Create production kustomize overlay in pal-e-deployments #4

New issue

Closed

opened 2026-05-23 12:19:35 +00:00 by ldraney · 0 comments

ldraney commented 2026-05-23 12:19:35 +00:00

Owner

Copy link

Type

Feature

Lineage

Standalone — containerization initiative for palinks.

Repo

ldraney/pal-e-deployments

User Story

As a platform operator
I want a proper containerized kustomize overlay for palinks
So that ArgoCD can deploy the container image with correct secrets and probes

Context

The existing overlays/palinks/ directory contains an nginx reverse proxy setup that forwards to local Puma. We need to replace it with a proper containerized overlay at overlays/palinks/prod/ following the believers-elite pattern — standard base, deployment patch with env vars and probes, SOPS-encrypted secrets, and a PVC for Rails storage.

File Targets

Files the agent should modify or create:

• overlays/palinks/prod/kustomization.yaml — standard base, patches, images block
• overlays/palinks/prod/deployment-patch.yaml — env vars (RAILS_ENV, RAILS_MASTER_KEY, SECRET_KEY_BASE, DB creds), probes on /up:80, resource limits, security context
• overlays/palinks/prod/secrets.enc.yaml — SOPS-encrypted RAILS_MASTER_KEY and SECRET_KEY_BASE
• overlays/palinks/prod/pvc.yaml — PVC for /rails/storage

Files the agent should NOT touch:

• bases/standard/ — shared base, no changes needed

Acceptance Criteria

• kustomize overlay builds cleanly (kustomize build overlays/palinks/prod/)
• Secrets encrypted with SOPS age key
• Deployment includes liveness/readiness probes on /up:80
• Resource limits set (50m/128Mi requests, 512Mi memory limit)
• Security context: runAsNonRoot, drop ALL capabilities
• Old nginx proxy overlay archived or removed

Test Expectations

• kustomize build produces valid YAML
• SOPS decryption works with cluster age key
• Run command: kustomize build overlays/palinks/prod/

Constraints

• Follow believers-elite overlay pattern exactly
• DB env vars: PALINKS_DB_USER, PALINKS_DB_PASSWORD, PALINKS_DB_HOST (not DATABASE_URL — see database.yml)
• Port 80 (Thruster)

Checklist

• PR opened
• kustomize build succeeds
• No unrelated changes

Related

• palinks — project this affects

### Type Feature ### Lineage Standalone — containerization initiative for palinks. ### Repo `ldraney/pal-e-deployments` ### User Story As a platform operator I want a proper containerized kustomize overlay for palinks So that ArgoCD can deploy the container image with correct secrets and probes ### Context The existing `overlays/palinks/` directory contains an nginx reverse proxy setup that forwards to local Puma. We need to replace it with a proper containerized overlay at `overlays/palinks/prod/` following the believers-elite pattern — standard base, deployment patch with env vars and probes, SOPS-encrypted secrets, and a PVC for Rails storage. ### File Targets Files the agent should modify or create: - `overlays/palinks/prod/kustomization.yaml` — standard base, patches, images block - `overlays/palinks/prod/deployment-patch.yaml` — env vars (RAILS_ENV, RAILS_MASTER_KEY, SECRET_KEY_BASE, DB creds), probes on /up:80, resource limits, security context - `overlays/palinks/prod/secrets.enc.yaml` — SOPS-encrypted RAILS_MASTER_KEY and SECRET_KEY_BASE - `overlays/palinks/prod/pvc.yaml` — PVC for /rails/storage Files the agent should NOT touch: - `bases/standard/` — shared base, no changes needed ### Acceptance Criteria - [ ] kustomize overlay builds cleanly (`kustomize build overlays/palinks/prod/`) - [ ] Secrets encrypted with SOPS age key - [ ] Deployment includes liveness/readiness probes on /up:80 - [ ] Resource limits set (50m/128Mi requests, 512Mi memory limit) - [ ] Security context: runAsNonRoot, drop ALL capabilities - [ ] Old nginx proxy overlay archived or removed ### Test Expectations - [ ] `kustomize build` produces valid YAML - [ ] SOPS decryption works with cluster age key - Run command: `kustomize build overlays/palinks/prod/` ### Constraints - Follow believers-elite overlay pattern exactly - DB env vars: PALINKS_DB_USER, PALINKS_DB_PASSWORD, PALINKS_DB_HOST (not DATABASE_URL — see database.yml) - Port 80 (Thruster) ### Checklist - [ ] PR opened - [ ] kustomize build succeeds - [ ] No unrelated changes ### Related - `palinks` — project this affects

ldraney referenced this issue 2026-06-10 02:01:00 +00:00

Canvas view with activity-based card sizing #40

ldraney closed this issue 2026-06-13 06:43:38 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

40-canvas-view-activity-sizing

28-custom-domain-reverse-proxy

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ldraney/palinks#4

No description provided.