- Remove kubeconfig file mounting to use in-cluster service account
- Remove Docker socket mount (not needed for Knative deployments)
- Fix Kubernetes API connectivity issues
- Webhook deployment now working successfully with proper RBAC
- Removed indentation/whitespace from JSON payload in workflow
- Should fix HMAC signature mismatch with webhook handler
- Webhook secrets are now synchronized between GitHub and cluster
- Replace SSH/kubectl deployment with secure webhook-based approach
- Add comprehensive webhook handler with HMAC signature verification
- Support blue-green deployment strategy for production
- Implement auto-promotion pipeline: dev → staging → prod
- Add health checks using canonical Knative domains only
- Include complete deployment documentation and setup scripts
Changes:
- Updated deploy-dev.yml, deploy-staging.yml, deploy-prod.yml workflows
- Added webhook handler Python script with Flask API
- Created Kubernetes manifests for webhook system deployment
- Added ingress and service configuration for external access
- Created setup script for automated webhook system installation
- Documented complete webhook-based deployment guide
Perfect for k3s clusters behind NAT without direct API access.
