Deploy releases/k8s-manifests b1bc3cf#151
Merged
Merged
Conversation
Adopts a convention: top-level directories under the workspace root use the `_` prefix when they hold infrastructure / glue / admin manifests that aren't tied to a single workload. Workloads stay bare: balancer/ ← workload (project deploys its own) _infra/ ← cluster-level infrastructure (this rename) Renames `infra/` → `_infra/` and the matching `.holo/branches/k8s-manifests/infra/` path. The .holo path rename doesn't affect deployed output (k8s-normalize routes by resource namespace, not workspace path) but keeps the two parallel for readability. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GitOps-ifies what's currently live on the cluster from earlier kubectl applies (now byte-identical to these files), plus adds the central pile of HTTPRoutes that recover services broken by the wildcard DNS flip to the Envoy LB. Bones (`_infra/envoy-gateway/`): - `gatewayclass.yaml` — GatewayClass `eg` referencing the EnvoyProxy - `envoyproxy.yaml` — `mergeGateways: true` so all Gateways using `eg` share one Envoy data-plane Deployment + one LoadBalancer (cost flat regardless of Gateway count, mirroring ingress-nginx's model) - `main-gateway.yaml` — one Gateway with an HTTP catchall listener, `allowedRoutes.namespaces.from: All` so HTTPRoutes in any namespace can attach Central HTTPRoutes (`_httproutes/`): - One file per app, each `HTTPRoute` lives in its app's own namespace (not co-located with the Gateway — k8s-normalize routes by resource namespace at deploy time, workspace organization is purely visual) - 14 HTTPRoutes for every Ingress host on `*.sandbox.k8s.phl.io` - Each `parentRefs` the central `main-gateway`; each `backendRefs` the app's existing Service in the same namespace (no ReferenceGrants needed) This is phase 1+2 of the ingress-nginx → Envoy migration: HTTP-only recovery. Phase 3 adds per-hostname HTTPS listeners on `main-gateway` with cert-manager-issued certs and cross-namespace cert Secret refs. When a project ships its own HTTPRoute in their own repo (e.g., balancer-main, paws-data-pipeline), the corresponding file in this central pile gets deleted in the same PR that bumps the project's source ref. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…nd-httproutes feat(envoy-gateway): GitOps the gateway bones + central HTTPRoute pile
These pr-* environments haven't been deployed in years (pods are running on stale images, no project is updating them). Removing their entries from the central pile rather than perpetuating zombie traffic routes through the new Envoy gateway. Cluster-side helm releases for pr-63 / pr-80 / pr-100 (code-for-philly) and pr-220 (laddr) will be uninstalled separately to clean up the remaining Deployments, Services, Ingresses, Certificates, and Secrets. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-actions
Bot
changed the title
Author
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
kubectl diffreports that applying b1bc3cf will change: