itsulu/itsulu-blog-publisher
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: update deployment checklist for ITSulu K8s cluster

Browse source 
Updated PHASE3_DEPLOYMENT_CHECKLIST.md to reflect K8s-based E2E testing
instead of external Runboat:

CI/CD Variable:
- Changed from 3 Runboat variables to 1 KUBE_CONFIG variable
- KUBE_CONFIG: base64-encoded kubeconfig for itsulu-testing namespace
- Must have Job create permissions and pod access

Deployment Steps:
- Step 1: Get kubeconfig from infrastructure team
- Step 2: Base64 encode and set KUBE_CONFIG variable
- Removed GitLab bot token creation (no MR comments needed)
- Removed Runboat account verification

K8s Cluster Verification:
- Check cluster connectivity with kubectl cluster-info
- Verify itsulu-testing namespace exists
- Check for required services: test-db-svc
- Verify secrets: test-db-info, gitlab-docker-creds

Pipeline Timing:
- Lint: 2 min (unchanged)
- Test: 10 min (unchanged)
- Build: 3 min (unchanged)
- E2E: 30-45 min (K8s job setup + Odoo init + tests)
- Total: ~50 minutes

Note: E2E stage removed as separate stage, now runs inline during build phase
via kubectl job creation.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
Nicholas Riegel 2026-05-30 00:59:31 -04:00
parent 2cb2a48b98
commit dcda5be0dd
1 changed files with 64 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
PHASE3_DEPLOYMENT_CHECKLIST.md
View file

