bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
394ad3aea489c952637e9e058d8d4bcf72a5b560
bakery-ia/skaffold-secure.yaml
Urtzi Alfaro 05da20357d Improve teh securty of teh DB
2025-10-19 19:22:37 +02:00

251 lines
7.3 KiB
YAML
Raw Blame History

apiVersion: skaffold/v2beta28
kind: Config
metadata:
name: bakery-ia-secure
build:
local:
push: false
tagPolicy:
envTemplate:
template: "dev"
artifacts:
# Gateway
- image: bakery/gateway
context: .
docker:
dockerfile: gateway/Dockerfile
# Frontend
- image: bakery/dashboard
context: ./frontend
docker:
dockerfile: Dockerfile.kubernetes
# Microservices
- image: bakery/auth-service
context: .
docker:
dockerfile: services/auth/Dockerfile
- image: bakery/tenant-service
context: .
docker:
dockerfile: services/tenant/Dockerfile
- image: bakery/training-service
context: .
docker:
dockerfile: services/training/Dockerfile
- image: bakery/forecasting-service
context: .
docker:
dockerfile: services/forecasting/Dockerfile
- image: bakery/sales-service
context: .
docker:
dockerfile: services/sales/Dockerfile
- image: bakery/external-service
context: .
docker:
dockerfile: services/external/Dockerfile
- image: bakery/notification-service
context: .
docker:
dockerfile: services/notification/Dockerfile
- image: bakery/inventory-service
context: .
docker:
dockerfile: services/inventory/Dockerfile
- image: bakery/recipes-service
context: .
docker:
dockerfile: services/recipes/Dockerfile
- image: bakery/suppliers-service
context: .
docker:
dockerfile: services/suppliers/Dockerfile
- image: bakery/pos-service
context: .
docker:
dockerfile: services/pos/Dockerfile
- image: bakery/orders-service
context: .
docker:
dockerfile: services/orders/Dockerfile
- image: bakery/production-service
context: .
docker:
dockerfile: services/production/Dockerfile
- image: bakery/alert-processor
context: .
docker:
dockerfile: services/alert_processor/Dockerfile
- image: bakery/demo-session-service
context: .
docker:
dockerfile: services/demo_session/Dockerfile
deploy:
kustomize:
paths:
- infrastructure/kubernetes/overlays/dev
statusCheck: true
statusCheckDeadlineSeconds: 600
kubectl:
hooks:
before:
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo '🔐 Bakery IA Secure Deployment'"]
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo 'Applying security configurations...'"]
- host:
command: ["sh", "-c", "echo ' - TLS certificates for PostgreSQL and Redis'"]
- host:
command: ["sh", "-c", "echo ' - Strong passwords (32-character)'"]
- host:
command: ["sh", "-c", "echo ' - PersistentVolumeClaims for data persistence'"]
- host:
command: ["sh", "-c", "echo ' - pgcrypto extension for encryption at rest'"]
- host:
command: ["sh", "-c", "echo ' - PostgreSQL audit logging'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/secrets.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/secrets/postgres-tls-secret.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/secrets/redis-tls-secret.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/configs/postgres-init-config.yaml"]
- host:
command: ["kubectl", "apply", "-f", "infrastructure/kubernetes/base/configmaps/postgres-logging-config.yaml"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo '✅ Security configurations applied'"]
- host:
command: ["sh", "-c", "echo ''"]
after:
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo '✅ Deployment Complete!'"]
- host:
command: ["sh", "-c", "echo '======================================'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo 'Security Features Enabled:'"]
- host:
command: ["sh", "-c", "echo ' ✅ TLS encryption for all database connections'"]
- host:
command: ["sh", "-c", "echo ' ✅ Strong 32-character passwords'"]
- host:
command: ["sh", "-c", "echo ' ✅ Persistent storage (PVCs) - no data loss'"]
- host:
command: ["sh", "-c", "echo ' ✅ pgcrypto extension for column encryption'"]
- host:
command: ["sh", "-c", "echo ' ✅ PostgreSQL audit logging enabled'"]
- host:
command: ["sh", "-c", "echo ''"]
- host:
command: ["sh", "-c", "echo 'Verify deployment:'"]
- host:
command: ["sh", "-c", "echo ' kubectl get pods -n bakery-ia'"]
- host:
command: ["sh", "-c", "echo ' kubectl get pvc -n bakery-ia'"]
- host:
command: ["sh", "-c", "echo ''"]
# Default deployment uses dev overlay with security
# Access via ingress: http://localhost (or https://localhost)
#
# Available profiles:
# - dev: Local development with full security (default)
# - debug: Local development with port forwarding for debugging
# - prod: Production deployment with production settings
#
# Usage:
# skaffold dev -f skaffold-secure.yaml # Uses secure dev overlay
# skaffold dev -f skaffold-secure.yaml -p debug # Use debug profile with port forwarding
# skaffold run -f skaffold-secure.yaml -p prod # Use prod profile for production
profiles:
- name: dev
activation:
- command: dev
build:
local:
push: false
tagPolicy:
envTemplate:
template: "dev"
deploy:
kustomize:
paths:
- infrastructure/kubernetes/overlays/dev
- name: debug
activation:
- command: debug
build:
local:
push: false
tagPolicy:
envTemplate:
template: "dev"
deploy:
kustomize:
paths:
- infrastructure/kubernetes/overlays/dev
portForward:
- resourceType: service
resourceName: frontend-service
namespace: bakery-ia
port: 3000
localPort: 3000
- resourceType: service
resourceName: gateway-service
namespace: bakery-ia
port: 8000
localPort: 8000
- resourceType: service
resourceName: auth-service
namespace: bakery-ia
port: 8000
localPort: 8001
- name: prod
build:
local:
push: false
tagPolicy:
gitCommit:
variant: AbbrevCommitSha
deploy:
kustomize:
paths:
- infrastructure/kubernetes/overlays/prod
Reference in New Issue View Git Blame Copy Permalink