2ee4aa51e4
This commit enables HTTPS in the development environment using self-signed certificates to further improve dev-prod parity and catch SSL-related issues early. Changes made: 1. Created self-signed certificate for localhost - File: infrastructure/kubernetes/overlays/dev/dev-certificate.yaml - Type: Self-signed via cert-manager - Validity: 90 days (auto-renewed) - Valid for: localhost, bakery-ia.local, *.bakery-ia.local, 127.0.0.1 - Issuer: selfsigned-issuer ClusterIssuer 2. Updated dev ingress to enable HTTPS - File: infrastructure/kubernetes/overlays/dev/dev-ingress.yaml - Enabled SSL redirect: ssl-redirect: false → true - Added TLS configuration with certificate - Updated CORS origins to prefer HTTPS (HTTPS URLs first, HTTP fallback) - Access: https://localhost (instead of http://localhost) 3. Added cert-manager resources to dev overlay - File: infrastructure/kubernetes/overlays/dev/kustomization.yaml - Added dev-certificate.yaml - Added selfsigned-issuer ClusterIssuer 4. Created comprehensive HTTPS setup guide - File: docs/DEV-HTTPS-SETUP.md - Includes certificate trust instructions for macOS, Linux, Windows - Testing procedures with curl and browsers - Troubleshooting guide - FAQ section 5. Updated dev-prod parity documentation - File: docs/DEV-PROD-PARITY-CHANGES.md - Added HTTPS as 4th improvement - Updated "What Stays Different" table (SSL/TLS → Certificates) - Added HTTPS benefits section Benefits: ✓ Matches production HTTPS-only behavior ✓ Tests SSL/TLS configurations in development ✓ Catches mixed content warnings early ✓ Tests secure cookie handling (Secure, SameSite attributes) ✓ Validates cert-manager integration ✓ Tests certificate auto-renewal ✓ Better security testing capabilities Impact: - Browser will show certificate warning (self-signed) - Users can trust certificate or click "Proceed" - No additional resource usage - Access via https://localhost (was http://localhost) Certificate details: - Type: Self-signed - Algorithm: RSA 2048-bit - Validity: 90 days - Auto-renewal: 15 days before expiration - Common Name: localhost - DNS Names: localhost, bakery-ia.local, *.bakery-ia.local - IP Addresses: 127.0.0.1, ::1 Setup required: - Optional: Trust certificate in system/browser (see DEV-HTTPS-SETUP.md) - Required: cert-manager must be installed in cluster - Access at: https://localhost What stays different from production: - Certificate type: Self-signed (dev) vs Let's Encrypt (prod) - Trust: Manual (dev) vs Automatic (prod) - Domain: localhost (dev) vs real domain (prod) This completes the dev-prod parity improvements, bringing development environment much closer to production with: 1. 2 replicas for critical services ✓ 2. Rate limiting enabled ✓ 3. Specific CORS origins ✓ 4. HTTPS enabled ✓ See docs/DEV-HTTPS-SETUP.md for complete setup and testing instructions.
🍞 BakeWise - Multi-Service Architecture
Welcome to BakeWise, an advanced AI-powered platform for bakery management and optimization. This project implements a microservices architecture with multiple interconnected services to provide comprehensive bakery management solutions.
🚀 Quick Start
Prerequisites
- Docker Desktop with Kubernetes enabled
- Docker Compose
- Node.js (for frontend development)
Running the Application
-
Clone the repository:
git clone <repository-url> cd bakery-ia -
Set up environment variables:
cp .env.example .env # Edit .env with your specific configuration -
Run with Docker Compose:
docker-compose up --build -
Or run with Kubernetes (Docker Desktop):
# Enable Kubernetes in Docker Desktop # Run the setup script ./scripts/setup-kubernetes-dev.sh
🏗️ Architecture Overview
The project follows a microservices architecture with the following main components:
- Frontend: React-based dashboard for user interaction
- Gateway: API gateway handling authentication and routing
- Services: Multiple microservices handling different business domains
- Infrastructure: Redis, RabbitMQ, PostgreSQL databases
🐳 Kubernetes Infrastructure
🛠️ Services
The project includes multiple services:
- Auth Service: Authentication and authorization
- Tenant Service: Multi-tenancy management
- Sales Service: Sales processing
- External Service: Integration with external systems
- Training Service: AI model training
- Forecasting Service: Demand forecasting
- Notification Service: Notifications and alerts
- Inventory Service: Inventory management
- Recipes Service: Recipe management
- Suppliers Service: Supplier management
- POS Service: Point of sale
- Orders Service: Order management
- Production Service: Production planning
- Alert Processor: Background alert processing
📊 Monitoring
The system includes comprehensive monitoring with:
- Prometheus for metrics collection
- Grafana for visualization
- ELK stack for logging (planned)
🚀 Production Deployment
For production deployment on clouding.io with Kubernetes:
- Set up your clouding.io Kubernetes cluster
- Update image references to your container registry
- Configure production-specific values
- Deploy using the production kustomization:
kubectl apply -k infrastructure/kubernetes/environments/production/
🤝 Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
📄 License
This project is licensed under the MIT License.