From dcda5be0dd4c8222a467606055c4a9c7de43901e Mon Sep 17 00:00:00 2001
From: Nicholas Riegel <nicholasr@itsulu.com>
Date: Sat, 30 May 2026 00:59:31 -0400
Subject: [PATCH] docs: update deployment checklist for ITSulu K8s cluster

Updated PHASE3_DEPLOYMENT_CHECKLIST.md to reflect K8s-based E2E testing
instead of external Runboat:

CI/CD Variable:
- Changed from 3 Runboat variables to 1 KUBE_CONFIG variable
- KUBE_CONFIG: base64-encoded kubeconfig for itsulu-testing namespace
- Must have Job create permissions and pod access

Deployment Steps:
- Step 1: Get kubeconfig from infrastructure team
- Step 2: Base64 encode and set KUBE_CONFIG variable
- Removed GitLab bot token creation (no MR comments needed)
- Removed Runboat account verification

K8s Cluster Verification:
- Check cluster connectivity with kubectl cluster-info
- Verify itsulu-testing namespace exists
- Check for required services: test-db-svc
- Verify secrets: test-db-info, gitlab-docker-creds

Pipeline Timing:
- Lint: 2 min (unchanged)
- Test: 10 min (unchanged)
- Build: 3 min (unchanged)
- E2E: 30-45 min (K8s job setup + Odoo init + tests)
- Total: ~50 minutes

Note: E2E stage removed as separate stage, now runs inline during build phase
via kubectl job creation.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 PHASE3_DEPLOYMENT_CHECKLIST.md | 124 +++++++++++++++++----------------
 1 file changed, 64 insertions(+), 60 deletions(-)

diff --git a/PHASE3_DEPLOYMENT_CHECKLIST.md b/PHASE3_DEPLOYMENT_CHECKLIST.md
index af038a0..abcde22 100644
--- a/PHASE3_DEPLOYMENT_CHECKLIST.md
+++ b/PHASE3_DEPLOYMENT_CHECKLIST.md
@@ -1,6 +1,7 @@
-# Phase 3: Runboat E2E & Performance Testing — Deployment Checklist
+# Phase 3: K8s-Based E2E & Performance Testing — Deployment Checklist
 
-**Status**: Ready for deployment  
+**Status**: Ready for deployment on ITSulu K8s cluster  
+**Environment**: itsulu-testing namespace  
 **Last Updated**: 2026-05-30
 
 ## Pre-Deployment Checklist
@@ -15,49 +16,52 @@
 - [x] CLAUDE.md updated with SLO targets and patterns
 - [x] All code committed and pushed to main
 
-### 2. CI/CD Variables Setup (Action Required)
+### 2. CI/CD Variable Setup (Action Required)
 
-Before merging Phase 3 code, set these variables in **GitLab Project Settings → CI/CD Variables**:
+Before merging Phase 3 code, set this variable in **GitLab Project Settings → CI/CD Variables**:
 
-#### Variable 1: RUNBOAT_API_URL
+#### Variable: KUBE_CONFIG
 - **Type**: Secret
-- **Value**: Runboat API endpoint (e.g., `https://api.runboat.dev`)
+- **Value**: Base64-encoded kubeconfig for ITSulu K8s cluster access
 - **Protected**: Yes
 - **Masked**: Yes
-- **Source**: Request from Acsone/infrastructure team
+- **Source**: From infrastructure team
+- **Requirements**:
+  - Must have access to `itsulu-testing` namespace
+  - Must have permissions to create Jobs
+  - Must have permissions to get pods and copy files
 
-#### Variable 2: RUNBOAT_TOKEN
-- **Type**: Secret
-- **Value**: Bearer token for Runboat API authentication
-- **Protected**: Yes
-- **Masked**: Yes
-- **Source**: Request from Acsone/infrastructure team
-- **Format**: `rbk_...` (Runboat Bearer Key)
+**How to obtain**:
+```bash
+# From infrastructure team, get the kubeconfig for itsulu-testing namespace
+# Then encode it:
+cat ~/.kube/config | base64 | pbcopy  # macOS
+# or
+cat ~/.kube/config | base64 -w0       # Linux
 
-#### Variable 3: GITLAB_BOT_TOKEN
-- **Type**: Secret
-- **Value**: GitLab personal/bot token for posting MR comments
-- **Protected**: Yes
-- **Masked**: Yes
-- **Source**: **Create locally** via GitLab Settings → Access Tokens
-  - Token name: `itsulu-blog-publisher-bot`
-  - Scopes: `api`, `read_api`, `read_repository`
-  - Expiration: 1 year
-  - Save and copy the value
+# Paste into GitLab CI/CD variable KUBE_CONFIG
+```
 
