From 25a16b99475f12675be137d25e19e92013f36cc1 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 21 Mar 2026 11:07:48 -0400 Subject: [PATCH 01/22] feat: migrate manifests from Ingress to Gateway API (HTTPRoute) --- deploy/manifests/balancer/base/httproute.yaml | 18 +++++++++++++++ deploy/manifests/balancer/base/ingress.yaml | 23 ------------------- .../balancer/base/kustomization.yaml | 2 +- deploy/manifests/balancer/base/service.yaml | 2 +- .../balancer/overlays/dev/kustomization.yaml | 10 ++------ 5 files changed, 22 insertions(+), 33 deletions(-) create mode 100644 deploy/manifests/balancer/base/httproute.yaml delete mode 100644 deploy/manifests/balancer/base/ingress.yaml diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml new file mode 100644 index 00000000..f9ca0df7 --- /dev/null +++ b/deploy/manifests/balancer/base/httproute.yaml @@ -0,0 +1,18 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: balancer +spec: + parentRefs: + - name: main-gateway + namespace: envoy-gateway-system + hostnames: + - HOSTNAME_PLACEHOLDER + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: balancer + port: 80 diff --git a/deploy/manifests/balancer/base/ingress.yaml b/deploy/manifests/balancer/base/ingress.yaml deleted file mode 100644 index fc98305b..00000000 --- a/deploy/manifests/balancer/base/ingress.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: balancer - annotations: {} -spec: - ingressClassName: nginx - tls: - - hosts: - - HOSTNAME_PLACEHOLDER - secretName: balancer-tls - rules: - - host: HOSTNAME_PLACEHOLDER - http: - paths: - # All traffic routes to balancer service (which serves both API and frontend) - - path: / - pathType: Prefix - backend: - service: - name: balancer - port: - number: 8000 diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index c7d2dcd1..ad95f5b1 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -5,4 +5,4 @@ resources: - namespace.yaml - deployment.yaml - service.yaml - - ingress.yaml + - httproute.yaml diff --git a/deploy/manifests/balancer/base/service.yaml b/deploy/manifests/balancer/base/service.yaml index 8f294d53..2c839248 100644 --- a/deploy/manifests/balancer/base/service.yaml +++ b/deploy/manifests/balancer/base/service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: http - port: 8000 + port: 80 targetPort: 8000 selector: app: balancer diff --git a/deploy/manifests/balancer/overlays/dev/kustomization.yaml b/deploy/manifests/balancer/overlays/dev/kustomization.yaml index d3975eb2..f3e287fe 100644 --- a/deploy/manifests/balancer/overlays/dev/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/dev/kustomization.yaml @@ -12,15 +12,9 @@ images: patches: - target: - kind: Ingress + kind: HTTPRoute name: balancer patch: |- - - op: add - path: /metadata/annotations/cert-manager.io~1cluster-issuer - value: letsencrypt-staging - op: replace - path: /spec/tls/0/hosts/0 - value: localhost - - op: replace - path: /spec/rules/0/host + path: /spec/hostnames/0 value: localhost From 1ea88947332a6f9e254ff589e09d083ccf71a788 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 21 Mar 2026 11:09:09 -0400 Subject: [PATCH 02/22] feat: configure HTTPRoute for sandbox.balancerproject.org --- deploy/manifests/balancer/base/httproute.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml index f9ca0df7..437d5d37 100644 --- a/deploy/manifests/balancer/base/httproute.yaml +++ b/deploy/manifests/balancer/base/httproute.yaml @@ -7,7 +7,7 @@ spec: - name: main-gateway namespace: envoy-gateway-system hostnames: - - HOSTNAME_PLACEHOLDER + - sandbox.balancerproject.org rules: - matches: - path: From 1484428bac3e67a655c1a35e4196da56d1af094b Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 21 Mar 2026 11:38:48 -0400 Subject: [PATCH 03/22] feat: add sandbox and production overlays for HTTPRoute --- deploy/manifests/balancer/base/httproute.yaml | 2 +- .../overlays/production/kustomization.yaml | 20 +++++++++++++++++++ .../overlays/sandbox/kustomization.yaml | 20 +++++++++++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 deploy/manifests/balancer/overlays/production/kustomization.yaml create mode 100644 deploy/manifests/balancer/overlays/sandbox/kustomization.yaml diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml index 437d5d37..f9ca0df7 100644 --- a/deploy/manifests/balancer/base/httproute.yaml +++ b/deploy/manifests/balancer/base/httproute.yaml @@ -7,7 +7,7 @@ spec: - name: main-gateway namespace: envoy-gateway-system hostnames: - - sandbox.balancerproject.org + - HOSTNAME_PLACEHOLDER rules: - matches: - path: diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml new file mode 100644 index 00000000..859020ae --- /dev/null +++ b/deploy/manifests/balancer/overlays/production/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: balancer + +resources: + - ../../base + +images: + - name: ghcr.io/codeforphilly/balancer-main/app + newTag: latest + +patches: + - target: + kind: HTTPRoute + name: balancer + patch: |- + - op: replace + path: /spec/hostnames/0 + value: balancerproject.org diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml new file mode 100644 index 00000000..c609dc8b --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: balancer + +resources: + - ../../base + +images: + - name: ghcr.io/codeforphilly/balancer-main/app + newTag: latest + +patches: + - target: + kind: HTTPRoute + name: balancer + patch: |- + - op: replace + path: /spec/hostnames/0 + value: sandbox.balancerproject.org From 6f5088792bcd7bb3826b7b7889b021fe539a27bf Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 21 Mar 2026 11:41:44 -0400 Subject: [PATCH 04/22] cleanup: remove unused dev overlay --- .../balancer/overlays/dev/kustomization.yaml | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 deploy/manifests/balancer/overlays/dev/kustomization.yaml diff --git a/deploy/manifests/balancer/overlays/dev/kustomization.yaml b/deploy/manifests/balancer/overlays/dev/kustomization.yaml deleted file mode 100644 index f3e287fe..00000000 --- a/deploy/manifests/balancer/overlays/dev/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: balancer - -resources: - - ../../base - -images: - - name: ghcr.io/codeforphilly/balancer-main/app - newTag: latest - -patches: - - target: - kind: HTTPRoute - name: balancer - patch: |- - - op: replace - path: /spec/hostnames/0 - value: localhost From 4cbb38070b68f6fdb8625219ba4d36c7ff1b2d24 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 18:56:21 -0400 Subject: [PATCH 05/22] feat(gateway): implement self-service TLS via ListenerSet This change migrates the Gateway API configuration to use ListenerSets instead of attaching HTTPRoutes directly to the Gateway. This enables the self-service TLS model where the application manages its own listeners and certificates. --- .../balancer/base/gateway-listeners.yaml | 26 +++++++++++++++++++ deploy/manifests/balancer/base/httproute.yaml | 7 +++-- .../balancer/base/kustomization.yaml | 1 + 3 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 deploy/manifests/balancer/base/gateway-listeners.yaml diff --git a/deploy/manifests/balancer/base/gateway-listeners.yaml b/deploy/manifests/balancer/base/gateway-listeners.yaml new file mode 100644 index 00000000..1572a1dd --- /dev/null +++ b/deploy/manifests/balancer/base/gateway-listeners.yaml @@ -0,0 +1,26 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: ListenerSet +metadata: + name: balancer-listeners + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + parentRef: + name: main-gateway + namespace: envoy-gateway-system + group: gateway.networking.k8s.io + kind: Gateway + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: HOSTNAME_PLACEHOLDER + - name: https + protocol: HTTPS + port: 443 + hostname: HOSTNAME_PLACEHOLDER + tls: + mode: Terminate + certificateRefs: + - name: balancer-tls + kind: Secret diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml index f9ca0df7..1a16ce66 100644 --- a/deploy/manifests/balancer/base/httproute.yaml +++ b/deploy/manifests/balancer/base/httproute.yaml @@ -4,10 +4,9 @@ metadata: name: balancer spec: parentRefs: - - name: main-gateway - namespace: envoy-gateway-system - hostnames: - - HOSTNAME_PLACEHOLDER + - name: balancer-listeners + kind: ListenerSet + group: gateway.networking.k8s.io rules: - matches: - path: diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index ad95f5b1..13658e20 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -5,4 +5,5 @@ resources: - namespace.yaml - deployment.yaml - service.yaml + - gateway-listeners.yaml - httproute.yaml From cc3fbe9820810cb1e3710f13062b81c2cd3844ae Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 18:56:30 -0400 Subject: [PATCH 06/22] fix(gateway): update overlays to patch ListenerSet hostnames This updates the sandbox and production overlays to correctly patch the hostnames on both the ListenerSet and the HTTPRoute. --- .../overlays/production/kustomization.yaml | 16 +++++++++++++--- .../balancer/overlays/sandbox/kustomization.yaml | 16 +++++++++++++--- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml index 859020ae..1a7ce9fa 100644 --- a/deploy/manifests/balancer/overlays/production/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/production/kustomization.yaml @@ -12,9 +12,19 @@ images: patches: - target: - kind: HTTPRoute - name: balancer + kind: ListenerSet + name: balancer-listeners patch: |- - op: replace - path: /spec/hostnames/0 + path: /spec/listeners/0/hostname + value: balancerproject.org + - op: replace + path: /spec/listeners/1/hostname value: balancerproject.org + - target: + kind: HTTPRoute + name: balancer + patch: |- + - op: add + path: /spec/hostnames + value: ["balancerproject.org"] diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml index c609dc8b..bdcf6ae8 100644 --- a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -12,9 +12,19 @@ images: patches: - target: - kind: HTTPRoute - name: balancer + kind: ListenerSet + name: balancer-listeners patch: |- - op: replace - path: /spec/hostnames/0 + path: /spec/listeners/0/hostname + value: sandbox.balancerproject.org + - op: replace + path: /spec/listeners/1/hostname value: sandbox.balancerproject.org + - target: + kind: HTTPRoute + name: balancer + patch: |- + - op: add + path: /spec/hostnames + value: ["sandbox.balancerproject.org"] From b9c95913e656b99296d44af4735e3aba68413c48 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 18:59:05 -0400 Subject: [PATCH 07/22] feat(gateway): implement HTTP to HTTPS redirect via ListenerSet This adds a redirect HTTPRoute targeting the port 80 listener of the ListenerSet, ensuring all HTTP traffic is upgraded to HTTPS. The main HTTPRoute is now pinned to the port 443 listener. --- deploy/manifests/balancer/base/httproute.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml index 1a16ce66..c8fef0fe 100644 --- a/deploy/manifests/balancer/base/httproute.yaml +++ b/deploy/manifests/balancer/base/httproute.yaml @@ -1,5 +1,24 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute +metadata: + name: balancer-redirect +spec: + parentRefs: + - name: balancer-listeners + kind: ListenerSet + group: gateway.networking.k8s.io + sectionName: http + hostnames: + - HOSTNAME_PLACEHOLDER + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute metadata: name: balancer spec: @@ -7,6 +26,9 @@ spec: - name: balancer-listeners kind: ListenerSet group: gateway.networking.k8s.io + sectionName: https + hostnames: + - HOSTNAME_PLACEHOLDER rules: - matches: - path: From fb7b270c8fde8fcbf9c5dcf529f5b5ef04a26e4e Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 18:59:11 -0400 Subject: [PATCH 08/22] fix(gateway): patch hostname for redirect HTTPRoute in overlays Updates the sandbox and production overlays to ensure the hostname is also patched on the new balancer-redirect HTTPRoute. --- .../balancer/overlays/production/kustomization.yaml | 7 +++++++ .../manifests/balancer/overlays/sandbox/kustomization.yaml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml index 1a7ce9fa..1386e907 100644 --- a/deploy/manifests/balancer/overlays/production/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/production/kustomization.yaml @@ -28,3 +28,10 @@ patches: - op: add path: /spec/hostnames value: ["balancerproject.org"] + - target: + kind: HTTPRoute + name: balancer-redirect + patch: |- + - op: add + path: /spec/hostnames + value: ["balancerproject.org"] diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml index bdcf6ae8..c9e9b4ea 100644 --- a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -28,3 +28,10 @@ patches: - op: add path: /spec/hostnames value: ["sandbox.balancerproject.org"] + - target: + kind: HTTPRoute + name: balancer-redirect + patch: |- + - op: add + path: /spec/hostnames + value: ["sandbox.balancerproject.org"] From b1e4918e88c70fe393fe3ccc3a077b19a6f99b6a Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:09:32 -0400 Subject: [PATCH 09/22] Configure CORS Allowed Origins via ConfigMaps --- deploy/manifests/balancer/base/deployment.yaml | 2 ++ deploy/manifests/balancer/base/kustomization.yaml | 3 +++ .../manifests/balancer/overlays/production/configmap.yaml | 6 ++++++ .../balancer/overlays/production/kustomization.yaml | 8 ++++++++ deploy/manifests/balancer/overlays/sandbox/configmap.yaml | 6 ++++++ .../balancer/overlays/sandbox/kustomization.yaml | 8 ++++++++ server/balancer_backend/settings.py | 5 ++++- 7 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 