Service onboarding: deploy pal-e-app to k8s

forgejo_admin commented

2026-03-13 20:10:41 +00:00

Owner

Lineage

plan-pal-e-docs → Phase 2a (deploy pal-e-app)

Repo

forgejo_admin/pal-e-app

User Story

As a platform operator
I want pal-e-app deployed to k8s via ArgoCD
So that the SvelteKit frontend is live at https://pal-e-app.tail5b443a.ts.net

Context

pal-e-app was scaffolded in PR #2 (SvelteKit 2 + Svelte 5 + Tailwind 4 + adapter-node + Dockerfile + Woodpecker CI). The scaffold is merged to main but the app has NO k8s manifests and is NOT deployed. This issue creates the k8s manifests and updates CI for the full GitOps deployment pipeline.

The service onboarding SOP requires: k8s manifests (deployment, service, kustomization), CI build-and-push step (kaniko → Harbor), and deployment tag update step. The terraform side (var.services entry in pal-e-services) is handled separately.

File Targets

Files to create:

k8s/deployment.yaml — Deployment with harbor image, port 3000, imagePullSecrets, health checks, env vars
k8s/service.yaml — ClusterIP Service on port 3000
k8s/kustomization.yaml — Kustomize wrapper referencing deployment + service

Files to modify:

.woodpecker.yaml — Add build-and-push step (kaniko), update-deployment-tag step, clone override for in-cluster Forgejo access. Follow pal-e-docs .woodpecker.yaml pattern exactly.

Files NOT to touch:

src/** — no application code changes
Dockerfile — already correct
docker-compose.yml — dev-only, not relevant

Acceptance Criteria

k8s/deployment.yaml exists with: image from Harbor (harbor.tail5b443a.ts.net/pal-e-app/app:TAG), port 3000, harbor-creds imagePullSecret, liveness/readiness probes on /, resource requests/limits, PAL_E_DOCS_API_URL env var pointing to in-cluster pal-e-docs service
k8s/service.yaml exists with ClusterIP service on port 3000
k8s/kustomization.yaml lists deployment.yaml + service.yaml
.woodpecker.yaml has clone step (in-cluster Forgejo URL), build-and-push step (kaniko to Harbor), update-deployment-tag step (sed + git push)
CI steps only run on push to main (not PRs) for build-and-push and update-deployment-tag
Existing check/lint/build CI steps preserved

Test Expectations

npm run check passes (TypeScript)
npm run lint passes (ESLint)
npm run build succeeds (no broken imports)
kubectl apply -k k8s/ --dry-run=client validates manifests (manual verification)

Constraints

Follow pal-e-docs k8s/ and .woodpecker.yaml patterns exactly
Harbor image repo: pal-e-app/app (matches var.services entry)
Container port: 3000 (Node.js adapter-node)
Health check path: / (SvelteKit serves the landing page)
Env var: PAL_E_DOCS_API_URL=http://pal-e-docs.pal-e-docs.svc.cluster.local:8000
No ServiceMonitor needed yet (no metrics endpoint)
Use harbor-creds for imagePullSecret name (created by terraform)

Checklist

PR opened
Tests pass
No unrelated changes

pal-e-docs — project this affects
service-onboarding-sop — SOP being followed

### Lineage `plan-pal-e-docs` → Phase 2a (deploy pal-e-app) ### Repo `forgejo_admin/pal-e-app` ### User Story As a platform operator I want pal-e-app deployed to k8s via ArgoCD So that the SvelteKit frontend is live at `https://pal-e-app.tail5b443a.ts.net` ### Context pal-e-app was scaffolded in PR #2 (SvelteKit 2 + Svelte 5 + Tailwind 4 + adapter-node + Dockerfile + Woodpecker CI). The scaffold is merged to main but the app has NO k8s manifests and is NOT deployed. This issue creates the k8s manifests and updates CI for the full GitOps deployment pipeline. The service onboarding SOP requires: k8s manifests (deployment, service, kustomization), CI build-and-push step (kaniko → Harbor), and deployment tag update step. The terraform side (var.services entry in pal-e-services) is handled separately. ### File Targets Files to create: - `k8s/deployment.yaml` — Deployment with harbor image, port 3000, imagePullSecrets, health checks, env vars - `k8s/service.yaml` — ClusterIP Service on port 3000 - `k8s/kustomization.yaml` — Kustomize wrapper referencing deployment + service Files to modify: - `.woodpecker.yaml` — Add `build-and-push` step (kaniko), `update-deployment-tag` step, clone override for in-cluster Forgejo access. Follow pal-e-docs `.woodpecker.yaml` pattern exactly. Files NOT to touch: - `src/**` — no application code changes - `Dockerfile` — already correct - `docker-compose.yml` — dev-only, not relevant ### Acceptance Criteria - [ ] `k8s/deployment.yaml` exists with: image from Harbor (`harbor.tail5b443a.ts.net/pal-e-app/app:TAG`), port 3000, `harbor-creds` imagePullSecret, liveness/readiness probes on `/`, resource requests/limits, `PAL_E_DOCS_API_URL` env var pointing to in-cluster pal-e-docs service - [ ] `k8s/service.yaml` exists with ClusterIP service on port 3000 - [ ] `k8s/kustomization.yaml` lists deployment.yaml + service.yaml - [ ] `.woodpecker.yaml` has clone step (in-cluster Forgejo URL), build-and-push step (kaniko to Harbor), update-deployment-tag step (sed + git push) - [ ] CI steps only run on push to main (not PRs) for build-and-push and update-deployment-tag - [ ] Existing check/lint/build CI steps preserved ### Test Expectations - [ ] `npm run check` passes (TypeScript) - [ ] `npm run lint` passes (ESLint) - [ ] `npm run build` succeeds (no broken imports) - [ ] `kubectl apply -k k8s/ --dry-run=client` validates manifests (manual verification) ### Constraints - Follow pal-e-docs k8s/ and .woodpecker.yaml patterns exactly - Harbor image repo: `pal-e-app/app` (matches var.services entry) - Container port: 3000 (Node.js adapter-node) - Health check path: `/` (SvelteKit serves the landing page) - Env var: `PAL_E_DOCS_API_URL=http://pal-e-docs.pal-e-docs.svc.cluster.local:8000` - No ServiceMonitor needed yet (no metrics endpoint) - Use `harbor-creds` for imagePullSecret name (created by terraform) ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `pal-e-docs` — project this affects - `service-onboarding-sop` — SOP being followed