/backend/alembic.ini
--- a/7project/backend/alembic/env.py
+++ b/7project/backend/alembic/env.py
--- a/7project/backend/alembic/script.py.mako
+++ b/7project/backend/alembic/script.py.mako
--- a/7project/backend/alembic/versions/81f275275556_init_migration.py
+++ b/7project/backend/alembic/versions/81f275275556_init_migration.py
--- a/7project/backend/app/init.py
+++ b/7project/backend/app/init.py
--- a/7project/backend/app/api/.keep
+++ b/7project/backend/app/api/.keep
--- a/7project/backend/app/api/init.py
+++ b/7project/backend/app/api/init.py
--- a/7project/backend/app/app.py
+++ b/7project/backend/app/app.py
@@ -48,7 +48,7 @@ app.include_router(
 # Liveness/root endpoint
@app.get("/", include_in_schema=False)
 async def root():
-    return {"status": "ok", "message": "Welcome to the FastAPI application!"}
+    return {"status": "ok"}
@app.get("/authenticated-route")
--- a/7project/backend/app/celery_app.py
+++ b/7project/backend/app/celery_app.py
--- a/7project/backend/app/core/init.py
+++ b/7project/backend/app/core/init.py
--- a/7project/backend/app/core/base.py
+++ b/7project/backend/app/core/base.py
--- a/7project/backend/app/core/db.py
+++ b/7project/backend/app/core/db.py
--- a/7project/backend/app/core/queue.py
+++ b/7project/backend/app/core/queue.py
--- a/7project/backend/app/models/init.py
+++ b/7project/backend/app/models/init.py
--- a/7project/backend/app/models/transaction.py
+++ b/7project/backend/app/models/transaction.py
--- a/7project/backend/app/models/user.py
+++ b/7project/backend/app/models/user.py
--- a/7project/backend/app/schemas/init.py
+++ b/7project/backend/app/schemas/init.py
--- a/7project/backend/app/schemas/user.py
+++ b/7project/backend/app/schemas/user.py
--- a/7project/backend/app/services/init.py
+++ b/7project/backend/app/services/init.py
--- a/7project/backend/app/services/db.py
+++ b/7project/backend/app/services/db.py
--- a/7project/backend/app/services/user_service.py
+++ b/7project/backend/app/services/user_service.py
--- a/7project/backend/app/workers/init.py
+++ b/7project/backend/app/workers/init.py
--- a/7project/backend/app/workers/celery_tasks.py
+++ b/7project/backend/app/workers/celery_tasks.py
--- a/7project/backend/main.py
+++ b/7project/backend/main.py
--- a/7project/backend/requirements.txt
+++ b/7project/backend/requirements.txt
--- a/7project/compose.yml
+++ b/7project/compose.yml
--- a/7project/create_migration.sh
+++ b/7project/create_migration.sh
--- a/7project/deployment/app-demo-database-grant.yaml
+++ b/7project/deployment/app-demo-database-grant.yaml
--- a/7project/deployment/app-demo-database-secret.yaml
+++ b/7project/deployment/app-demo-database-secret.yaml
--- a/7project/deployment/app-demo-database-user.yaml
+++ b/7project/deployment/app-demo-database-user.yaml
--- a/7project/deployment/app-demo-database.yaml
+++ b/7project/deployment/app-demo-database.yaml
--- a/7project/deployment/app-demo-deployment.yaml
+++ b/7project/deployment/app-demo-deployment.yaml
--- a/7project/deployment/app-demo-svc.yaml
+++ b/7project/deployment/app-demo-svc.yaml
--- a/7project/deployment/app-demo-worker-deployment.yaml
+++ b/7project/deployment/app-demo-worker-deployment.yaml
@@ -29,13 +29,8 @@ spec:
            - name: RABBITMQ_USERNAME
              value: demo-app
            - name: RABBITMQ_PASSWORD
-              valueFrom:
+              value: StrongPassword123!
                secretKeyRef:
                  name: demo-app-user-credentials
                  key: password
            - name: RABBITMQ_HOST
              value: rabbitmq.rabbitmq.svc.cluster.local
            - name: RABBITMQ_PORT
              value: '5672'
            - name: RABBITMQ_VHOST
              value: "/"
--- a/7project/deployment/tunnel.yaml
+++ b/7project/deployment/tunnel.yaml
--- a/frontend/.gitignore
+++ b/frontend/.gitignore
@@ -0,0 +1,24 @@
 # Logs
 logs
 *.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 node_modules
 dist
 dist-ssr
 *.local
 # Editor directories and files
 .vscode/*
 !.vscode/extensions.json
 .idea
 .DS_Store
 *.suo
 *.ntvs*
 *.njsproj
 *.sln
 *.sw?
--- a/frontend/README.md
+++ b/frontend/README.md
@@ -0,0 +1,73 @@
 # React + TypeScript + Vite
 This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
 Currently, two official plugins are available:
 - [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) for Fast Refresh
 - [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
 ## React Compiler
 The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
 ## Expanding the ESLint configuration
 If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
 ```js
 export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      // Other configs...
      // Remove tseslint.configs.recommended and replace with this
      tseslint.configs.recommendedTypeChecked,
      // Alternatively, use this for stricter rules
      tseslint.configs.strictTypeChecked,
      // Optionally, add this for stylistic rules
      tseslint.configs.stylisticTypeChecked,
      // Other configs...
    ],
    languageOptions: {
      parserOptions: {
        project: ['./tsconfig.node.json', './tsconfig.app.json'],
        tsconfigRootDir: import.meta.dirname,
      },
      // other options...
    },
  },
 ])
 ```
 You can also install [eslint-plugin-react-x](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-x) and [eslint-plugin-react-dom](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-dom) for React-specific lint rules:
 ```js
 // eslint.config.js
 import reactX from 'eslint-plugin-react-x'
 import reactDom from 'eslint-plugin-react-dom'
 export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      // Other configs...
      // Enable lint rules for React
      reactX.configs['recommended-typescript'],
      // Enable lint rules for React DOM
      reactDom.configs.recommended,
    ],
    languageOptions: {
      parserOptions: {
        project: ['./tsconfig.node.json', './tsconfig.app.json'],
        tsconfigRootDir: import.meta.dirname,
      },
      // other options...
    },
  },
 ])
 ```
--- a/frontend/eslint.config.js
+++ b/frontend/eslint.config.js
@@ -0,0 +1,23 @@
 import js from '@eslint/js'
 import globals from 'globals'
 import reactHooks from 'eslint-plugin-react-hooks'
 import reactRefresh from 'eslint-plugin-react-refresh'
 import tseslint from 'typescript-eslint'
 import { defineConfig, globalIgnores } from 'eslint/config'
 export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      js.configs.recommended,
      tseslint.configs.recommended,
      reactHooks.configs['recommended-latest'],
      reactRefresh.configs.vite,
    ],
    languageOptions: {
      ecmaVersion: 2020,
      globals: globals.browser,
    },
  },
 ])
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -0,0 +1,13 @@
 <!doctype html>
 <html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>frontend</title>
  </head>
  <body>
    <div id="root"></div>
    <script type="module" src="/src/main.tsx"></script>
  </body>
 </html>
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -0,0 +1,29 @@
 {
  "name": "frontend",
  "private": true,
  "version": "0.0.0",
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "tsc -b && vite build",
    "lint": "eslint .",
    "preview": "vite preview"
  },
  "dependencies": {
    "react": "^19.1.1",
