kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: bakery-ia-local
nodes:
- role: control-plane
  kubeadmConfigPatches:
  - |
    kind: InitConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        node-labels: "ingress-ready=true"
  - |
    kind: ClusterConfiguration
    apiServer:
      extraArgs:
        encryption-provider-config: /etc/kubernetes/enc/encryption-config.yaml
      extraVolumes:
      - name: encryption-config
        hostPath: /etc/kubernetes/enc
        mountPath: /etc/kubernetes/enc
        readOnly: true
        pathType: DirectoryOrCreate
  extraMounts:
  - hostPath: ./infrastructure/kubernetes/encryption
    containerPath: /etc/kubernetes/enc
    readOnly: true
  extraPortMappings:
  # HTTP ingress
  - containerPort: 30080
    hostPort: 80
    protocol: TCP
  # HTTPS ingress
  - containerPort: 30443
    hostPort: 443
    protocol: TCP
  # Direct frontend access (backup)
  - containerPort: 30300
    hostPort: 3000
    protocol: TCP
  # Direct gateway access (backup)
  - containerPort: 30800
    hostPort: 8000
    protocol: TCP