35 Commits

Author SHA1 Message Date
claude
7329794605 fix: paas-portal v1.4 — correct app status during init + logs fix
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 8s
2026-02-24 22:19:09 +01:00
claude
e69b996686 fix: bump paas-portal to v1.3 (update provisioning time text)
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 2s
PR Checks / Validate & Security Scan (pull_request) Successful in 11s
2026-02-24 22:11:44 +01:00
claude
400d3c0443 fix: use Recreate strategy + remove unused GITEA_ADMIN_TOKEN
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 3s
PR Checks / Validate & Security Scan (pull_request) Successful in 10s
2026-02-24 22:01:52 +01:00
claude
6d97d6edbc fix: bump paas-portal to v1.2 (fix branch protection)
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 4s
PR Checks / Validate & Security Scan (pull_request) Successful in 10s
2026-02-24 21:58:42 +01:00
claude
6f7bcc3214 feat: upgrade paas-portal to v1.1 with git-deploy support
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 9s
Add GITEA_EXTERNAL_URL env var and GITEA_ADMIN_USER_TOKEN secret ref
for the new git-based deploy pipeline. Bump image tag to v1.1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 20:53:28 +01:00
claude
ddc3def7c4 feat: rename naas-portal to paas-portal across all resources
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 2s
PR Checks / Validate & Security Scan (pull_request) Successful in 13s
- Helm chart: charts/naas-portal → charts/paas-portal
- ArgoCD app: naas-portal → paas-portal
- Environment values: naas-portal → paas-portal
- ClusterRole: naas-manager → paas-manager (operational-rbac)
- Tenant labels: naas.georgepet.duckdns.org → paas.georgepet.duckdns.org
- Secret: naas-portal-secrets → paas-portal-secrets
- Image: claude/naas-portal → claude/paas-portal
2026-02-24 18:24:21 +01:00
root
455250ee79 Add naas-portal Helm chart for K8s deployment
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 2s
PR Checks / Validate & Security Scan (pull_request) Successful in 12s
Migrate PaaS portal from Docker control-plane to K8s with:
- Dedicated Helm chart (Deployment, Service, Ingress, PVC, RBAC, NetworkPolicy)
- Domain: georgepaas.duckdns.org with TLS via cert-manager
- In-cluster ServiceAccount bound to naas-manager ClusterRole
- Longhorn PVC for SQLite persistence
- ArgoCD auto-sync application
2026-02-24 16:47:58 +01:00
9c2b508890 fix: remove invalid ingress template (no rules/defaultBackend) 2026-02-24 14:05:42 +01:00
a0f1ca8a9a refactor: simplify tenant ingress to TLS-only (rules managed by NaaS portal PaaS) 2026-02-24 06:56:14 +01:00
390542f4b7 feat: add default Ingress template to tenant chart
Creates an Ingress resource using the tenant-tls certificate so that
the tenant subdomain works with valid TLS immediately after provisioning.
Points to a placeholder service that can be replaced by the tenant.
2026-02-23 22:44:26 +01:00
91b6e9117f fix: add deployments/scale subresource to tenant Role 2026-02-23 13:38:31 +01:00
5c78db8da0 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:28 +01:00
acd636b2c9 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:27 +01:00
d3cb52ad88 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:26 +01:00
217a3dbe3c feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:26 +01:00
ef333d3242 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:25 +01:00
75f4058127 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:24 +01:00
37fe00169a feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:24 +01:00
2787255b37 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:23 +01:00
0baffa8f02 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:22 +01:00
ce2a9eeb2d feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:22 +01:00
156fb1b1fa feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:21 +01:00
7082e70c52 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:20 +01:00
8344f8a545 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:20 +01:00
b7361090b6 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:19 +01:00
30e88922c5 feat: add NaaS tenant-namespace Helm chart + test tenant t1 2026-02-23 13:32:18 +01:00
root
a9ec853201 feat: add AnalysisTemplate + Feature Flags to web-app chart
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 2s
PR Checks / Validate & Security Scan (pull_request) Successful in 10s
- AnalysisTemplate: web provider health check on canary /healthz
  (10s interval, 6 checks, 3 failure limit → auto-rollback)
- Feature Flags: ConfigMap → config.js mount via window.__APP_CONFIG__
  pattern for static SPA (annotation hash for auto-restart)
- NetworkPolicy: allow argo-rollouts namespace for analysis HTTP checks
- Prod arch-docs: enable analysis + showBetaFeatures flag

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 22:05:24 +01:00
root
465a9859b7 feat: add Argo Rollouts with canary strategy for prod
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 10s
- Install Argo Rollouts via ArgoCD (Helm chart 2.39.1)
- Add Rollout template with nginx traffic routing
- Add canary Service for traffic splitting
- Enable canary for prod arch-docs (20% → 60s → 50% → 60s → 100%)
- Dev/staging remain standard Deployment (1 replica, canary not useful)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 19:36:11 +01:00
Claude
a6578511a9 Add Helm unit tests for web-app chart (32 tests)
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 8s
6 test suites covering deployment, service, ingress, networkpolicy,
HPA, and PSS restricted security contexts. CI step added to
pr-checks workflow (requires helm-unittest in runner image).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 16:36:31 +01:00
root
89a03c34f6 fix: add healthz ingress to bypass oauth2-proxy for smoke tests
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 6s
dev/staging smoke tests were failing because oauth2-proxy returns 302
instead of 200. Add a separate /healthz ingress without auth annotations
so health checks can reach the backend directly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 06:05:56 +01:00
root
4a5a657e14 Remove visual test infrastructure
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 2s
PR Checks / Validate & Security Scan (pull_request) Successful in 11s
Remove visual-test-egress NetworkPolicy, allowVisualTest Helm flag,
and staging override. Visual testing proved ineffective at detecting
diagram rendering issues.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 19:02:47 +01:00
root
dc9f801e13 feat: Add visual-test NetworkPolicy support for AI screenshot testing
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Successful in 6s
- Helm chart: add allowVisualTest flag to enable ingress from visual-test pods
- Staging: enable allowVisualTest for arch-docs
- Namespaces: add visual-test-egress NetworkPolicy in staging
  (allows egress to app pods on 8080 + external HTTPS for OpenRouter/Telegram)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 15:06:33 +01:00
root
031ce1ec8c feat: add extraVolumes, ingress path/annotations to Helm chart
Some checks failed
AI Review / AI Code Review (pull_request) Successful in 1s
PR Checks / Validate & Security Scan (pull_request) Failing after 31s
Backward-compatible additions for nginx-based static sites:
- extraVolumeMounts/extraVolumes for writable dirs (e.g. nginx cache)
- Configurable ingress path/pathType for path-based routing
- Custom ingress annotations for rewrite-target etc.
2026-02-14 20:54:19 +01:00
root
404087e7f9 fix: add imagePullSecrets for Gitea registry + Helm chart support 2026-02-14 15:58:00 +01:00
root
e4a08e724d Add generic web-app Helm chart + demo-app dev environment
- charts/web-app/: PSS restricted, Ingress with TLS, NetworkPolicy, HPA
- environments/dev/demo-app.yaml: dev values for demo-app
- argocd-apps/demo-app-dev.yaml: ArgoCD Application for dev deployment
2026-02-14 15:11:07 +01:00