-### 3. Runboat Account Verification
+### 3. K8s Cluster Verification
 
-Before deploying, verify Runboat is accessible:
+Before deploying, verify K8s cluster access:
 
 ```bash
-# Test Runboat API (after variables are set)
-curl -fsSL -X POST "${RUNBOAT_API_URL}/builds" \
-  -H "Authorization: Bearer ${RUNBOAT_TOKEN}" \
-  -H "Content-Type: application/json" \
-  -d '{"repo":"example/repo","sha":"abc123"}'
+# Verify kubeconfig is valid (after KUBE_CONFIG variable is set)
+mkdir -p ~/.kube
+echo "$KUBE_CONFIG" | base64 -d > ~/.kube/config
+kubectl config use-context itsulu-testing
 
-# Should return JSON with "url" field (success)
-# Or 401 error (invalid token — fix variables)
+# Check cluster connectivity
+kubectl cluster-info
+
+# Verify namespace and services
+kubectl get namespace itsulu-testing
+kubectl get svc -n itsulu-testing
+
+# Should see: test-db-svc (PostgreSQL)
+# Should see: Secrets: test-db-info, gitlab-docker-creds
+# Should see: ServiceAccount: test-runner
 ```
 
 ### 4. E2E Test Dry-Run (Local)
@@ -98,30 +102,33 @@ pytest addons/itsulu_blog_publisher/tests/test_performance.py \
 
 ## Deployment Steps
 
-### Step 1: Create/Verify GitLab Bot Token
+### Step 1: Get K8s Configuration
 
 ```bash
-# In GitLab web UI:
-1. Click your avatar → Settings → Access Tokens
-2. Click "Add New Token"
-3. Fill:
-   - Token name: "itsulu-blog-publisher-bot"
-   - Scopes: Check api, read_api, read_repository
-   - Expiration: 1 year from now
-4. Click "Create Personal Access Token"
-5. Copy the token value (only shown once)
+# Contact infrastructure team to:
+# 1. Get kubeconfig for itsulu-testing namespace
+# 2. Verify you have Job create permissions
+# 3. Verify pod access and file copy permissions
+
+# Base64 encode the kubeconfig:
+cat kubeconfig.yaml | base64 | pbcopy  # macOS
+# or
+cat kubeconfig.yaml | base64 -w0       # Linux
 ```
 
-### Step 2: Set CI/CD Variables
+### Step 2: Set CI/CD Variable
 
 ```bash
 # In GitLab web UI:
 1. Project → Settings → CI/CD → Variables
-2. Add RUNBOAT_API_URL (get from infrastructure team)
-3. Add RUNBOAT_TOKEN (get from infrastructure team)
-4. Add GITLAB_BOT_TOKEN (paste from step 1)
-5. Check all are: Protected=Yes, Masked=Yes
-6. Click Save
+2. Click "Add Variable"
+3. Fill:
+   - Key: KUBE_CONFIG
+   - Value: (paste base64-encoded kubeconfig from step 1)
+   - Type: Secret
+   - Protected: ✓ Yes
+   - Masked: ✓ Yes
+4. Click "Add variable"
 ```
 
 ### Step 3: Push Phase 3 Code to Feature Branch
@@ -162,22 +169,19 @@ When MR is created, GitLab CI/CD should automatically start:
    - pylint-odoo
    - Status: ✅ Should pass
 
-2. **Test stage** (10 min) — runs in parallel:
-   - unit_tests: TDD + BDD tests
-   - performance_tests: Performance benchmarks
+2. **Test stage** (10 min)
+   - unit_tests: TDD + BDD + performance tests
    - Status: ✅ Should pass
 
 3. **Build stage** (3 min)
-   - Docker image build & push
+   - Docker image build & push to registry
    - Status: ✅ Should pass
 
-4. **Preview stage** (5 min)
-   - runboat_preview: Requests Runboat build
-   - Status: ✅ Should create preview URL (or ⚠️ if Runboat unavailable)
-
-5. **E2E stage** (15 min) — waits for preview
-   - e2e_tests: Runs Playwright scenarios
-   - Status: ✅ Should pass or ⚠️ if preview not ready
+4. **E2E stage** (on K8s)
+   - e2e_tests: Creates job on itsulu-testing namespace
+   - Installs Odoo, addon, runs Playwright tests
+   - Expected: 30-45 min (K8s job setup + Odoo init + tests)
+   - Status: ✅ Should pass or ⚠️ if allowed_failure=true
 
 ### Step 6: Review Pipeline Artifacts