Add new infra architecture

docs/PRODUCTION_OPERATIONS_GUIDE.md

@@ -685,7 +685,7 @@ kubectl scale deployment auth-service -n bakery-ia --replicas=2
 # 2. Install MicroK8s (follow pilot launch guide)
 # 3. Copy latest backup to new VPS
 # 4. Deploy infrastructure and databases
-kubectl apply -k infrastructure/kubernetes/overlays/prod
+kubectl apply -k infrastructure/environments/prod/k8s-manifests
 
 # 5. Wait for databases to be ready
 kubectl wait --for=condition=ready pod -l app.kubernetes.io/component=database -n bakery-ia
@@ -699,7 +699,7 @@ for backup in /backups/latest/*.sql; do
 done
 
 # 7. Deploy services
-kubectl apply -k infrastructure/kubernetes/overlays/prod
+kubectl apply -k infrastructure/environments/prod/k8s-manifests
 
 # 8. Update DNS to point to new VPS
 # 9. Verify all services healthy
@@ -830,12 +830,12 @@ nproc
 kubectl scale deployment orders-service -n bakery-ia --replicas=5
 
 # Or update in kustomization for persistence
-# Edit: infrastructure/kubernetes/overlays/prod/kustomization.yaml
+# Edit: infrastructure/environments/prod/k8s-manifests/kustomization.yaml
 replicas:
   - name: orders-service
     count: 5
 
-kubectl apply -k infrastructure/kubernetes/overlays/prod
+kubectl apply -k infrastructure/environments/prod/k8s-manifests
 ```
 
 ### Auto-Scaling (HPA)
@@ -976,7 +976,7 @@ resources:
     memory: "1Gi"  # Increased from 512Mi
 
 # 4. Redeploy
-kubectl apply -k infrastructure/kubernetes/overlays/prod
+kubectl apply -k infrastructure/environments/prod/k8s-manifests
 ```
 
 #### Incident: Certificate Expired

docs/database-security.md

@@ -324,12 +324,12 @@ log_line_prefix = '%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '
 **Renewal Process:**
 ```bash
 # 1. Regenerate certificates (90 days before expiry)
-cd infrastructure/tls && ./generate-certificates.sh
+cd infrastructure/security/certificates && ./generate-certificates.sh
 
 # 2. Update Kubernetes secrets
 kubectl delete secret postgres-tls redis-tls -n bakery-ia
-kubectl apply -f infrastructure/kubernetes/base/secrets/postgres-tls-secret.yaml
-kubectl apply -f infrastructure/kubernetes/base/secrets/redis-tls-secret.yaml
+kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets/postgres-tls-secret.yaml
+kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets/redis-tls-secret.yaml
 
 # 3. Restart database pods (automatic)
 kubectl rollout restart deployment -l app.kubernetes.io/component=database -n bakery-ia
@@ -351,7 +351,7 @@ kubectl rollout restart deployment -l app.kubernetes.io/component=database -n ba
 ./scripts/update-k8s-secrets.sh
 
 # 4. Apply secrets
-kubectl apply -f infrastructure/kubernetes/base/secrets.yaml
+kubectl apply -f infrastructure/environments/common/configs/secrets.yaml
 
 # 5. Restart databases and services
 kubectl rollout restart deployment -n bakery-ia