Ho Ngoc Hai
5ce64b9a1c
feat(infra): migrate POS System routing to Traefik v3
...
Build & Deploy to K8s / build-and-deploy (push) Failing after 26s
Architecture: Nginx Ingress (TLS) → Traefik (routing) → Services
- Add traefik.yaml: Traefik v3.3 deployment with file provider config
- 65+ route rules for api.techbi.org (25 backend services)
- platform.techbi.org → pos-web
- Middlewares: rate-limit (100/s), retry (3x), compress, secure-headers
- WebSocket support for SignalR hubs (/hubs/pos, /hubs/kitchen, /hubs/chat)
- Update ingress.yaml: Nginx now proxies POS domains to Traefik ClusterIP
(Nginx still handles TLS termination via cert-manager/Let's Encrypt)
- Update network-policy.yaml: Add Traefik ingress/egress/DNS policies
- Update deploy.yaml: Add traefik.yaml to CI/CD apply step
- Other services unaffected: Neon-UI, Rancher, Gitea, Harbor, Grafana, MinIO
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-11 21:40:12 +07:00
Ho Ngoc Hai
5d432145d5
fix(cicd): fix pos-web root context + rebuild remaining 10 services
...
Build & Deploy to K8s / build-and-deploy (push) Successful in 29m5s
pos-web Dockerfile uses root context (COPY apps/web-client-tpos-net/...)
so Kaniko needs --context=/workspace/repo --dockerfile=apps/.../Dockerfile
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-11 00:04:02 +07:00
Ho Ngoc Hai
19e914b5d8
fix(cicd): use initContainer clone + local Kaniko context
...
Build & Deploy to K8s / build-and-deploy (push) Successful in 20s
Kaniko git:// context doesn't support HTTPS auth well.
Use alpine/git initContainer to clone repo into emptyDir,
then Kaniko builds from local /workspace/repo/{service} path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-10 21:55:21 +07:00
Ho Ngoc Hai
e32d13ecbc
fix(cicd): trigger rebuild after fixing Gitea URL-encoded password
...
Build & Deploy to K8s / build-and-deploy (push) Successful in 13s
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-10 21:48:29 +07:00
Ho Ngoc Hai
84f21a4d1c
feat(deploy): full staging deployment - 1 replica, parallel Kaniko, all 26 services
...
Build & Deploy to K8s / build-and-deploy (push) Failing after 6s
- Scale all 26 services from 2→1 replicas (fit 8.4 available cores)
- HPA min 2→1, max 4→2 for staging
- Rewrite Gitea Actions: batch parallel Kaniko builds (5 per batch)
- Secure credentials via secrets (REPO_PASSWORD, HARBOR_*)
- Kaniko clones from Gitea (already mirrored from GitHub)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-10 21:44:46 +07:00
Ho Ngoc Hai
b885da7cdb
fix(cicd): skip namespace apply (already exists) + add patch permission
...
Build & Deploy to K8s / build-and-deploy (push) Successful in 32s
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-10 20:18:02 +07:00
Ho Ngoc Hai
43f0c79478
fix(cicd): use Kaniko Jobs for building Docker images in Gitea Actions
...
Build & Deploy to K8s / build-and-deploy (push) Failing after 10s
- Replace docker build with Kaniko Jobs (runner has no Docker daemon)
- Add batch/jobs RBAC for act_runner to create Kaniko Jobs
- Use MinIO ExternalName pointing to existing minio namespace
- Skip build when only K8s configs changed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-10 20:15:20 +07:00
Ho Ngoc Hai
48bb30b009
feat(cicd): switch CI/CD from GitHub Actions to Gitea Actions
...
Build & Deploy to K8s / build-and-deploy (push) Failing after 15s
- Add .gitea/workflows/deploy.yaml (detect changes → docker build → Harbor push → kubectl deploy)
- Add gitea-sync-cronjob.yaml (GitHub → Gitea mirror sync every 5 min)
- Add act-runner-rbac.yaml (RBAC for act_runner to deploy to staging namespace)
- Add setup-secrets.sh (one-time cluster secret setup script)
- Disable GitHub Actions deploy-staging.yml (CI/CD now via Gitea)
Flow: GitHub push → Gitea sync (5min) → Gitea Actions → Docker build → Harbor → K8s
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-10 20:03:19 +07:00
