fix(k3s): update image names and deployment docs

- Rename images from academia-* to student-* for consistency - Update DEPLOYMENT.md with latest deployment procedures Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 16:40:57 -05:00 · 2026-01-08 16:40:57 -05:00 · fa607d3fc4
parent a9e4de63c9
commit fa607d3fc4
3 changed files with 95 additions and 7 deletions
--- a/deploy/k3s/api.yaml
+++ b/deploy/k3s/api.yaml
@ -25,7 +25,7 @@ spec:
        kubernetes.io/hostname: hp62a
      containers:
        - name: api
-          image: academia-api:latest
+          image: student-api:latest
          imagePullPolicy: Never
          ports:
            - containerPort: 8080
--- a/deploy/k3s/frontend.yaml
+++ b/deploy/k3s/frontend.yaml
@ -25,7 +25,7 @@ spec:
        kubernetes.io/hostname: hp62a
      containers:
        - name: frontend
-          image: academia-frontend:latest
+          image: student-frontend:latest
          imagePullPolicy: Never
          ports:
            - containerPort: 80
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@ -18,7 +18,11 @@
 |----------|-------------|---------|
 | `ConnectionStrings__DefaultConnection` | Connection string SQL Server | `Server=db;Database=StudentEnrollment;...` |
 | `ASPNETCORE_ENVIRONMENT` | Ambiente | `Production` |
-| `ASPNETCORE_URLS` | URLs de escucha | `http://+:5000` |
+| `ASPNETCORE_URLS` | URLs de escucha | `http://+:8080` |
+| `JWT_SECRET_KEY` | **REQUERIDO** - Secret JWT (mín. 32 chars) | `your-super-secret-key-minimum-32-chars` |
+| `JWT_ISSUER` | Emisor JWT | `StudentEnrollmentApi` |
+| `JWT_AUDIENCE` | Audiencia JWT | `StudentEnrollmentApp` |
+| `JWT_EXPIRATION_MINUTES` | Expiración token | `60` |

 ### Frontend (Angular)

@ -26,6 +30,13 @@
 |----------|-------------|---------|
 | `API_URL` | URL del backend GraphQL | `https://api.example.com/graphql` |

+### Desarrollo Local (SQLite)
+
+| Variable | Descripción | Ejemplo |
+|----------|-------------|---------|
+| `USE_SQLITE` | Usar SQLite en lugar de SQL Server | `true` |
+| `ConnectionStrings__DefaultConnection` | Path a archivo SQLite | `Data Source=./data/dev.db` |
+
 ## Despliegue con Docker

 ### 1. Estructura de Archivos
@ -186,6 +197,71 @@ docker-compose logs -f
 docker-compose down
 ```

+## Desarrollo Local (Sin Docker)
+
+Script que levanta backend + frontend con **SQLite** (sin necesidad de SQL Server):
+
+```bash
+# Iniciar todo
+./scripts/dev-start.sh start
+
+# Ver estado
+./scripts/dev-start.sh status
+
+# Detener
+./scripts/dev-start.sh stop
+
+# Reiniciar
+./scripts/dev-start.sh restart
+```
+
+**Características:**
+- Backend usa SQLite en `./data/dev.db`
+- No requiere Docker ni SQL Server
+- Frontend en puerto 4200, Backend en puerto 5000
+- Hot reload habilitado
+- PIDs guardados para cleanup automático
+
+---
+
+## CI/CD Pipeline (Gitea Actions)
+
+**Ubicación:** `.gitea/workflows/deploy.yaml`
+
+**Trigger:** Push a rama `main`
+
+### Flujo Automático
+
+1. Checkout código en Gitea runner
+2. Setup SSH hacia K3s master
+3. Sync código con rsync (excluye node_modules, dist, etc.)
+4. Build imágenes en paralelo (API + Frontend)
+5. Import a K3s containerd (`docker save | k3s ctr images import`)
+6. Apply manifiestos con Kustomize
+7. Rolling restart de deployments
+8. Health checks con curl
+9. Rollback automático si falla
+
+### Secretos Requeridos en Gitea
+
+| Secreto | Descripción |
+|---------|-------------|
+| `K3S_SSH_KEY` | Clave SSH privada para conectar a K3s master |
+| `K3S_SUDO_PASS` | Password de sudo en K3s host |
+
+### Configuración
+
+```yaml
+# Variables de entorno en el workflow
+K3S_HOST: 100.67.198.92          # IP del master (hp62a)
+NAMESPACE: student-enrollment
+DOMAIN: academia.ingeniumcodex.com
+```
+
+**Tiempo de despliegue:** ~3-5 minutos desde push hasta producción
+
+---
+
 ## Despliegue Manual

 ### Backend
@ -224,11 +300,12 @@ ng build --configuration production
 ### Seguridad

 - [ ] Connection strings en variables de entorno (no en código)
+- [ ] JWT_SECRET_KEY configurado (mínimo 32 caracteres)
 - [ ] HTTPS habilitado
 - [ ] CORS configurado solo para dominios permitidos
- [ ] Rate limiting activo
+- [ ] Rate limiting activo (30 mutations/min, 100 queries/min)
 - [ ] Security headers configurados
- [ ] Logs sin datos sensibles
+- [ ] Logs sin datos sensibles (Serilog filtra tokens/passwords)

 ### Performance

@ -253,10 +330,21 @@ ng build --configuration production

 | Servicio | URL | Esperado |
 |----------|-----|----------|
-| API Health | `http://api:5000/health` | 200 OK |
-| GraphQL Playground | `http://api:5000/graphql` | Banana Cake Pop |
+| API Health | `http://api:8080/health` | 200 OK |
+| GraphQL Playground | `http://api:8080/graphql` | Banana Cake Pop |
 | Frontend | `http://frontend:80` | App Angular |

+### URLs de Producción (K3s)
+
+| Servicio | URL |
+|----------|-----|
+| Frontend | `https://academia.ingeniumcodex.com` |
+| API GraphQL | `https://academia.ingeniumcodex.com/graphql` |
+| Health Check | `https://academia.ingeniumcodex.com/health` |
+| Login | `https://academia.ingeniumcodex.com/login` |
+| Registro | `https://academia.ingeniumcodex.com/register` |
+| Dashboard | `https://academia.ingeniumcodex.com/dashboard` |
+
 ## Rollback

 ```bash