@ -1,6 +1,7 @@
# Phase 3: Runboat E2E & Performance Testing — Deployment Checklist # Phase 3: K8s-Based E2E & Performance Testing — Deployment Checklist
**Status**: Ready for deployment **Status**: Ready for deployment on ITSulu K8s cluster
**Environment**: itsulu-testing namespace
**Last Updated**: 2026-05-30 **Last Updated**: 2026-05-30
## Pre-Deployment Checklist ## Pre-Deployment Checklist
@ -15,49 +16,52 @@
- [x] CLAUDE.md updated with SLO targets and patterns - [x] CLAUDE.md updated with SLO targets and patterns
- [x] All code committed and pushed to main - [x] All code committed and pushed to main
### 2. CI/CD Variables Setup (Action Required) ### 2. CI/CD Variable Setup (Action Required)
Before merging Phase 3 code, set these variables in **GitLab Project Settings → CI/CD Variables**: Before merging Phase 3 code, set this variable in **GitLab Project Settings → CI/CD Variables**:
#### Variable 1: RUNBOAT_API_URL #### Variable: KUBE_CONFIG
- **Type**: Secret - **Type**: Secret
- **Value**: Runboat API endpoint (e.g., `https://api.runboat.dev`) - **Value**: Base64-encoded kubeconfig for ITSulu K8s cluster access
- **Protected**: Yes - **Protected**: Yes
- **Masked**: Yes - **Masked**: Yes
- **Source**: Request from Acsone/infrastructure team - **Source**: From infrastructure team
- **Requirements**:
- Must have access to `itsulu-testing` namespace
- Must have permissions to create Jobs
- Must have permissions to get pods and copy files
#### Variable 2: RUNBOAT_TOKEN **How to obtain**:
- **Type**: Secret ```bash
- **Value**: Bearer token for Runboat API authentication # From infrastructure team, get the kubeconfig for itsulu-testing namespace
- **Protected**: Yes # Then encode it:
- **Masked**: Yes cat ~/.kube/config | base64 | pbcopy # macOS
- **Source**: Request from Acsone/infrastructure team # or
- **Format**: `rbk_...` (Runboat Bearer Key) cat ~/.kube/config | base64 -w0 # Linux
#### Variable 3: GITLAB_BOT_TOKEN # Paste into GitLab CI/CD variable KUBE_CONFIG
- **Type**: Secret ```
- **Value**: GitLab personal/bot token for posting MR comments
- **Protected**: Yes
- **Masked**: Yes
- **Source**: **Create locally** via GitLab Settings → Access Tokens
- Token name: `itsulu-blog-publisher-bot`
- Scopes: `api`, `read_api`, `read_repository`
- Expiration: 1 year
- Save and copy the value
### 3. Runboat Account Verification ### 3. K8s Cluster Verification
Before deploying, verify Runboat is accessible: Before deploying, verify K8s cluster access:
```bash ```bash
# Test Runboat API (after variables are set) # Verify kubeconfig is valid (after KUBE_CONFIG variable is set)
curl -fsSL -X POST "${RUNBOAT_API_URL}/builds" \ mkdir -p ~/.kube
-H "Authorization: Bearer ${RUNBOAT_TOKEN}" \ echo "$KUBE_CONFIG" | base64 -d > ~/.kube/config
-H "Content-Type: application/json" \ kubectl config use-context itsulu-testing
-d '{"repo":"example/repo","sha":"abc123"}'
# Should return JSON with "url" field (success) # Check cluster connectivity
# Or 401 error (invalid token — fix variables) kubectl cluster-info
# Verify namespace and services
kubectl get namespace itsulu-testing
kubectl get svc -n itsulu-testing
# Should see: test-db-svc (PostgreSQL)
# Should see: Secrets: test-db-info, gitlab-docker-creds
# Should see: ServiceAccount: test-runner
``` ```
### 4. E2E Test Dry-Run (Local) ### 4. E2E Test Dry-Run (Local)
@ -98,30 +102,33 @@ pytest addons/itsulu_blog_publisher/tests/test_performance.py \
## Deployment Steps ## Deployment Steps
### Step 1: Create/Verify GitLab Bot Token ### Step 1: Get K8s Configuration
```bash ```bash
# In GitLab web UI: # Contact infrastructure team to:
1. Click your avatar → Settings → Access Tokens # 1. Get kubeconfig for itsulu-testing namespace
2. Click "Add New Token" # 2. Verify you have Job create permissions
3. Fill: # 3. Verify pod access and file copy permissions
- Token name: "itsulu-blog-publisher-bot"
- Scopes: Check api, read_api, read_repository # Base64 encode the kubeconfig:
- Expiration: 1 year from now cat kubeconfig.yaml | base64 | pbcopy # macOS
4. Click "Create Personal Access Token" # or
5. Copy the token value (only shown once) cat kubeconfig.yaml | base64 -w0 # Linux
``` ```
### Step 2: Set CI/CD Variables ### Step 2: Set CI/CD Variable
```bash ```bash
# In GitLab web UI: # In GitLab web UI:
1. Project → Settings → CI/CD → Variables 1. Project → Settings → CI/CD → Variables
2. Add RUNBOAT_API_URL (get from infrastructure team) 2. Click "Add Variable"
3. Add RUNBOAT_TOKEN (get from infrastructure team) 3. Fill:
4. Add GITLAB_BOT_TOKEN (paste from step 1) - Key: KUBE_CONFIG
5. Check all are: Protected=Yes, Masked=Yes - Value: (paste base64-encoded kubeconfig from step 1)
6. Click Save - Type: Secret
- Protected: ✓ Yes
- Masked: ✓ Yes
4. Click "Add variable"
``` ```
### Step 3: Push Phase 3 Code to Feature Branch ### Step 3: Push Phase 3 Code to Feature Branch
@ -162,22 +169,19 @@ When MR is created, GitLab CI/CD should automatically start:
- pylint-odoo - pylint-odoo
- Status: ✅ Should pass - Status: ✅ Should pass
2. **Test stage** (10 min) — runs in parallel: 2. **Test stage** (10 min)
- unit_tests: TDD + BDD tests - unit_tests: TDD + BDD + performance tests
- performance_tests: Performance benchmarks
- Status: ✅ Should pass - Status: ✅ Should pass
3. **Build stage** (3 min) 3. **Build stage** (3 min)
- Docker image build & push - Docker image build & push to registry
- Status: ✅ Should pass - Status: ✅ Should pass
4. **Preview stage** (5 min) 4. **E2E stage** (on K8s)
- runboat_preview: Requests Runboat build - e2e_tests: Creates job on itsulu-testing namespace
- Status: ✅ Should create preview URL (or ⚠️ if Runboat unavailable) - Installs Odoo, addon, runs Playwright tests
- Expected: 30-45 min (K8s job setup + Odoo init + tests)
5. **E2E stage** (15 min) — waits for preview - Status: ✅ Should pass or ⚠️ if allowed_failure=true
- e2e_tests: Runs Playwright scenarios
- Status: ✅ Should pass or ⚠️ if preview not ready
### Step 6: Review Pipeline Artifacts ### Step 6: Review Pipeline Artifacts