- Remove kubeconfig file mounting to use in-cluster service account
- Remove Docker socket mount (not needed for Knative deployments)
- Fix Kubernetes API connectivity issues
- Webhook deployment now working successfully with proper RBAC
- Removed indentation/whitespace from JSON payload in workflow
- Should fix HMAC signature mismatch with webhook handler
- Webhook secrets are now synchronized between GitHub and cluster
- Add .env.example template with all configurable values
- Create comprehensive .gitignore for personal data
- Add sanitization script to remove hardcoded personal info
- Add environment-aware deployment scripts
- Add ENVIRONMENT.md documentation
- Keep personal information in .env (gitignored)
This makes the repository safe for public sharing while keeping personal domains, emails, and secrets secure.
- Replace SSH/kubectl deployment with secure webhook-based approach
- Add comprehensive webhook handler with HMAC signature verification
- Support blue-green deployment strategy for production
- Implement auto-promotion pipeline: dev → staging → prod
- Add health checks using canonical Knative domains only
- Include complete deployment documentation and setup scripts
Changes:
- Updated deploy-dev.yml, deploy-staging.yml, deploy-prod.yml workflows
- Added webhook handler Python script with Flask API
- Created Kubernetes manifests for webhook system deployment
- Added ingress and service configuration for external access
- Created setup script for automated webhook system installation
- Documented complete webhook-based deployment guide
Perfect for k3s clusters behind NAT without direct API access.
✨ Improvements:
- Prioritize canonical domain testing over custom domains
- Add fallback testing for both canonical and custom domains
- More reliable smoke tests using direct Knative service URLs
- Separate performance testing for canonical vs custom domains
- Enhanced auto-promotion pipeline with canonical domain validation
🧪 Testing Strategy:
- Primary: Test canonical domains (game-2048-*.*.wa.darknex.us)
- Secondary: Verify custom domains work via redirects
- Fallback: Test both domains in smoke tests for reliability
🔗 Canonical Domains:
- Dev: game-2048-dev.game-2048-dev.dev.wa.darknex.us
- Staging: game-2048-staging.game-2048-staging.staging.wa.darknex.us
- Prod: game-2048-prod.game-2048-prod.wa.darknex.us
This ensures tests are more reliable since canonical domains are always accessible
while custom domains may have redirect complexity.
- Add build-image.yml workflow for automated builds to GHCR
- Add SSL certificates and domain configuration for HTTPS
- Update services to use ghcr.io/ghndrx/k8s-game-2048:latest with imagePullPolicy: Always
- Configure Kourier for SSL redirect and domain claims
- Enable HTTPS for all environments: dev, staging, prod
- Add domain mappings with TLS configuration
- Add setup-ssl.sh script for easy deployment
- Complete 2048 game implementation with responsive design
- Knative Serving manifests for dev/staging/prod environments
- Scale-to-zero configuration with environment-specific settings
- Custom domain mapping for wa.darknex.us subdomains
- GitHub Actions workflows for CI/CD
- Docker container with nginx and health checks
- Setup scripts for Knative and Kourier installation
- GHCR integration for container registry
