Initial commit - production deployment

2026-01-21 17:17:16 +01:00
commit c23d00dd92
2289 changed files with 638440 additions and 0 deletions
--- a/infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml
+++ b/infrastructure/platform/networking/ingress/overlays/dev/kustomization.yaml
@@ -0,0 +1,27 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+namePrefix: dev-
+
+patches:
+  - target:
+      kind: Ingress
+      name: bakery-ingress
+    patch: |-
+      - op: replace
+        path: /spec/tls/0/hosts/0
+        value: bakery-ia.local
+      - op: replace
+        path: /spec/tls/0/secretName
+        value: bakery-dev-tls-cert
+      - op: replace
+        path: /spec/rules/0/host
+        value: bakery-ia.local
+      - op: replace
+        path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
+        value: "https://localhost,https://localhost:3000,https://localhost:3001,https://127.0.0.1,https://127.0.0.1:3000,https://127.0.0.1:3001,https://bakery-ia.local,https://registry.bakery-ia.local,https://gitea.bakery-ia.local,http://localhost,http://localhost:3000,http://localhost:3001,http://127.0.0.1,http://127.0.0.1:3000"
+# NOTE: Gitea and Registry ingresses are managed by Gitea Helm chart (infrastructure/cicd/gitea/values.yaml)
+# NOTE: Mail ingress (mail.bakery-ia.dev) is deployed separately via mailu-helm Tilt resource
--- a/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml
+++ b/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml
@@ -0,0 +1,40 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+namePrefix: prod-
+
+patches:
+  - target:
+      kind: Ingress
+      name: bakery-ingress
+    patch: |-
+      - op: replace
+        path: /spec/tls/0/hosts/0
+        value: bakewise.ai
+      - op: replace
+        path: /spec/tls/0/secretName
+        value: bakery-ia-prod-tls-cert
+      - op: replace
+        path: /spec/rules/0/host
+        value: bakewise.ai
+      - op: add
+        path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
+        value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai,https://registry.bakewise.ai,https://gitea.bakewise.ai"
+      - op: add
+        path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-rps
+        value: "100"
+      - op: add
+        path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-connections
+        value: "50"
+      - op: add
+        path: /metadata/annotations/cert-manager.io~1cluster-issuer
+        value: "letsencrypt-production"
+      - op: add
+        path: /metadata/annotations/cert-manager.io~1acme-challenge-type
+        value: "http01"
+# NOTE: Gitea and Registry ingresses are managed by Gitea Helm chart
+# See infrastructure/cicd/gitea/values-prod.yaml for production ingress configuration
+# NOTE: mail.bakewise.ai is handled by separate mailu ingress