Add new infra architecture

infrastructure/cicd/flux/flux-kustomization.yaml

@@ -0,0 +1,76 @@
+# Flux Kustomization for Bakery-IA Production Deployment
+# This resource tells Flux how to deploy the application
+#
+# Prerequisites:
+# 1. Flux CD must be installed: flux install
+# 2. GitRepository 'bakery-ia' must be created and ready
+# 3. Secret 'gitea-credentials' must exist in flux-system namespace
+
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: bakery-ia-prod
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: flux
+spec:
+  # Wait for GitRepository to be ready before reconciling
+  dependsOn: []
+  interval: 5m
+  path: ./infrastructure/environments/prod
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: bakery-ia
+  targetNamespace: bakery-ia
+  timeout: 10m
+  retryInterval: 1m
+  wait: true
+  # Health checks for critical services
+  healthChecks:
+    # Core Infrastructure
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: gateway
+      namespace: bakery-ia
+    # Authentication & Authorization
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: auth-service
+      namespace: bakery-ia
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: tenant-service
+      namespace: bakery-ia
+    # Core Business Services
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: inventory-service
+      namespace: bakery-ia
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: orders-service
+      namespace: bakery-ia
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: pos-service
+      namespace: bakery-ia
+    # Data Services
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: forecasting-service
+      namespace: bakery-ia
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: notification-service
+      namespace: bakery-ia
+  # Post-build variable substitution
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: bakery-ia-config
+        optional: true
+      - kind: Secret
+        name: bakery-ia-secrets
+        optional: true

infrastructure/cicd/flux/git-repository.yaml

@@ -0,0 +1,16 @@
+# Flux GitRepository for Bakery-IA
+# This resource tells Flux where to find the Git repository
+
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: bakery-ia
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: http://gitea.bakery-ia.local/bakery/bakery-ia.git
+  ref:
+    branch: main
+  secretRef:
+    name: gitea-credentials
+  timeout: 60s

infrastructure/cicd/flux/kustomization.yaml

@@ -0,0 +1,25 @@
+# Kustomize build configuration for Flux resources
+# This file is used to build and apply the Flux resources
+#
+# IMPORTANT: Apply resources in this order:
+# 1. Install Flux CD first: flux install
+# 2. Apply this kustomization: kubectl apply -k infrastructure/cicd/flux/
+#
+# The GitRepository must be ready before the Flux Kustomization can reconcile.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Resources to apply in order (namespace and secrets first, then sources, then kustomizations)
+resources:
+  - namespace.yaml
+  - git-repository.yaml
+  - flux-kustomization.yaml
+
+# Common labels for all resources
+commonLabels:
+  app.kubernetes.io/name: bakery-ia-cicd
+  app.kubernetes.io/component: flux
+  app.kubernetes.io/managed-by: kustomize
+
+# Note: Do NOT set namespace here as resources already have explicit namespaces

infrastructure/cicd/flux/namespace.yaml

@@ -0,0 +1,15 @@
+# Flux System Namespace
+# This namespace is required for Flux CD components
+# It should be created before any Flux resources are applied
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system
+  labels:
+    app.kubernetes.io/name: flux
+    app.kubernetes.io/component: system
+    kubernetes.io/metadata.name: flux-system
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/warn: restricted