Add new infra architecture 9

CI_CD_IMPLEMENTATION_PLAN.md

@@ -1,3 +1,38 @@
+cat << 'EOFCMD' | colima --profile k8s-local ssh
+sudo tee /etc/docker/daemon.json << 'EOF'
+{
+  "exec-opts": [
+    "native.cgroupdriver=cgroupfs"
+  ],
+  "features": {
+    "buildkit": true,
+    "containerd-snapshotter": true
+  },
+  "insecure-registries": ["registry.bakery-ia.local"]
+}
+EOF
+EOFCMD
+
+-------
+
+Kind cluster configuration:
+
+Added registry.bakery-ia.local to /etc/hosts inside Kind container
+Configured containerd to trust the self-signed certificate via /etc/containerd/certs.d/registry.bakery-ia.local/hosts.toml
+
+docker exec bakery-ia-local-control-plane sh -c 'echo "127.0.0.1 registry.bakery-ia.local" >> /etc/hosts' 2>&1
+
+kubectl get secret bakery-dev-tls-cert -n bakery-ia -o jsonpath='{.data.tls\.crt}' | base64 -d | docker exec -i bakery-ia-local-control-plane sh -c 'mkdir -p /etc/containerd/certs.d/registry.bakery-ia.local && cat > /etc/containerd/certs.d/registry.bakery-ia.local/ca.crt' 2>&1
+
+docker exec bakery-ia-local-control-plane sh -c 'cat > /etc/containerd/certs.d/registry.bakery-ia.local/hosts.toml << EOF
+server = "https://registry.bakery-ia.local"
+
+[host."https://registry.bakery-ia.local"]
+  capabilities = ["pull", "resolve"]
+  ca = "/etc/containerd/certs.d/registry.bakery-ia.local/ca.crt"
+EOF' 2>&1
+
+
 # Bakery-IA Production CI/CD Implementation Plan
 
 ## Document Overview