    "react-dom": "^19.1.1"
  },
  "devDependencies": {
    "@eslint/js": "^9.36.0",
    "@types/react": "^19.1.13",
    "@types/react-dom": "^19.1.9",
    "@vitejs/plugin-react": "^5.0.3",
    "eslint": "^9.36.0",
    "eslint-plugin-react-hooks": "^5.2.0",
    "eslint-plugin-react-refresh": "^0.4.20",
    "globals": "^16.4.0",
    "typescript": "~5.8.3",
    "typescript-eslint": "^8.44.0",
    "vite": "^7.1.7"
  }
 }
--- a/frontend/public/vite.svg
+++ b/frontend/public/vite.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>
--- a/frontend/src/App.css
+++ b/frontend/src/App.css
@@ -0,0 +1,42 @@
 #root {
  max-width: 1280px;
  margin: 0 auto;
  padding: 2rem;
  text-align: center;
 }
 .logo {
  height: 6em;
  padding: 1.5em;
  will-change: filter;
  transition: filter 300ms;
 }
 .logo:hover {
  filter: drop-shadow(0 0 2em #646cffaa);
 }
 .logo.react:hover {
  filter: drop-shadow(0 0 2em #61dafbaa);
 }
@keyframes logo-spin {
  from {
    transform: rotate(0deg);
  }
  to {
    transform: rotate(360deg);
  }
 }
@media (prefers-reduced-motion: no-preference) {
  a:nth-of-type(2) .logo {
    animation: logo-spin infinite 20s linear;
  }
 }
 .card {
  padding: 2em;
 }
 .read-the-docs {
  color: #888;
 }
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -0,0 +1,35 @@
 import { useState } from 'react'
 import reactLogo from './assets/react.svg'
 import viteLogo from '/vite.svg'
 import './App.css'
 function App() {
  const [count, setCount] = useState(0)
  return (
    <>
      <div>
        <a href="https://vite.dev" target="_blank">
          <img src={viteLogo} className="logo" alt="Vite logo" />
        </a>
        <a href="https://react.dev" target="_blank">
          <img src={reactLogo} className="logo react" alt="React logo" />
        </a>
      </div>
      <h1>Vite + React</h1>
      <div className="card">
        <button onClick={() => setCount((count) => count + 1)}>
          count is {count}
        </button>
        <p>
          Edit <code>src/App.tsx</code> and save to test HMR
        </p>
      </div>
      <p className="read-the-docs">
        Click on the Vite and React logos to learn more
      </p>
    </>
  )
 }
 export default App
--- a/frontend/src/assets/react.svg
+++ b/frontend/src/assets/react.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
--- a/frontend/src/index.css
+++ b/frontend/src/index.css
@@ -0,0 +1,68 @@
 :root {
  font-family: system-ui, Avenir, Helvetica, Arial, sans-serif;
  line-height: 1.5;
  font-weight: 400;
  color-scheme: light dark;
  color: rgba(255, 255, 255, 0.87);
  background-color: #242424;
  font-synthesis: none;
  text-rendering: optimizeLegibility;
  -webkit-font-smoothing: antialiased;
  -moz-osx-font-smoothing: grayscale;
 }
 a {
  font-weight: 500;
  color: #646cff;
  text-decoration: inherit;
 }
 a:hover {
  color: #535bf2;
 }
 body {
  margin: 0;
  display: flex;
  place-items: center;
  min-width: 320px;
  min-height: 100vh;
 }
 h1 {
  font-size: 3.2em;
  line-height: 1.1;
 }
 button {
  border-radius: 8px;
  border: 1px solid transparent;
  padding: 0.6em 1.2em;
  font-size: 1em;
  font-weight: 500;
  font-family: inherit;
  background-color: #1a1a1a;
  cursor: pointer;
  transition: border-color 0.25s;
 }
 button:hover {
  border-color: #646cff;
 }
 button:focus,
 button:focus-visible {
  outline: 4px auto -webkit-focus-ring-color;
 }
@media (prefers-color-scheme: light) {
  :root {
    color: #213547;
    background-color: #ffffff;
  }
  a:hover {
    color: #747bff;
  }
  button {
    background-color: #f9f9f9;
  }
 }
--- a/frontend/src/main.tsx
+++ b/frontend/src/main.tsx
@@ -0,0 +1,10 @@
 import { StrictMode } from 'react'
 import { createRoot } from 'react-dom/client'
 import './index.css'
 import App from './App.tsx'
 createRoot(document.getElementById('root')!).render(
  <StrictMode>
    <App />
  </StrictMode>,
 )
--- a/frontend/tsconfig.app.json
+++ b/frontend/tsconfig.app.json
