bakery-ia/infrastructure/environments/dev/k8s-manifests/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

metadata:
  name: bakery-ia-dev

# NOTE: Do NOT set a global namespace here.
# Each resource already has its namespace explicitly defined.
# A global namespace would incorrectly transform cluster-scoped resources
# like cert-manager namespaces.

resources:
  - ../../../environments/common/configs
  # NOTE: nominatim is NOT included here - it's deployed manually via Tilt trigger 'nominatim-helm'
  # - ../../../platform/nominatim
  - ../../../platform/gateway
  - ../../../platform/cert-manager
  - ../../../platform/networking/ingress/overlays/dev
  - ../../../platform/storage
  - ../../../services/databases
  - ../../../services/microservices
  # NOTE: cicd is NOT included here - it's deployed manually via Tilt triggers
  # Run 'tilt trigger tekton-install' followed by 'tilt trigger tekton-pipelines-deploy'
  # - ../../../cicd
  - dev-certificate.yaml


# Dev-specific patches
patches:
  - target:
      kind: ConfigMap
      name: bakery-config
    patch: |-
      - op: replace
        path: /data/ENVIRONMENT
        value: "development"
      - op: replace
        path: /data/DEBUG
        value: "true"
  # NOTE: nominatim patches removed - nominatim is now deployed via Helm (tilt trigger nominatim-helm)

  # Add imagePullSecrets to all Deployments for Gitea registry authentication
  - target:
      kind: Deployment
    patch: |-
      - op: add
        path: /spec/template/spec/imagePullSecrets
        value:
          - name: gitea-registry-secret

  # Add imagePullSecrets to all StatefulSets for Gitea registry authentication
  - target:
      kind: StatefulSet
    patch: |-
      - op: add
        path: /spec/template/spec/imagePullSecrets
        value:
          - name: gitea-registry-secret

  # Add imagePullSecrets to all Jobs for Gitea registry authentication
  - target:
      kind: Job
    patch: |-
      - op: add
        path: /spec/template/spec/imagePullSecrets
        value:
          - name: gitea-registry-secret

  # Add imagePullSecrets to all CronJobs for Gitea registry authentication
  - target:
      kind: CronJob
    patch: |-
      - op: add
        path: /spec/jobTemplate/spec/template/spec/imagePullSecrets
        value:
          - name: gitea-registry-secret

labels:
  - includeSelectors: true
    pairs:
      environment: development
      tier: local

# Dev image overrides - use Gitea registry to avoid Docker Hub rate limits
# IMPORTANT: All image names must be lowercase (Docker requirement)
# The prepull-base-images.sh script pushes images to registry.bakery-ia.local/bakery-admin/
# Format: registry.bakery-ia.local/bakery-admin/<package-name>:<original-tag>
images:
  # Database images
  - name: postgres
    newName: registry.bakery-ia.local/bakery-admin/postgres
    newTag: "17-alpine"
  - name: redis
    newName: registry.bakery-ia.local/bakery-admin/redis
    newTag: "7.4-alpine"
  - name: rabbitmq
    newName: registry.bakery-ia.local/bakery-admin/rabbitmq
    newTag: "4.1-management-alpine"
  # Utility images
  - name: busybox
    newName: registry.bakery-ia.local/bakery-admin/busybox
    newTag: "1.36"
  - name: curlimages/curl
    newName: registry.bakery-ia.local/bakery-admin/curlimages-curl
    newTag: latest
  - name: bitnami/kubectl
    newName: registry.bakery-ia.local/bakery-admin/bitnami-kubectl
    newTag: latest

  # Alpine variants
  - name: alpine
    newName: registry.bakery-ia.local/bakery-admin/alpine
    newTag: "3.19"
  - name: alpine/git
    newName: registry.bakery-ia.local/bakery-admin/alpine-git
    newTag: "2.43.0"
  # CI/CD images (cached in Gitea registry for consistency)
  - name: gcr.io/kaniko-project/executor
    newName: registry.bakery-ia.local/bakery-admin/gcr.io-kaniko-project-executor
    newTag: v1.23.0
  - name: gcr.io/go-containerregistry/crane
    newName: registry.bakery-ia.local/bakery-admin/gcr.io-go-containerregistry-crane
    newTag: latest
  - name: registry.k8s.io/kustomize/kustomize
    newName: registry.bakery-ia.local/bakery-admin/registry.k8s.io-kustomize-kustomize
    newTag: v5.3.0
  # Storage images
  - name: minio/minio
    newName: registry.bakery-ia.local/bakery-admin/minio-minio
    newTag: RELEASE.2024-11-07T00-52-20Z
  - name: minio/mc
    newName: registry.bakery-ia.local/bakery-admin/minio-mc
    newTag: RELEASE.2024-11-17T19-35-25Z
  # NOTE: nominatim image override removed - nominatim is now deployed via Helm
  # Python base image
  - name: python
    newName: registry.bakery-ia.local/bakery-admin/python
    newTag: "3.11-slim"
Add new infra architecture 2026-01-19 11:55:17 +01:00			`apiVersion: kustomize.config.k8s.io/v1beta1`
			`kind: Kustomization`

