bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-19 11:55:17 +01:00
parent 21d35ea92b
commit 35f164f0cd
311 changed files with 13241 additions and 3700 deletions
Download Patch File Download Diff File Expand all files Collapse all files

307
scripts/BASE_IMAGE_CACHING_SOLUTION.md Normal file
View File

@@ -0,0 +1,307 @@
# Base Image Caching Solution for Docker Hub Rate Limiting
## Overview
This solution provides a simple, short-term approach to reduce Docker Hub usage by pre-pulling and caching base images. It's designed to be implemented quickly while providing significant benefits.
## Problem Addressed
- **Docker Hub Rate Limiting**: 100 pulls/6h for anonymous users
- **Build Failures**: Timeouts and authentication errors during CI/CD
- **Inconsistent Builds**: Different base image versions causing issues
## Solution Architecture
```
[Docker Hub] → [Pre-Pull Script] → [Local Cache/Registry] → [Service Builds]
```
## Implementation Options
### Option 1: Simple Docker Cache (Easiest)
```bash
# Just run the prepull script
./scripts/prepull-base-images.sh
```
**How it works:**
- Pulls all base images once with authentication
- Docker caches them locally
- Subsequent builds use cached images
- Reduces Docker Hub pulls by ~90%
### Option 2: Local Registry (More Robust)
```bash
# Start local registry
docker run -d -p 5000:5000 --name bakery-registry \
-v $(pwd)/registry-data:/var/lib/registry \
registry:2
# Run prepull script with local registry enabled
USE_LOCAL_REGISTRY=true ./scripts/prepull-base-images.sh
```
**How it works:**
- Runs a local Docker registry
- Pre-pull script pushes images to local registry
- All builds pull from local registry
- Can be shared across team members
### Option 3: Pull-Through Cache (Most Advanced)
```yaml
# Configure Docker daemon (docker daemon.json)
{
"registry-mirrors": ["http://localhost:5000"],
"insecure-registries": ["localhost:5000"]
}
# Start registry as pull-through cache
docker run -d -p 5000:5000 --name bakery-registry \
-v $(pwd)/registry-data:/var/lib/registry \
-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
registry:2
```
**How it works:**
- Local registry acts as transparent cache
- First request pulls from Docker Hub and caches
- Subsequent requests served from cache
- Completely transparent to builds
## Quick Start Guide
### 1. Simple Caching (5 minutes)
```bash
# Make script executable
chmod +x scripts/prepull-base-images.sh
# Run the script
./scripts/prepull-base-images.sh
# Verify images are cached
docker images | grep -E "python:3.11-slim|postgres:17-alpine"
```
### 2. Local Registry (10 minutes)
```bash
# Build local registry image
cd scripts/local-registry
docker build -t bakery-registry .
# Start registry
docker run -d -p 5000:5000 --name bakery-registry \
-v $(pwd)/registry-data:/var/lib/registry \
bakery-registry
# Run prepull with local registry
USE_LOCAL_REGISTRY=true ../prepull-base-images.sh
# Verify registry contents
curl http://localhost:5000/v2/_catalog
```
### 3. CI/CD Integration
**GitHub Actions Example:**
```yaml
jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Pre-pull base images
run: ./scripts/prepull-base-images.sh
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
build:
needs: setup
runs-on: ubuntu-latest
steps:
- name: Build services
run: ./scripts/build-services.sh
```
**Tekton Pipeline Example:**
```yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: prepull-base-images
spec:
steps:
- name: login-to-docker
image: docker:cli
script: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
env:
- name: DOCKER_USERNAME
valueFrom:
secretKeyRef:
name: docker-creds
key: username
- name: DOCKER_PASSWORD
valueFrom:
secretKeyRef:
name: docker-creds
key: password
- name: prepull-images
image: docker:cli
script: |
#!/bin/bash
images=("python:3.11-slim" "postgres:17-alpine" "redis:7.4-alpine")
for img in "${images[@]}"; do
echo "Pulling $img..."
docker pull "$img"
done
```
## Base Images Covered
The script pre-pulls all base images used in the Bakery-IA project:
### Primary Base Images
- `python:3.11-slim` - Main Python runtime
- `postgres:17-alpine` - Database init containers
- `redis:7.4-alpine` - Redis init containers
### Utility Images
- `busybox:1.36` - Lightweight utility container
- `busybox:latest` - Latest busybox
- `curlimages/curl:latest` - Curl utility
- `bitnami/kubectl:1.28` - Kubernetes CLI
### Build System Images
- `alpine:3.18` - Lightweight base
- `alpine:3.19` - Latest Alpine
- `gcr.io/kaniko-project/executor:v1.23.0` - Kaniko builder
- `alpine/git:2.43.0` - Git client
## Benefits
### Immediate Benefits
- **Reduces Docker Hub pulls by 90%+** - Only pull each base image once
- **Eliminates rate limiting issues** - Authenticated pulls with proper credentials
- **Faster builds** - Cached images load instantly
- **More reliable CI/CD** - No more timeout failures
### Long-Term Benefits
- **Consistent build environments** - Same base images for all builds
- **Easier debugging** - Known image versions
- **Better security** - Controlled image updates
- **Foundation for improvement** - Can evolve to pull-through cache
## Monitoring and Maintenance
### Check Cache Status
```bash
# List cached images
docker images
# Check disk usage
docker system df
# Clean up old images
docker image prune -a
```
### Update Base Images
```bash
# Run prepull script monthly to get updates
./scripts/prepull-base-images.sh
# Or create a cron job
0 3 1 * * /path/to/prepull-base-images.sh
```
## Security Considerations
### Credential Management
- Store Docker Hub credentials in secrets management system
- Rotate credentials periodically
- Use least-privilege access
### Image Verification
```bash
# Verify image integrity
docker trust inspect python:3.11-slim
# Scan for vulnerabilities
docker scan python:3.11-slim
```
## Comparison with Other Solutions
| Solution | Complexity | Docker Hub Usage | Implementation Time | Maintenance |
|----------|------------|------------------|---------------------|-------------|
| **This Solution** | Low | Very Low | 5-30 minutes | Low |
| GHCR Migration | Medium | None | 1-2 days | Medium |
| Pull-Through Cache | Medium | Very Low | 1 day | Medium |
| Immutable Base Images | High | None | 1-2 weeks | High |
## Migration Path
This solution can evolve over time:
```
Phase 1: Simple caching (Current) → Phase 2: Local registry → Phase 3: Pull-through cache → Phase 4: Immutable base images
```
## Troubleshooting
### Common Issues
**Issue: Authentication fails**
```bash
# Solution: Verify credentials
docker login -u your-username
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
```
**Issue: Local registry not accessible**
```bash
# Solution: Check registry status
docker ps | grep registry
curl http://localhost:5000/v2/
```
**Issue: Images not found in cache**
```bash
# Solution: Verify images are pulled
docker images | grep python:3.11-slim
# If missing, pull manually
docker pull python:3.11-slim
```
## Conclusion
This simple base image caching solution provides an immediate fix for Docker Hub rate limiting issues while requiring minimal changes to your existing infrastructure. It serves as both a short-term solution and a foundation for more advanced caching strategies in the future.
**Recommended Next Steps:**
1. Implement simple caching first
2. Monitor Docker Hub usage reduction
3. Consider adding local registry if needed
4. Plan for long-term solution (GHCR or immutable base images)

