568 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
root	a9ec853201	feat: add AnalysisTemplate + Feature Flags to web-app chart ... - AnalysisTemplate: web provider health check on canary /healthz (10s interval, 6 checks, 3 failure limit → auto-rollback) - Feature Flags: ConfigMap → config.js mount via window.__APP_CONFIG__ pattern for static SPA (annotation hash for auto-restart) - NetworkPolicy: allow argo-rollouts namespace for analysis HTTP checks - Prod arch-docs: enable analysis + showBetaFeatures flag Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 22:05:24 +01:00
admin	37209e9983	Merge pull request 'fix: remove ServerSideApply from argo-rollouts' (#225) from fix/argo-rollouts-no-ssa into main	2026-02-22 21:22:00 +01:00
root	b2b1d594e7	fix: remove ServerSideApply from argo-rollouts to resolve CRD drift ... SSA causes perpetual OutOfSync on CRDs due to field manager conflicts. Client-side apply works correctly for Helm charts with CRDs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 21:14:21 +01:00
admin	56f95adf1f	Merge pull request 'fix: broaden CRD ignoreDifferences for argo-rollouts sync' (#224) from fix/argo-rollouts-crd-sync into main	2026-02-22 21:05:12 +01:00
root	1b353559ce	fix: broaden CRD ignoreDifferences for argo-rollouts ... Use jqPathExpressions to ignore entire .metadata and .spec.versions schema sections on CRDs, which drift due to ServerSideApply field manager changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 21:04:03 +01:00
admin	efa4a1a8d5	Merge pull request 'fix: resolve argo-rollouts CRD OutOfSync' (#223) from fix/argo-rollouts-outsync into main	2026-02-22 21:02:21 +01:00
root	4dd21b1e99	fix: resolve argo-rollouts CRD OutOfSync with ignoreDifferences ... Add ignoreDifferences for CRDs (metadata labels/annotations drift caused by ServerSideApply field managers) and RespectIgnoreDifferences sync option. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 21:01:24 +01:00
admin	ac380824c1	Merge pull request 'feat: add Argo Rollouts with canary strategy for prod' (#222) from feat/argo-rollouts into main	2026-02-22 19:36:47 +01:00
root	465a9859b7	feat: add Argo Rollouts with canary strategy for prod ... - Install Argo Rollouts via ArgoCD (Helm chart 2.39.1) - Add Rollout template with nginx traffic routing - Add canary Service for traffic splitting - Enable canary for prod arch-docs (20% → 60s → 50% → 60s → 100%) - Dev/staging remain standard Deployment (1 replica, canary not useful) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 19:36:11 +01:00
claude	e159bcac20	Merge pull request 'promote: arch-docs 03361b1 to prod' (#221) from promote/arch-docs-03361b1-prod into main	2026-02-22 17:28:13 +01:00
Promotion Bot	b7fc7e2dd4	promote: arch-docs 03361b1 to prod	2026-02-22 17:27:56 +01:00
claude	d285eb263b	Merge pull request 'promote: arch-docs 03361b1 to staging' (#220) from promote/arch-docs-03361b1-staging into main	2026-02-22 17:17:50 +01:00
Promotion Bot	09c015fe71	promote: arch-docs 03361b1 to staging	2026-02-22 17:17:33 +01:00
claude	642384d1b6	Merge pull request 'deploy: arch-docs 03361b1 to dev' (#219) from deploy/arch-docs-03361b1 into main	2026-02-22 16:50:32 +01:00
CI Bot	3987c67411	deploy: arch-docs 03361b1 to dev	2026-02-22 15:50:15 +00:00
claude	9482ee52d3	Merge pull request 'promote: arch-docs 3f2c0b2 to staging' (#218) from promote/arch-docs-3f2c0b2-staging into main	2026-02-22 16:20:21 +01:00
Promotion Bot	50f0e94358	promote: arch-docs 3f2c0b2 to staging	2026-02-22 16:19:58 +01:00
claude	3f7f5cf49f	Merge pull request 'fix: use pre-installed yamllint from runner-tools' (#217) from fix/use-preinstalled-yamllint into main	2026-02-22 14:34:14 +01:00
root	3aca0fcea7	fix: use pre-installed yamllint from runner-tools image ... yamllint is now pre-installed in the runner-tools Docker image. Removes fragile pip install step that was failing silently. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 14:31:44 +01:00
claude	ab4f0ed8c8	Merge pull request 'deploy: arch-docs 3f2c0b2 to dev' (#216) from deploy/arch-docs-3f2c0b2 into main	2026-02-22 14:12:28 +01:00
CI Bot	9f1a0c52b1	deploy: arch-docs 3f2c0b2 to dev	2026-02-22 13:12:10 +00:00
admin	98c5025606	Merge pull request 'feat: make yamllint and kubeconform strict in CI' (#215) from feat/strict-linters into main	2026-02-22 14:08:19 +01:00
claude	39815af672	Merge pull request 'fix: add kubernetes OIDC client to realm config' (#214) from fix/kubernetes-oidc-client into main	2026-02-22 14:05:42 +01:00
root	893b58afdc	fix: use --break-system-packages for pip install yamllint ... PEP 668 blocks pip install in externally-managed Python environments (Debian/Ubuntu). Adding --break-system-packages flag to fix CI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 13:51:42 +01:00
root	7d21c942a2	feat: make yamllint and kubeconform strict in CI ... - yamllint: install via pip, validate environments/ argocd-apps/ apps/ - kubeconform: remove || true fallback, fail on invalid manifests - Both linters now block PR merge on errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 13:25:56 +01:00
root	65930ceb1e	sec: remove plaintext passwords from realm ConfigMap ... Use keycloak-config-cli env var substitution $(env:VAR_NAME) to inject user passwords from K8s Secret instead of hardcoding them in ConfigMap. - realm-configmap.yaml: passwords replaced with $(env:KC_INFRA_ADMIN_PASSWORD) and $(env:KC_INFRA_CLAUDE_PASSWORD) - keycloak ArgoCD app: added keycloakConfigCli.extraEnvVarsSecret - Secrets sourced from OpenBao via create-keycloak-secrets.sh Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 13:24:44 +01:00
root	08b0c41f45	fix: add kubernetes OIDC client + direct-grant-no-otp flow to realm config ... The kubernetes client (Phase 15) and direct-grant-no-otp auth flow were created via API but missing from realm-configmap.yaml. A realm re-import would lose these configurations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 12:53:50 +01:00
admin	4e82b6df55	Merge pull request 'root-app: add ignoreDifferences for Application finalizers' (#213) from fix/root-app-ignore-finalizers into main	2026-02-22 10:03:49 +01:00
root	d047481de0	root-app: add ignoreDifferences for Application finalizers ... ArgoCD child apps (e.g. kyverno) get extra finalizers added at runtime, causing root app-of-apps to show OutOfSync perpetually. Ignore /metadata/finalizers drift on Application resources. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 10:02:37 +01:00
claude	0a6ef6cab6	Merge pull request 'promote: arch-docs e1631f8 to prod' (#212) from promote/arch-docs-e1631f8-prod into main	2026-02-21 11:37:25 +01:00
Promotion Bot	01942540b3	promote: arch-docs e1631f8 to prod	2026-02-21 11:37:08 +01:00
claude	a3587c6641	Merge pull request 'promote: arch-docs e1631f8 to staging' (#211) from promote/arch-docs-e1631f8-staging into main	2026-02-21 11:34:20 +01:00
Promotion Bot	939415d478	promote: arch-docs e1631f8 to staging	2026-02-21 11:34:03 +01:00
claude	9f1861d490	Merge pull request 'deploy: arch-docs e1631f8 to dev' (#210) from deploy/arch-docs-e1631f8 into main	2026-02-21 11:31:25 +01:00
CI Bot	bf8c10a79a	deploy: arch-docs e1631f8 to dev	2026-02-21 10:31:08 +00:00
admin	bf1bec1fda	Merge pull request 'chore: remove report-generator from all environments' (#209) from remove-report-generator into main	2026-02-21 09:44:50 +01:00
root	9acb62e515	chore: remove report-generator from all environments ... Report-generator was a load testing application. Decommissioning: - Remove ArgoCD app definitions (6 apps) - Remove infra manifests (networkpolicy, secrets, seed-jobs) - Remove Helm values (dev/staging/prod) K8s resources already deleted via ArgoCD cascade delete. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 09:43:02 +01:00
claude	3dd6d4920e	Merge pull request 'Staging: memory 4Gi, maxReplicas=3' (#208) from staging-memory-4gi into main	2026-02-21 08:28:49 +01:00
Claude	c9605d09ee	Staging: memory 4Gi, maxReplicas=3 (fix OOMKilled) ... Yearly report needs ~2.7GB RAM. With 2Gi limit, pod OOMKilled. 3 replicas × (2 CPU, 4Gi) = 6 CPU, 12Gi — fits staging-quota. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 08:28:15 +01:00
claude	1576d06e09	Merge pull request 'Enable HPA on staging for isolation test' (#206) from staging-hpa-test into main	2026-02-21 08:15:54 +01:00
Claude	f163ef8020	Enable HPA on staging for isolation load test ... maxReplicas=4 (fills staging-quota limits.cpu=8, 4×2=8) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 08:14:17 +01:00
claude	612dc1906e	Merge pull request 'Add nginx proxy timeout 300s for report-generator' (#205) from add-ingress-timeout into main	2026-02-20 23:04:17 +01:00
Claude	232d2bdd97	Add nginx proxy timeout 300s for report-generator ... Yearly reports take ~160s (bootstrap resampling of 1.7M rows). Default nginx timeout of 60s causes 504 Gateway Timeout. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-20 22:52:06 +01:00
claude	5ac0553cb1	Merge pull request 'promote: report-generator 8484c29 to prod' (#204) from promote/report-generator-8484c29-prod into main	2026-02-20 20:56:54 +01:00
Promotion Bot	da7a5376e8	promote: report-generator 8484c29 to prod	2026-02-20 20:56:37 +01:00
claude	02ad47ee7a	Merge pull request 'promote: report-generator 8484c29 to staging' (#203) from promote/report-generator-8484c29-staging into main	2026-02-20 20:51:55 +01:00
Promotion Bot	db67309a9e	promote: report-generator 8484c29 to staging	2026-02-20 20:51:38 +01:00
claude	c19c00a8b2	Merge pull request 'deploy: report-generator 8484c29 to dev' (#202) from deploy/report-generator-8484c29 into main	2026-02-20 20:35:29 +01:00
CI Bot	ea7bb822a8	deploy: report-generator 8484c29 to dev	2026-02-20 19:35:12 +00:00
claude	35f29bc0fd	Merge pull request 'promote: report-generator 87cce4c to prod' (#201) from promote/report-generator-87cce4c-prod into main	2026-02-20 18:04:51 +01:00