KamaTechOrg · LeahMalul · Nov 10, 2025 · Nov 11, 2025 · Nov 11, 2025 · Nov 11, 2025
@@ -21,8 +21,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libxcb-xinerama0 libxcb-cursor0 libxcb-keysyms1 libxcb-render-util0 \
     libxcb-randr0 && rm -rf /var/lib/apt/lists/*
 
+# # ───────── optional CA certs ─────────
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
+
 # ───────── optional CA certs ─────────
-COPY certs /app/certs
+
 RUN if [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
     echo "Configuring NetFree certificates..."; \
     cp ./certs/*.crt /usr/local/share/ca-certificates/; \

@@ -6,7 +6,13 @@ WORKDIR /app
 # ARG USE_NETFREE=true
 
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
-COPY certs /app/certs
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
+
 # System CA + add NetFree certs
 RUN if [ "$USE_NETFREE" = "true" ] && [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
     echo "Configuring NetFree certificates..."; \

@@ -6,7 +6,13 @@ WORKDIR /app
 ARG USE_NETFREE=true
 
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
-COPY certs /app/certs
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
+
 # System CA + add NetFree certs
 RUN if [ "$USE_NETFREE" = "true" ] && [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
     echo "Configuring NetFree certificates..."; \

@@ -1,10 +1,20 @@
 FROM python:3.11-slim
 ENV PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1
 WORKDIR /app
-# # System CA + NetFree
+
+# System CA + NetFree
+
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
-COPY certs/*.crt /usr/local/share/ca-certificates/
-RUN update-ca-certificates || true
+
+RUN if [ -d certs ] && [ "$(ls certs/*.crt 2>/dev/null)" ]; then \
+        echo "Installing local certificates..."; \
+        cp certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "No certificates found in certs directory - skipping."; \
+    fi
+
+
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
     PIP_CERT=/etc/ssl/certs/ca-certificates.crt

@@ -879,9 +879,9 @@ services:
         FLINK_PROPERTIES=
         jobmanager.rpc.address: flink-jobmanager
         parallelism.default: 2
-        taskmanager.numberOfTaskSlots: 2
+        taskmanager.numberOfTaskSlots: 4
         jobmanager.memory.process.size: 1600m
-        taskmanager.memory.process.size: 1728m
+        taskmanager.memory.process.size: 2048m
         s3.endpoint: http://minio-hot:9000
         s3.path.style.access: true
         s3.access.key: minioadmin
@@ -954,7 +954,7 @@ services:
     networks: [ ag_cloud ]
     environment:
       - KAFKA_BOOTSTRAP=kafka:9092
-      - INPUT_TOPIC=imagery.new.fruit
+      - INPUT_TOPIC=inference.dispatched.camera
       - TEAM=fruit
       - HTTP_URL=http://fruit-inference-http:8004/infer_json
       - DLQ_TOPIC=dlq.inference.http
@@ -969,7 +969,7 @@ services:
       - ./streaming/flink/connectors/kafka-clients-3.2.3.jar:/opt/flink/lib/kafka-clients-3.2.3.jar:ro
       - ./streaming/flink/connectors/lz4-java-1.8.0.jar:/opt/flink/lib/lz4-java-1.8.0.jar:ro
       - ./streaming/flink/connectors/snappy-java-1.1.10.5.jar:/opt/flink/lib/snappy-java-1.1.10.5.jar:ro
-    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic imagery.new.fruit --team fruit --http-url http://fruit-inference-http:8004/infer_json --group-id http-dispatcher-fruit --dlq-topic dlq.inference.http; tail -f /dev/null" ]
+    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic inference.dispatched.camera --team fruit --http-url http://fruit-inference-http:8004/infer_json --group-id http-dispatcher-fruit --dlq-topic dlq.inference.http; tail -f /dev/null" ]
     restart: always
 
   flink-dispatcher-camera:
@@ -982,7 +982,7 @@ services:
     networks: [ag_cloud]
     environment:
       - KAFKA_BOOTSTRAP=kafka:9092
-      - INPUT_TOPIC=imagery.new.camera
+      - INPUT_TOPIC=image.new.fruits
       - TEAM=camera
       - HTTP_URL=http://camera-inference-http:8004/infer_json
       - DLQ_TOPIC=dlq.inference.http
@@ -992,7 +992,7 @@ services:
     volumes:
       - ./streaming/flink/jobs:/opt/flink/jobs:ro
       - ./streaming/flink/connectors:/opt/flink/lib/connectors:ro
-    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/connectors/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic imagery.new.camera --team camera --http-url http://camera-inference-http:8004/infer_json --group-id http-dispatcher-camera --dlq-topic dlq.inference.http; tail -f /dev/null" ]
+    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/connectors/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic image.new.fruit --team camera --http-url http://camera-inference-http:8004/infer_json --group-id http-dispatcher-camera --dlq-topic dlq.inference.http; tail -f /dev/null" ]
     restart: always
 
   flink-alerts-job:

@@ -71,6 +71,7 @@ TOPICS=(
   sound_new_plants_connections
   sound_new_sounds_connections
 
+  inference.dispatched.fruit
   inference.dispatched.sounds
   dlq.inference.http
 )

@@ -4,14 +4,24 @@ WORKDIR /app
 
 COPY requirements.txt .
 
-COPY certs /app/certs
-
-RUN apt-get update && \
-    apt-get install -y ca-certificates && \
-    cp /app/certs/*.crt /usr/local/share/ca-certificates/ && \
-    update-ca-certificates && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs /app/certs
+
+
+RUN apt-get update && apt-get install -y ca-certificates && \
+    if [ "$USE_NETFREE" = "true" ] && [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
+        echo "Configuring NetFree certificates..."; \
+        cp ./certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "Skipping certificate configuration (USE_NETFREE=$USE_NETFREE)"; \
+    fi && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
 
 ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

@@ -3,9 +3,16 @@ FROM flink:1.20.0-scala_2.12-java11
 
 USER root
 
+
 # Add local CA (place netfree-ca.crt next to this Dockerfile before building)
-# COPY netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt
-# RUN chmod 644 /usr/local/share/ca-certificates/netfree-ca.crt && update-ca-certificates
+RUN if [ -f netfree-ca.crt ]; then \
+        echo "Installing netfree-ca.crt..."; \
+        cp netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt; \
+        chmod 644 /usr/local/share/ca-certificates/netfree-ca.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No netfree-ca.crt found, skipping."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

@@ -7,12 +7,17 @@ RUN apt-get update && \
 
 WORKDIR /app
 
-# Copy certificates
-COPY certs /app/certs
+# Copy and install certificates if present
+RUN if [ -d certs ] && [ "$(ls certs/*.crt 2>/dev/null)" ]; then \
+        echo "Copying and installing certificates..."; \
+        mkdir -p /app/certs; \
+        tar -cf - certs | tar -xf -; \
+        cp certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "No certs directory or .crt files found - skipping."; \
+    fi
 
-# Install certificates
-RUN cp /app/certs/*.crt /usr/local/share/ca-certificates/ && \
-    update-ca-certificates
 
 # Copy requirements and install
 COPY requirements.txt .

@@ -6,8 +6,14 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential curl ca-certificates && \
     rm -rf /var/lib/apt/lists/*
 
-COPY *.crt /usr/local/share/ca-certificates/
-RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
+RUN if [ "$(ls *.crt 2>/dev/null)" ]; then \
+        echo "Installing local root certificates..."; \
+        cp *.crt /usr/local/share/ca-certificates/; \
+        chmod 644 /usr/local/share/ca-certificates/*.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No .crt files found - skipping certificate installation."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \

@@ -5,8 +5,14 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential curl ca-certificates && \
     rm -rf /var/lib/apt/lists/*
 
-COPY *.crt /usr/local/share/ca-certificates/
-RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
+RUN if [ "$(ls *.crt 2>/dev/null)" ]; then \
+        echo "Installing local root certificates..."; \
+        cp *.crt /usr/local/share/ca-certificates/; \
+        chmod 644 /usr/local/share/ca-certificates/*.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No .crt files found - skipping certificate installation."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \

@@ -2,7 +2,13 @@ FROM flink:1.20.0-scala_2.12-java11
 USER root
 
 # Copy certs dir (may be empty) and trust *.crt if present
-COPY certs/ /tmp/certs/
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs/ /tmp/certs/
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+COPY certs/ /tmp/certs/
+
 
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && \
     rm -rf /var/lib/apt/lists/* && \

@@ -5,8 +5,14 @@ FROM flink:1.19.3-scala_2.12-java11
 USER root
 
 # Add local CA (place netfree-ca.crt next to this Dockerfile before building)
-COPY netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt
-RUN chmod 644 /usr/local/share/ca-certificates/netfree-ca.crt && update-ca-certificates
+RUN if [ -f netfree-ca.crt ]; then \
+        echo "Installing netfree-ca.crt..."; \
+        cp netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt; \
+        chmod 644 /usr/local/share/ca-certificates/netfree-ca.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No netfree-ca.crt found, skipping."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

