KamaTechOrg · LeahMalul · Nov 10, 2025 · Nov 11, 2025 · Nov 11, 2025 · Nov 11, 2025
@@ -21,8 +21,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libxcb-xinerama0 libxcb-cursor0 libxcb-keysyms1 libxcb-render-util0 \
     libxcb-randr0 && rm -rf /var/lib/apt/lists/*
 
+# # ───────── optional CA certs ─────────
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
+
 # ───────── optional CA certs ─────────
-COPY certs /app/certs
+
 RUN if [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
     echo "Configuring NetFree certificates..."; \
     cp ./certs/*.crt /usr/local/share/ca-certificates/; \

@@ -6,12 +6,7 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1
 
 WORKDIR /app
-# build arg
-# ARG USE_NETFREE=true
 
-# Toggle NetFree handling at build time:
-#   docker build --build-arg USE_NETFREE=true  -t image:netfree .
-#   docker build --build-arg USE_NETFREE=false -t image:default .
 ARG USE_NETFREE=false
 
 # Base system tools (certificates + curl)
@@ -22,34 +17,20 @@ RUN apt-get update \
 # Conditionally load extra CA certs from build context ./certs (if exists)
 # - With BuildKit, the mount is optional (required=false).
 # - If USE_NETFREE=false or no *.crt files exist, nothing happens.
-RUN --mount=type=bind,source=certs,target=/tmp/certs,required=false \
-    set -eux; \
-    if [ "${USE_NETFREE}" = "true" ] \
-       && [ -d /tmp/certs ] \
-       && ls /tmp/certs/*.crt >/dev/null 2>&1; then \
-        echo "Adding extra CA certs from /tmp/certs ..."; \
-        cp /tmp/certs/*.crt /usr/local/share/ca-certificates/; \
-        update-ca-certificates; \
-    else \
-        echo "No extra CA certs configured (USE_NETFREE=${USE_NETFREE})."; \
-    fi
-
-# System-wide SSL env (works with or without extra CAs)
-ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
-    REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
-    PIP_CERT=/etc/ssl/certs/ca-certificates.crt
+
+
 
 # Python dependencies
 
 
 # # System CA + add NetFree certs
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
-COPY certs/*.crt /usr/local/share/ca-certificates/
 RUN update-ca-certificates || true
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
     PIP_CERT=/etc/ssl/certs/ca-certificates.crt
 
+
 # Python deps
 COPY requirements.txt /app/requirements.txt
 RUN pip install --no-cache-dir -r /app/requirements.txt \

@@ -6,7 +6,13 @@ WORKDIR /app
 ARG USE_NETFREE=true
 
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
-COPY certs /app/certs
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        cp -r certs /app/certs; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
-RUN if [ -d certs ]; then \
-        echo "Copying certs directory..."; \
-        tar -cf - certs | tar -xf -; \
-    else \
-        echo "No certs directory, skipping copy."; \
-    fi
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        cp -r certs /app/certs; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
+
 # System CA + add NetFree certs
 RUN if [ "$USE_NETFREE" = "true" ] && [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
     echo "Configuring NetFree certificates..."; \

@@ -1,10 +1,20 @@
 FROM python:3.11-slim
 ENV PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1
 WORKDIR /app
-# # System CA + NetFree
+
+# System CA + NetFree
+
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
-COPY certs/*.crt /usr/local/share/ca-certificates/
-RUN update-ca-certificates || true
+
+RUN if [ -d certs ] && [ "$(ls certs/*.crt 2>/dev/null)" ]; then \
+        echo "Installing local certificates..."; \
+        cp certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "No certificates found in certs directory - skipping."; \
+    fi
+
+
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
     PIP_CERT=/etc/ssl/certs/ca-certificates.crt

