🚀 Complete automation pipeline with SSL, testing, and deployment

✨ Features:
- Full SSL setup with Let's Encrypt for all environments
- Automated CI/CD pipeline with GitHub Actions
- Comprehensive smoke testing workflow
- Auto-deploy to dev on main branch push
- Manual staging/production deployments with confirmation
- Istio + nginx SSL termination architecture

🔧 Infrastructure:
- Migrated from Kourier to Istio for Knative ingress
- nginx handles SSL termination and public traffic
- Istio manages internal Knative service routing
- Scale-to-zero configuration for all environments

🧪 Testing:
- SSL certificate validation and expiry checks
- Domain accessibility and content validation
- Performance testing and redirect behavior validation
- Automated smoke tests on every deployment

🌐 Domains:
- Dev: https://2048-dev.wa.darknex.us
- Staging: https://2048-staging.wa.darknex.us
- Production: https://2048.wa.darknex.us

📦 Deployment:
- Uses latest GHCR images with imagePullPolicy: Always
- Automated secret management across namespaces
- Environment-specific Knative service configurations
- Clean manifest structure with proper labeling

.github/workflows/deploy-prod.yml

@@ -1,33 +1,114 @@
 name: Deploy to Production
 
 on:
-  push:
-    branches: [ master ]
-  release:
-    types: [published]
   workflow_dispatch:
     inputs:
-      tag:
-        description: 'Tag to deploy'
-        required: true
+      image_tag:
+        description: 'Image tag to deploy (default: latest)'
+        required: false
         default: 'latest'
+      confirmation:
+        description: 'Type "DEPLOY" to confirm production deployment'
+        required: true
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ghndrx/k8s-game-2048
 
 jobs:
-  build-and-deploy:
+  deploy-prod:
+    name: Deploy to Production
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
+    environment: production
+    if: ${{ github.event.inputs.confirmation == 'DEPLOY' }}
+    
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
+
+    - name: Set up kubectl
+      uses: azure/setup-kubectl@v3
       with:
-        ref: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+        version: 'latest'
+
+    - name: Configure kubectl
+      run: |
+        mkdir -p ~/.kube
+        echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
+        chmod 600 ~/.kube/config
+
+    - name: Set image tag
+      run: |
+        IMAGE_TAG="${{ github.event.inputs.image_tag || 'latest' }}"
+        echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+        echo "Deploying image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG"
+
+    - name: Deploy to production
+      run: |
+        echo "🚀 Deploying to production environment..."
+        
+        # Apply namespace
+        kubectl apply -f manifests/prod/namespace.yml
+        
+        # Ensure GHCR secret exists
+        if kubectl get secret ghcr-secret -n default &>/dev/null; then
+          echo "🔐 Copying GHCR secret to prod namespace..."
+          kubectl get secret ghcr-secret -o yaml | \
+          sed 's/namespace: default/namespace: game-2048-prod/' | \
+          sed '/resourceVersion:/d' | \
+          sed '/uid:/d' | \
+          sed '/creationTimestamp:/d' | \
+          kubectl apply -f -
+        fi
+        
+        # Update image in service and deploy
+        kubectl patch ksvc game-2048-prod -n game-2048-prod --type merge -p '{"spec":{"template":{"spec":{"containers":[{"image":"${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}","imagePullPolicy":"Always"}]}}}}'
+        
+        echo "⏳ Waiting for deployment to be ready..."
+        kubectl wait --for=condition=Ready ksvc/game-2048-prod -n game-2048-prod --timeout=300s || echo "⚠️ Service may still be starting"
+
+    - name: Verify deployment
+      run: |
+        echo "📊 Deployment status:"
+        kubectl get ksvc -n game-2048-prod
+        
+        echo ""
+        echo "✅ Production deployment completed!"
+        echo "🌐 Available at: https://2048.wa.darknex.us"
+
+    - name: Run smoke test
+      run: |
+        echo "🧪 Running smoke test..."
+        sleep 30
+        
+        for i in {1..5}; do
+          echo "Attempt $i/5..."
+          if curl -s --max-time 30 https://2048.wa.darknex.us/ | grep -q "2048"; then
+            echo "✅ Smoke test passed!"
+            break
+          elif [ $i -eq 5 ]; then
+            echo "⚠️ Smoke test failed after 5 attempts"
+            exit 1
+          else
+            echo "Retrying in 30 seconds..."
+            sleep 30
+          fi
+        done
+
+    - name: Create production deployment summary
+      run: |
+        echo "## 🚀 Production Deployment Summary" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+        echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+        echo "| Environment | **Production** |" >> $GITHUB_STEP_SUMMARY
+        echo "| Image | \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}\` |" >> $GITHUB_STEP_SUMMARY
+        echo "| Domain | https://2048.wa.darknex.us |" >> $GITHUB_STEP_SUMMARY
+        echo "| Status | ✅ **LIVE** |" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "### 🎉 Production is Live!" >> $GITHUB_STEP_SUMMARY
+        echo "- 🎮 [Play the game](https://2048.wa.darknex.us)" >> $GITHUB_STEP_SUMMARY
+        echo "- 🧪 [Run smoke tests](https://github.com/${{ github.repository }}/actions/workflows/smoke-test.yml)" >> $GITHUB_STEP_SUMMARY
 
     - name: Log in to Container Registry
       uses: docker/login-action@v3