apiVersion: skaffold/v2beta28 kind: Config metadata: name: bakery-ia # ============================================================================= # BUILD CONFIGURATION # ============================================================================= # Environment-configurable base images via Docker ARG: # - BASE_REGISTRY: Registry URL for base images # - PYTHON_IMAGE: Python image name and tag # # Dev (default): BASE_REGISTRY=localhost:5000, PYTHON_IMAGE=python_3.11-slim # Prod: BASE_REGISTRY=docker.io, PYTHON_IMAGE=python:3.11-slim # # Usage: # skaffold dev # Uses dev settings (local registry) # skaffold dev -p debug # Dev with port forwarding # skaffold run -p prod # Production build with Docker Hub # BASE_REGISTRY=ghcr.io/myorg skaffold run -p prod # Production with custom registry # ============================================================================= build: local: push: false tagPolicy: envTemplate: template: "dev" artifacts: # Gateway - image: bakery/gateway context: . docker: dockerfile: gateway/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim # Frontend (no Python base image needed) - image: bakery/dashboard context: ./frontend docker: dockerfile: Dockerfile.kubernetes # Microservices - all use configurable Python base image - image: bakery/auth-service context: . docker: dockerfile: services/auth/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/tenant-service context: . docker: dockerfile: services/tenant/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/training-service context: . docker: dockerfile: services/training/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/forecasting-service context: . docker: dockerfile: services/forecasting/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/sales-service context: . docker: dockerfile: services/sales/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/external-service context: . docker: dockerfile: services/external/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/notification-service context: . docker: dockerfile: services/notification/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/inventory-service context: . docker: dockerfile: services/inventory/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/recipes-service context: . docker: dockerfile: services/recipes/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/suppliers-service context: . docker: dockerfile: services/suppliers/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/pos-service context: . docker: dockerfile: services/pos/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/orders-service context: . docker: dockerfile: services/orders/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/production-service context: . docker: dockerfile: services/production/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/alert-processor context: . docker: dockerfile: services/alert_processor/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim - image: bakery/demo-session-service context: . docker: dockerfile: services/demo_session/Dockerfile buildArgs: BASE_REGISTRY: localhost:5000 PYTHON_IMAGE: python_3.11-slim deploy: kustomize: paths: - infrastructure/environments/dev/k8s-manifests statusCheck: true statusCheckDeadlineSeconds: 600 kubectl: hooks: before: - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo 'Bakery IA Secure Deployment'"] - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Applying security configurations...'"] - host: command: ["sh", "-c", "echo ' - TLS certificates for PostgreSQL and Redis'"] - host: command: ["sh", "-c", "echo ' - Strong passwords (32-character)'"] - host: command: ["sh", "-c", "echo ' - PersistentVolumeClaims for data persistence'"] - host: command: ["sh", "-c", "echo ' - pgcrypto extension for encryption at rest'"] - host: command: ["sh", "-c", "echo ' - PostgreSQL audit logging'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["kubectl", "apply", "-f", "infrastructure/environments/common/configs/secrets.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/platform/storage/postgres/secrets/postgres-tls-secret.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/platform/storage/redis/secrets/redis-tls-secret.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/platform/storage/postgres/configs/postgres-init-config.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/platform/storage/postgres/configs/postgres-logging-config.yaml"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Security configurations applied'"] - host: command: ["sh", "-c", "echo ''"] after: - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo 'Deployment Complete!'"] - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Security Features Enabled:'"] - host: command: ["sh", "-c", "echo ' - TLS encryption for all database connections'"] - host: command: ["sh", "-c", "echo ' - Strong 32-character passwords'"] - host: command: ["sh", "-c", "echo ' - Persistent storage (PVCs) - no data loss'"] - host: command: ["sh", "-c", "echo ' - pgcrypto extension for column encryption'"] - host: command: ["sh", "-c", "echo ' - PostgreSQL audit logging enabled'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Verify deployment:'"] - host: command: ["sh", "-c", "echo ' kubectl get pods -n bakery-ia'"] - host: command: ["sh", "-c", "echo ' kubectl get pvc -n bakery-ia'"] - host: command: ["sh", "-c", "echo ''"] # ============================================================================= # PROFILES # ============================================================================= profiles: # --------------------------------------------------------------------------- # DEV PROFILE - Local development with local registry # --------------------------------------------------------------------------- - name: dev activation: - command: dev build: local: push: false tagPolicy: envTemplate: template: "dev" deploy: kustomize: paths: - infrastructure/environments/dev/k8s-manifests # --------------------------------------------------------------------------- # DEBUG PROFILE - Dev with port forwarding for debugging # --------------------------------------------------------------------------- - name: debug activation: - command: debug build: local: push: false tagPolicy: envTemplate: template: "dev" deploy: kustomize: paths: - infrastructure/environments/dev/k8s-manifests portForward: - resourceType: service resourceName: frontend-service namespace: bakery-ia port: 3000 localPort: 3000 - resourceType: service resourceName: gateway-service namespace: bakery-ia port: 8000 localPort: 8000 - resourceType: service resourceName: auth-service namespace: bakery-ia port: 8000 localPort: 8001 # --------------------------------------------------------------------------- # PROD PROFILE - Production deployment with Docker Hub base images # --------------------------------------------------------------------------- # Usage: # skaffold run -p prod # Default Docker Hub # BASE_REGISTRY=ghcr.io/myorg skaffold run -p prod # Custom registry # --------------------------------------------------------------------------- - name: prod build: local: push: true tagPolicy: gitCommit: variant: AbbrevCommitSha artifacts: # Gateway - Production base images - image: bakery/gateway context: . docker: dockerfile: gateway/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" # Frontend - image: bakery/dashboard context: ./frontend docker: dockerfile: Dockerfile.kubernetes # Microservices - Production base images (docker.io/python:3.11-slim) - image: bakery/auth-service context: . docker: dockerfile: services/auth/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/tenant-service context: . docker: dockerfile: services/tenant/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/training-service context: . docker: dockerfile: services/training/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/forecasting-service context: . docker: dockerfile: services/forecasting/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/sales-service context: . docker: dockerfile: services/sales/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/external-service context: . docker: dockerfile: services/external/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/notification-service context: . docker: dockerfile: services/notification/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/inventory-service context: . docker: dockerfile: services/inventory/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/recipes-service context: . docker: dockerfile: services/recipes/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/suppliers-service context: . docker: dockerfile: services/suppliers/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/pos-service context: . docker: dockerfile: services/pos/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/orders-service context: . docker: dockerfile: services/orders/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/production-service context: . docker: dockerfile: services/production/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/alert-processor context: . docker: dockerfile: services/alert_processor/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" - image: bakery/demo-session-service context: . docker: dockerfile: services/demo_session/Dockerfile buildArgs: BASE_REGISTRY: docker.io PYTHON_IMAGE: "python:3.11-slim" deploy: kustomize: paths: - infrastructure/environments/prod/k8s-manifests