bluejay-infra

bluejay/bluejay-infra

Fork 0

Commit Graph

Author	SHA1	Message	Date
Andrew Stoltz	cc92272217	selenium: allow github-runner namespace ingress on 4444 Unblocks CI jobs running in github-runner pods (e.g. FlowerCore.Print.Web `help-screenshots`) from reaching selenium-hub. Previously the session POST was DNAT'd to the hub pod IP then dropped at the Calico ingress hook, surfacing as a 60s timeout against http://selenium-hub.selenium.svc.cluster.local:4444 while the Selenium UI showed 0/4 sessions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-25 19:43:12 -05:00
Andrew Stoltz	2f796a2ebd	selenium: migrate hub + 3 nodes + service + ingressroute into ArgoCD Previously orphan kubectl-applied since the Selenium Grid was first set up. The `infra-selenium` ArgoCD app existed but only managed `network-policy.yaml` — the deployments themselves drifted whenever anyone `kubectl set env`'d or `kubectl scale`'d. This commit captures the live state (with the 2026-05-25 maxSessions bump for chrome already baked in) as canonical git source. ArgoCD's ServerSideApply syncPolicy + selfHeal will now keep the grid in lock step with this file. Resources captured: - Service selenium-hub (ClusterIP, internal traffic on 4444) - Service selenium-hub-external (LoadBalancer, MetalLB 10.0.56.208) - Deployment selenium-hub - Deployment selenium-node-chrome (replicas=1, SE_NODE_MAX_SESSIONS=2) - Deployment selenium-node-firefox (replicas=1, maxSessions=1) - Deployment selenium-node-edge (replicas=1, maxSessions=1) - IngressRoute selenium-hub (Traefik, selenium.iamworkin.lan) No live behavior change — server-side dry-run confirms unchanged for hub/firefox/ingressroute, "configured" for hub-external + 3 deploys (default-field reordering only; SSA + field managers handle the diff). Refs: Sprint 33 morning-routine 2026-05-25 follow-up Q-MR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-25 19:08:55 -05:00
Codex	11c5f6e6cc	fix(selenium): GitOps-capture selenium-netpol (was unmanaged anywhere) Captured during 2026-05-07 regroup audit. selenium-netpol was applied via raw `kubectl apply` to the cluster on 2026-03-15 with no source-of-truth file anywhere — neither in bluejay-infra nor in any FC service repo. A cluster rebuild from bluejay-infra would have lost it entirely (including the Selenium Grid → Traefik VIP allow rule that gates AAT runs against *.iamworkin.lan services). Captured byte-for-byte from `kubectl get netpol -n selenium selenium-netpol -o yaml`. ServerSideApply via ArgoCD will adopt the existing resource without recreation. The Selenium Grid Deployment + Services themselves are still managed outside ArgoCD (deployed via raw kubectl from the original bring-up). Migrating those into bluejay-infra is a separate lane — this commit only restores GitOps repeatability for the NetworkPolicy. See feedback_networkpolicies_belong_in_bluejay_infra.md for the canonical pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 10:30:59 -05:00

Author

SHA1

Message

Date

Andrew Stoltz

cc92272217

selenium: allow github-runner namespace ingress on 4444

Unblocks CI jobs running in github-runner pods (e.g. FlowerCore.Print.Web
`help-screenshots`) from reaching selenium-hub. Previously the session
POST was DNAT'd to the hub pod IP then dropped at the Calico ingress
hook, surfacing as a 60s timeout against
http://selenium-hub.selenium.svc.cluster.local:4444 while the Selenium
UI showed 0/4 sessions.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-25 19:43:12 -05:00

Andrew Stoltz

2f796a2ebd

selenium: migrate hub + 3 nodes + service + ingressroute into ArgoCD

Previously orphan kubectl-applied since the Selenium Grid was first set
up. The `infra-selenium` ArgoCD app existed but only managed
`network-policy.yaml` — the deployments themselves drifted whenever
anyone `kubectl set env`'d or `kubectl scale`'d.

This commit captures the live state (with the 2026-05-25 maxSessions
bump for chrome already baked in) as canonical git source. ArgoCD's
ServerSideApply syncPolicy + selfHeal will now keep the grid in lock
step with this file.

Resources captured:
  - Service selenium-hub (ClusterIP, internal traffic on 4444)
  - Service selenium-hub-external (LoadBalancer, MetalLB 10.0.56.208)
  - Deployment selenium-hub
  - Deployment selenium-node-chrome (replicas=1, SE_NODE_MAX_SESSIONS=2)
  - Deployment selenium-node-firefox (replicas=1, maxSessions=1)
  - Deployment selenium-node-edge (replicas=1, maxSessions=1)
  - IngressRoute selenium-hub (Traefik, selenium.iamworkin.lan)

No live behavior change — server-side dry-run confirms unchanged for
hub/firefox/ingressroute, "configured" for hub-external + 3 deploys
(default-field reordering only; SSA + field managers handle the diff).

Refs: Sprint 33 morning-routine 2026-05-25 follow-up Q-MR.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-25 19:08:55 -05:00

Codex

11c5f6e6cc

fix(selenium): GitOps-capture selenium-netpol (was unmanaged anywhere)

Captured during 2026-05-07 regroup audit. selenium-netpol was applied via
raw `kubectl apply` to the cluster on 2026-03-15 with no source-of-truth
file anywhere — neither in bluejay-infra nor in any FC service repo. A
cluster rebuild from bluejay-infra would have lost it entirely (including
the Selenium Grid → Traefik VIP allow rule that gates AAT runs against
*.iamworkin.lan services).

Captured byte-for-byte from `kubectl get netpol -n selenium selenium-netpol
-o yaml`. ServerSideApply via ArgoCD will adopt the existing resource
without recreation.

The Selenium Grid Deployment + Services themselves are still managed
outside ArgoCD (deployed via raw kubectl from the original bring-up).
Migrating those into bluejay-infra is a separate lane — this commit only
restores GitOps repeatability for the NetworkPolicy.

See feedback_networkpolicies_belong_in_bluejay_infra.md for the canonical
pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-07 10:30:59 -05:00

3 Commits