			`metadata:`
			`name: bakery-ia-dev`

			`# NOTE: Do NOT set a global namespace here.`
			`# Each resource already has its namespace explicitly defined.`
			`# A global namespace would incorrectly transform cluster-scoped resources`
			`# like cert-manager namespaces.`

			`resources:`
			`- ../../../environments/common/configs`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`# NOTE: nominatim is NOT included here - it's deployed manually via Tilt trigger 'nominatim-helm'`
			`# - ../../../platform/nominatim`
			`- ../../../platform/gateway`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- ../../../platform/cert-manager`
			`- ../../../platform/networking/ingress/overlays/dev`
			`- ../../../platform/storage`
			`- ../../../services/databases`
			`- ../../../services/microservices`
			`# NOTE: cicd is NOT included here - it's deployed manually via Tilt triggers`
			`# Run 'tilt trigger tekton-install' followed by 'tilt trigger tekton-pipelines-deploy'`
			`# - ../../../cicd`
			`- dev-certificate.yaml`



			`# Dev-specific patches`
			`patches:`
			`- target:`
			`kind: ConfigMap`
			`name: bakery-config`
			`patch: \|-`
			`- op: replace`
			`path: /data/ENVIRONMENT`
			`value: "development"`
			`- op: replace`
			`path: /data/DEBUG`
			`value: "true"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`# NOTE: nominatim patches removed - nominatim is now deployed via Helm (tilt trigger nominatim-helm)`
Add new infra architecture 2026-01-19 11:55:17 +01:00
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`# Add imagePullSecrets to all Deployments for Gitea registry authentication`
			`- target:`
			`kind: Deployment`
			`patch: \|-`
			`- op: add`
			`path: /spec/template/spec/imagePullSecrets`
			`value:`
			`- name: gitea-registry-secret`

			`# Add imagePullSecrets to all StatefulSets for Gitea registry authentication`
			`- target:`
			`kind: StatefulSet`
			`patch: \|-`
			`- op: add`
			`path: /spec/template/spec/imagePullSecrets`
			`value:`
			`- name: gitea-registry-secret`

			`# Add imagePullSecrets to all Jobs for Gitea registry authentication`
			`- target:`
			`kind: Job`
			`patch: \|-`
			`- op: add`
			`path: /spec/template/spec/imagePullSecrets`
			`value:`
			`- name: gitea-registry-secret`

			`# Add imagePullSecrets to all CronJobs for Gitea registry authentication`
			`- target:`
			`kind: CronJob`
			`patch: \|-`
			`- op: add`
			`path: /spec/jobTemplate/spec/template/spec/imagePullSecrets`
			`value:`
			`- name: gitea-registry-secret`

Add new infra architecture 2026-01-19 11:55:17 +01:00			`labels:`
			`- includeSelectors: true`
			`pairs:`
			`environment: development`
			`tier: local`

Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`# Dev image overrides - use Gitea registry to avoid Docker Hub rate limits`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`# IMPORTANT: All image names must be lowercase (Docker requirement)`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`# The prepull-base-images.sh script pushes images to registry.bakery-ia.local/bakery-admin/`
			`# Format: registry.bakery-ia.local/bakery-admin/<package-name>:<original-tag>`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`images:`
			`# Database images`
			`- name: postgres`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/postgres`
			`newTag: "17-alpine"`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: redis`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/redis`
			`newTag: "7.4-alpine"`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: rabbitmq`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/rabbitmq`
			`newTag: "4.1-management-alpine"`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`# Utility images`
			`- name: busybox`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/busybox`
			`newTag: "1.36"`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: curlimages/curl`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/curlimages-curl`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`newTag: latest`
			`- name: bitnami/kubectl`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/bitnami-kubectl`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`newTag: latest`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00
Add new infra architecture 2026-01-19 11:55:17 +01:00			`# Alpine variants`
			`- name: alpine`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/alpine`
			`newTag: "3.19"`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: alpine/git`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/alpine-git`
			`newTag: "2.43.0"`
			`# CI/CD images (cached in Gitea registry for consistency)`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: gcr.io/kaniko-project/executor`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/gcr.io-kaniko-project-executor`
			`newTag: v1.23.0`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: gcr.io/go-containerregistry/crane`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/gcr.io-go-containerregistry-crane`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`newTag: latest`
			`- name: registry.k8s.io/kustomize/kustomize`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/registry.k8s.io-kustomize-kustomize`
			`newTag: v5.3.0`
			`# Storage images`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: minio/minio`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/minio-minio`
			`newTag: RELEASE.2024-11-07T00-52-20Z`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`- name: minio/mc`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/minio-mc`
			`newTag: RELEASE.2024-11-17T19-35-25Z`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`# NOTE: nominatim image override removed - nominatim is now deployed via Helm`
Add new infra architecture 2026-01-19 11:55:17 +01:00			`# Python base image`
			`- name: python`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`newName: registry.bakery-ia.local/bakery-admin/python`
			`newTag: "3.11-slim"`