deploy/manifests/balancer/overlays/production/configmap.yaml create mode 100644 deploy/manifests/balancer/overlays/production/kustomization.yaml create mode 100644 deploy/manifests/balancer/overlays/sandbox/configmap.yaml create mode 100644 deploy/manifests/balancer/overlays/sandbox/kustomization.yaml diff --git a/deploy/manifests/balancer/base/deployment.yaml b/deploy/manifests/balancer/base/deployment.yaml index c50012c2..10bcfc93 100644 --- a/deploy/manifests/balancer/base/deployment.yaml +++ b/deploy/manifests/balancer/base/deployment.yaml @@ -21,6 +21,8 @@ spec: envFrom: - secretRef: name: balancer-config + - configMapRef: + name: balancer-config ports: - containerPort: 8000 readinessProbe: diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index c7d2dcd1..38e12e47 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -6,3 +6,6 @@ resources: - deployment.yaml - service.yaml - ingress.yaml + +configMapGenerator: + - name: balancer-config diff --git a/deploy/manifests/balancer/overlays/production/configmap.yaml b/deploy/manifests/balancer/overlays/production/configmap.yaml new file mode 100644 index 00000000..47253b20 --- /dev/null +++ b/deploy/manifests/balancer/overlays/production/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: balancer-config +data: + CORS_ALLOWED_ORIGINS: "https://balancerproject.org" diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml new file mode 100644 index 00000000..c0cf6eb0 --- /dev/null +++ b/deploy/manifests/balancer/overlays/production/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - path: configmap.yaml diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml new file mode 100644 index 00000000..ad9528e9 --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: balancer-config +data: + CORS_ALLOWED_ORIGINS: "https://sandbox.balancertestsite.com" diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml new file mode 100644 index 00000000..c0cf6eb0 --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - path: configmap.yaml diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py index a4ccaaae..c1424fc7 100644 --- a/server/balancer_backend/settings.py +++ b/server/balancer_backend/settings.py @@ -67,7 +67,10 @@ ROOT_URLCONF = "balancer_backend.urls" -CORS_ALLOW_ALL_ORIGINS = True +# CORS configuration +CORS_ALLOWED_ORIGINS = os.environ.get("CORS_ALLOWED_ORIGINS", "http://localhost:3000").split(",") +# Ensure no empty strings if input was empty or trailing comma +CORS_ALLOWED_ORIGINS = [origin.strip() for origin in CORS_ALLOWED_ORIGINS if origin.strip()] TEMPLATES = [ { From 00250efac2166452f383b433008e7dda5ca9c022 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:12:57 -0400 Subject: [PATCH 10/22] Update sandbox domain for CORS --- deploy/manifests/balancer/overlays/sandbox/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml index ad9528e9..ff7ec0a0 100644 --- a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml @@ -3,4 +3,4 @@ kind: ConfigMap metadata: name: balancer-config data: - CORS_ALLOWED_ORIGINS: "https://sandbox.balancertestsite.com" + CORS_ALLOWED_ORIGINS: "https://sandbox.balancerproject.org" From 8262de577ab12215f72c712ea0207c5e01ea9dd1 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:13:28 -0400 Subject: [PATCH 11/22] Refine ConfigMap overlays using env files and correct sandbox domain --- deploy/manifests/balancer/base/balancer.env | 0 deploy/manifests/balancer/base/kustomization.yaml | 2 ++ deploy/manifests/balancer/overlays/production/balancer.env | 1 + .../manifests/balancer/overlays/production/configmap.yaml | 6 ------ .../balancer/overlays/production/kustomization.yaml | 7 +++++-- deploy/manifests/balancer/overlays/sandbox/balancer.env | 1 + deploy/manifests/balancer/overlays/sandbox/configmap.yaml | 6 ------ .../manifests/balancer/overlays/sandbox/kustomization.yaml | 7 +++++-- 8 files changed, 14 insertions(+), 16 deletions(-) create mode 100644 deploy/manifests/balancer/base/balancer.env create mode 100644 deploy/manifests/balancer/overlays/production/balancer.env delete mode 100644 deploy/manifests/balancer/overlays/production/configmap.yaml create mode 100644 deploy/manifests/balancer/overlays/sandbox/balancer.env delete mode 100644 deploy/manifests/balancer/overlays/sandbox/configmap.yaml diff --git a/deploy/manifests/balancer/base/balancer.env b/deploy/manifests/balancer/base/balancer.env new file mode 100644 index 00000000..e69de29b diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index 38e12e47..1bc2cc1b 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -9,3 +9,5 @@ resources: configMapGenerator: - name: balancer-config + envs: + - balancer.env diff --git a/deploy/manifests/balancer/overlays/production/balancer.env b/deploy/manifests/balancer/overlays/production/balancer.env new file mode 100644 index 00000000..1fa5802e --- /dev/null +++ b/deploy/manifests/balancer/overlays/production/balancer.env @@ -0,0 +1 @@ +CORS_ALLOWED_ORIGINS=https://balancerproject.org diff --git a/deploy/manifests/balancer/overlays/production/configmap.yaml b/deploy/manifests/balancer/overlays/production/configmap.yaml deleted file mode 100644 index 47253b20..00000000 --- a/deploy/manifests/balancer/overlays/production/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: balancer-config -data: - CORS_ALLOWED_ORIGINS: "https://balancerproject.org" diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml index c0cf6eb0..7ecd6659 100644 --- a/deploy/manifests/balancer/overlays/production/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/production/kustomization.yaml @@ -4,5 +4,8 @@ kind: Kustomization resources: - ../../base -patches: - - path: configmap.yaml +configMapGenerator: + - name: balancer-config + behavior: merge + envs: + - balancer.env diff --git a/deploy/manifests/balancer/overlays/sandbox/balancer.env b/deploy/manifests/balancer/overlays/sandbox/balancer.env new file mode 100644 index 00000000..55d82ecc --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/balancer.env @@ -0,0 +1 @@ +CORS_ALLOWED_ORIGINS=https://sandbox.balancerproject.org diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml deleted file mode 100644 index ff7ec0a0..00000000 --- a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: balancer-config -data: - CORS_ALLOWED_ORIGINS: "https://sandbox.balancerproject.org" diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml index c0cf6eb0..7ecd6659 100644 --- a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -4,5 +4,8 @@ kind: Kustomization resources: - ../../base -patches: - - path: configmap.yaml +configMapGenerator: + - name: balancer-config + behavior: merge + envs: + - balancer.env From d97f0c9b56b6b68e975ee91df9e627a98730381b Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:24:34 -0400 Subject: [PATCH 12/22] feat: add balancer database cluster manifest --- deploy/manifests/balancer/base/db.yaml | 19 +++++++++++++++++++ .../balancer/base/kustomization.yaml | 1 + 2 files changed, 20 insertions(+) create mode 100644 deploy/manifests/balancer/base/db.yaml diff --git a/deploy/manifests/balancer/base/db.yaml b/deploy/manifests/balancer/base/db.yaml new file mode 100644 index 00000000..c1b0226b --- /dev/null +++ b/deploy/manifests/balancer/base/db.yaml @@ -0,0 +1,19 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: balancer-db + namespace: balancer +spec: + instances: 3 + imageName: ghcr.io/cloudnative-pg/postgresql:16.1 + storage: + size: 10Gi + bootstrap: + initdb: + database: balancer + owner: balancer + secret: + name: balancer-db-credentials + postgresql: + parameters: + shared_preload_libraries: 'vector' diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index c7d2dcd1..892e7891 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -6,3 +6,4 @@ resources: - deployment.yaml - service.yaml - ingress.yaml + - db.yaml From 92fd46dae4a1b7f04469cc272968921dc2f402ac Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:28:48 -0400 Subject: [PATCH 13/22] remove redundant cluster manifest (moved to infra repo) --- deploy/manifests/balancer/base/db.yaml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 deploy/manifests/balancer/base/db.yaml diff --git a/deploy/manifests/balancer/base/db.yaml b/deploy/manifests/balancer/base/db.yaml deleted file mode 100644 index c1b0226b..00000000 --- a/deploy/manifests/balancer/base/db.