@@ -844,7 +844,7 @@ services:
         python.executable: /usr/bin/python3
       - HTTP_INFER_URL=http://fruit-inference-http:8004/infer_json
     volumes:
-      - ./streaming/flink/jobs:/opt/flink/jobs:ro
+      - ./streaming/flink/jobs:/opt/flink/jobs
       - ./streaming/flink/connectors/flink-json-1.18.1.jar:/opt/flink/lib/flink-json-1.18.1.jar:ro
       - ./streaming/flink/connectors/flink-sql-connector-kafka-3.2.0-1.18.jar:/opt/flink/lib/flink-sql-connector-kafka-3.2.0-1.18.jar:ro
       - ./streaming/flink/connectors/flink-connector-kafka-3.2.0-1.18.jar:/opt/flink/lib/flink-connector-kafka-3.2.0-1.18.jar:ro
@@ -911,9 +911,9 @@ services:
         FLINK_PROPERTIES=
         jobmanager.rpc.address: flink-jobmanager
         parallelism.default: 2
-        taskmanager.numberOfTaskSlots: 2
+        taskmanager.numberOfTaskSlots: 4
         jobmanager.memory.process.size: 1600m
-        taskmanager.memory.process.size: 1728m
+        taskmanager.memory.process.size: 2048m
         s3.endpoint: http://minio-hot:9000
         s3.path.style.access: true
         s3.access.key: minioadmin
@@ -1056,7 +1056,7 @@ services:
     networks: [ ag_cloud ]
     environment:
       - KAFKA_BOOTSTRAP=kafka:9092
-      - INPUT_TOPIC=imagery.new.fruit
+      - INPUT_TOPIC=inference.dispatched.camera
       - TEAM=fruit
       - HTTP_URL=http://fruit-inference-http:8004/infer_json
       - DLQ_TOPIC=dlq.inference.http
@@ -1071,7 +1071,7 @@ services:
       - ./streaming/flink/connectors/kafka-clients-3.2.3.jar:/opt/flink/lib/kafka-clients-3.2.3.jar:ro
       - ./streaming/flink/connectors/lz4-java-1.8.0.jar:/opt/flink/lib/lz4-java-1.8.0.jar:ro
       - ./streaming/flink/connectors/snappy-java-1.1.10.5.jar:/opt/flink/lib/snappy-java-1.1.10.5.jar:ro
-    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic imagery.new.fruit --team fruit --http-url http://fruit-inference-http:8004/infer_json --group-id http-dispatcher-fruit --dlq-topic dlq.inference.http; tail -f /dev/null" ]
+    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic inference.dispatched.camera --team fruit --http-url http://fruit-inference-http:8004/infer_json --group-id http-dispatcher-fruit --dlq-topic dlq.inference.http; tail -f /dev/null" ]
     restart: always
 
   flink-dispatcher-camera:
@@ -1084,7 +1084,7 @@ services:
     networks: [ag_cloud]
     environment:
       - KAFKA_BOOTSTRAP=kafka:9092
-      - INPUT_TOPIC=imagery.new.camera
+      - INPUT_TOPIC=image.new.fruits
       - TEAM=camera
       - HTTP_URL=http://camera-inference-http:8004/infer_json
       - DLQ_TOPIC=dlq.inference.http
@@ -1094,7 +1094,7 @@ services:
     volumes:
       - ./streaming/flink/jobs:/opt/flink/jobs:ro
       - ./streaming/flink/connectors:/opt/flink/lib/connectors:ro
-    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/connectors/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic imagery.new.camera --team camera --http-url http://camera-inference-http:8004/infer_json --group-id http-dispatcher-camera --dlq-topic dlq.inference.http; tail -f /dev/null" ]
+    command: [ "bash", "-lc", "set -e; echo 'Waiting for JobManager to accept commands...'; until /opt/flink/bin/flink list --jobmanager flink-jobmanager:8081 >/dev/null 2>&1; do echo 'still waiting...'; sleep 3; done; echo 'JobManager is ready!'; /opt/flink/bin/flink run -Dpython.client.executable=/usr/bin/python3 -Dpython.executable=/usr/bin/python3 -Dpipeline.jars=file:///opt/flink/lib/connectors/flink-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-sql-connector-kafka-3.2.0-1.18.jar,file:///opt/flink/lib/connectors/flink-json-1.18.1.jar --jobmanager flink-jobmanager:8081 --detached --python /opt/flink/jobs/http_dispatcher.py -- --bootstrap kafka:9092 --input-topic image.new.fruits --team camera --http-url http://camera-inference-http:8004/infer_json --group-id http-dispatcher-camera --dlq-topic dlq.inference.http; tail -f /dev/null" ]
     restart: always
 
   flink-dispatcher-soil:

@@ -71,6 +71,8 @@ TOPICS=(
   sound_new_plants_connections
   sound_new_sounds_connections
 
+  inference.dispatched.fruit
+  inference.dispatched.camera
   inference.dispatched.sounds
   dlq.inference.http
   event_logs_sensors

@@ -4,14 +4,24 @@ WORKDIR /app
 
 COPY requirements.txt .
 