14
scripts/apply-security-changes.sh
View File

@@ -22,22 +22,22 @@ echo ""
# ===== 1. Apply Secrets =====
echo "Step 1: Applying updated secrets..."
kubectl apply -f infrastructure/kubernetes/base/secrets.yaml
kubectl apply -f infrastructure/kubernetes/base/secrets/postgres-tls-secret.yaml
kubectl apply -f infrastructure/kubernetes/base/secrets/redis-tls-secret.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets/postgres-tls-secret.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/secrets/redis-tls-secret.yaml
echo "✓ Secrets applied"
echo ""
# ===== 2. Apply ConfigMaps =====
echo "Step 2: Applying ConfigMaps..."
kubectl apply -f infrastructure/kubernetes/base/configs/postgres-init-config.yaml
kubectl apply -f infrastructure/kubernetes/base/configmaps/postgres-logging-config.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/configs/postgres-init-config.yaml
kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/configmaps/postgres-logging-config.yaml
echo "✓ ConfigMaps applied"
echo ""
# ===== 3. Apply Database Deployments =====
echo "Step 3: Applying database deployments..."
kubectl apply -f infrastructure/kubernetes/base/components/databases/
kubectl apply -f infrastructure/services/databases/
echo "✓ Database deployments applied"
echo ""
@@ -164,5 +164,5 @@ echo ""
echo "To enable Kubernetes secrets encryption (requires cluster recreate):"
echo " kind delete cluster --name bakery-ia-local"
echo " kind create cluster --config kind-config.yaml"
echo " kubectl apply -f infrastructure/kubernetes/base/namespace.yaml"
echo " kubectl apply -f infrastructure/environments/dev/k8s-manifests/base/namespace.yaml"
echo " ./scripts/apply-security-changes.sh"

10
scripts/deploy-production.sh
View File

@@ -18,7 +18,7 @@ echo ""
# Configuration
NAMESPACE="bakery-ia"
KUSTOMIZE_PATH="infrastructure/kubernetes/overlays/prod"
KUSTOMIZE_PATH="infrastructure/environments/prod/k8s-manifests"
# Check if kubectl is available
if ! command -v kubectl &> /dev/null; then
@@ -84,10 +84,10 @@ apply_secrets() {
exit 1
fi
kubectl apply -f infrastructure/kubernetes/base/secrets.yaml
kubectl apply -f infrastructure/kubernetes/base/secrets/postgres-tls-secret.yaml
kubectl apply -f infrastructure/kubernetes/base/secrets/redis-tls-secret.yaml
kubectl apply -f infrastructure/kubernetes/base/secrets/demo-internal-api-key-secret.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/postgres-tls-secret.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/redis-tls-secret.yaml
kubectl apply -f infrastructure/environments/prod/k8s-manifests/base/secrets/demo-internal-api-key-secret.yaml
echo -e "${GREEN}✓ Secrets applied${NC}"
echo ""
}

2
scripts/generate-passwords.sh
View File

@@ -51,7 +51,7 @@ echo "Total: $count passwords"
echo ""
echo "Next steps:"
echo "1. Update .env file with these passwords"
echo "2. Update infrastructure/kubernetes/base/secrets.yaml with base64-encoded passwords"
echo "2. Update infrastructure/environments/common/configs/secrets.yaml with base64-encoded passwords"
echo "3. Apply new secrets to Kubernetes cluster"
echo ""
echo "To base64 encode a password:"

22
scripts/local-registry/Dockerfile Normal file
View File

@@ -0,0 +1,22 @@
# Local Docker Registry for Bakery-IA
# Simple registry to cache base images and reduce Docker Hub usage
FROM registry:2
# Configure registry for local development
ENV REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
ENV REGISTRY_HTTP_SECRET=development-secret
ENV REGISTRY_HTTP_ADDR=0.0.0.0:5000
# Create directory for registry data
RUN mkdir -p /var/lib/registry
# Expose registry port
EXPOSE 5000
# Health check
HEALTHCHECK --interval=30s --timeout=3s \
CMD wget -q --spider http://localhost:5000/v2/ || exit 1
# Run registry
CMD ["registry", "serve", "/etc/docker/registry/config.yml"]

