Add base kubernetes support 2

infrastructure/kubernetes/base/components/alert-processor/alert-processor-service.yaml

@@ -98,6 +98,11 @@ spec:
             secretKeyRef:
               name: rabbitmq-secrets
               key: RABBITMQ_PASSWORD
+        - name: RABBITMQ_VHOST
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: RABBITMQ_VHOST
         - name: NOTIFICATION_SERVICE_URL
           valueFrom:
             configMapKeyRef:

infrastructure/kubernetes/base/components/frontend/frontend-service.yaml

@@ -22,18 +22,33 @@ spec:
       containers:
       - name: frontend
         image: bakery/dashboard:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 3000
           name: http
         env:
         - name: NODE_ENV
-          value: "development"
+          value: "production"
         - name: VITE_APP_TITLE
-          value: "PanIA Dashboard"
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: VITE_APP_TITLE
         - name: VITE_APP_VERSION
-          value: "1.0.0"
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: VITE_APP_VERSION
         - name: VITE_API_URL
-          value: "http://gateway-service:8000"
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: VITE_API_URL
+        - name: VITE_ENVIRONMENT
+          valueFrom:
+            configMapKeyRef:
+              name: bakery-config
+              key: VITE_ENVIRONMENT
         resources:
           requests:
             memory: "512Mi"

infrastructure/kubernetes/base/configmap.yaml

@@ -7,16 +7,24 @@ metadata:
     app.kubernetes.io/name: bakery-ia
     app.kubernetes.io/component: config
 data:
-  # Environment Settings
-  ENVIRONMENT: "development"
-  DEBUG: "true"
+  # ================================================================
+  # ENVIRONMENT & BUILD SETTINGS
+  # ================================================================
+  ENVIRONMENT: "production"
+  DEBUG: "false"
   LOG_LEVEL: "INFO"
-  AUTO_RELOAD: "true"
+  BUILD_DATE: "2024-01-20T10:00:00Z"
+  VCS_REF: "latest"
+  IMAGE_TAG: "latest"
+  DOMAIN: "localhost"
+  AUTO_RELOAD: "false"
   PROFILING_ENABLED: "false"
   MOCK_EXTERNAL_APIS: "false"
   TESTING: "false"
 
-  # Service Discovery
+  # ================================================================
+  # SERVICE DISCOVERY (KUBERNETES INTERNAL)
+  # ================================================================
   REDIS_HOST: "redis-service"
   REDIS_PORT: "6379"
   RABBITMQ_HOST: "rabbitmq-service"
@@ -24,7 +32,7 @@ data:
   RABBITMQ_MANAGEMENT_PORT: "15672"
   RABBITMQ_VHOST: "/"
 
-  # Database Hosts
+  # Database Hosts (Kubernetes Services)
   AUTH_DB_HOST: "auth-db-service"
   TENANT_DB_HOST: "tenant-db-service"
   TRAINING_DB_HOST: "training-db-service"
@@ -40,10 +48,8 @@ data:
   PRODUCTION_DB_HOST: "production-db-service"
   ALERT_PROCESSOR_DB_HOST: "alert-processor-db-service"
 
-  # Database Ports
+  # Database Configuration
   DB_PORT: "5432"
-
-  # Database Names
   AUTH_DB_NAME: "auth_db"
   TENANT_DB_NAME: "tenant_db"
   TRAINING_DB_NAME: "training_db"
@@ -58,11 +64,12 @@ data:
   ORDERS_DB_NAME: "orders_db"
   PRODUCTION_DB_NAME: "production_db"
   ALERT_PROCESSOR_DB_NAME: "alert_processor_db"
+  POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
 
-  # PostgreSQL Settings
-  POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
-
-  # Service URLs (internal cluster communication)
+  # ================================================================
+  # SERVICE URLS (KUBERNETES INTERNAL)
+  # ================================================================
+  GATEWAY_URL: "http://gateway-service:8000"
   AUTH_SERVICE_URL: "http://auth-service:8000"
   TENANT_SERVICE_URL: "http://tenant-service:8000"
   TRAINING_SERVICE_URL: "http://training-service:8000"
@@ -77,9 +84,242 @@ data:
   ORDERS_SERVICE_URL: "http://orders-service:8000"
   PRODUCTION_SERVICE_URL: "http://production-service:8000"
 
-  # Cache Settings
-  REDIS_MAX_MEMORY: "512mb"
+  # ================================================================
+  # AUTHENTICATION & SECURITY SETTINGS
+  # ================================================================
+  JWT_ALGORITHM: "HS256"
+  JWT_ACCESS_TOKEN_EXPIRE_MINUTES: "30"
+  JWT_REFRESH_TOKEN_EXPIRE_DAYS: "7"
+  ENABLE_SERVICE_AUTH: "false"
+  PASSWORD_MIN_LENGTH: "8"
+  PASSWORD_REQUIRE_UPPERCASE: "true"
+  PASSWORD_REQUIRE_LOWERCASE: "true"
+  PASSWORD_REQUIRE_NUMBERS: "true"
+  PASSWORD_REQUIRE_SYMBOLS: "false"
+  BCRYPT_ROUNDS: "12"
+  MAX_LOGIN_ATTEMPTS: "5"
+  LOCKOUT_DURATION_MINUTES: "30"
 
-  # Monitoring
+  # ================================================================
+  # CORS & API CONFIGURATION
+  # ================================================================
+  CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,https://bakery.yourdomain.com"
+  CORS_ALLOW_CREDENTIALS: "true"
+  RATE_LIMIT_ENABLED: "true"
+  RATE_LIMIT_REQUESTS: "100"
+  RATE_LIMIT_WINDOW: "60"
+  RATE_LIMIT_BURST: "10"
+  API_DOCS_ENABLED: "true"
+
+  # ================================================================
+  # HTTP CLIENT SETTINGS
+  # ================================================================
+  HTTP_TIMEOUT: "30000"
+  HTTP_RETRIES: "3"
+  HTTP_RETRY_DELAY: "1.0"
+
+  # ================================================================
+  # EXTERNAL API CONFIGURATION
+  # ================================================================
+  AEMET_BASE_URL: "https://opendata.aemet.es/opendata"
+  AEMET_TIMEOUT: "60"
+  AEMET_RETRY_ATTEMPTS: "3"
+  MADRID_OPENDATA_BASE_URL: "https://datos.madrid.es"
+  MADRID_OPENDATA_TIMEOUT: "30"
+
+  # ================================================================
+  # PAYMENT CONFIGURATION
+  # ================================================================
+  STRIPE_PUBLISHABLE_KEY: "pk_test_your_stripe_publishable_key_here"
+  SQUARE_APPLICATION_ID: "your-square-application-id"
+  SQUARE_ENVIRONMENT: "sandbox"
+  TOAST_ENVIRONMENT: "sandbox"
+  LIGHTSPEED_ENVIRONMENT: "sandbox"
+
+  # ================================================================
+  # EMAIL CONFIGURATION
+  # ================================================================
+  SMTP_HOST: "smtp.gmail.com"
+  SMTP_PORT: "587"
+  SMTP_TLS: "true"
+  SMTP_SSL: "false"
+  DEFAULT_FROM_EMAIL: "noreply@bakeryforecast.es"
+  DEFAULT_FROM_NAME: "Bakery-Forecast"
+  EMAIL_FROM_ADDRESS: "alerts@bakery.local"
+  EMAIL_FROM_NAME: "Bakery Alert System"
+
+  # ================================================================
+  # WHATSAPP CONFIGURATION
+  # ================================================================
+  WHATSAPP_BASE_URL: "https://api.twilio.com"
+  WHATSAPP_FROM_NUMBER: "whatsapp:+14155238886"
+
+  # ================================================================
+  # ALERT SYSTEM CONFIGURATION
+  # ================================================================
+  ALERT_PROCESSOR_INSTANCES: "2"
+  ALERT_PROCESSOR_MAX_MEMORY: "512M"
+  ALERT_BATCH_SIZE: "10"
+  ALERT_PROCESSING_TIMEOUT: "30"
+  EMAIL_ENABLED: "true"
+  WHATSAPP_ENABLED: "true"
+  SSE_ENABLED: "true"
+  PUSH_NOTIFICATIONS_ENABLED: "false"
+  ALERT_DEDUPLICATION_WINDOW_MINUTES: "15"
+  RECOMMENDATION_DEDUPLICATION_WINDOW_MINUTES: "60"
+
+  # ================================================================
+  # CHECK FREQUENCIES (CRON EXPRESSIONS)
+  # ================================================================
+  STOCK_CHECK_FREQUENCY: "*/5"
+  EXPIRY_CHECK_FREQUENCY: "*/2"
+  TEMPERATURE_CHECK_FREQUENCY: "*/2"
+  PRODUCTION_DELAY_CHECK_FREQUENCY: "*/5"
+  CAPACITY_CHECK_FREQUENCY: "*/10"
+  INVENTORY_OPTIMIZATION_FREQUENCY: "*/30"
+  EFFICIENCY_RECOMMENDATIONS_FREQUENCY: "*/30"
+  ENERGY_RECOMMENDATIONS_FREQUENCY: "0"
+  WASTE_REDUCTION_FREQUENCY: "0"
+
+  # ================================================================
+  # MODEL STORAGE & TRAINING
+  # ================================================================
+  MODEL_STORAGE_PATH: "/app/models"
+  MODEL_BACKUP_ENABLED: "true"
+  MODEL_VERSIONING_ENABLED: "true"
+  MAX_TRAINING_TIME_MINUTES: "30"
+  MAX_CONCURRENT_TRAINING_JOBS: "3"
+  MIN_TRAINING_DATA_DAYS: "30"
+  TRAINING_BATCH_SIZE: "1000"
+
+  # ================================================================
+  # OPTIMIZATION SETTINGS
+  # ================================================================
+  ENABLE_HYPERPARAMETER_OPTIMIZATION: "true"
+  ENABLE_PRODUCT_SPECIFIC_PARAMS: "true"
+  ENABLE_DYNAMIC_PARAM_SELECTION: "true"
+  OPTUNA_N_TRIALS: "50"
+  OPTUNA_CV_FOLDS: "3"
+  OPTUNA_TIMEOUT_MINUTES: "10"
+  HIGH_VOLUME_THRESHOLD: "1.0"
+  INTERMITTENT_THRESHOLD: "0.6"
+
+  # ================================================================
+  # PROPHET PARAMETERS
+  # ================================================================
+  PROPHET_SEASONALITY_MODE: "additive"
+  PROPHET_CHANGEPOINT_PRIOR_SCALE: "0.05"
+  PROPHET_SEASONALITY_PRIOR_SCALE: "10.0"
+  PROPHET_HOLIDAYS_PRIOR_SCALE: "10.0"
+  PROPHET_DAILY_SEASONALITY: "true"
+  PROPHET_WEEKLY_SEASONALITY: "true"
+  PROPHET_YEARLY_SEASONALITY: "true"
+
+  # ================================================================
+  # BUSINESS CONFIGURATION
+  # ================================================================
+  SERVICE_VERSION: "1.0.0"
+  TIMEZONE: "Europe/Madrid"
+  LOCALE: "es_ES.UTF-8"
+  CURRENCY: "EUR"
+  BUSINESS_HOUR_START: "7"
+  BUSINESS_HOUR_END: "20"
+  ENABLE_SPANISH_HOLIDAYS: "true"
+  ENABLE_MADRID_HOLIDAYS: "true"
+  SCHOOL_CALENDAR_ENABLED: "true"
+  WEATHER_IMPACT_ENABLED: "true"
+
+  # ================================================================
+  # MONITORING & LOGGING
+  # ================================================================
+  LOG_FORMAT: "json"
+  LOG_FILE_ENABLED: "false"
+  LOG_FILE_PATH: "/app/logs"
+  LOG_ROTATION_SIZE: "100MB"
+  LOG_RETENTION_DAYS: "30"
+  PROMETHEUS_ENABLED: "true"
   PROMETHEUS_RETENTION: "200h"
-  TIMEZONE: "UTC"
+  HEALTH_CHECK_TIMEOUT: "30"
+  HEALTH_CHECK_INTERVAL: "30"
+  PROMETHEUS_RETENTION_DAYS: "30"
+  GRAFANA_ROOT_URL: "http://monitoring.bakery-ia.local/grafana"
+
+  # ================================================================
+  # DATA COLLECTION SETTINGS
+  # ================================================================
+  WEATHER_COLLECTION_INTERVAL_HOURS: "1"
+  TRAFFIC_COLLECTION_INTERVAL_HOURS: "1"
+  EVENTS_COLLECTION_INTERVAL_HOURS: "6"
+  DATA_VALIDATION_ENABLED: "true"
+  OUTLIER_DETECTION_ENABLED: "true"
+  DATA_COMPLETENESS_THRESHOLD: "0.8"
+  DEFAULT_LATITUDE: "40.4168"
+  DEFAULT_LONGITUDE: "-3.7038"
+  LOCATION_RADIUS_KM: "50.0"
+
+  # ================================================================
+  # NOTIFICATION SETTINGS
+  # ================================================================
+  ENABLE_EMAIL_NOTIFICATIONS: "true"
+  ENABLE_WHATSAPP_NOTIFICATIONS: "true"
+  ENABLE_PUSH_NOTIFICATIONS: "false"
+  MAX_RETRY_ATTEMPTS: "3"
+  RETRY_DELAY_SECONDS: "60"
+  NOTIFICATION_BATCH_SIZE: "100"
+  EMAIL_RATE_LIMIT_PER_HOUR: "1000"
+  WHATSAPP_RATE_LIMIT_PER_HOUR: "100"
+  DEFAULT_LANGUAGE: "es"
+  DATE_FORMAT: "%d/%m/%Y"
+  TIME_FORMAT: "%H:%M"
+  EMAIL_TEMPLATES_PATH: "/app/templates/email"
+  WHATSAPP_TEMPLATES_PATH: "/app/templates/whatsapp"
+  IMMEDIATE_DELIVERY: "true"
+  SCHEDULED_DELIVERY_ENABLED: "true"
+  DELIVERY_TRACKING_ENABLED: "true"
+  OPEN_TRACKING_ENABLED: "true"
+  CLICK_TRACKING_ENABLED: "true"
+
+  # ================================================================
+  # FORECASTING SETTINGS
+  # ================================================================
+  MAX_FORECAST_DAYS: "30"
+  MIN_HISTORICAL_DAYS: "60"
+  PREDICTION_CONFIDENCE_THRESHOLD: "0.8"
+  PREDICTION_CACHE_TTL_HOURS: "6"
+  FORECAST_BATCH_SIZE: "100"
+
+  # ================================================================
+  # BUSINESS RULES
+  # ================================================================
+  WEEKEND_ADJUSTMENT_FACTOR: "0.8"
+  HOLIDAY_ADJUSTMENT_FACTOR: "0.5"
+  TEMPERATURE_THRESHOLD_COLD: "10.0"
+  TEMPERATURE_THRESHOLD_HOT: "30.0"
+  RAIN_IMPACT_FACTOR: "0.7"
+  HIGH_DEMAND_THRESHOLD: "1.5"
+  LOW_DEMAND_THRESHOLD: "0.5"
+  STOCKOUT_RISK_THRESHOLD: "0.9"
+
+  # ================================================================
+  # CACHE SETTINGS
+  # ================================================================
+  REDIS_MAX_MEMORY: "512mb"
+  REDIS_MAX_CONNECTIONS: "50"
+  REDIS_DB: "1"
+  WEATHER_CACHE_TTL_HOURS: "1"
+  TRAFFIC_CACHE_TTL_HOURS: "1"
+
+  # ================================================================
+  # FRONTEND CONFIGURATION
+  # ================================================================
+  VITE_APP_TITLE: "PanIA Dashboard"
+  VITE_APP_VERSION: "1.0.0"
+  VITE_API_URL: "http://gateway-service:8000"
+  VITE_ENVIRONMENT: "production"
+
+  # ================================================================
+  # LOCATION SETTINGS
+  # ================================================================
+  NOMINATIM_PBF_URL: "http://download.geofabrik.de/europe/spain-latest.osm.pbf"
+  NOMINATIM_MEMORY_LIMIT: "8G"
+  NOMINATIM_CPU_LIMIT: "4"

infrastructure/kubernetes/base/kustomization.yaml

@@ -51,9 +51,11 @@ resources:
   # Frontend
   - components/frontend/frontend-service.yaml
 
-commonLabels:
-  app.kubernetes.io/part-of: bakery-ia
-  app.kubernetes.io/managed-by: kustomize
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/part-of: bakery-ia
+      app.kubernetes.io/managed-by: kustomize
 
 images:
   - name: bakery/auth-service

infrastructure/kubernetes/base/secrets.yaml

@@ -8,37 +8,37 @@ metadata:
     app.kubernetes.io/component: database
 type: Opaque
 data:
-  # Database Users (base64 encoded)
-  AUTH_DB_USER: YmFrZXJ5X2F1dGg=  # bakery_auth
-  TENANT_DB_USER: YmFrZXJ5X3RlbmFudA==  # bakery_tenant
-  TRAINING_DB_USER: YmFrZXJ5X3RyYWluaW5n  # bakery_training
-  FORECASTING_DB_USER: YmFrZXJ5X2ZvcmVjYXN0aW5n  # bakery_forecasting
-  SALES_DB_USER: YmFrZXJ5X3NhbGVz  # bakery_sales
-  EXTERNAL_DB_USER: YmFrZXJ5X2V4dGVybmFs  # bakery_external
-  NOTIFICATION_DB_USER: YmFrZXJ5X25vdGlmaWNhdGlvbg==  # bakery_notification
-  INVENTORY_DB_USER: YmFrZXJ5X2ludmVudG9yeQ==  # bakery_inventory
-  RECIPES_DB_USER: YmFrZXJ5X3JlY2lwZXM=  # bakery_recipes
-  SUPPLIERS_DB_USER: YmFrZXJ5X3N1cHBsaWVycw==  # bakery_suppliers
-  POS_DB_USER: YmFrZXJ5X3Bvcw==  # bakery_pos
-  ORDERS_DB_USER: YmFrZXJ5X29yZGVycw==  # bakery_orders
-  PRODUCTION_DB_USER: YmFrZXJ5X3Byb2R1Y3Rpb24=  # bakery_production
-  ALERT_PROCESSOR_DB_USER: YmFrZXJ5X2FsZXJ0X3Byb2Nlc3Nvcg==  # bakery_alert_processor
+  # Database Users (base64 encoded from .env)
+  AUTH_DB_USER: YXV0aF91c2Vy  # auth_user
+  TENANT_DB_USER: dGVuYW50X3VzZXI=  # tenant_user
+  TRAINING_DB_USER: dHJhaW5pbmdfdXNlcg==  # training_user
+  FORECASTING_DB_USER: Zm9yZWNhc3RpbmdfdXNlcg==  # forecasting_user
+  SALES_DB_USER: c2FsZXNfdXNlcg==  # sales_user
+  EXTERNAL_DB_USER: ZXh0ZXJuYWxfdXNlcg==  # external_user
+  NOTIFICATION_DB_USER: bm90aWZpY2F0aW9uX3VzZXI=  # notification_user
+  INVENTORY_DB_USER: aW52ZW50b3J5X3VzZXI=  # inventory_user
+  RECIPES_DB_USER: cmVjaXBlc191c2Vy  # recipes_user
+  SUPPLIERS_DB_USER: c3VwcGxpZXJzX3VzZXI=  # suppliers_user
+  POS_DB_USER: cG9zX3VzZXI=  # pos_user
+  ORDERS_DB_USER: b3JkZXJzX3VzZXI=  # orders_user
+  PRODUCTION_DB_USER: cHJvZHVjdGlvbl91c2Vy  # production_user
+  ALERT_PROCESSOR_DB_USER: YWxlcnRfcHJvY2Vzc29yX3VzZXI=  # alert_processor_user
 
-  # Database Passwords (base64 encoded - change these in production!)
-  AUTH_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  TENANT_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  TRAINING_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  FORECASTING_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  SALES_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  EXTERNAL_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  NOTIFICATION_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  INVENTORY_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  RECIPES_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  SUPPLIERS_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  POS_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  ORDERS_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  PRODUCTION_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
-  ALERT_PROCESSOR_DB_PASSWORD: ZGV2X3Bhc3N3b3JkXzEyMw==  # dev_password_123
+  # Database Passwords (base64 encoded from .env)
+  AUTH_DB_PASSWORD: YXV0aF9wYXNzMTIz  # auth_pass123
+  TENANT_DB_PASSWORD: dGVuYW50X3Bhc3MxMjM=  # tenant_pass123
+  TRAINING_DB_PASSWORD: dHJhaW5pbmdfcGFzczEyMw==  # training_pass123
+  FORECASTING_DB_PASSWORD: Zm9yZWNhc3RpbmdfcGFzczEyMw==  # forecasting_pass123
+  SALES_DB_PASSWORD: c2FsZXNfcGFzczEyMw==  # sales_pass123
+  EXTERNAL_DB_PASSWORD: ZXh0ZXJuYWxfcGFzczEyMw==  # external_pass123
+  NOTIFICATION_DB_PASSWORD: bm90aWZpY2F0aW9uX3Bhc3MxMjM=  # notification_pass123
+  INVENTORY_DB_PASSWORD: aW52ZW50b3J5X3Bhc3MxMjM=  # inventory_pass123
+  RECIPES_DB_PASSWORD: cmVjaXBlc19wYXNzMTIz  # recipes_pass123
+  SUPPLIERS_DB_PASSWORD: c3VwcGxpZXJzX3Bhc3MxMjM=  # suppliers_pass123
+  POS_DB_PASSWORD: cG9zX3Bhc3MxMjM=  # pos_pass123
+  ORDERS_DB_PASSWORD: b3JkZXJzX3Bhc3MxMjM=  # orders_pass123
+  PRODUCTION_DB_PASSWORD: cHJvZHVjdGlvbl9wYXNzMTIz  # production_pass123
+  ALERT_PROCESSOR_DB_PASSWORD: YWxlcnRfcHJvY2Vzc29yX3Bhc3MxMjM=  # alert_processor_pass123
 
 ---
 apiVersion: v1
@@ -51,7 +51,7 @@ metadata:
     app.kubernetes.io/component: redis
 type: Opaque
 data:
-  REDIS_PASSWORD: ZGV2X3JlZGlzXzEyMw==  # dev_redis_123
+  REDIS_PASSWORD: cmVkaXNfcGFzczEyMw==  # redis_pass123
 
 ---
 apiVersion: v1
@@ -64,8 +64,9 @@ metadata:
     app.kubernetes.io/component: rabbitmq
 type: Opaque
 data:
-  RABBITMQ_USER: YmFrZXJ5X3VzZXI=  # bakery_user
-  RABBITMQ_PASSWORD: ZGV2X3JhYmJpdF8xMjM=  # dev_rabbit_123
+  RABBITMQ_USER: YmFrZXJ5  # bakery
+  RABBITMQ_PASSWORD: Zm9yZWNhc3QxMjM=  # forecast123
+  RABBITMQ_ERLANG_COOKIE: YmFrZXJ5LXNlY3JldC1jb29raWU=  # bakery-secret-cookie
 
 ---
 apiVersion: v1
@@ -78,8 +79,51 @@ metadata:
     app.kubernetes.io/component: auth
 type: Opaque
 data:
-  JWT_SECRET_KEY: ZGV2X2p3dF9zZWNyZXRfa2V5XzEyMzQ1Njc4OTA=  # dev_jwt_secret_key_1234567890
-  JWT_REFRESH_SECRET_KEY: ZGV2X2p3dF9yZWZyZXNoX3NlY3JldF9rZXlfMTIzNDU2Nzg5MA==  # dev_jwt_refresh_secret_key_1234567890
+  JWT_SECRET_KEY: eW91ci1zdXBlci1zZWNyZXQtand0LWtleS1jaGFuZ2UtaW4tcHJvZHVjdGlvbi1taW4tMzItY2hhcmFjdGVycy1sb25n  # your-super-secret-jwt-key-change-in-production-min-32-characters-long
+  JWT_REFRESH_SECRET_KEY: eW91ci1zdXBlci1zZWNyZXQtcmVmcmVzaC1qd3Qta2V5LWNoYW5nZS1pbi1wcm9kdWN0aW9uLW1pbi0zMi1jaGFyYWN0ZXJzLWxvbmc=  # your-super-secret-refresh-jwt-key-change-in-production-min-32-characters-long
+  SERVICE_API_KEY: c2VydmljZS1hcGkta2V5LWNoYW5nZS1pbi1wcm9kdWN0aW9u  # service-api-key-change-in-production
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-api-secrets
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: external-apis
+type: Opaque
+data:
+  AEMET_API_KEY: ZXlKaGJHY2lPaUpJVXpJMU5pSjkuZXlKemRXSWlPaUoxWVd4bVlYSnZRR2R0WVdsc0xtTnZiU0lzSW1wMGFTSTZJbVJqWldWbU5URXdMVGRtWXpFdE5HTXhOeTFoT0RaaUxXUTROemRsWkRjNVpEbGxOeUlzSW1semN5STZJa0ZGVFVWVUlpd2lhV0YwSWpveE56VXlPRE13TURnM0xDSjFjMlZ5U1dRaU9pSmtZMlZsWmpVeE1DMDNabU14TFRSak1UY3RZVGcyWkMxa09EYzNaV1EzT1dRNVpUY2lMQ0p5YjJ4bElqb2lJbjAuQzA0N2dhaUVoV2hINEl0RGdrSFN3ZzhIektUend3ODdUT1BUSTJSZ01mOGotMnc=
+  MADRID_OPENDATA_API_KEY: eW91ci1tYWRyaWQtb3BlbmRhdGEta2V5LWhlcmU=  # your-madrid-opendata-key-here
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: payment-secrets
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: payments
+type: Opaque
+data:
+  STRIPE_SECRET_KEY: c2tfdGVzdF95b3VyX3N0cmlwZV9zZWNyZXRfa2V5X2hlcmU=  # sk_test_your_stripe_secret_key_here
+  STRIPE_WEBHOOK_SECRET: d2hzZWNfeW91cl9zdHJpcGVfd2ViaG9va19zZWNyZXRfaGVyZQ==  # whsec_your_stripe_webhook_secret_here
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: email-secrets
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: notifications
+type: Opaque
+data:
+  SMTP_USER: eW91ci1lbWFpbEBnbWFpbC5jb20=  # your-email@gmail.com
+  SMTP_PASSWORD: eW91ci1hcHAtc3BlY2lmaWMtcGFzc3dvcmQ=  # your-app-specific-password
 
