bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add base kubernetes support 4

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-09-27 17:19:00 +02:00
parent b2c988b416
commit f246381d34
5 changed files with 22 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
frontend/Dockerfile.kubernetes
View File

@@ -43,10 +43,10 @@ set -e
# Handle VITE_API_URL specially to preserve empty values # Handle VITE_API_URL specially to preserve empty values
# If VITE_API_URL is unset, use default; if empty, preserve empty; otherwise use value # If VITE_API_URL is unset, use default; if empty, preserve empty; otherwise use value
if [ -z "${VITE_API_URL+x}" ]; then if [ -z "${VITE_API_URL+x}" ]; then
export VITE_API_URL="http://gateway-service:8000" export VITE_API_URL="/api"
elif [ -z "$VITE_API_URL" ]; then elif [ -z "$VITE_API_URL" ]; then
# If VITE_API_URL is explicitly set to empty string, preserve it # If VITE_API_URL is explicitly set to empty string, use relative API path
export VITE_API_URL="" export VITE_API_URL="/api"
fi fi
# Default values for other environment variables # Default values for other environment variables

33
frontend/nginx.conf
View File

@@ -12,7 +12,7 @@ server {
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://gateway-service:8000 http://localhost:8000 http://localhost:8006 ws: wss:; frame-src https://js.stripe.com;" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://localhost http://localhost:8000 http://localhost:8006 ws: wss:; frame-src https://js.stripe.com;" always;
# Gzip compression # Gzip compression
gzip on; gzip on;
@@ -31,35 +31,8 @@ server {
application/atom+xml application/atom+xml
image/svg+xml; image/svg+xml;
# API proxy to gateway service (Kubernetes service name) # Note: API routing is handled by ingress, not by this nginx
location /api/ { # The frontend makes requests to /api which are routed by the ingress controller
proxy_pass http://gateway-service:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 86400;
# CORS headers for API requests
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
add_header Access-Control-Max-Age 1728000;
add_header Content-Type 'text/plain; charset=utf-8';
add_header Content-Length 0;
return 204;
}
}
# Static assets with aggressive caching # Static assets with aggressive caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {

4
infrastructure/kubernetes/base/configmap.yaml
View File

@@ -103,7 +103,7 @@ data:
# ================================================================ # ================================================================
# CORS & API CONFIGURATION # CORS & API CONFIGURATION
# ================================================================ # ================================================================
CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,https://bakery.yourdomain.com" CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,http://bakery-ia.local,https://bakery.yourdomain.com,http://localhost"
CORS_ALLOW_CREDENTIALS: "true" CORS_ALLOW_CREDENTIALS: "true"
RATE_LIMIT_ENABLED: "true" RATE_LIMIT_ENABLED: "true"
RATE_LIMIT_REQUESTS: "100" RATE_LIMIT_REQUESTS: "100"
@@ -314,7 +314,7 @@ data:
# ================================================================ # ================================================================
VITE_APP_TITLE: "PanIA Dashboard" VITE_APP_TITLE: "PanIA Dashboard"
VITE_APP_VERSION: "1.0.0" VITE_APP_VERSION: "1.0.0"
VITE_API_URL: "http://gateway-service:8000" VITE_API_URL: "/api"
VITE_ENVIRONMENT: "production" VITE_ENVIRONMENT: "production"
# ================================================================ # ================================================================

15
infrastructure/kubernetes/base/ingress.yaml
View File

@@ -7,12 +7,21 @@ metadata:
app.kubernetes.io/name: bakery-ia app.kubernetes.io/name: bakery-ia
app.kubernetes.io/component: ingress app.kubernetes.io/component: ingress
annotations: annotations:
# Kind-specific nginx ingress controller annotations
nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false" nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/cors-allow-origin: "*" nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS" nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization" nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
# CORS configuration for local development
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000,http://bakery-ia.local,http://127.0.0.1:3000"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec: spec:
ingressClassName: nginx ingressClassName: nginx
rules: rules:

4
infrastructure/kubernetes/overlays/dev/dev-patches.yaml
View File

@@ -13,11 +13,11 @@ data:
MOCK_EXTERNAL_APIS: "true" MOCK_EXTERNAL_APIS: "true"
# CORS Configuration for Development # CORS Configuration for Development
CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,http://localhost:3001,http://127.0.1:3000,http://127.0.0.1:3001,https://localhost,https://127.0.0.1" CORS_ORIGINS: "http://frontend-service:3000,http://localhost:3000,http://localhost:3001,http://localhost,http://127.0.0.1:3000,http://127.0.0.1:3001,http://bakery-ia.local,https://localhost,https://127.0.0.1"
# Frontend Development Configuration # Frontend Development Configuration
VITE_ENVIRONMENT: "development" VITE_ENVIRONMENT: "development"
VITE_API_URL: "" VITE_API_URL: "/api"
--- ---