Deploy westside-app to k8s with Tailscale funnel (Phase 4)

### Lineage `plan-2026-03-08-tryout-prep` → Phase 6a (SvelteKit scaffold) → Phase 4 (deploy to own namespace) ### Repo `forgejo_admin/westside-app` ### User Story As an admin or coach I want the westside-app accessible at its own public URL So that I can use the dashboard without relying on the playground nginx ### Context After Issue #5 merges (playground promotion, Phases 1-3), the app no longer needs Postgres — it consumes basketball-api over HTTP. The k8s deployment needs updating: - Replace `DATABASE_URL` secret with `BASKETBALL_API_URL` env var pointing to the internal basketball-api service - Create `westside-app` namespace - Set up Tailscale funnel for public HTTPS access - Register with ArgoCD for continuous deployment The Dockerfile and adapter-node setup are already correct. The CI pipeline (Woodpecker) already builds and pushes to Harbor. ### File Targets Files to modify: - `k8s/deployment.yaml` — replace `DATABASE_URL` secretKeyRef with `BASKETBALL_API_URL` value (`http://basketball-api.basketball-api.svc.cluster.local:8000`) - `k8s/kustomization.yaml` — add namespace, any new resources Files to create (possibly outside this repo): - Namespace manifest or kubectl create - Tailscale funnel config - ArgoCD Application manifest Files NOT to touch: - `src/` — code changes are Issue #5 - `Dockerfile` — works as-is ### Acceptance Criteria - [ ] `westside-app` namespace exists in k8s - [ ] Deployment runs with `BASKETBALL_API_URL` env var (no `DATABASE_URL`) - [ ] App is accessible via Tailscale funnel URL (e.g. `wkq.tail5b443a.ts.net`) - [ ] SSR works — page loads with real data from basketball-api - [ ] ArgoCD manages the application (auto-sync on image push) - [ ] Harbor image builds succeed via Woodpecker CI ### Test Expectations - [ ] `curl https://wkq.tail5b443a.ts.net/` returns HTML with player stats (not a loading spinner) - [ ] `kubectl get pods -n westside-app` shows 1/1 Running - [ ] `kubectl logs -n westside-app <pod>` shows no errors ### Constraints - Follow service onboarding SOP (`service-onboarding-sop`) - basketball-api internal URL: `http://basketball-api.basketball-api.svc.cluster.local:8000` - Harbor registry: `harbor.tail5b443a.ts.net/westside-app/app` - Tailscale funnel must terminate TLS (no cert-manager needed — Tailscale handles it) - Depends on Issue #5 being merged first ### Checklist - [ ] PR opened - [ ] Namespace created - [ ] ArgoCD Application registered - [ ] Tailscale funnel active - [ ] No unrelated changes ### Related - `westside-basketball` — project this affects - Issue #5 — code promotion (must merge first)

forgejo_admin commented

2026-03-13 20:15:14 +00:00

Owner

Lineage

plan-2026-03-08-tryout-prep → Phase 6a (SvelteKit scaffold) → Phase 4 (deploy to own namespace)

Repo

forgejo_admin/westside-app

User Story

As an admin or coach
I want the westside-app accessible at its own public URL
So that I can use the dashboard without relying on the playground nginx

Context

After Issue #5 merges (playground promotion, Phases 1-3), the app no longer needs Postgres — it consumes basketball-api over HTTP. The k8s deployment needs updating:

Replace DATABASE_URL secret with BASKETBALL_API_URL env var pointing to the internal basketball-api service
Create westside-app namespace
Set up Tailscale funnel for public HTTPS access
Register with ArgoCD for continuous deployment

The Dockerfile and adapter-node setup are already correct. The CI pipeline (Woodpecker) already builds and pushes to Harbor.

File Targets

Files to modify:

k8s/deployment.yaml — replace DATABASE_URL secretKeyRef with BASKETBALL_API_URL value (http://basketball-api.basketball-api.svc.cluster.local:8000)
k8s/kustomization.yaml — add namespace, any new resources

Files to create (possibly outside this repo):

Namespace manifest or kubectl create
Tailscale funnel config
ArgoCD Application manifest

Files NOT to touch:

src/ — code changes are Issue #5
Dockerfile — works as-is

Acceptance Criteria

westside-app namespace exists in k8s
Deployment runs with BASKETBALL_API_URL env var (no DATABASE_URL)
App is accessible via Tailscale funnel URL (e.g. wkq.tail5b443a.ts.net)
SSR works — page loads with real data from basketball-api
ArgoCD manages the application (auto-sync on image push)
Harbor image builds succeed via Woodpecker CI

Test Expectations

curl https://wkq.tail5b443a.ts.net/ returns HTML with player stats (not a loading spinner)
kubectl get pods -n westside-app shows 1/1 Running
kubectl logs -n westside-app <pod> shows no errors

Constraints

Follow service onboarding SOP (service-onboarding-sop)
basketball-api internal URL: http://basketball-api.basketball-api.svc.cluster.local:8000
Harbor registry: harbor.tail5b443a.ts.net/westside-app/app
Tailscale funnel must terminate TLS (no cert-manager needed — Tailscale handles it)
Depends on Issue #5 being merged first

Checklist

PR opened
Namespace created
ArgoCD Application registered
Tailscale funnel active
No unrelated changes

westside-basketball — project this affects
Issue #5 — code promotion (must merge first)

forgejo_admin closed this issue

2026-03-13 23:30:48 +00:00

Rows
Columns

Deploy westside-app to k8s with Tailscale funnel (Phase 4) #6