 ---
 apiVersion: v1
@@ -93,4 +137,42 @@ metadata:
 type: Opaque
 data:
   GRAFANA_ADMIN_USER: YWRtaW4=  # admin
-  GRAFANA_ADMIN_PASSWORD: ZGV2X2dyYWZhbmFfMTIz  # dev_grafana_123
+  GRAFANA_ADMIN_PASSWORD: YWRtaW4xMjM=  # admin123
+  GRAFANA_SECRET_KEY: Z3JhZmFuYS1zZWNyZXQta2V5LWNoYW5nZS1pbi1wcm9kdWN0aW9u  # grafana-secret-key-change-in-production
+  PGADMIN_EMAIL: YWRtaW5AYmFrZXJ5LmxvY2Fs  # admin@bakery.local
+  PGADMIN_PASSWORD: YWRtaW4xMjM=  # admin123
+  REDIS_COMMANDER_USER: YWRtaW4=  # admin
+  REDIS_COMMANDER_PASSWORD: YWRtaW4xMjM=  # admin123
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pos-integration-secrets
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: pos
+type: Opaque
+data:
+  SQUARE_ACCESS_TOKEN: eW91ci1zcXVhcmUtYWNjZXNzLXRva2Vu  # your-square-access-token
+  SQUARE_WEBHOOK_SECRET: eW91ci1zcXVhcmUtd2ViaG9vay1zZWNyZXQ=  # your-square-webhook-secret
+  TOAST_API_KEY: eW91ci10b2FzdC1hcGkta2V5  # your-toast-api-key
+  TOAST_API_SECRET: eW91ci10b2FzdC1hcGktc2VjcmV0  # your-toast-api-secret
+  TOAST_WEBHOOK_SECRET: eW91ci10b2FzdC13ZWJob29rLXNlY3JldA==  # your-toast-webhook-secret
+  LIGHTSPEED_API_KEY: eW91ci1saWdodHNwZWVkLWFwaS1rZXk=  # your-lightspeed-api-key
+  LIGHTSPEED_API_SECRET: eW91ci1saWdodHNwZWVkLWFwaS1zZWNyZXQ=  # your-lightspeed-api-secret
+  LIGHTSPEED_WEBHOOK_SECRET: eW91ci1saWdodHNwZWVkLXdlYmhvb2stc2VjcmV0  # your-lightspeed-webhook-secret
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: whatsapp-secrets
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: notifications
+type: Opaque
+data:
+  WHATSAPP_API_KEY: eW91ci13aGF0c2FwcC1hcGkta2V5LWhlcmU=  # your-whatsapp-api-key-here

infrastructure/kubernetes/overlays/dev/dev-patches.yaml

@@ -5,12 +5,18 @@ metadata:
   namespace: bakery-ia
 data:
   # Development specific overrides
+  ENVIRONMENT: "development"
   DEBUG: "true"
   LOG_LEVEL: "DEBUG"
   AUTO_RELOAD: "true"
   PROFILING_ENABLED: "true"
   MOCK_EXTERNAL_APIS: "true"
 
+  # Frontend Development Configuration
+  VITE_ENVIRONMENT: "development"
+  VITE_API_URL: "http://gateway-service:8000"
+
+
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress

infrastructure/kubernetes/overlays/dev/kustomization.yaml

@@ -12,6 +12,101 @@ resources:
 patchesStrategicMerge:
   - dev-patches.yaml
 
+patchesJson6902:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: auth-db
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "128Mi"
+            cpu: "200m"
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: redis
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "128Mi"
+            cpu: "200m"
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: rabbitmq
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "256Mi"
+            cpu: "300m"
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: auth-service
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: "128Mi"
+            cpu: "50m"
+          limits:
+            memory: "256Mi"
+            cpu: "200m"
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: frontend
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/imagePullPolicy
+        value: Never
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: "128Mi"
+            cpu: "50m"
+          limits:
+            memory: "256Mi"
+            cpu: "200m"
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: alert-processor-service
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: "128Mi"
+            cpu: "50m"
+          limits:
+            memory: "256Mi"
+            cpu: "200m"
+
 configMapGenerator:
   - name: bakery-dev-config
     literals:
@@ -26,9 +121,11 @@ secretGenerator:
     literals:
       - DEV_MODE=true
 
-commonLabels:
-  environment: development
-  tier: local
+labels:
+  - includeSelectors: true
+    pairs:
+      environment: development
+      tier: local
 
 images:
   - name: bakery/auth-service