From 1ad090329b4e4bccdfafdac2baeeacbb83733356 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9s=20Eduardo=20Garc=C3=ADa=20M=C3=A1rquez?=
 <andresgarcia0313@gmail.com>
Date: Thu, 8 Jan 2026 16:40:57 -0500
Subject: [PATCH] fix(k3s): update image names and deployment docs

- Rename images from academia-* to student-* for consistency
- Update DEPLOYMENT.md with latest deployment procedures
---
 deploy/k3s/api.yaml      |  2 +-
 deploy/k3s/frontend.yaml |  2 +-
 docs/DEPLOYMENT.md       | 98 ++++++++++++++++++++++++++++++++++++++--
 3 files changed, 95 insertions(+), 7 deletions(-)

diff --git a/deploy/k3s/api.yaml b/deploy/k3s/api.yaml
index 737bc3b..b9b7559 100644
--- a/deploy/k3s/api.yaml
+++ b/deploy/k3s/api.yaml
@@ -25,7 +25,7 @@ spec:
         kubernetes.io/hostname: hp62a
       containers:
         - name: api
-          image: academia-api:latest
+          image: student-api:latest
           imagePullPolicy: Never
           ports:
             - containerPort: 8080
diff --git a/deploy/k3s/frontend.yaml b/deploy/k3s/frontend.yaml
index 5f7b5f4..1ccd4fd 100644
--- a/deploy/k3s/frontend.yaml
+++ b/deploy/k3s/frontend.yaml
@@ -25,7 +25,7 @@ spec:
         kubernetes.io/hostname: hp62a
       containers:
         - name: frontend
-          image: academia-frontend:latest
+          image: student-frontend:latest
           imagePullPolicy: Never
           ports:
             - containerPort: 80
diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
index 9ae9213..ac6b2c1 100644
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -18,7 +18,11 @@
 |----------|-------------|---------|
 | `ConnectionStrings__DefaultConnection` | Connection string SQL Server | `Server=db;Database=StudentEnrollment;...` |
 | `ASPNETCORE_ENVIRONMENT` | Ambiente | `Production` |
-| `ASPNETCORE_URLS` | URLs de escucha | `http://+:5000` |
+| `ASPNETCORE_URLS` | URLs de escucha | `http://+:8080` |
+| `JWT_SECRET_KEY` | **REQUERIDO** - Secret JWT (mín. 32 chars) | `your-super-secret-key-minimum-32-chars` |
+| `JWT_ISSUER` | Emisor JWT | `StudentEnrollmentApi` |
+| `JWT_AUDIENCE` | Audiencia JWT | `StudentEnrollmentApp` |
+| `JWT_EXPIRATION_MINUTES` | Expiración token | `60` |
 
 ### Frontend (Angular)
 
@@ -26,6 +30,13 @@
 |----------|-------------|---------|
 | `API_URL` | URL del backend GraphQL | `https://api.example.com/graphql` |
 
+### Desarrollo Local (SQLite)
+
+| Variable | Descripción | Ejemplo |
+|----------|-------------|---------|
+| `USE_SQLITE` | Usar SQLite en lugar de SQL Server | `true` |
+| `ConnectionStrings__DefaultConnection` | Path a archivo SQLite | `Data Source=./data/dev.db` |
+
 ## Despliegue con Docker
 
 ### 1. Estructura de Archivos
@@ -186,6 +197,71 @@ docker-compose logs -f
 docker-compose down
 ```
 
+## Desarrollo Local (Sin Docker)
+
+Script que levanta backend + frontend con **SQLite** (sin necesidad de SQL Server):
+
+```bash
+# Iniciar todo
+./scripts/dev-start.sh start
+
+# Ver estado
+./scripts/dev-start.sh status
+
+# Detener
+./scripts/dev-start.sh stop
+
+# Reiniciar
+./scripts/dev-start.sh restart
+```
+
+**Características:**
+- Backend usa SQLite en `./data/dev.db`
+- No requiere Docker ni SQL Server
+- Frontend en puerto 4200, Backend en puerto 5000
+- Hot reload habilitado
+- PIDs guardados para cleanup automático
+
+---
+
+## CI/CD Pipeline (Gitea Actions)
+
+**Ubicación:** `.gitea/workflows/deploy.yaml`
+
+**Trigger:** Push a rama `main`
+
+### Flujo Automático
+
+1. Checkout código en Gitea runner
+2. Setup SSH hacia K3s master
+3. Sync código con rsync (excluye node_modules, dist, etc.)
+4. Build imágenes en paralelo (API + Frontend)
+5. Import a K3s containerd (`docker save | k3s ctr images import`)
+6. Apply manifiestos con Kustomize
+7. Rolling restart de deployments
+8. Health checks con curl
+9. Rollback automático si falla
+
+### Secretos Requeridos en Gitea
+
+| Secreto | Descripción |
+|---------|-------------|
+| `K3S_SSH_KEY` | Clave SSH privada para conectar a K3s master |
+| `K3S_SUDO_PASS` | Password de sudo en K3s host |
+
+### Configuración
+
+```yaml
+# Variables de entorno en el workflow
+K3S_HOST: 100.67.198.92          # IP del master (hp62a)
+NAMESPACE: student-enrollment
+DOMAIN: academia.ingeniumcodex.com
+```
+
+**Tiempo de despliegue:** ~3-5 minutos desde push hasta producción
+
+---
+
 ## Despliegue Manual
 
 ### Backend
@@ -224,11 +300,12 @@ ng build --configuration production
 ### Seguridad
 
 - [ ] Connection strings en variables de entorno (no en código)
+- [ ] JWT_SECRET_KEY configurado (mínimo 32 caracteres)
 - [ ] HTTPS habilitado
 - [ ] CORS configurado solo para dominios permitidos
-- [ ] Rate limiting activo
+- [ ] Rate limiting activo (30 mutations/min, 100 queries/min)
 - [ ] Security headers configurados
-- [ ] Logs sin datos sensibles
+- [ ] Logs sin datos sensibles (Serilog filtra tokens/passwords)
 
 ### Performance
 
@@ -253,10 +330,21 @@ ng build --configuration production
 
 | Servicio | URL | Esperado |
 |----------|-----|----------|
-| API Health | `http://api:5000/health` | 200 OK |
-| GraphQL Playground | `http://api:5000/graphql` | Banana Cake Pop |
+| API Health | `http://api:8080/health` | 200 OK |
+| GraphQL Playground | `http://api:8080/graphql` | Banana Cake Pop |
 | Frontend | `http://frontend:80` | App Angular |
 
+### URLs de Producción (K3s)
+
+| Servicio | URL |
+|----------|-----|
+| Frontend | `https://academia.ingeniumcodex.com` |
+| API GraphQL | `https://academia.ingeniumcodex.com/graphql` |
+| Health Check | `https://academia.ingeniumcodex.com/health` |
+| Login | `https://academia.ingeniumcodex.com/login` |
+| Registro | `https://academia.ingeniumcodex.com/register` |
+| Dashboard | `https://academia.ingeniumcodex.com/dashboard` |
+
 ## Rollback
 
 ```bash