bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
infrastructure/platform/networking/ingress/base/ingress.yaml Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bakery-ingress
namespace: bakery-ia
labels:
app.kubernetes.io/name: bakery-ia
app.kubernetes.io/component: ingress
annotations:
# Nginx ingress controller annotations
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
# SSE and WebSocket configuration for long-lived connections
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/upstream-keepalive-timeout: "3600"
# WebSocket upgrade support
nginx.ingress.kubernetes.io/websocket-services: "gateway-service"
# CORS configuration
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin, Cache-Control"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- DOMAIN_PLACEHOLDER # To be replaced by kustomize
- gitea.DOMAIN_PLACEHOLDER # To be replaced by kustomize
- mail.DOMAIN_PLACEHOLDER # To be replaced by kustomize
secretName: TLS_SECRET_PLACEHOLDER # To be replaced by kustomize
rules:
# Main application routes
- host: DOMAIN_PLACEHOLDER # To be replaced by kustomize
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 3000
- path: /api
pathType: Prefix
backend:
service:
name: gateway-service
port:
number: 8000
# Gitea CI/CD route
- host: gitea.DOMAIN_PLACEHOLDER # To be replaced by kustomize
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea-http
port:
number: 3000
# Mail server web interface (webmail and admin)
- host: mail.DOMAIN_PLACEHOLDER # To be replaced by kustomize
http:
paths:
- path: /webmail
pathType: Prefix
backend:
service:
name: mailu-front
port:
number: 80
- path: /admin
pathType: Prefix
backend:
service:
name: mailu-front
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: mailu-front
port:
number: 80

5
infrastructure/platform/networking/ingress/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ingress.yaml

5
infrastructure/platform/networking/ingress/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- base/

37
infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namePrefix: dev-
patches:
- target:
kind: Ingress
name: bakery-ingress
patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: bakery-ia.local
- op: replace
path: /spec/tls/0/hosts/1
value: gitea.bakery-ia.local
- op: replace
path: /spec/tls/0/hosts/2
value: mail.bakery-ia.local
- op: replace
path: /spec/tls/0/secretName
value: bakery-dev-tls-cert
- op: replace
path: /spec/rules/0/host
value: bakery-ia.local
- op: replace
path: /spec/rules/1/host
value: gitea.bakery-ia.local
- op: replace
path: /spec/rules/2/host
value: mail.bakery-ia.local
- op: replace
path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
value: "https://localhost,https://localhost:3000,https://localhost:3001,https://127.0.0.1,https://127.0.0.1:3000,https://127.0.0.1:3001,https://bakery-ia.local,http://localhost,http://localhost:3000,http://localhost:3001,http://127.0.0.1,http://127.0.0.1:3000"

49
infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namePrefix: prod-
patches:
- target:
kind: Ingress
name: bakery-ingress
patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: bakewise.ai
- op: replace
path: /spec/tls/0/hosts/1
value: gitea.bakewise.ai
- op: replace
path: /spec/tls/0/hosts/2
value: mail.bakewise.ai
- op: replace
path: /spec/tls/0/secretName
value: bakery-ia-prod-tls-cert
- op: replace
path: /spec/rules/0/host
value: bakewise.ai
- op: replace
path: /spec/rules/1/host
value: gitea.bakewise.ai
- op: replace
path: /spec/rules/2/host
value: mail.bakewise.ai
- op: add
path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai"
- op: add
path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-rps
value: "100"
- op: add
path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-connections
value: "50"
- op: add
path: /metadata/annotations/cert-manager.io~1cluster-issuer
value: "letsencrypt-production"
- op: add
path: /metadata/annotations/cert-manager.io~1acme-challenge-type
value: "http01"