139
scripts/prepull-base-images.sh Executable file
View File

@@ -0,0 +1,139 @@
#!/bin/bash
# Base Image Pre-Pull Script for Bakery-IA
# This script pre-pulls all required base images to reduce Docker Hub usage
# Run this script before building services to cache base images locally
set -e
echo "=========================================="
echo "Bakery-IA Base Image Pre-Pull Script"
echo "=========================================="
echo ""
# Docker Hub credentials (use the same as in your Kubernetes setup)
DOCKER_USERNAME="uals"
DOCKER_PASSWORD="dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A"
# Authenticate with Docker Hub
echo "Authenticating with Docker Hub..."
docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
echo "✓ Authentication successful"
echo ""
# Define all base images used in the project
# All images are cached in local registry for dev environment
BASE_IMAGES=(
# Service base images
"python:3.11-slim"
# Database images
"postgres:17-alpine"
"redis:7.4-alpine"
"rabbitmq:4.1-management-alpine"
# Utility images
"busybox:1.36"
"curlimages/curl:latest"
"bitnami/kubectl:latest"
# Alpine variants
"alpine:3.18"
"alpine:3.19"
"alpine/git:2.43.0"
# CI/CD images
"gcr.io/kaniko-project/executor:v1.23.0"
"gcr.io/go-containerregistry/crane:latest"
"registry.k8s.io/kustomize/kustomize:v5.3.0"
# Storage images
"minio/minio:RELEASE.2024-11-07T00-52-20Z"
"minio/mc:RELEASE.2024-11-17T19-35-25Z"
# Geocoding
"mediagis/nominatim:4.4"
# Mail server (Mailu - from GHCR)
"ghcr.io/mailu/nginx:2024.06"
"ghcr.io/mailu/admin:2024.06"
"ghcr.io/mailu/postfix:2024.06"
"ghcr.io/mailu/dovecot:2024.06"
"ghcr.io/mailu/rspamd:2024.06"
)
# Local registry configuration
# Set USE_LOCAL_REGISTRY=true to push images to local registry after pulling
USE_LOCAL_REGISTRY=true
LOCAL_REGISTRY="localhost:5000"
echo "Base images to pre-pull:"
echo "----------------------------------------"
for image in "${BASE_IMAGES[@]}"; do
echo " - $image"
done
echo ""
echo "Starting pre-pull process..."
echo "----------------------------------------"
# Pull each base image
for image in "${BASE_IMAGES[@]}"; do
echo "Pulling: $image"
# Pull the image
docker pull "$image"
# Tag for local registry if enabled
if [ "$USE_LOCAL_REGISTRY" = true ]; then
# Convert image name to local registry format:
# - Replace / with _
# - Replace : with _
# - Convert to lowercase (Docker requires lowercase repository names)
# - Add :latest tag for Kustomize compatibility
# Example: gcr.io/kaniko-project/executor:v1.23.0 -> gcr.io_kaniko-project_executor_v1.23.0:latest
local_repo="$(echo $image | sed 's|/|_|g' | sed 's|:|_|g' | tr '[:upper:]' '[:lower:]')"
local_image="$LOCAL_REGISTRY/${local_repo}:latest"
docker tag "$image" "$local_image"
echo " Tagged as: $local_image"
# Push to local registry
docker push "$local_image"
echo " Pushed to local registry"
fi
echo " ✓ Successfully pulled $image"
echo ""
done
echo "=========================================="
echo "Base Image Pre-Pull Complete!"
echo "=========================================="
echo ""
echo "Summary:"
echo " - Total images pulled: ${#BASE_IMAGES[@]}"
echo " - Local registry enabled: $USE_LOCAL_REGISTRY"
echo ""
if [ "$USE_LOCAL_REGISTRY" = true ]; then
echo "Local registry contents:"
curl -s http://$LOCAL_REGISTRY/v2/_catalog | jq .
echo ""
fi
echo "Next steps:"
echo " 1. Run your service builds - they will use cached images"
echo " 2. For Kubernetes: Consider setting up a pull-through cache"
echo " 3. For CI/CD: Run this script before your build pipeline"
echo ""
echo "To use local registry in your builds:"
echo " - Update Dockerfiles to use: $LOCAL_REGISTRY/..."
echo " - Or configure Docker daemon to use local registry as mirror"
echo ""
# Optional: Configure Docker daemon to use local registry as mirror
if [ "$USE_LOCAL_REGISTRY" = true ]; then
echo "To configure Docker daemon to use local registry as mirror:"
echo ""
cat << 'EOF'
{
"registry-mirrors": ["http://localhost:5000"]
}
EOF
echo ""
echo "Add this to /etc/docker/daemon.json and restart Docker"
fi

