Add SSL configuration and build workflow

- Add build-image.yml workflow for automated builds to GHCR
- Add SSL certificates and domain configuration for HTTPS
- Update services to use ghcr.io/ghndrx/k8s-game-2048:latest with imagePullPolicy: Always
- Configure Kourier for SSL redirect and domain claims
- Enable HTTPS for all environments: dev, staging, prod

manifests/cluster-domain-claims.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: ClusterDomainClaim
+metadata:
+  name: 2048-dev.wa.darknex.us
+spec:
+  namespace: game-2048-dev
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: ClusterDomainClaim
+metadata:
+  name: 2048-staging.wa.darknex.us
+spec:
+  namespace: game-2048-staging
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: ClusterDomainClaim
+metadata:
+  name: 2048.wa.darknex.us
+spec:
+  namespace: game-2048-prod

manifests/dev/service.yml

@@ -6,14 +6,6 @@ metadata:
   labels:
     app: game-2048
     environment: development
-  annotations:
-    # Scale to zero configuration
-    autoscaling.knative.dev/minScale: "0"
-    autoscaling.knative.dev/maxScale: "10"
-    # Scale down to zero after 30 seconds of no traffic
-    autoscaling.knative.dev/scaleDownDelay: "30s"
-    # Target concurrency per pod
-    autoscaling.knative.dev/target: "100"
 spec:
   template:
     metadata:
@@ -30,6 +22,7 @@ spec:
       containers:
       - name: game-2048
         image: ghcr.io/ghndrx/k8s-game-2048:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
@@ -45,7 +38,7 @@ spec:
             memory: 256Mi
         readinessProbe:
           httpGet:
-            path: /health
+            path: /
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10

manifests/knative-domain-config.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-domain
+  namespace: knative-serving
+data:
+  wa.darknex.us: ""
+  autocreate-cluster-domain-claims: "true"

manifests/kourier-ssl-config.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-kourier
+  namespace: knative-serving
+data:
+  _example: |
+    ################################
+    #                              #
+    #    EXAMPLE CONFIGURATION     #
+    #                              #
+    ################################
+  enable-service-links: "false"
+  # Enable automatic HTTP to HTTPS redirect
+  ssl-redirect: "true"

manifests/prod/service.yml

@@ -6,14 +6,6 @@ metadata:
   labels:
     app: game-2048
     environment: production
-  annotations:
-    # Scale to zero configuration
-    autoscaling.knative.dev/minScale: "0"
-    autoscaling.knative.dev/maxScale: "50"
-    # Scale down to zero after 5 minutes of no traffic (longer for production)
-    autoscaling.knative.dev/scaleDownDelay: "300s"
-    # Target concurrency per pod
-    autoscaling.knative.dev/target: "100"
 spec:
   template:
     metadata:
@@ -29,7 +21,8 @@ spec:
     spec:
       containers:
       - name: game-2048
-        image: ghcr.io/ghndrx/k8s-game-2048:v1.0.0
+        image: ghcr.io/ghndrx/k8s-game-2048:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
@@ -45,7 +38,7 @@ spec:
             memory: 1Gi
         readinessProbe:
           httpGet:
-            path: /health
+            path: /
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10

manifests/ssl-certificate.yaml

@@ -0,0 +1,56 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: admin@hndrx.co
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+    - http01:
+        ingress:
+          class: nginx
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: game-2048-dev-cert
+  namespace: knative-serving
+spec:
+  secretName: game-2048-dev-cert-secret
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - "2048-dev.wa.darknex.us"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: game-2048-staging-cert
+  namespace: knative-serving
+spec:
+  secretName: game-2048-staging-cert-secret
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - "2048-staging.wa.darknex.us"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: game-2048-prod-cert
+  namespace: knative-serving
+spec:
+  secretName: game-2048-prod-cert-secret
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - "2048.wa.darknex.us"

manifests/staging/service.yml

@@ -6,14 +6,6 @@ metadata:
   labels:
     app: game-2048
     environment: staging
-  annotations:
-    # Scale to zero configuration
-    autoscaling.knative.dev/minScale: "0"
-    autoscaling.knative.dev/maxScale: "20"
-    # Scale down to zero after 60 seconds of no traffic (longer for staging)
-    autoscaling.knative.dev/scaleDownDelay: "60s"
-    # Target concurrency per pod
-    autoscaling.knative.dev/target: "100"
 spec:
   template:
     metadata:
@@ -29,7 +21,8 @@ spec:
     spec:
       containers:
       - name: game-2048
-        image: ghcr.io/ghndrx/k8s-game-2048:staging
+        image: ghcr.io/ghndrx/k8s-game-2048:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
@@ -45,7 +38,7 @@ spec:
             memory: 512Mi
         readinessProbe:
           httpGet:
-            path: /health
+            path: /
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10