Merge 6d474527967e1de46605247e29022ea400ec6fec into 297e04f69bcd32f311ed3928ef3141389b701bc9

fixes recognized by coderabbit
2025-12-10 02:42:49 +01:00 · 2025-11-28 13:49:15 +00:00 · 2025-11-28 14:48:57 +01:00
5 changed files with 25 additions and 2 deletions
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@ -13,7 +13,7 @@ This directory contains base Kubernetes manifests to self-host Rallly. It separa
 1.  **Secrets (`secrets.yaml`):**
    - **Important:** Do not commit the `secrets.yaml` file with real credentials to version control.
    - Update `POSTGRES_PASSWORD` and `SECRET_PASSWORD` (use `openssl rand -hex 32` to generate).
-    - Update `DATABASE_URL` to match your postgres password.
+    - **Critical:** Ensure the password in `DATABASE_URL` matches `POSTGRES_PASSWORD`. Both must use the same value.

 2.  **Config (`rallly-config.yaml`):**
    - Update `NEXT_PUBLIC_BASE_URL` to match your domain.
@ -22,6 +22,7 @@ This directory contains base Kubernetes manifests to self-host Rallly. It separa
 3.  **Ingress (`ingress.yaml`):**
    - Change `host: rallly.example.com` to your actual domain.
    - Ensure `ingressClassName` matches your cluster's controller (default is set to `nginx`).
+    - **TLS:** Create the TLS certificate Secret named `rallly-tls` or enable cert-manager (see comments in `ingress.yaml` for options).

 ## Deployment Order

@ -40,7 +41,18 @@ kubectl apply -f rallly.yaml

 # 4. Apply Ingress
 kubectl apply -f ingress.yaml
+```

-# 5. Check that the pods are running - should show '1/1 Running' for each pod.
+## Verification
+
+Check that the pods are running:
+
+```bash
 kubectl get pods
 ```
+
+The Postgres pod should show `1/1 Running` and the Rallly pod should eventually show `1/1 Running` once the liveness probe passes.
+
+## Notes on Storage
+
+The PostgreSQL StatefulSet requests a 1Gi PersistentVolume. Ensure your cluster has a default StorageClass configured, or update the `volumeClaimTemplates` in `postgres.yaml` to specify a StorageClass.
--- a/kubernetes/README.pdf
+++ b/kubernetes/README.pdf
--- a/kubernetes/ingress.yaml
+++ b/kubernetes/ingress.yaml
@ -28,3 +28,7 @@ spec:
    - hosts:
        - rallly.example.com
      secretName: rallly-tls
+      # Note: This Secret must be created separately. Options:
+      # 1. Use cert-manager (uncomment annotation above) to auto-provision
+      # 2. Manually create: kubectl create secret tls rallly-tls --cert=path/to/cert --key=path/to/key
+      # 3. Use an existing cluster-issued certificate secret
--- a/kubernetes/rallly-config.yaml
+++ b/kubernetes/rallly-config.yaml
@ -10,7 +10,10 @@ data:
  NEXT_PUBLIC_BASE_URL: "https://rallly.example.com"

  # Email Settings
+  # Note: This is distinct from INITIAL_ADMIN_EMAIL (defined in secrets), which creates the admin account.
+  # SUPPORT_EMAIL is the user-facing support contact shown to users.
  SUPPORT_EMAIL: "admin@example.com"
+
  EMAIL_LOGIN_ENABLED: "true"
  # SECURITY: This allows ANY email to register. Restrict to "*@example.com" or specific emails for production.
  ALLOWED_EMAILS: "*"
--- a/kubernetes/rallly.yaml
+++ b/kubernetes/rallly.yaml
@ -26,6 +26,10 @@ spec:
      app: rallly
  strategy:
    type: RollingUpdate
+    # Zero-donwtime deployment strategy
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
  template:
    metadata:
      labels:
Author	SHA1	Message	Date
Gabriel Windlin	2e79c12f92	Merge 6d474527967e1de46605247e29022ea400ec6fec into 297e04f69bcd32f311ed3928ef3141389b701bc9	2025-11-28 13:49:15 +00:00
Gabriel Windlin	6d47452796	fixes recognized by coderabbit	2025-11-28 14:48:57 +01:00