gh-claude/guildhall
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
guildhall/k8s/70-guildhall-deployment.yaml
Tyler J King c0959a5376 feat(guildhall): minimum viable guildhall — OIDC, guilds, schematics, members 
Implements the full founding-guild onboarding stack across four phases:

Phase A — Keycloak OIDC auth pipeline (oidcc) + guild registration with
ceremony-engine approval (SingleApproval, hub operator approves via gRPC).
Phase B — Founding schematic templates (MSP/ISV/NSP TOML), gRPC clients
for ceremony-service and ffc-schematic-server, schematic fork/bind/realize
LiveView with DB audit trail in guild_schematics.
Phase C — RealizationPoller GenServer polling realization status every 5s,
PubSub broadcast, live realization dashboard showing 7 reconciler sections.
Phase D — Self-service member onboarding (join request → guild master
approval via ceremony), member management LiveView, auto-create guild
master on guild approval via Ecto.Multi transaction.

Includes K8s manifests for ceremony-service (port 50053) and
ffc-schematic-server (port 9091) as ClusterIP services, plus updated
guildhall deployment with OIDC and gRPC service URL env vars.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Tyler J King <tking@guildhouse.dev>
2026-05-15 15:03:50 -04:00

117 lines
3.7 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: guildhall
namespace: guildhall
labels:
app.kubernetes.io/name: guildhall
app.kubernetes.io/part-of: guildhouse
app.kubernetes.io/component: web
app.kubernetes.io/managed-by: manual
app.kubernetes.io/version: v0.1.0
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: guildhall
template:
metadata:
labels:
app: guildhall
app.kubernetes.io/name: guildhall
app.kubernetes.io/part-of: guildhouse
app.kubernetes.io/component: web
app.kubernetes.io/version: v0.1.0
spec:
imagePullSecrets:
- name: guildhall-registry
containers:
- name: guildhall
image: git.guildhouse.dev/tking/guildhall:v0.1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 4000
name: http
protocol: TCP
env:
# Phoenix / endpoint
- name: PHX_SERVER
value: "true"
- name: PHX_HOST
value: guildhall.guildhouse.dev
- name: PORT
value: "4000"
- name: POOL_SIZE
value: "10"
# Session signing key
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: guildhall-app-secrets
key: SECRET_KEY_BASE
# OIDC (Keycloak)
- name: OIDC_ISSUER
value: "https://auth.guildhouse.dev/realms/guildhouse"
- name: OIDC_CLIENT_ID
value: guildhall-web
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: guildhall-app-secrets
key: OIDC_CLIENT_SECRET
- name: OIDC_REDIRECT_URI
value: "https://guildhall.guildhouse.dev/auth/callback"
# gRPC service URLs (in-cluster ClusterIP DNS)
- name: CEREMONY_SERVICE_URL
value: "ceremony-service.guildhall.svc.cluster.local:50053"
- name: SCHEMATIC_SERVICE_URL
value: "ffc-schematic-server.guildhall.svc.cluster.local:9091"
- name: FFC_SCHEMATIC_SERVICE_URL
value: "ffc-schematic-server.guildhall.svc.cluster.local:9091"
# Ecto
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: guildhall-app-secrets
key: DATABASE_URL
# Starting envelope. Tune after observing real usage under
# LiveView fan-out; Phoenix's memory footprint grows with
# connected clients.
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: "1"
memory: 1Gi
# Probes hit /health, which queries the Ecto pool. See
# apps/guildhall_web/lib/guildhall_web_web/controllers/health_controller.ex
# for semantics.
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
# Graceful shutdown allowance. Phoenix endpoint shuts down
# cleanly inside this window.
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 5"]
terminationGracePeriodSeconds: 30
Reference in a new issue View git blame Copy permalink