Add k8s manifests and CI pipeline for service onboarding #5

Merged

forgejo_admin merged 1 commit from 4-service-onboarding into main 2026-03-13 20:20:27 +00:00

Conversation 2 Commits 1 Files changed 4 +118 -1

forgejo_admin commented 2026-03-13 20:14:58 +00:00

Owner

Copy link

Summary

Adds Kubernetes manifests (deployment, service, kustomization) and extends the Woodpecker CI pipeline with kaniko build-and-push and deployment tag update steps, enabling pal-e-app to be deployed to k8s with the same CI/CD pattern as pal-e-docs.

Changes

• k8s/deployment.yaml — Deployment with harbor-creds imagePullSecret, port 3000, PAL_E_DOCS_API_URL env var pointing to in-cluster pal-e-docs service, liveness/readiness probes on /, resource limits
• k8s/service.yaml — ClusterIP service exposing port 3000
• k8s/kustomization.yaml — Kustomization referencing deployment and service
• .woodpecker.yaml — Added clone override (in-cluster Forgejo URL), kaniko build-and-push step (main-only), update-deployment-tag step (main-only). Existing check/lint/build steps preserved. Added path exclusions for ArgoCD-managed files.

Test Plan

• npm run check passes (0 errors, 0 warnings)
• npm run build succeeds (adapter-node output)
• Verify k8s manifests are valid: kubectl apply -k k8s/ --dry-run=client -n pal-e-app
• After merge, verify Woodpecker pipeline runs build-and-push successfully
• Verify ArgoCD can sync the new manifests once pal-e-app Application is created

Review Checklist

• No secrets committed
• No unnecessary file changes
• Commit messages are descriptive
• Follows pal-e-docs k8s manifest pattern

Related

• Closes #4
• Plan: plan-2026-03-13-pal-e-frontend

## Summary Adds Kubernetes manifests (deployment, service, kustomization) and extends the Woodpecker CI pipeline with kaniko build-and-push and deployment tag update steps, enabling pal-e-app to be deployed to k8s with the same CI/CD pattern as pal-e-docs. ## Changes - **k8s/deployment.yaml** — Deployment with harbor-creds imagePullSecret, port 3000, `PAL_E_DOCS_API_URL` env var pointing to in-cluster pal-e-docs service, liveness/readiness probes on `/`, resource limits - **k8s/service.yaml** — ClusterIP service exposing port 3000 - **k8s/kustomization.yaml** — Kustomization referencing deployment and service - **.woodpecker.yaml** — Added clone override (in-cluster Forgejo URL), kaniko build-and-push step (main-only), update-deployment-tag step (main-only). Existing check/lint/build steps preserved. Added path exclusions for ArgoCD-managed files. ## Test Plan - [x] `npm run check` passes (0 errors, 0 warnings) - [x] `npm run build` succeeds (adapter-node output) - [ ] Verify k8s manifests are valid: `kubectl apply -k k8s/ --dry-run=client -n pal-e-app` - [ ] After merge, verify Woodpecker pipeline runs build-and-push successfully - [ ] Verify ArgoCD can sync the new manifests once pal-e-app Application is created ## Review Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive - [x] Follows pal-e-docs k8s manifest pattern ## Related - Closes #4 - Plan: `plan-2026-03-13-pal-e-frontend`

forgejo_admin added 1 commit 2026-03-13 20:14:58 +00:00

Add k8s manifests and CI build/push pipeline for service onboarding ... 104bc649d3

Adds deployment, service, and kustomization for pal-e-app namespace.
Updates .woodpecker.yaml with clone override, kaniko build-and-push,
and deployment tag update steps (main branch only).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin commented 2026-03-13 20:15:27 +00:00

Author

Owner

Copy link

Self-Review: PASS

Reviewed the full diff (4 files, +118/-1) against the pal-e-docs reference patterns and Issue #4 requirements.

k8s manifests:

• deployment.yaml: Port 3000, health probes on /, PAL_E_DOCS_API_URL env var, harbor-creds imagePullSecret, resource limits. Matches spec exactly.
• service.yaml: ClusterIP on port 3000. Clean.
• kustomization.yaml: References deployment + service only (no servicemonitor, correct for frontend).

CI pipeline (.woodpecker.yaml):

• Clone override: correct in-cluster Forgejo URL for pal-e-app.
• Top-level when: push-to-main (with ArgoCD path exclusions) + pull_request. Correct.
• Existing install/check/lint/build steps: preserved unchanged.
• build-and-push: kaniko with pal-e-app/app repo, main-only gate. Correct.
• update-deployment-tag: sed pattern matches pal-e-app/app, main-only gate. Correct.
• Dependency chain: build-and-push -> build, update-deployment-tag -> build-and-push. Correct.

Verification:

• npm run check: 0 errors, 0 warnings
• npm run build: success (adapter-node)

No issues found. Ready for merge.

## Self-Review: PASS Reviewed the full diff (4 files, +118/-1) against the pal-e-docs reference patterns and Issue #4 requirements. **k8s manifests:** - deployment.yaml: Port 3000, health probes on `/`, `PAL_E_DOCS_API_URL` env var, harbor-creds imagePullSecret, resource limits. Matches spec exactly. - service.yaml: ClusterIP on port 3000. Clean. - kustomization.yaml: References deployment + service only (no servicemonitor, correct for frontend). **CI pipeline (.woodpecker.yaml):** - Clone override: correct in-cluster Forgejo URL for `pal-e-app`. - Top-level `when`: push-to-main (with ArgoCD path exclusions) + pull_request. Correct. - Existing install/check/lint/build steps: preserved unchanged. - build-and-push: kaniko with `pal-e-app/app` repo, main-only gate. Correct. - update-deployment-tag: sed pattern matches `pal-e-app/app`, main-only gate. Correct. - Dependency chain: build-and-push -> build, update-deployment-tag -> build-and-push. Correct. **Verification:** - `npm run check`: 0 errors, 0 warnings - `npm run build`: success (adapter-node) No issues found. Ready for merge.

forgejo_admin commented 2026-03-13 20:19:45 +00:00

Author

Owner

Copy link

PR #5 Review

Title: Add k8s manifests and CI pipeline for service onboarding
Branch: 4-service-onboarding -> main
Issue: #4
Files changed: 4 (+118 / -1)

BLOCKERS

None. All four requirements are met correctly:

1. k8s/deployment.yaml -- Harbor image (harbor.tail5b443a.ts.net/pal-e-app/app:latest), port 3000, harbor-creds imagePullSecret, liveness/readiness probes on /, resource requests/limits matching the pal-e-docs pattern, PAL_E_DOCS_API_URL env var pointing to http://pal-e-docs.pal-e-docs.svc.cluster.local:8000. All present and correct.

2. k8s/service.yaml -- ClusterIP service on port 3000 with correct selector and labels. Matches the pal-e-docs service pattern adapted for port 3000.

3. k8s/kustomization.yaml -- Lists deployment.yaml and service.yaml. Correct.

4. .woodpecker.yaml -- Clone override uses in-cluster Forgejo URL. build-and-push uses kaniko 2.3.0 against harbor.harbor.svc.cluster.local with repo pal-e-app/app. update-deployment-tag uses sed + git push pattern. Both steps gated to push-on-main only. Existing install/check/lint/build steps are preserved. Path exclusions for ArgoCD-managed files are present.

Verified against reference patterns:

• /home/ldraney/pal-e-docs/k8s/deployment.yaml
• /home/ldraney/pal-e-docs/k8s/service.yaml
• /home/ldraney/pal-e-docs/k8s/kustomization.yaml
• /home/ldraney/pal-e-docs/.woodpecker.yaml

Expected differences from pal-e-docs confirmed as non-issues: port 3000 (Node.js), health check on / (SvelteKit), no DB secrets (frontend), no ServiceMonitor, no smoke-test step.

NITS

1. Explicit depends_on on build-and-push -- The PR adds depends_on: [build] to the build-and-push step, which the pal-e-docs reference lacks. This is actually an improvement -- it makes the dependency chain explicit and ensures the npm build succeeds before kaniko runs. Not a problem, just noting the intentional divergence.

