Fix issues

infrastructure/kubernetes/overlays/prod/kustomization.yaml

@@ -0,0 +1,85 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: bakery-ia-prod
+
+namespace: bakery-ia
+
+resources:
+  - ../../base
+  - prod-ingress.yaml
+
+labels:
+  - includeSelectors: true
+    pairs:
+      environment: production
+      tier: production
+
+images:
+  - name: bakery/auth-service
+    newTag: latest
+  - name: bakery/tenant-service
+    newTag: latest
+  - name: bakery/training-service
+    newTag: latest
+  - name: bakery/forecasting-service
+    newTag: latest
+  - name: bakery/sales-service
+    newTag: latest
+  - name: bakery/external-service
+    newTag: latest
+  - name: bakery/notification-service
+    newTag: latest
+  - name: bakery/inventory-service
+    newTag: latest
+  - name: bakery/recipes-service
+    newTag: latest
+  - name: bakery/suppliers-service
+    newTag: latest
+  - name: bakery/pos-service
+    newTag: latest
+  - name: bakery/orders-service
+    newTag: latest
+  - name: bakery/production-service
+    newTag: latest
+  - name: bakery/alert-processor
+    newTag: latest
+  - name: bakery/gateway
+    newTag: latest
+  - name: bakery/dashboard
+    newTag: latest
+
+replicas:
+  - name: auth-service
+    count: 3
+  - name: tenant-service
+    count: 2
+  - name: training-service
+    count: 2
+  - name: forecasting-service
+    count: 3
+  - name: sales-service
+    count: 2
+  - name: external-service
+    count: 2
+  - name: notification-service
+    count: 3
+  - name: inventory-service
+    count: 2
+  - name: recipes-service
+    count: 2
+  - name: suppliers-service
+    count: 2
+  - name: pos-service
+    count: 2
+  - name: orders-service
+    count: 3
+  - name: production-service
+    count: 2
+  - name: alert-processor-service
+    count: 3
+  - name: gateway
+    count: 3
+  - name: frontend
+    count: 2

infrastructure/kubernetes/overlays/prod/prod-ingress.yaml

@@ -0,0 +1,93 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bakery-ingress-prod
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: ingress
+  annotations:
+    # Nginx ingress controller annotations
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+
+    # CORS configuration for production
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakery.yourdomain.com,https://api.yourdomain.com"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"
+    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+
+    # Security headers
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      more_set_headers "X-Frame-Options: DENY";
+      more_set_headers "X-Content-Type-Options: nosniff";
+      more_set_headers "X-XSS-Protection: 1; mode=block";
+      more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
+
+    # Rate limiting
+    nginx.ingress.kubernetes.io/limit-rps: "100"
+    nginx.ingress.kubernetes.io/limit-connections: "50"
+
+    # Cert-manager annotations for automatic certificate issuance
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    cert-manager.io/acme-challenge-type: http01
+
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - bakery.yourdomain.com
+    - api.yourdomain.com
+    - monitoring.yourdomain.com
+    secretName: bakery-ia-prod-tls-cert
+  rules:
+  - host: bakery.yourdomain.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: frontend-service
+            port:
+              number: 3000
+      - path: /api
+        pathType: Prefix
+        backend:
+          service:
+            name: gateway-service
+            port:
+              number: 8000
+
+  - host: api.yourdomain.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gateway-service
+            port:
+              number: 8000
+
+  - host: monitoring.yourdomain.com
+    http:
+      paths:
+      - path: /grafana
+        pathType: Prefix
+        backend:
+          service:
+            name: grafana-service
+            port:
+              number: 3000
+      - path: /prometheus
+        pathType: Prefix
+        backend:
+          service:
+            name: prometheus-service
+            port:
+              number: 9090