Add new infra architecture 13

infrastructure/cicd/tekton-helm/templates/task-kaniko-build.yaml

@@ -29,7 +29,7 @@ spec:
     - name: base-registry
       type: string
       description: Base image registry URL (e.g., docker.io, ghcr.io/org)
-      default: "gitea-http.gitea.svc.cluster.local:3000/bakery-admin"
+      default: "registry.bakewise.ai/bakery-admin"
     - name: python-image
       type: string
       description: Python base image name and tag

infrastructure/cicd/tekton-helm/templates/task-run-tests.yaml

@@ -23,7 +23,7 @@ spec:
       default: "false"
   steps:
     - name: run-unit-tests
-      image: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/python_3.11-slim:latest
+      image: registry.bakewise.ai/bakery-admin/python:3.11-slim
       workingDir: $(workspaces.source.path)
       script: |
         #!/bin/bash
@@ -57,7 +57,7 @@ spec:
           cpu: 200m
           memory: 512Mi
     - name: run-integration-tests
-      image: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/python_3.11-slim:latest
+      image: registry.bakewise.ai/bakery-admin/python:3.11-slim
       workingDir: $(workspaces.source.path)
       script: |
         #!/bin/bash

infrastructure/cicd/tekton-helm/values-prod.yaml

@@ -16,6 +16,11 @@
 
 # Global settings for production
 global:
+  # Registry configuration - use external HTTPS URL for image references
+  # containerd/Docker requires HTTPS for authenticated registries
+  registry:
+    url: "registry.bakewise.ai/bakery-admin"
+
   # Git configuration
   git:
     userEmail: "ci@bakewise.ai"
@@ -25,6 +30,8 @@ pipeline:
   # Build configuration
   build:
     verbosity: "warn"  # Less verbose in production
+    # Use external registry URL for base images (HTTPS required)
+    baseRegistry: "registry.bakewise.ai/bakery-admin"
 
   # Test configuration
   test:
@@ -72,7 +79,9 @@ secrets:
   registry:
     username: "bakery-admin"
     password: ""  # MUST be set via --set flag
-    registryUrl: "gitea-http.gitea.svc.cluster.local:3000"
+    # Use external HTTPS URL for image references (containerd requires HTTPS for auth)
+    # Kaniko can still push via HTTP internally, but image refs must use HTTPS
+    registryUrl: "registry.bakewise.ai"
 
   # Git credentials for GitOps updates
   # Override with: --set secrets.git.password=$GITEA_ADMIN_PASSWORD

infrastructure/cicd/tekton-helm/values.yaml

@@ -4,8 +4,9 @@
 # Global settings
 global:
   # Registry configuration
+  # NOTE: Use external HTTPS URL - containerd requires HTTPS for authenticated registries
   registry:
-    url: "gitea-http.gitea.svc.cluster.local:3000/bakery-admin"
+    url: "registry.bakewise.ai/bakery-admin"
   
   # Git configuration
   git:
@@ -20,10 +21,9 @@ pipeline:
     cacheTTL: "24h"
     verbosity: "info"
     # Base image registry configuration
-    # For dev: localhost:5000 with python_3.11-slim
-    # For prod: gitea registry with python_3.11-slim
-    baseRegistry: "gitea-http.gitea.svc.cluster.local:3000/bakery-admin"
-    pythonImage: "python_3.11-slim"
+    # NOTE: Use external HTTPS URL - containerd requires HTTPS for authenticated registries
+    baseRegistry: "registry.bakewise.ai/bakery-admin"
+    pythonImage: "python:3.11-slim"
   
   # Test configuration
   test:
@@ -74,10 +74,11 @@ secrets:
   
   # Registry credentials for pushing images
   # Uses the same credentials as Gitea admin for consistency
+  # NOTE: Use external HTTPS URL - containerd requires HTTPS for authenticated registries
   registry:
     username: "bakery-admin"
     password: ""  # Will be populated from gitea-admin-secret
-    registryUrl: "gitea-http.gitea.svc.cluster.local:3000"
+    registryUrl: "registry.bakewise.ai"
   
   # Git credentials for GitOps updates
   # Uses the same credentials as Gitea admin for consistency