2. Service missing type: ClusterIP -- Both this PR and the pal-e-docs reference omit spec.type, which defaults to ClusterIP. Fine, but making it explicit would improve readability. Non-blocking.

SOP COMPLIANCE

• Branch named after issue (4-service-onboarding for issue #4)
• PR body has Summary, Changes, Test Plan, Related sections
• Related section references plan slug (plan-2026-03-13-pal-e-frontend)
• Closes #4 present in PR body
• No secrets, .env files, or credentials committed
• No unnecessary file changes (4 files, all in scope)
• Commit messages are descriptive

VERDICT: APPROVED

## PR #5 Review **Title:** Add k8s manifests and CI pipeline for service onboarding **Branch:** `4-service-onboarding` -> `main` **Issue:** #4 **Files changed:** 4 (+118 / -1) ### BLOCKERS None. All four requirements are met correctly: 1. **k8s/deployment.yaml** -- Harbor image (`harbor.tail5b443a.ts.net/pal-e-app/app:latest`), port 3000, `harbor-creds` imagePullSecret, liveness/readiness probes on `/`, resource requests/limits matching the pal-e-docs pattern, `PAL_E_DOCS_API_URL` env var pointing to `http://pal-e-docs.pal-e-docs.svc.cluster.local:8000`. All present and correct. 2. **k8s/service.yaml** -- ClusterIP service on port 3000 with correct selector and labels. Matches the pal-e-docs service pattern adapted for port 3000. 3. **k8s/kustomization.yaml** -- Lists deployment.yaml and service.yaml. Correct. 4. **.woodpecker.yaml** -- Clone override uses in-cluster Forgejo URL. build-and-push uses kaniko 2.3.0 against `harbor.harbor.svc.cluster.local` with repo `pal-e-app/app`. update-deployment-tag uses sed + git push pattern. Both steps gated to push-on-main only. Existing install/check/lint/build steps are preserved. Path exclusions for ArgoCD-managed files are present. Verified against reference patterns: - `/home/ldraney/pal-e-docs/k8s/deployment.yaml` - `/home/ldraney/pal-e-docs/k8s/service.yaml` - `/home/ldraney/pal-e-docs/k8s/kustomization.yaml` - `/home/ldraney/pal-e-docs/.woodpecker.yaml` Expected differences from pal-e-docs confirmed as non-issues: port 3000 (Node.js), health check on `/` (SvelteKit), no DB secrets (frontend), no ServiceMonitor, no smoke-test step. ### NITS 1. **Explicit `depends_on` on build-and-push** -- The PR adds `depends_on: [build]` to the build-and-push step, which the pal-e-docs reference lacks. This is actually an improvement -- it makes the dependency chain explicit and ensures the npm build succeeds before kaniko runs. Not a problem, just noting the intentional divergence. 2. **Service missing `type: ClusterIP`** -- Both this PR and the pal-e-docs reference omit `spec.type`, which defaults to ClusterIP. Fine, but making it explicit would improve readability. Non-blocking. ### SOP COMPLIANCE - [x] Branch named after issue (`4-service-onboarding` for issue #4) - [x] PR body has Summary, Changes, Test Plan, Related sections - [x] Related section references plan slug (`plan-2026-03-13-pal-e-frontend`) - [x] `Closes #4` present in PR body - [x] No secrets, .env files, or credentials committed - [x] No unnecessary file changes (4 files, all in scope) - [x] Commit messages are descriptive ### VERDICT: APPROVED

forgejo_admin merged commit b55bb44745 into main 2026-03-13 20:20:27 +00:00

forgejo_admin deleted branch 4-service-onboarding 2026-03-13 20:20:27 +00:00

forgejo_admin referenced this pull request from a commit 2026-03-13 20:20:27 +00:00

Add k8s manifests and CI pipeline for service onboarding (#5)

forgejo_admin referenced this pull request 2026-03-14 22:33:17 +00:00

feat: backend-powered search with keyword/semantic/hybrid modes #16

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

No labels

domain:backend

domain:devops

domain:frontend

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/pal-e-docs-app!5

No description provided.