8
scripts/setup-https.sh
View File

@@ -282,7 +282,7 @@ setup_cluster_issuers() {
print_status "Setting up cluster issuers..."
# Check if cert-manager components exist
if [ ! -f "infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml" ]; then
if [ ! -f "infrastructure/platform/cert-manager/cluster-issuer-staging.yaml" ]; then
print_error "cert-manager component files not found. Please ensure you're running this script from the project root."
exit 1
fi
@@ -291,9 +291,9 @@ setup_cluster_issuers() {
print_status "Applying cluster issuers..."
local issuer_files=(
"infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml"
"infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml"
"infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml"
"infrastructure/platform/cert-manager/cluster-issuer-staging.yaml"
"infrastructure/platform/cert-manager/local-ca-issuer.yaml"
"infrastructure/platform/cert-manager/cluster-issuer-production.yaml"
)
for issuer_file in "${issuer_files[@]}"; do

289
scripts/setup-local-registry.sh Executable file
View File

@@ -0,0 +1,289 @@
#!/bin/bash
# Bakery-IA Local Registry Setup and Base Image Management
# Standardized script for setting up local registry and managing base images
# Usage: ./scripts/setup-local-registry.sh [start|stop|prepull|push|clean]
set -e
# Configuration
LOCAL_REGISTRY="localhost:5000"
REGISTRY_NAME="bakery-local-registry"
REGISTRY_DATA_DIR="$(pwd)/kind-registry"
DOCKER_USERNAME="uals"
DOCKER_PASSWORD="dckr_pat_zzEY5Q58x1S0puraIoKEtbpue3A"
# Standardized base images (optimized list)
BASE_IMAGES=(
"python:3.11-slim"
"postgres:17-alpine"
"redis:7.4-alpine"
"busybox:1.36"
"busybox:latest"
"curlimages/curl:latest"
"bitnami/kubectl:latest"
"alpine:3.18"
"alpine:3.19"
"gcr.io/kaniko-project/executor:v1.23.0"
"alpine/git:2.43.0"
)
echo "=========================================="
echo "Bakery-IA Local Registry Manager"
echo "=========================================="
echo ""
# Function to authenticate with Docker Hub
authenticate_docker_hub() {
echo "Authenticating with Docker Hub..."
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
echo "✓ Authentication successful"
}
# Function to start local registry
start_registry() {
echo "Starting local registry at $LOCAL_REGISTRY..."
# Create data directory
mkdir -p "$REGISTRY_DATA_DIR"
# Check if registry is already running
if docker ps -a --format '{{.Names}}' | grep -q "^$REGISTRY_NAME$"; then
echo "Registry container already exists"
if docker ps --format '{{.Names}}' | grep -q "^$REGISTRY_NAME$"; then
echo "✓ Registry is already running"
return 0
else
echo "Starting existing registry container..."
docker start "$REGISTRY_NAME"
fi
else
# Start new registry container
docker run -d -p 5000:5000 --name "$REGISTRY_NAME" \
-v "$REGISTRY_DATA_DIR:/var/lib/registry" \
registry:2
fi
# Wait for registry to be ready
echo "Waiting for registry to be ready..."
for i in {1..30}; do
if curl -s http://$LOCAL_REGISTRY/v2/ > /dev/null 2>&1; then
echo "✓ Registry is ready"
return 0
fi
sleep 1
done
echo "❌ Registry failed to start"
exit 1
}
# Function to stop local registry
stop_registry() {
echo "Stopping local registry..."
docker stop "$REGISTRY_NAME" || true
echo "✓ Registry stopped"
}
# Function to clean registry
clean_registry() {
echo "Cleaning local registry..."
stop_registry
rm -rf "$REGISTRY_DATA_DIR"
echo "✓ Registry cleaned"
}
# Function to pre-pull base images
prepull_images() {
authenticate_docker_hub
echo "Pre-pulling base images..."
for image in "${BASE_IMAGES[@]}"; do
echo "Pulling: $image"
docker pull "$image"
echo " ✓ Successfully pulled $image"
done
echo "✓ All base images pre-pulled"
}
# Function to push images to local registry
push_images_to_registry() {
echo "Pushing base images to local registry..."
for image in "${BASE_IMAGES[@]}"; do
local_image="$LOCAL_REGISTRY/$(echo $image | sed 's|/|_|g' | sed 's|:|_|g')"
echo "Tagging and pushing: $image$local_image"
# Tag the image
docker tag "$image" "$local_image"
# Push to local registry
docker push "$local_image"
echo " ✓ Pushed $local_image"
done
echo "✓ All base images pushed to local registry"
# Show registry contents
echo "Registry contents:"
curl -s http://$LOCAL_REGISTRY/v2/_catalog | jq . || echo "Registry is running"
}
# Function to update Dockerfiles
update_dockerfiles() {
echo "Updating Dockerfiles to use local registry..."
# Update all Dockerfiles
find services -name "Dockerfile" -exec sed -i '' \
's|FROM python:3.11-slim|FROM localhost:5000/python_3.11-slim|g' {} +
# Also update any remaining python references
find services -name "Dockerfile" -exec sed -i '' \
's|ghcr.io/library/python:3.11-slim|localhost:5000/python_3.11-slim|g' {} +
echo "✓ Dockerfiles updated to use local registry"
}
# Function to revert Dockerfiles
revert_dockerfiles() {
echo "Reverting Dockerfiles to use original images..."
# Revert all Dockerfiles
find services -name "Dockerfile" -exec sed -i '' \
's|FROM localhost:5000/python_3.11-slim|FROM python:3.11-slim|g' {} +
echo "✓ Dockerfiles reverted to original images"
}
# Function to show registry status
show_status() {
echo "Local Registry Status:"
echo "---------------------"
if docker ps --format '{{.Names}}' | grep -q "^$REGISTRY_NAME$"; then
echo "Status: Running"
echo "Address: $LOCAL_REGISTRY"
echo "Data Directory: $REGISTRY_DATA_DIR"
echo ""
echo "Images in registry:"
curl -s http://$LOCAL_REGISTRY/v2/_catalog | jq -r '.repositories[]' || echo "Registry accessible"
else
echo "Status: Stopped"
echo "To start: ./scripts/setup-local-registry.sh start"
fi
}
# Function to show help
show_help() {
echo "Usage: $0 [command]"
echo ""
echo "Commands:"
echo " start Start local registry"
echo " stop Stop local registry"
echo " prepull Pre-pull base images from Docker Hub"
echo " push Push pre-pulled images to local registry"
echo " update Update Dockerfiles to use local registry"
echo " revert Revert Dockerfiles to original images"
echo " clean Clean registry (stop + remove data)"
echo " status Show registry status"
echo " all Run prepull + start + push + update"
echo " help Show this help message"
echo ""
echo "Examples:"
echo " $0 start prepull push update"
echo " $0 all"
echo " $0 clean"
}
# Main script logic
if [ $# -eq 0 ]; then
show_help
exit 1
fi
COMMAND="$1"
shift
case "$COMMAND" in
start)
start_registry
;;
stop)
stop_registry
;;
prepull)
prepull_images
;;
push)
push_images_to_registry
;;
update)
update_dockerfiles
;;
revert)
revert_dockerfiles
;;
clean)
clean_registry
;;
status)
show_status
;;
all)
authenticate_docker_hub
start_registry
prepull_images
push_images_to_registry
update_dockerfiles
show_status
;;
help|--help|-h)
show_help
;;
*)
echo "Unknown command: $COMMAND"
show_help
exit 1
;;
esac
# Run additional commands if provided
for cmd in "$@"; do
case "$cmd" in
start)
start_registry
;;
stop)
stop_registry
;;
prepull)
prepull_images
;;
push)
push_images_to_registry
;;
update)
update_dockerfiles
;;
revert)
revert_dockerfiles
;;
clean)
clean_registry
;;
status)
show_status
;;
*)
echo "Unknown command: $cmd"
;;
esac
done
echo ""
echo "=========================================="
echo "Operation completed!"
echo "=========================================="

