From dbf74fc1cb1789a68aaeff128d2d6312a1404247 Mon Sep 17 00:00:00 2001 From: Urtzi Alfaro Date: Tue, 20 Jan 2026 21:33:53 +0100 Subject: [PATCH] Fix kustomization: remove merge conflicts, fix paths, add gateway resource --- .../prod/k8s-manifests/kustomization.yaml | 82 ++++++++++++++++--- .../ingress/overlays/prod/kustomization.yaml | 8 +- 2 files changed, 78 insertions(+), 12 deletions(-) diff --git a/infrastructure/environments/prod/k8s-manifests/kustomization.yaml b/infrastructure/environments/prod/k8s-manifests/kustomization.yaml index c4f62280..2b8eda08 100644 --- a/infrastructure/environments/prod/k8s-manifests/kustomization.yaml +++ b/infrastructure/environments/prod/k8s-manifests/kustomization.yaml @@ -11,13 +11,13 @@ metadata: resources: - ../../../environments/common/configs - - ../../../platform/infrastructure - ../../../platform/cert-manager - ../../../platform/networking/ingress/overlays/prod + - ../../../platform/gateway - ../../../platform/storage - ../../../services/databases - ../../../services/microservices - - ../../../cicd + # NOTE: CI/CD (gitea, tekton, flux) deployed via Helm, not kustomize - prod-certificate.yaml @@ -107,6 +107,41 @@ patches: - op: add path: /data/VITE_ENVIRONMENT value: "production" + # Add imagePullSecrets to all Deployments for gitea registry authentication + - target: + kind: Deployment + patch: |- + - op: add + path: /spec/template/spec/imagePullSecrets + value: + - name: gitea-registry-secret + + # Add imagePullSecrets to all StatefulSets for gitea registry authentication + - target: + kind: StatefulSet + patch: |- + - op: add + path: /spec/template/spec/imagePullSecrets + value: + - name: gitea-registry-secret + + # Add imagePullSecrets to all Jobs for gitea registry authentication + - target: + kind: Job + patch: |- + - op: add + path: /spec/template/spec/imagePullSecrets + value: + - name: gitea-registry-secret + + # Add imagePullSecrets to all CronJobs for gitea registry authentication + - target: + kind: CronJob + patch: |- + - op: add + path: /spec/jobTemplate/spec/template/spec/imagePullSecrets + value: + - name: gitea-registry-secret # SigNoz resource patches for production # SigNoz ClickHouse production configuration - target: @@ -172,76 +207,103 @@ patches: images: # Application services - name: bakery/auth-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/auth-service newTag: latest - name: bakery/tenant-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/tenant-service newTag: latest - name: bakery/training-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/training-service newTag: latest - name: bakery/forecasting-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/forecasting-service newTag: latest - name: bakery/sales-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/sales-service newTag: latest - name: bakery/external-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/external-service newTag: latest - name: bakery/notification-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/notification-service newTag: latest - name: bakery/inventory-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/inventory-service newTag: latest - name: bakery/recipes-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/recipes-service newTag: latest - name: bakery/suppliers-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/suppliers-service newTag: latest - name: bakery/pos-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/pos-service newTag: latest - name: bakery/orders-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/orders-service newTag: latest - name: bakery/production-service + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/production-service newTag: latest - name: bakery/alert-processor + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/alert-processor newTag: latest - name: bakery/gateway + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/gateway newTag: latest - name: bakery/dashboard + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/dashboard newTag: latest # ============================================================================= - # Production Base Images - mapped to production registry - # TODO: Update PROD_REGISTRY_URL to your production registry (e.g., ghcr.io/your-org) - # ============================================================================= - # Database images (using canonical Docker Hub - no rate limits in prod with auth) + # Database images (cached in gitea registry for consistency) - name: postgres - newTag: 17-alpine + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/postgres + newTag: "17-alpine" - name: redis - newTag: 7.4-alpine + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/redis + newTag: "7.4-alpine" - name: rabbitmq - newTag: 4.1-management-alpine + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/rabbitmq + newTag: "4.1-management-alpine" # Utility images - name: busybox + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/busybox newTag: "1.36" - name: curlimages/curl + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/curlimages-curl newTag: latest - name: bitnami/kubectl + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/bitnami-kubectl newTag: latest # Alpine variants - name: alpine + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/alpine newTag: "3.19" - name: alpine/git + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/alpine-git newTag: 2.43.0 - # CI/CD images (GCR/registry.k8s.io - no rate limits) + # CI/CD images (cached in gitea registry for consistency) - name: gcr.io/kaniko-project/executor + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/gcr.io-kaniko-project-executor newTag: v1.23.0 - name: gcr.io/go-containerregistry/crane + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/gcr.io-go-containerregistry-crane newTag: latest - name: registry.k8s.io/kustomize/kustomize + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/registry.k8s.io-kustomize-kustomize newTag: v5.3.0 # Storage images - name: minio/minio + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/minio-minio newTag: RELEASE.2024-11-07T00-52-20Z - name: minio/mc + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/minio-mc newTag: RELEASE.2024-11-17T19-35-25Z # NOTE: nominatim image override removed - nominatim is now deployed via Helm # Python base image - name: python + newName: gitea-http.gitea.svc.cluster.local:3000/bakery-admin/python newTag: 3.11-slim replicas: diff --git a/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml b/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml index 3b00cc73..27c26213 100644 --- a/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml +++ b/infrastructure/platform/networking/ingress/overlays/prod/kustomization.yaml @@ -20,6 +20,9 @@ patches: value: gitea.bakewise.ai - op: replace path: /spec/tls/0/hosts/2 + value: registry.bakewise.ai + - op: add + path: /spec/tls/0/hosts/- value: mail.bakewise.ai - op: replace path: /spec/tls/0/secretName @@ -32,10 +35,11 @@ patches: value: gitea.bakewise.ai - op: replace path: /spec/rules/2/host - value: mail.bakewise.ai + value: registry.bakewise.ai + # Mail rule removed - mail ingress is deployed separately via mailu-helm - op: add path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin - value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai" + value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai,https://registry.bakewise.ai,https://gitea.bakewise.ai" - op: add path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-rps value: "100"