@@ -0,0 +1,28 @@
 {
  "compilerOptions": {
    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
    "target": "ES2022",
    "useDefineForClassFields": true,
    "lib": ["ES2022", "DOM", "DOM.Iterable"],
    "module": "ESNext",
    "types": ["vite/client"],
    "skipLibCheck": true,
    /* Bundler mode */
    "moduleResolution": "bundler",
    "allowImportingTsExtensions": true,
    "verbatimModuleSyntax": true,
    "moduleDetection": "force",
    "noEmit": true,
    "jsx": "react-jsx",
    /* Linting */
    "strict": true,
    "noUnusedLocals": true,
    "noUnusedParameters": true,
    "erasableSyntaxOnly": true,
    "noFallthroughCasesInSwitch": true,
    "noUncheckedSideEffectImports": true
  },
  "include": ["src"]
 }
--- a/frontend/tsconfig.json
+++ b/frontend/tsconfig.json
@@ -0,0 +1,7 @@
 {
  "files": [],
  "references": [
    { "path": "./tsconfig.app.json" },
    { "path": "./tsconfig.node.json" }
  ]
 }
--- a/frontend/tsconfig.node.json
+++ b/frontend/tsconfig.node.json
@@ -0,0 +1,26 @@
 {
  "compilerOptions": {
    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
    "target": "ES2023",
    "lib": ["ES2023"],
    "module": "ESNext",
    "types": [],
    "skipLibCheck": true,
    /* Bundler mode */
    "moduleResolution": "bundler",
    "allowImportingTsExtensions": true,
    "verbatimModuleSyntax": true,
    "moduleDetection": "force",
    "noEmit": true,
    /* Linting */
    "strict": true,
    "noUnusedLocals": true,
    "noUnusedParameters": true,
    "erasableSyntaxOnly": true,
    "noFallthroughCasesInSwitch": true,
    "noUncheckedSideEffectImports": true
  },
  "include": ["vite.config.ts"]
 }
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -0,0 +1,7 @@
 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
 // https://vite.dev/config/
 export default defineConfig({
  plugins: [react()],
 })
--- a/7project/tofu/main.tf
+++ b/7project/tofu/main.tf
@@ -53,8 +53,7 @@ module "loadbalancer" {
 }
 module "cert-manager" {
-  source     = "${path.module}/modules/cert-manager"
+  source = "${path.module}/modules/cert-manager"
  depends_on = [module.loadbalancer]
 }
 module "cloudflare" {
@@ -68,16 +67,10 @@ module "cloudflare" {
  cloudflare_account_id  = var.cloudflare_account_id
 }
 module "monitoring" {
  source                 = "${path.module}/modules/prometheus"
  depends_on             = [module.cloudflare]
  cloudflare_domain = var.cloudflare_domain
 }
 module "database" {
  source     = "${path.module}/modules/maxscale"
-  depends_on = [module.monitoring]
+  depends_on = [module.storage, module.loadbalancer, module.cloudflare]
  mariadb_password      = var.mariadb_password
  mariadb_root_password = var.mariadb_root_password
@@ -94,23 +87,23 @@ module "database" {
  cloudflare_domain  = var.cloudflare_domain
 }
-#module "argocd" {
+module "argocd" {
-#  source     = "${path.module}/modules/argocd"
+  source     = "${path.module}/modules/argocd"
-#  depends_on = [module.storage, module.loadbalancer, module.cloudflare]
+  depends_on = [module.storage, module.loadbalancer, module.cloudflare]
-#  argocd_admin_password = var.argocd_admin_password
+  argocd_admin_password = var.argocd_admin_password
-#  cloudflare_domain     = var.cloudflare_domain
+  cloudflare_domain     = var.cloudflare_domain
-#}
+}
-#module "redis" {
+module "redis" {
-#  source                 = "${path.module}/modules/redis"
+  source                 = "${path.module}/modules/redis"
-#  depends_on             = [module.storage]
+  depends_on             = [module.storage]
-#  cloudflare_base_domain = var.cloudflare_domain
+  cloudflare_base_domain = var.cloudflare_domain
-#}
+}
 module "rabbitmq" {
  source            = "${path.module}/modules/rabbitmq"
-  depends_on        = [module.database]
+  depends_on        = [module.storage]
  base_domain       = var.cloudflare_domain
  rabbitmq-password = var.rabbitmq-password
 }
--- a/7project/tofu/modules/argocd/argocd-ui.yaml
