diff --git a/frontend/Dockerfile.kubernetes b/frontend/Dockerfile.kubernetes
index 07ea109d..e65ec07b 100644
--- a/frontend/Dockerfile.kubernetes
+++ b/frontend/Dockerfile.kubernetes
@@ -43,10 +43,10 @@ set -e
 # Handle VITE_API_URL specially to preserve empty values
 # If VITE_API_URL is unset, use default; if empty, preserve empty; otherwise use value
 if [ -z "${VITE_API_URL+x}" ]; then
-  export VITE_API_URL="http://gateway-service:8000"
+  export VITE_API_URL="/api"
 elif [ -z "$VITE_API_URL" ]; then
-  # If VITE_API_URL is explicitly set to empty string, preserve it
-  export VITE_API_URL=""
+  # If VITE_API_URL is explicitly set to empty string, use relative API path
+  export VITE_API_URL="/api"
 fi
 
 # Default values for other environment variables
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index b973433c..978d9ca6 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -12,7 +12,7 @@ server {
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://gateway-service:8000 http://localhost:8000 http://localhost:8006 ws: wss:; frame-src https://js.stripe.com;" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://localhost http://localhost:8000 http://localhost:8006 ws: wss:; frame-src https://js.stripe.com;" always;
 
     # Gzip compression
     gzip on;
@@ -31,35 +31,8 @@ server {
         application/atom+xml
         image/svg+xml;
 
-    # API proxy to gateway service (Kubernetes service name)
-    location /api/ {
-        proxy_pass http://gateway-service:8000;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_cache_bypass $http_upgrade;
-        proxy_read_timeout 86400;
-
-        # CORS headers for API requests
-        add_header Access-Control-Allow-Origin *;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
-
-        # Handle preflight requests
-        if ($request_method = 'OPTIONS') {
-            add_header Access-Control-Allow-Origin *;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
-            add_header Access-Control-Max-Age 1728000;
-            add_header Content-Type 'text/plain; charset=utf-8';
-            add_header Content-Length 0;
-            return 204;
-        }
-    }
+    # Note: API routing is handled by ingress, not by this nginx
+    # The frontend makes requests to /api which are routed by the ingress controller
 
     # Static assets with aggressive caching
     location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
diff --git a/infrastructure/kubernetes/base/configmap.yaml b/infrastructure/kubernetes/base/configmap.yaml
index 3f1b1dbe..b79352dc 100644
--- a/infrastructure/kubernetes/base/configmap.yaml
+++ b/infrastructure/kubernetes/base/configmap.yaml
@@ -103,7 +103,7 @@ data:
   # ================================================================
   # CORS & API CONFIGURATION
   # ================================================================
-  CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,https://bakery.yourdomain.com"
+  CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,http://bakery-ia.local,https://bakery.yourdomain.com,http://localhost"
   CORS_ALLOW_CREDENTIALS: "true"
   RATE_LIMIT_ENABLED: "true"
   RATE_LIMIT_REQUESTS: "100"
@@ -314,7 +314,7 @@ data:
   # ================================================================
   VITE_APP_TITLE: "PanIA Dashboard"
   VITE_APP_VERSION: "1.0.0"
-  VITE_API_URL: "http://gateway-service:8000"
+  VITE_API_URL: "/api"
   VITE_ENVIRONMENT: "production"
 
   # ================================================================
diff --git a/infrastructure/kubernetes/base/ingress.yaml b/infrastructure/kubernetes/base/ingress.yaml
index 2a5c9dce..ec4dfb67 100644
--- a/infrastructure/kubernetes/base/ingress.yaml
+++ b/infrastructure/kubernetes/base/ingress.yaml
@@ -7,12 +7,21 @@ metadata:
     app.kubernetes.io/name: bakery-ia
     app.kubernetes.io/component: ingress
   annotations:
+    # Kind-specific nginx ingress controller annotations
     nginx.ingress.kubernetes.io/rewrite-target: /
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
-    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
-    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
-    nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    # CORS configuration for local development
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000,http://bakery-ia.local,http://127.0.0.1:3000"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"
+    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
 spec:
   ingressClassName: nginx
   rules:
diff --git a/infrastructure/kubernetes/overlays/dev/dev-patches.yaml b/infrastructure/kubernetes/overlays/dev/dev-patches.yaml
index 871ea1e1..1acf4b02 100644
--- a/infrastructure/kubernetes/overlays/dev/dev-patches.yaml
+++ b/infrastructure/kubernetes/overlays/dev/dev-patches.yaml
@@ -13,11 +13,11 @@ data:
   MOCK_EXTERNAL_APIS: "true"
 
   # CORS Configuration for Development
-  CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,http://localhost:3001,http://127.0.1:3000,http://127.0.0.1:3001,https://localhost,https://127.0.0.1"
+  CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,http://localhost:3001,http://localhost,http://127.0.0.1:3000,http://127.0.0.1:3001,http://bakery-ia.local,https://localhost,https://127.0.0.1"
 
   # Frontend Development Configuration
   VITE_ENVIRONMENT: "development"
-  VITE_API_URL: ""
+  VITE_API_URL: "/api"
 
 
 ---