Add new infra architecture 3

infrastructure/cicd/flux/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: flux-cd
+description: A Helm chart for deploying Flux CD GitOps toolkit for Bakery-IA
+type: application
+version: 0.1.0
+appVersion: "2.2.3"

infrastructure/cicd/flux/git-repository.yaml

@@ -1,16 +0,0 @@
-# Flux GitRepository for Bakery-IA
-# This resource tells Flux where to find the Git repository
-
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: bakery-ia
-  namespace: flux-system
-spec:
-  interval: 1m
-  url: http://gitea.bakery-ia.local/bakery/bakery-ia.git
-  ref:
-    branch: main
-  secretRef:
-    name: gitea-credentials
-  timeout: 60s

infrastructure/cicd/flux/kustomization.yaml

@@ -1,25 +0,0 @@
-# Kustomize build configuration for Flux resources
-# This file is used to build and apply the Flux resources
-#
-# IMPORTANT: Apply resources in this order:
-# 1. Install Flux CD first: flux install
-# 2. Apply this kustomization: kubectl apply -k infrastructure/cicd/flux/
-#
-# The GitRepository must be ready before the Flux Kustomization can reconcile.
-
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-# Resources to apply in order (namespace and secrets first, then sources, then kustomizations)
-resources:
-  - namespace.yaml
-  - git-repository.yaml
-  - flux-kustomization.yaml
-
-# Common labels for all resources
-commonLabels:
-  app.kubernetes.io/name: bakery-ia-cicd
-  app.kubernetes.io/component: flux
-  app.kubernetes.io/managed-by: kustomize
-
-# Note: Do NOT set namespace here as resources already have explicit namespaces

infrastructure/cicd/flux/namespace.yaml

@@ -1,15 +0,0 @@
-# Flux System Namespace
-# This namespace is required for Flux CD components
-# It should be created before any Flux resources are applied
-
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flux-system
-  labels:
-    app.kubernetes.io/name: flux
-    app.kubernetes.io/component: system
-    kubernetes.io/metadata.name: flux-system
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/warn: restricted

infrastructure/cicd/flux/templates/gitrepository.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.gitRepository }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: {{ .Values.gitRepository.name }}
+  namespace: {{ .Values.gitRepository.namespace }}
+spec:
+  interval: {{ .Values.gitRepository.interval }}
+  url: {{ .Values.gitRepository.url }}
+  ref:
+    branch: {{ .Values.gitRepository.ref.branch }}
+  secretRef:
+    name: {{ .Values.gitRepository.secretRef.name }}
+  timeout: {{ .Values.gitRepository.timeout }}
+{{- end }}

infrastructure/cicd/flux/templates/kustomization.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.kustomization }}
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: {{ .Values.kustomization.name }}
+  namespace: {{ .Values.kustomization.namespace }}
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: flux
+spec:
+  # Wait for GitRepository to be ready before reconciling
+  dependsOn: []
+  interval: {{ .Values.kustomization.interval }}
+  path: {{ .Values.kustomization.path }}
+  prune: {{ .Values.kustomization.prune }}
+  sourceRef:
+    kind: {{ .Values.kustomization.sourceRef.kind }}
+    name: {{ .Values.kustomization.sourceRef.name }}
+  targetNamespace: {{ .Values.kustomization.targetNamespace }}
+  timeout: {{ .Values.kustomization.timeout }}
+  retryInterval: {{ .Values.kustomization.retryInterval }}
+  wait: {{ .Values.kustomization.wait }}
+  {{- if .Values.kustomization.healthChecks }}
+  healthChecks:
+    {{- range .Values.kustomization.healthChecks }}
+    - apiVersion: {{ .apiVersion }}
+      kind: {{ .kind }}
+      name: {{ .name }}
+      namespace: {{ .namespace }}
+    {{- end }}
+  {{- end }}
+  {{- if .Values.kustomization.postBuild }}
+  postBuild:
+    substituteFrom:
+      {{- range .Values.kustomization.postBuild.substituteFrom }}
+      - kind: {{ .kind }}
+        name: {{ .name }}
+        {{- if .optional }}
+        optional: {{ .optional }}
+        {{- end }}
+      {{- end }}
+  {{- end }}
+{{- end }}

infrastructure/cicd/flux/templates/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.gitRepository.namespace }}
+  labels:
+    app.kubernetes.io/name: flux
+    kubernetes.io/metadata.name: {{ .Values.gitRepository.namespace }}

infrastructure/cicd/flux/values.yaml

@@ -1,22 +1,21 @@
-# Flux Kustomization for Bakery-IA Production Deployment
-# This resource tells Flux how to deploy the application
-#
-# Prerequisites:
-# 1. Flux CD must be installed: flux install
-# 2. GitRepository 'bakery-ia' must be created and ready
-# 3. Secret 'gitea-credentials' must exist in flux-system namespace
+# Default values for flux-cd
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
 
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
+gitRepository:
+  name: bakery-ia
+  namespace: flux-system
+  interval: 1m
+  url: http://gitea.bakery-ia.local/bakery/bakery-ia.git
+  ref:
+    branch: main
+  secretRef:
+    name: gitea-credentials
+  timeout: 60s
+
+kustomization:
   name: bakery-ia-prod
   namespace: flux-system
-  labels:
-    app.kubernetes.io/name: bakery-ia
-    app.kubernetes.io/component: flux
-spec:
-  # Wait for GitRepository to be ready before reconciling
-  dependsOn: []
   interval: 5m
   path: ./infrastructure/environments/prod
   prune: true
@@ -27,7 +26,6 @@ spec:
   timeout: 10m
   retryInterval: 1m
   wait: true
-  # Health checks for critical services
   healthChecks:
     # Core Infrastructure
     - apiVersion: apps/v1
@@ -65,7 +63,6 @@ spec:
       kind: Deployment
       name: notification-service
       namespace: bakery-ia
-  # Post-build variable substitution
   postBuild:
     substituteFrom:
       - kind: ConfigMap