Add SSL configuration and build workflow

- Add build-image.yml workflow for automated builds to GHCR
- Add SSL certificates and domain configuration for HTTPS
- Update services to use ghcr.io/ghndrx/k8s-game-2048:latest with imagePullPolicy: Always
- Configure Kourier for SSL redirect and domain claims
- Enable HTTPS for all environments: dev, staging, prod

.github/workflows/build-image.yml

@@ -0,0 +1,51 @@
+name: Build and Push Image
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ghndrx/k8s-game-2048
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha,prefix={{branch}}-
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
+    - name: Image digest
+      run: echo "Image pushed with digest ${{ steps.build.outputs.digest }}"

manifests/cluster-domain-claims.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: ClusterDomainClaim
+metadata:
+  name: 2048-dev.wa.darknex.us
+spec:
+  namespace: game-2048-dev
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: ClusterDomainClaim
+metadata:
+  name: 2048-staging.wa.darknex.us
+spec:
+  namespace: game-2048-staging
+---
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: ClusterDomainClaim
+metadata:
+  name: 2048.wa.darknex.us
+spec:
+  namespace: game-2048-prod

manifests/dev/service.yml

@@ -6,14 +6,6 @@ metadata:
   labels:
     app: game-2048
     environment: development
-  annotations:
-    # Scale to zero configuration
-    autoscaling.knative.dev/minScale: "0"
-    autoscaling.knative.dev/maxScale: "10"
-    # Scale down to zero after 30 seconds of no traffic
-    autoscaling.knative.dev/scaleDownDelay: "30s"
-    # Target concurrency per pod
-    autoscaling.knative.dev/target: "100"
 spec:
   template:
     metadata:
@@ -30,6 +22,7 @@ spec:
       containers:
       - name: game-2048
         image: ghcr.io/ghndrx/k8s-game-2048:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
@@ -45,7 +38,7 @@ spec:
             memory: 256Mi
         readinessProbe:
           httpGet:
-            path: /health
+            path: /
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10

manifests/knative-domain-config.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-domain
+  namespace: knative-serving
+data:
+  wa.darknex.us: ""
+  autocreate-cluster-domain-claims: "true"

manifests/kourier-ssl-config.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-kourier
+  namespace: knative-serving
+data:
+  _example: |
+    ################################
+    #                              #
+    #    EXAMPLE CONFIGURATION     #
+    #                              #
+    ################################
+  enable-service-links: "false"
+  # Enable automatic HTTP to HTTPS redirect
+  ssl-redirect: "true"

manifests/prod/service.yml

@@ -6,14 +6,6 @@ metadata:
   labels:
     app: game-2048
     environment: production
-  annotations:
-    # Scale to zero configuration
-    autoscaling.knative.dev/minScale: "0"
-    autoscaling.knative.dev/maxScale: "50"
-    # Scale down to zero after 5 minutes of no traffic (longer for production)
-    autoscaling.knative.dev/scaleDownDelay: "300s"
-    # Target concurrency per pod
-    autoscaling.knative.dev/target: "100"
 spec:
   template:
     metadata:
@@ -29,7 +21,8 @@ spec:
     spec:
       containers:
       - name: game-2048
-        image: ghcr.io/ghndrx/k8s-game-2048:v1.0.0
+        image: ghcr.io/ghndrx/k8s-game-2048:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
@@ -45,7 +38,7 @@ spec:
             memory: 1Gi
         readinessProbe:
           httpGet:
-            path: /health
+            path: /
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10

manifests/ssl-certificate.yaml

@@ -0,0 +1,56 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: admin@hndrx.co
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+    - http01:
+        ingress:
+          class: nginx
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: game-2048-dev-cert
+  namespace: knative-serving
+spec:
+  secretName: game-2048-dev-cert-secret
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - "2048-dev.wa.darknex.us"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: game-2048-staging-cert
+  namespace: knative-serving
+spec:
+  secretName: game-2048-staging-cert-secret
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - "2048-staging.wa.darknex.us"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: game-2048-prod-cert
+  namespace: knative-serving
+spec:
+  secretName: game-2048-prod-cert-secret
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - "2048.wa.darknex.us"

manifests/staging/service.yml

@@ -6,14 +6,6 @@ metadata:
   labels:
     app: game-2048
     environment: staging
-  annotations:
-    # Scale to zero configuration
-    autoscaling.knative.dev/minScale: "0"
-    autoscaling.knative.dev/maxScale: "20"
-    # Scale down to zero after 60 seconds of no traffic (longer for staging)
-    autoscaling.knative.dev/scaleDownDelay: "60s"
-    # Target concurrency per pod
-    autoscaling.knative.dev/target: "100"
 spec:
   template:
     metadata:
@@ -29,7 +21,8 @@ spec:
     spec:
       containers:
       - name: game-2048
-        image: ghcr.io/ghndrx/k8s-game-2048:staging
+        image: ghcr.io/ghndrx/k8s-game-2048:latest
+        imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
@@ -45,7 +38,7 @@ spec:
             memory: 512Mi
         readinessProbe:
           httpGet:
-            path: /health
+            path: /
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10