ldraney/pal-e-platform
1
0
Fork 0
Code Issues 91 Pull requests 5 Projects Releases Packages Wiki Activity Actions

pal-e-admin: Prod + dev deployment overlays #341

New issue
Closed
opened 2026-05-05 04:07:05 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-05-05 04:07:05 +00:00
Contributor
Copy link

Type

Feature

Lineage

Standalone — scoped during platform SSO initiative (2026-05-04). Depends on pal-e-admin scaffold.

Repo

forgejo_admin/pal-e-deployments

User Story

As a platform admin
I want pal-e-admin deployed at a public URL with a hot-reload dev instance
So that I can iterate on the interface live and have production available on my phone

Context

Follow existing deployment pattern from pal-e-deployments. Prod gets a built image, dev gets node:22 + hostPath volume to ~/pal-e-admin for Vite hot-reload. Both get their own Tailscale funnel hostname. Both are Keycloak-gated (same OIDC client, different redirect URIs).

Pattern reference: overlays/pal-e-hub/dev/deployment.yaml shows the hostPath + emptyDir node_modules approach.

File Targets

Files the agent should modify or create:

  • overlays/pal-e-admin/prod/ — kustomization, deployment, service, ingress
  • overlays/pal-e-admin/dev/ — kustomization, deployment (hostPath), service, ingress

Files the agent should NOT touch:

  • Other overlay directories
  • bases/ — unless a new base is needed

Acceptance Criteria

  • pal-e-admin.tail5b443a.ts.net serves production build
  • pal-e-admin-dev.tail5b443a.ts.net serves Vite dev server with hot-reload
  • Both require Keycloak login before showing content
  • Dev overlay mounts ~/pal-e-admin via hostPath
  • File edits in ~/pal-e-admin reflect immediately in dev URL

Test Expectations

  • Prod: curl returns 200 (after auth) or 302 (redirect to Keycloak)
  • Dev: file change on host reflects in browser within seconds
  • Run command: kubectl get ingress -A | grep pal-e-admin

Constraints

  • Follow existing overlay structure (see westsidekingsandqueens/dev as reference)
  • Dev uses port 5173 (default Vite) or 5174 to avoid conflicts
  • Both need AUTH_TRUST_HOST=true and correct AUTH_URL env vars
  • Funnel hostnames: pal-e-admin (prod), pal-e-admin-dev (dev)

Checklist

  • PR opened
  • Tests pass
  • No unrelated changes

Related

  • project-pal-e-platform — platform project
### Type Feature ### Lineage Standalone — scoped during platform SSO initiative (2026-05-04). Depends on pal-e-admin scaffold. ### Repo `forgejo_admin/pal-e-deployments` ### User Story As a platform admin I want pal-e-admin deployed at a public URL with a hot-reload dev instance So that I can iterate on the interface live and have production available on my phone ### Context Follow existing deployment pattern from pal-e-deployments. Prod gets a built image, dev gets node:22 + hostPath volume to ~/pal-e-admin for Vite hot-reload. Both get their own Tailscale funnel hostname. Both are Keycloak-gated (same OIDC client, different redirect URIs). Pattern reference: `overlays/pal-e-hub/dev/deployment.yaml` shows the hostPath + emptyDir node_modules approach. ### File Targets Files the agent should modify or create: - `overlays/pal-e-admin/prod/` — kustomization, deployment, service, ingress - `overlays/pal-e-admin/dev/` — kustomization, deployment (hostPath), service, ingress Files the agent should NOT touch: - Other overlay directories - `bases/` — unless a new base is needed ### Acceptance Criteria - [ ] `pal-e-admin.tail5b443a.ts.net` serves production build - [ ] `pal-e-admin-dev.tail5b443a.ts.net` serves Vite dev server with hot-reload - [ ] Both require Keycloak login before showing content - [ ] Dev overlay mounts `~/pal-e-admin` via hostPath - [ ] File edits in `~/pal-e-admin` reflect immediately in dev URL ### Test Expectations - [ ] Prod: curl returns 200 (after auth) or 302 (redirect to Keycloak) - [ ] Dev: file change on host reflects in browser within seconds - Run command: `kubectl get ingress -A | grep pal-e-admin` ### Constraints - Follow existing overlay structure (see westsidekingsandqueens/dev as reference) - Dev uses port 5173 (default Vite) or 5174 to avoid conflicts - Both need AUTH_TRUST_HOST=true and correct AUTH_URL env vars - Funnel hostnames: `pal-e-admin` (prod), `pal-e-admin-dev` (dev) ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `project-pal-e-platform` — platform project
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix-gem-bin-path
netpol-westside-ror
fix-woodpecker-multi-pipeline
345-harbor-mobile-css
290-payment-pipeline-observability
spec-board-centric-renderer
284-fix-add-pal-e-docs-namespace-to-postgres
284-add-pal-e-docs-postgres-netpol
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform#341
No description provided.