bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
infrastructure/environments/dev/k8s-manifests/dev-certificate.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bakery-dev-tls-cert
namespace: bakery-ia
spec:
# Self-signed certificate for local development
secretName: bakery-dev-tls-cert
# Certificate duration
duration: 2160h # 90 days
renewBefore: 360h # 15 days
# Subject configuration
subject:
organizations:
- Bakery IA Development
# Common name
commonName: localhost
# DNS names this certificate is valid for
dnsNames:
- localhost
- bakery-ia.local
- api.bakery-ia.local
- monitoring.bakery-ia.local
- "*.bakery-ia.local"
# IP addresses (for localhost)
ipAddresses:
- 127.0.0.1
- ::1
# Use self-signed issuer for development
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
group: cert-manager.io
# Private key configuration
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
# Usages
usages:
- server auth
- client auth
- digital signature
- key encipherment

159
infrastructure/environments/dev/k8s-manifests/kustomization.yaml Normal file
View File

@@ -0,0 +1,159 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: bakery-ia-dev
# NOTE: Do NOT set a global namespace here.
# Each resource already has its namespace explicitly defined.
# A global namespace would incorrectly transform cluster-scoped resources
# like cert-manager namespaces.
resources:
- ../../../environments/common/configs
- ../../../platform/infrastructure
- ../../../platform/cert-manager
- ../../../platform/networking/ingress/overlays/dev
- ../../../platform/storage
- ../../../platform/mail/mailu
- ../../../services/databases
- ../../../services/microservices
# NOTE: cicd is NOT included here - it's deployed manually via Tilt triggers
# Run 'tilt trigger tekton-install' followed by 'tilt trigger tekton-pipelines-deploy'
# - ../../../cicd
- dev-certificate.yaml
# Dev-specific patches
patches:
- target:
kind: ConfigMap
name: bakery-config
patch: |-
- op: replace
path: /data/ENVIRONMENT
value: "development"
- op: replace
path: /data/DEBUG
value: "true"
# Suspend nominatim in dev to save resources
- target:
kind: StatefulSet
name: nominatim
patch: |-
- op: replace
path: /spec/replicas
value: 0
# Suspend nominatim-init job in dev (not needed when nominatim is scaled to 0)
- target:
kind: Job
name: nominatim-init
patch: |-
- op: replace
path: /spec/suspend
value: true
# Mailu TLS: Use self-signed dev certificate
- target:
kind: Deployment
name: mailu-front
patch: |-
- op: replace
path: /spec/template/spec/volumes/1/secret/secretName
value: "bakery-dev-tls-cert"
# Mailu Config: Update for dev environment
- target:
kind: ConfigMap
name: mailu-config
patch: |-
- op: replace
path: /data/DOMAIN
value: "bakery-ia.local"
- op: replace
path: /data/HOSTNAMES
value: "mail.bakery-ia.local"
- op: replace
path: /data/RELAY_LOGIN
value: "postmaster@bakery-ia.local"
- op: replace
path: /data/WEBMAIL_ADMIN
value: "admin@bakery-ia.local"
labels:
- includeSelectors: true
pairs:
environment: development
tier: local
# Dev image overrides - use local registry to avoid Docker Hub rate limits
# IMPORTANT: All image names must be lowercase (Docker requirement)
# The prepull-base-images.sh script converts names to lowercase when pushing to local registry
images:
# Database images
- name: postgres
newName: localhost:5000/postgres_17-alpine
newTag: latest
- name: redis
newName: localhost:5000/redis_7.4-alpine
newTag: latest
- name: rabbitmq
newName: localhost:5000/rabbitmq_4.1-management-alpine
newTag: latest
# Utility images
- name: busybox
newName: localhost:5000/busybox_1.36
newTag: latest
- name: curlimages/curl
newName: localhost:5000/curlimages_curl_latest
newTag: latest
- name: bitnami/kubectl
newName: localhost:5000/bitnami_kubectl_latest
newTag: latest
# Alpine variants
- name: alpine
newName: localhost:5000/alpine_3.19
newTag: latest
- name: alpine/git
newName: localhost:5000/alpine_git_2.43.0
newTag: latest
# CI/CD images (cached locally for consistency)
- name: gcr.io/kaniko-project/executor
newName: localhost:5000/gcr.io_kaniko-project_executor_v1.23.0
newTag: latest
- name: gcr.io/go-containerregistry/crane
newName: localhost:5000/gcr.io_go-containerregistry_crane_latest
newTag: latest
- name: registry.k8s.io/kustomize/kustomize
newName: localhost:5000/registry.k8s.io_kustomize_kustomize_v5.3.0
newTag: latest
# Storage images (lowercase - RELEASE becomes release)
- name: minio/minio
newName: localhost:5000/minio_minio_release.2024-11-07t00-52-20z
newTag: latest
- name: minio/mc
newName: localhost:5000/minio_mc_release.2024-11-17t19-35-25z
newTag: latest
# Geocoding
- name: mediagis/nominatim
newName: localhost:5000/mediagis_nominatim_4.4
newTag: latest
# Python base image
- name: python
newName: localhost:5000/python_3.11-slim
newTag: latest
# Mail server (Mailu)
- name: ghcr.io/mailu/nginx
newName: localhost:5000/ghcr.io_mailu_nginx_2024.06
newTag: latest
- name: ghcr.io/mailu/admin
newName: localhost:5000/ghcr.io_mailu_admin_2024.06
newTag: latest
- name: ghcr.io/mailu/postfix
newName: localhost:5000/ghcr.io_mailu_postfix_2024.06
newTag: latest
- name: ghcr.io/mailu/dovecot
newName: localhost:5000/ghcr.io_mailu_dovecot_2024.06
newTag: latest
- name: ghcr.io/mailu/rspamd
newName: localhost:5000/ghcr.io_mailu_rspamd_2024.06
newTag: latest