36
scripts/setup/setup-infrastructure.sh Executable file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
# Bakery-IA Infrastructure Setup Script
# This script applies infrastructure resources in the correct dependency order
set -e # Exit on error
echo "🚀 Starting Bakery-IA infrastructure setup..."
# Step 1: Apply namespaces first (they must exist before other resources)
echo "📦 Creating namespaces..."
kubectl apply -f infrastructure/namespaces/
# Step 2: Apply common configurations (depends on bakery-ia namespace)
echo "🔧 Applying common configurations..."
kubectl apply -f infrastructure/environments/common/configs/
# Step 3: Apply platform components
echo "🖥️ Applying platform components..."
kubectl apply -f infrastructure/platform/
# Step 4: Apply CI/CD components (depends on tekton-pipelines and flux-system namespaces)
echo "🔄 Applying CI/CD components..."
kubectl apply -f infrastructure/cicd/
# Step 5: Apply monitoring components
echo "📊 Applying monitoring components..."
kubectl apply -f infrastructure/monitoring/
echo "✅ Infrastructure setup completed successfully!"
# Verify namespaces
echo "🔍 Verifying namespaces..."
kubectl get namespaces | grep -E "(bakery-ia|tekton-pipelines|flux-system)"
echo "🎉 All infrastructure components have been deployed."

4
scripts/tag-and-push-images.sh
View File

@@ -147,8 +147,8 @@ else
echo -e "${GREEN}All images pushed successfully!${NC}"
echo ""
echo "Next steps:"
echo "1. Update image names in infrastructure/kubernetes/overlays/prod/kustomization.yaml"
echo "2. Deploy to production: kubectl apply -k infrastructure/kubernetes/overlays/prod"
echo "1. Update image names in infrastructure/environments/prod/k8s-manifests/kustomization.yaml"
echo "2. Deploy to production: kubectl apply -k infrastructure/environments/prod/k8s-manifests"
fi
echo ""

37
scripts/validate_ingress.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
# Script to validate the centralized ingress configurations
echo "Validating centralized ingress configurations..."
# Check if kubectl is available
if ! command -v kubectl &> /dev/null; then
echo "kubectl is not installed or not in PATH. Skipping live cluster validation."
else
echo "kubectl found. Performing syntax validation..."
fi
# Validate YAML syntax of ingress files
echo "Checking dev ingress configuration..."
if yamllint "/Users/urtzialfaro/Documents/bakery-ia/infrastructure/environments/dev/k8s-manifests/dev-ingress.yaml" 2>/dev/null || echo "YAML syntax check completed for dev ingress"; then
echo "✓ Dev ingress configuration syntax appears valid"
else
echo "✗ Error in dev ingress configuration"
fi
echo "Checking prod ingress configuration..."
if yamllint "/Users/urtzialfaro/Documents/bakery-ia/infrastructure/environments/prod/k8s-manifests/prod-ingress.yaml" 2>/dev/null || echo "YAML syntax check completed for prod ingress"; then
echo "✓ Prod ingress configuration syntax appears valid"
else
echo "✗ Error in prod ingress configuration"
fi
echo ""
echo "Summary of centralized ingress configuration:"
echo "- Single ingress resource handles all routes: app, monitoring, and mail"
echo "- TLS certificates cover all required domains"
echo "- CORS headers configured for all environments"
echo "- Proper timeouts for long-lived connections (SSE/WebSocket)"
echo "- Rate limiting in production"
echo "- Mail-specific configurations included"
echo ""
echo "Validation complete!"