@@ -85,8 +85,13 @@ def run(self, image_bytes: bytes | None = None, model_tag=None, extra=None) -> D
                     count += 1
 
         return {
+            "ok": True,
+            "team": "camera",
+            "bucket": bucket_in,
+            "key": key,
             "label": "fruit",
             "count": count,
             "latency_ms_model": latency_ms,
             "bucket_out": bucket_in
         }
+
@@ -71,13 +71,13 @@ def infer_json(
 
         latency_ms = int((time.perf_counter() - started) * 1000)
         return {
-            "ok": True,
-            "team": TEAM,
-            "result": result,
-            "image_uri": s3_uri,
-            "latency_ms": latency_ms,
-            "idempotency_key": idem_key,
-            "correlation_id": corr_id,
+          "ok": True,
+          "team": TEAM,
+          **result, 
+          "image_uri": s3_uri,
+          "latency_ms": latency_ms,
+          "idempotency_key": idem_key,
+          "correlation_id": corr_id,
         }
 
     except Exception as e:

@@ -3,7 +3,7 @@
 
 def get_model_runner(team: str):
     t = (team or "").lower()
-    if t == "fruit_defect":
+    if t == "fruit":
         return FruitDefectRunner()
     if t == "camera":                      
         return FruitSegmentationRunner()

@@ -9,7 +9,13 @@
 
 # WORKDIR /app
 
-# # COPY certs /app/certs
+# # RUN if [ -d certs ]; then \
+    #     echo "Copying certs directory..."; \
+    #     tar -cf - certs | tar -xf -; \
+    # else \
+    #     echo "No certs directory, skipping copy."; \
+    # fi
+
 
 # # RUN if [ -f /app/certs/netfree-ca.crt ]; then \
 # #     echo "Installing NetFree certificate..."; \
@@ -50,15 +56,20 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
 WORKDIR /app
 
-# COPY certs /app/certs
-
-# RUN if [ -f /app/certs/netfree-ca.crt ]; then \
-#     echo "Installing NetFree certificate..."; \
-#     cp /app/certs/netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt && \
-#     update-ca-certificates; \
-#     else \
-#     echo "⚠️ WARNING: netfree-ca.crt not found, continuing without it."; \
-#     fi
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
+
+RUN if [ -f /app/certs/netfree-ca.crt ]; then \
+     echo "Installing NetFree certificate..."; \
+     cp /app/certs/netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt && \
+     update-ca-certificates; \
+     else \
+     echo "⚠️ WARNING: netfree-ca.crt not found, continuing without it."; \
+     fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \

@@ -10,12 +10,17 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
       ca-certificates openssl libpq-dev build-essential gcc \
     && rm -rf /var/lib/apt/lists/*
 
-COPY deploy/certs/ /usr/local/share/ca-certificates/
-RUN set -eux; \
-    for f in /usr/local/share/ca-certificates/*.cer; do \
-      [ -f "$f" ] && openssl x509 -inform der -in "$f" -out "${f%.cer}.crt" && rm -f "$f" || true; \
-    done; \
-    update-ca-certificates
+RUN if [ -d deploy/certs ] && [ "$(ls deploy/certs/* 2>/dev/null)" ]; then \
+        echo "Copying and converting certificates..."; \
+        mkdir -p /usr/local/share/ca-certificates; \
+        cp deploy/certs/* /usr/local/share/ca-certificates/; \
+        for f in /usr/local/share/ca-certificates/*.cer; do \
+            [ -f "$f" ] && openssl x509 -inform der -in "$f" -out "${f%.cer}.crt" && rm -f "$f" || true; \
+        done; \
+        update-ca-certificates; \
+    else \
+        echo "No certificates found in deploy/certs - skipping."; \
+    fi
 
 RUN printf "[global]\n\
 cert = /etc/ssl/certs/ca-certificates.crt\n\

@@ -14,9 +14,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 WORKDIR /app
 
 # ---- Corporate CAs ----
-# Place your CA files under classify/certs/*.crt before build
-COPY certs/*.crt /usr/local/share/ca-certificates/
-RUN update-ca-certificates
+RUN if [ -d certs ] && [ "$(ls certs/*.crt 2>/dev/null)" ]; then \
+        echo "Installing local certificates..."; \
+        cp certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "No certs found, skipping update-ca-certificates."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \