apiVersion: skaffold/v2beta28 kind: Config metadata: name: bakery-ia build: local: push: false tagPolicy: envTemplate: template: "dev" artifacts: # Gateway - image: bakery/gateway context: . docker: dockerfile: gateway/Dockerfile # Frontend - image: bakery/dashboard context: ./frontend docker: dockerfile: Dockerfile.kubernetes # Microservices - image: bakery/auth-service context: . docker: dockerfile: services/auth/Dockerfile - image: bakery/tenant-service context: . docker: dockerfile: services/tenant/Dockerfile - image: bakery/training-service context: . docker: dockerfile: services/training/Dockerfile - image: bakery/forecasting-service context: . docker: dockerfile: services/forecasting/Dockerfile - image: bakery/sales-service context: . docker: dockerfile: services/sales/Dockerfile - image: bakery/external-service context: . docker: dockerfile: services/external/Dockerfile - image: bakery/notification-service context: . docker: dockerfile: services/notification/Dockerfile - image: bakery/inventory-service context: . docker: dockerfile: services/inventory/Dockerfile - image: bakery/recipes-service context: . docker: dockerfile: services/recipes/Dockerfile - image: bakery/suppliers-service context: . docker: dockerfile: services/suppliers/Dockerfile - image: bakery/pos-service context: . docker: dockerfile: services/pos/Dockerfile - image: bakery/orders-service context: . docker: dockerfile: services/orders/Dockerfile - image: bakery/production-service context: . docker: dockerfile: services/production/Dockerfile - image: bakery/alert-processor context: . docker: dockerfile: services/alert_processor/Dockerfile - image: bakery/demo-session-service context: . docker: dockerfile: services/demo_session/Dockerfile deploy: kustomize: paths: - infrastructure/environments/dev/k8s-manifests statusCheck: true statusCheckDeadlineSeconds: 600 kubectl: hooks: before: - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo '🔐 Bakery IA Secure Deployment'"] - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Applying security configurations...'"] - host: command: ["sh", "-c", "echo ' - TLS certificates for PostgreSQL and Redis'"] - host: command: ["sh", "-c", "echo ' - Strong passwords (32-character)'"] - host: command: ["sh", "-c", "echo ' - PersistentVolumeClaims for data persistence'"] - host: command: ["sh", "-c", "echo ' - pgcrypto extension for encryption at rest'"] - host: command: ["sh", "-c", "echo ' - PostgreSQL audit logging'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["kubectl", "apply", "-f", "infrastructure/environments/dev/k8s-manifests/base/secrets.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/environments/dev/k8s-manifests/base/secrets/postgres-tls-secret.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/environments/dev/k8s-manifests/base/secrets/redis-tls-secret.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/environments/dev/k8s-manifests/base/configs/postgres-init-config.yaml"] - host: command: ["kubectl", "apply", "-f", "infrastructure/environments/dev/k8s-manifests/base/configmaps/postgres-logging-config.yaml"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo '✅ Security configurations applied'"] - host: command: ["sh", "-c", "echo ''"] after: - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo '✅ Deployment Complete!'"] - host: command: ["sh", "-c", "echo '======================================'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Security Features Enabled:'"] - host: command: ["sh", "-c", "echo ' ✅ TLS encryption for all database connections'"] - host: command: ["sh", "-c", "echo ' ✅ Strong 32-character passwords'"] - host: command: ["sh", "-c", "echo ' ✅ Persistent storage (PVCs) - no data loss'"] - host: command: ["sh", "-c", "echo ' ✅ pgcrypto extension for column encryption'"] - host: command: ["sh", "-c", "echo ' ✅ PostgreSQL audit logging enabled'"] - host: command: ["sh", "-c", "echo ''"] - host: command: ["sh", "-c", "echo 'Verify deployment:'"] - host: command: ["sh", "-c", "echo ' kubectl get pods -n bakery-ia'"] - host: command: ["sh", "-c", "echo ' kubectl get pvc -n bakery-ia'"] - host: command: ["sh", "-c", "echo ''"] # Default deployment uses dev overlay with full security features # Access via ingress: http://localhost (or https://localhost) # # Available profiles: # - dev: Local development with full security (default) # - debug: Local development with port forwarding for debugging # - prod: Production deployment with production settings # # Usage: # skaffold dev # Uses secure dev overlay # skaffold dev -p debug # Use debug profile with port forwarding # skaffold run -p prod # Use prod profile for production profiles: - name: dev activation: - command: dev build: local: push: false tagPolicy: envTemplate: template: "dev" deploy: kustomize: paths: - infrastructure/environments/dev/k8s-manifests - name: debug activation: - command: debug build: local: push: false tagPolicy: envTemplate: template: "dev" deploy: kustomize: paths: - infrastructure/environments/dev/k8s-manifests portForward: - resourceType: service resourceName: frontend-service namespace: bakery-ia port: 3000 localPort: 3000 - resourceType: service resourceName: gateway-service namespace: bakery-ia port: 8000 localPort: 8000 - resourceType: service resourceName: auth-service namespace: bakery-ia port: 8000 localPort: 8001 - name: prod build: local: push: false tagPolicy: gitCommit: variant: AbbrevCommitSha deploy: kustomize: paths: - infrastructure/environments/prod/k8s-manifests