+++ b/7project/tofu/modules/argocd/argocd-ui.yaml
--- a/7project/tofu/modules/argocd/main.tf
+++ b/7project/tofu/modules/argocd/main.tf
--- a/7project/tofu/modules/argocd/variables.tf
+++ b/7project/tofu/modules/argocd/variables.tf
--- a/7project/tofu/modules/cert-manager/main.tf
+++ b/7project/tofu/modules/cert-manager/main.tf
--- a/7project/tofu/modules/cloudflare/cluster-tunnel.yaml
+++ b/7project/tofu/modules/cloudflare/cluster-tunnel.yaml
@@ -1,10 +1,10 @@
 apiVersion: networking.cfargotunnel.com/v1alpha2
 kind: ClusterTunnel
 metadata:
-  name: cluster-tunnel
+  name: cluster-tunnel      # The ClusterTunnel Custom Resource Name
 spec:
  newTunnel:
-    name: ${cloudflare_tunnel_name}
+    name: ${cloudflare_tunnel_name}         # Name of your new tunnel on Cloudflare
  cloudflare:
    email: ${cloudflare_email}
    domain: ${cloudflare_domain}
--- a/7project/tofu/modules/cloudflare/kustomization/kustomization.yaml
+++ b/7project/tofu/modules/cloudflare/kustomization/kustomization.yaml
--- a/7project/tofu/modules/cloudflare/main.tf
+++ b/7project/tofu/modules/cloudflare/main.tf
@@ -41,10 +41,10 @@ resource "kubectl_manifest" "cloudflare-api-token" {
 resource "kubectl_manifest" "cloudflare-tunnel" {
  yaml_body = templatefile("${path.module}/cluster-tunnel.yaml", {
    cloudflare_tunnel_name = var.cloudflare_tunnel_name
-    cloudflare_email       = var.cloudflare_email
+    cloudflare_email = var.cloudflare_email
-    cloudflare_domain      = var.cloudflare_domain
+    cloudflare_domain = var.cloudflare_domain
-    cloudflare_account_id  = var.cloudflare_account_id
+    cloudflare_account_id = var.cloudflare_account_id
  })
  depends_on = [kustomization_resource.cloudflare]
-}
+}
--- a/7project/tofu/modules/cloudflare/secret.yaml
+++ b/7project/tofu/modules/cloudflare/secret.yaml
--- a/7project/tofu/modules/cloudflare/variables.tf
+++ b/7project/tofu/modules/cloudflare/variables.tf
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v2
 name: maxscale-helm
-version: 1.0.7
+version: 1.0.2
 description: Helm chart for MaxScale related Kubernetes manifests
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/config.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/config.yaml
@@ -54,12 +54,6 @@ spec:
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
        interval: 30s
        scrapeTimeout: 10s
        prometheusRelease: kube-prometheus-stack
        jobLabel: mariadb-monitoring
    tls:
      enabled: true
@@ -112,17 +106,7 @@ spec:
      key: dsn
  affinity:
-    podAntiAffinity:
+    antiAffinityEnabled: true
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                    - mariadb-repl
            topologyKey: kubernetes.io/hostname
  tolerations:
    - key: "k8s.mariadb.com/ha"
@@ -165,12 +149,6 @@ spec:
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      interval: 30s
      scrapeTimeout: 10s
      prometheusRelease: kube-prometheus-stack
      jobLabel: mariadb-monitoring
  tls:
    enabled: true
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/grant.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/grant.yaml
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/mariadb-service-0.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/mariadb-service-0.yaml
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/mariadb-service-1.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/mariadb-service-1.yaml
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/mariadb-service-2.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/mariadb-service-2.yaml
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/maxscale-ui.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/maxscale-ui.yaml
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/phpmyadmin-config-map.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/phpmyadmin-config-map.yaml
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>