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: balancer-db - namespace: balancer -spec: - instances: 3 - imageName: ghcr.io/cloudnative-pg/postgresql:16.1 - storage: - size: 10Gi - bootstrap: - initdb: - database: balancer - owner: balancer - secret: - name: balancer-db-credentials - postgresql: - parameters: - shared_preload_libraries: 'vector' From cf324fb30d4253b89c8398daa2a87483e429bc89 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:28:57 -0400 Subject: [PATCH 14/22] remove db.yaml from kustomization resources --- deploy/manifests/balancer/base/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index 892e7891..c7d2dcd1 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -6,4 +6,3 @@ resources: - deployment.yaml - service.yaml - ingress.yaml - - db.yaml From c6f001db970fadf03f44a32a2d17a159988d5164 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:33:15 -0400 Subject: [PATCH 15/22] feat: add sandbox overlay with shared db connection details --- .../overlays/sandbox/kustomization.yaml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 deploy/manifests/balancer/overlays/sandbox/kustomization.yaml diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml new file mode 100644 index 00000000..0490789b --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: balancer + +resources: + - ../../base + +patches: + - target: + kind: Deployment + name: balancer + patch: |- + - op: add + path: /spec/template/spec/containers/0/env + value: + - name: SQL_HOST + value: codeforphilly-cluster-rw.cloudnative-pg.svc.cluster.local + - name: SQL_PORT + value: "5432" + - name: SQL_DATABASE + value: balancer + - name: SQL_USER + value: balancer + - name: SQL_ENGINE + value: django.db.backends.postgresql From 76af69fe82f243a709d72c6dcac64bd23b79bc3e Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:35:08 -0400 Subject: [PATCH 16/22] feat: update sandbox overlay to use shared db password from secret --- .../manifests/balancer/overlays/sandbox/kustomization.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml index 0490789b..82ce3278 100644 --- a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -22,5 +22,10 @@ patches: value: balancer - name: SQL_USER value: balancer + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: balancer-db-credentials + key: password - name: SQL_ENGINE value: django.db.backends.postgresql From e48e52d1561cebade285af3a5bcff5bc6885f676 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:35:52 -0400 Subject: [PATCH 17/22] feat: add configmap for database settings in sandbox overlay --- .../manifests/balancer/overlays/sandbox/configmap.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 deploy/manifests/balancer/overlays/sandbox/configmap.yaml diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml new file mode 100644 index 00000000..aa421eac --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: balancer-db-config +data: + SQL_HOST: codeforphilly-cluster-rw.cloudnative-pg.svc.cluster.local + SQL_PORT: "5432" + SQL_DATABASE: balancer + SQL_USER: balancer + SQL_ENGINE: django.db.backends.postgresql From d725fe0a9c3616991da9805938c5d1b6fd785f35 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Sat, 18 Apr 2026 19:35:57 -0400 Subject: [PATCH 18/22] feat: update kustomization to use configmap and secret for db settings --- .../balancer/overlays/sandbox/kustomization.yaml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml index 82ce3278..4ccedd16 100644 --- a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -5,27 +5,23 @@ namespace: balancer resources: - ../../base + - configmap.yaml patches: - target: kind: Deployment name: balancer patch: |- + - op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + configMapRef: + name: balancer-db-config - op: add path: /spec/template/spec/containers/0/env value: - - name: SQL_HOST - value: codeforphilly-cluster-rw.cloudnative-pg.svc.cluster.local - - name: SQL_PORT - value: "5432" - - name: SQL_DATABASE - value: balancer - - name: SQL_USER - value: balancer - name: SQL_PASSWORD valueFrom: secretKeyRef: name: balancer-db-credentials key: password - - name: SQL_ENGINE - value: django.db.backends.postgresql From 99523c934037bf765c9297057bee1bfe0e406410 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Fri, 1 May 2026 14:32:30 -0400 Subject: [PATCH 19/22] feat: move database manifest to base and update SQL_HOST for shared-cluster --- deploy/manifests/balancer/base/database.yaml | 10 ++++++++++ deploy/manifests/balancer/base/kustomization.yaml | 10 ++++++++++ .../manifests/balancer/overlays/sandbox/configmap.yaml | 2 +- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 deploy/manifests/balancer/base/database.yaml diff --git a/deploy/manifests/balancer/base/database.yaml b/deploy/manifests/balancer/base/database.yaml new file mode 100644 index 00000000..4676c6b8 --- /dev/null +++ b/deploy/manifests/balancer/base/database.yaml @@ -0,0 +1,10 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: balancer + namespace: cloudnative-pg +spec: + name: balancer + owner: balancer + cluster: + name: shared-cluster diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index c7d2dcd1..37d8cba2 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -6,3 +6,13 @@ resources: - deployment.yaml - service.yaml - ingress.yaml + - database.yaml + +patches: + - target: + kind: Database + name: balancer + patch: |- + - op: replace + path: /metadata/namespace + value: cloudnative-pg diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml index aa421eac..8ba92568 100644 --- a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml +++ b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: balancer-db-config data: - SQL_HOST: codeforphilly-cluster-rw.cloudnative-pg.svc.cluster.local + SQL_HOST: shared-cluster-rw.cloudnative-pg.svc.cluster.local SQL_PORT: "5432" SQL_DATABASE: balancer SQL_USER: balancer From 06359c566c0ad863d81efa67af74a14391d2669e Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Thu, 7 May 2026 17:34:55 -0400 Subject: [PATCH 20/22] fix: remove redundant namespace patch on database.yaml database.yaml already has namespace: cloudnative-pg hardcoded. The kustomize patch was a no-op replacing the same value. --- deploy/manifests/balancer/base/kustomization.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index 43db6731..44516542 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -13,12 +13,3 @@ configMapGenerator: - name: balancer-config envs: - balancer.env - -patches: - - target: - kind: Database - name: balancer - patch: |- - - op: replace - path: /metadata/namespace - value: cloudnative-pg From 1af2d3002ea0a0a4b9dfceb0535a53a40e65d912 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Thu, 7 May 2026 17:51:13 -0400 Subject: [PATCH 21/22] fix: move Database CRD to cfp-sandbox-cluster infra The Database resource must live in the cloudnative-pg namespace alongside the Cluster CRD. Kustomize's namespace field overrides all resources, making it impossible to keep a cross-namespace resource in the app overlay. Moved to infra/cloudnative-pg/balancer-database.yaml in cfp-sandbox-cluster. --- deploy/manifests/balancer/base/database.yaml | 10 ---------- deploy/manifests/balancer/base/kustomization.yaml | 1 - 2 files changed, 11 deletions(-) delete mode 100644 deploy/manifests/balancer/base/database.yaml diff --git a/deploy/manifests/balancer/base/database.yaml b/deploy/manifests/balancer/base/database.yaml deleted file mode 100644 index 4676c6b8..00000000 --- a/deploy/manifests/balancer/base/database.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Database -metadata: - name: balancer - namespace: cloudnative-pg -spec: - name: balancer - owner: balancer - cluster: - name: shared-cluster diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index 44516542..f6ed71b4 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -7,7 +7,6 @@ resources: - service.yaml - gateway-listeners.yaml - httproute.yaml - - database.yaml configMapGenerator: - name: balancer-config From e8bfa66034e668ce0850f3135ee95073281cc7e6 Mon Sep 17 00:00:00 2001 From: Christopher Tineo Date: Thu, 7 May 2026 17:58:17 -0400 Subject: [PATCH 22/22] fix: move Database CRD to sandbox-only CNPG kustomization Kustomize's namespace field overrides ALL resources, making it impossible to keep the Database in cloudnative-pg namespace within the main overlay. Created a separate kustomization at overlays/sandbox/cnpg/ without the namespace field, so the Database stays in cloudnative-pg namespace. This keeps sandbox and production databases separate - production overlay has no CNPG resources. --- .../balancer/overlays/sandbox/cnpg/database.yaml | 10 ++++++++++ .../balancer/overlays/sandbox/cnpg/kustomization.yaml | 5 +++++ 2 files changed, 15 insertions(+) create mode 100644 deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml create mode 100644 deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml diff --git a/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml b/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml new file mode 100644 index 00000000..4676c6b8 --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml @@ -0,0 +1,10 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: balancer + namespace: cloudnative-pg +spec: + name: balancer + owner: balancer + cluster: + name: shared-cluster diff --git a/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml new file mode 100644 index 00000000..f971acab --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - database.yaml