-COPY certs /app/certs
-
-RUN apt-get update && \
-    apt-get install -y ca-certificates && \
-    cp /app/certs/*.crt /usr/local/share/ca-certificates/ && \
-    update-ca-certificates && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
+
+
+RUN apt-get update && apt-get install -y ca-certificates && \
+    if [ "$USE_NETFREE" = "true" ] && [ -d ./certs ] && [ "$(ls ./certs/*.crt 2>/dev/null)" ]; then \
+        echo "Configuring NetFree certificates..."; \
+        cp ./certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "Skipping certificate configuration (USE_NETFREE=$USE_NETFREE)"; \
+    fi && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
 
 ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

@@ -12,10 +12,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     ca-certificates curl \
  && rm -rf /var/lib/apt/lists/*
 
-COPY certs/*.crt /usr/local/share/ca-certificates/
-RUN chmod 644 /usr/local/share/ca-certificates/*.crt \
- && update-ca-certificates
-
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
     PIP_CERT=/etc/ssl/certs/ca-certificates.crt

@@ -3,9 +3,16 @@ FROM flink:1.20.0-scala_2.12-java11
 
 USER root
 
+
 # Add local CA (place netfree-ca.crt next to this Dockerfile before building)
-# COPY netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt
-# RUN chmod 644 /usr/local/share/ca-certificates/netfree-ca.crt && update-ca-certificates
+RUN if [ -f netfree-ca.crt ]; then \
+        echo "Installing netfree-ca.crt..."; \
+        cp netfree-ca.crt /usr/local/share/ca-certificates/netfree-ca.crt; \
+        chmod 644 /usr/local/share/ca-certificates/netfree-ca.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No netfree-ca.crt found, skipping."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

@@ -7,12 +7,17 @@ RUN apt-get update && \
 
 WORKDIR /app
 
-# Copy certificates
-COPY certs /app/certs
+# Copy and install certificates if present
+RUN if [ -d certs ] && [ "$(ls certs/*.crt 2>/dev/null)" ]; then \
+        echo "Copying and installing certificates..."; \
+        mkdir -p /app/certs; \
+        tar -cf - certs | tar -xf -; \
+        cp certs/*.crt /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+    else \
+        echo "No certs directory or .crt files found - skipping."; \
+    fi
 
-# Install certificates
-RUN cp /app/certs/*.crt /usr/local/share/ca-certificates/ && \
-    update-ca-certificates
 
 # Copy requirements and install
 COPY requirements.txt .

@@ -6,8 +6,14 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential curl ca-certificates && \
     rm -rf /var/lib/apt/lists/*
 
-COPY *.crt /usr/local/share/ca-certificates/
-RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
+RUN if [ "$(ls *.crt 2>/dev/null)" ]; then \
+        echo "Installing local root certificates..."; \
+        cp *.crt /usr/local/share/ca-certificates/; \
+        chmod 644 /usr/local/share/ca-certificates/*.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No .crt files found - skipping certificate installation."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \

@@ -5,8 +5,14 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential curl ca-certificates && \
     rm -rf /var/lib/apt/lists/*
 
-COPY *.crt /usr/local/share/ca-certificates/
-RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
+RUN if [ "$(ls *.crt 2>/dev/null)" ]; then \
+        echo "Installing local root certificates..."; \
+        cp *.crt /usr/local/share/ca-certificates/; \
+        chmod 644 /usr/local/share/ca-certificates/*.crt; \
+        update-ca-certificates; \
+    else \
+        echo "No .crt files found - skipping certificate installation."; \
+    fi
 
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \

@@ -8,7 +8,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
 # Trust store (optional org CAs)
 WORKDIR /app
-COPY certs/ /app/certs/
 RUN if ls /app/certs/*.crt >/dev/null 2>&1; then \
       cp /app/certs/*.crt /usr/local/share/ca-certificates/ && update-ca-certificates; \
     else \

@@ -2,7 +2,13 @@ FROM flink:1.20.0-scala_2.12-java11
 USER root
 
 # Copy certs dir (may be empty) and trust *.crt if present
-COPY certs/ /tmp/certs/
+RUN if [ -d certs ]; then \
+        echo "Copying certs directory..."; \
+        tar -cf - certs | tar -xf -; \
-        tar -cf - certs | tar -xf -; \
+        tar -cf - certs | tar -xf - -C /tmp/;
-        tar -cf - certs | tar -xf -; \
+        tar -cf - certs | tar -xf - -C /tmp/;
+    else \
+        echo "No certs directory, skipping copy."; \
+    fi
+
 
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && \
     rm -rf /var/lib/apt/lists/* && \

@@ -0,0 +1,5 @@
+FROM python:3.11-slim
+RUN pip install --no-cache-dir confluent-kafka psycopg2-binary
+WORKDIR /app
+COPY fruit_defect_sink.py ./
+CMD ["python","-u","fruit_defect_sink.py"]