bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve kubernetes for prod

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-11-06 11:04:50 +01:00
parent 8001c42e75
commit 3007bde05b
59 changed files with 4629 additions and 1739 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
skaffold.yaml
View File

@@ -102,20 +102,95 @@ deploy:
kustomize:
paths:
- infrastructure/kubernetes/overlays/dev
statusCheck: true
statusCheckDeadlineSeconds: 600
kubectl:
hooks:
before:
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo '🔐 Bakery IA Secure Deployment'"]
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo 'Applying security configurations...'"]
- host:
command: ["sh", "-c", "echo ' - TLS certificates for PostgreSQL and Redis'"]
- host:
command: ["sh", "-c", "echo ' - Strong passwords (32-character)'"]
- host:
command: ["sh", "-c", "echo ' - PersistentVolumeClaims for data persistence'"]
- host:
command: ["sh", "-c", "echo ' - pgcrypto extension for encryption at rest'"]
- host:
command: ["sh", "-c", "echo ' - PostgreSQL audit logging'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/secrets.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/secrets/postgres-tls-secret.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/secrets/redis-tls-secret.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/configs/postgres-init-config.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/configmaps/postgres-logging-config.yaml"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo '✅ Security configurations applied'"]
- host:
command: ["sh", "-c", "echo ''"]
after:
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo '✅ Deployment Complete!'"]
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo 'Security Features Enabled:'"]
- host:
command: ["sh", "-c", "echo ' ✅ TLS encryption for all database connections'"]
- host:
command: ["sh", "-c", "echo ' ✅ Strong 32-character passwords'"]
- host:
command: ["sh", "-c", "echo ' ✅ Persistent storage (PVCs) - no data loss'"]
- host:
command: ["sh", "-c", "echo ' ✅ pgcrypto extension for column encryption'"]
- host:
command: ["sh", "-c", "echo ' ✅ PostgreSQL audit logging enabled'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo 'Verify deployment:'"]
- host:
command: ["sh", "-c", "echo ' kubectl get pods -n bakery-ia'"]
- host:
command: ["sh", "-c", "echo ' kubectl get pvc -n bakery-ia'"]
- host:
command: ["sh", "-c", "echo ''"]
# Default deployment uses dev overlay
# Default deployment uses dev overlay with full security features
# Access via ingress: http://localhost (or https://localhost)
#
# Available profiles:
# - dev: Local development (default)
# - dev: Local development with full security (default)
# - debug: Local development with port forwarding for debugging
# - prod: Production deployment with production settings
#
# Usage:
# skaffold dev # Uses default dev overlay
# skaffold dev -p dev # Explicitly use dev profile
# skaffold dev -p debug # Use debug profile with port forwarding
# skaffold run -p prod # Use prod profile for production
# skaffold dev # Uses secure dev overlay
# skaffold dev -p debug # Use debug profile with port forwarding
# skaffold run -p prod # Use prod profile for production
profiles:
- name: dev