fix(dev): share auth across dev frontend proxy
This commit is contained in:
@@ -63,8 +63,8 @@ Phase 2 of the D601 dev environment creates only the isolated namespace and data
|
||||
It may create resources only in `unidesk-dev`:
|
||||
|
||||
- `Namespace unidesk-dev`, plus quota and default limits.
|
||||
- `Secret unidesk-dev-runtime-secrets` as a dev-only template for DB credentials, provider token, auth/session secret, and Code Queue model secret placeholders.
|
||||
- `ConfigMap unidesk-dev-runtime-config` for dev identity, desired-state source `origin/master:deploy.json#environments.dev`, provider id `D601-dev`, Code Queue dev paths, and non-secret runtime defaults.
|
||||
- `Secret unidesk-dev-runtime-secrets` as a dev-only template for DB credentials, provider token, auth/session secret, and Code Queue model secret placeholders. The frontend auth/session values are placeholders in this manifest; the controlled dev frontend deploy path syncs them from main-server `config.json.auth` so dev and production use the same login identity and session signer.
|
||||
- `ConfigMap unidesk-dev-runtime-config` for dev identity, desired-state source `origin/master:deploy.json#environments.dev`, provider id `D601-dev`, Code Queue dev paths, and non-secret runtime defaults. `SESSION_TTL_SECONDS` follows the same main-server auth config when `frontend` is deployed.
|
||||
- `ConfigMap unidesk-dev-db-guard` with an executable guard script that rejects production-looking `DATABASE_URL` values.
|
||||
- `StatefulSet/Service postgres-dev` with a 5Gi persistent volume claim and bounded CPU/memory requests/limits.
|
||||
- `Job unidesk-dev-db-migrate`, which waits for `postgres-dev`, runs the guard, then prepares backend-core and Code Queue tables in the independent `unidesk_dev` database.
|
||||
|
||||
@@ -28,6 +28,8 @@ The dev public port is configured in `config.json` as `network.devFrontend.port=
|
||||
|
||||
The unrestricted public network entries are therefore production frontend, dev frontend, and provider ingress. backend-core REST, PostgreSQL, user-service backend ports, k3s Services, NodePorts and D601 host ports remain private or explicitly restricted.
|
||||
|
||||
Dev and production frontend authentication must use the same `config.json.auth` username, password, session secret and session TTL. The public dev and production entrypoints share the same IP/host with different ports, so the `unidesk_session` cookie is host-scoped rather than port-scoped. `deploy apply --env dev --service frontend` must sync `unidesk-dev-runtime-secrets` and `unidesk-dev-runtime-config` from the main-server config before rolling out `frontend-dev`; dev manifests may contain placeholders but must not establish a separate dev login identity.
|
||||
|
||||
## Desired State
|
||||
|
||||
`deploy.json` remains the only version intent file. Dev entries live under `environments.dev` and are read from `origin/master:deploy.json`, never from a dirty local file, when using `--env dev` or `ci run-dev-e2e`.
|
||||
@@ -76,8 +78,9 @@ Rust checking is enabled only when the process is already running inside the D60
|
||||
5. Build the service image on D601 Docker, importing any required base images through the same egress boundary.
|
||||
6. Import the image into native k3s containerd at `/run/k3s/containerd/containerd.sock`.
|
||||
7. Apply only the selected `unidesk-dev` Service/Deployment objects from the dev manifest.
|
||||
8. Stamp the Deployment with `UNIDESK_DEPLOY_*` env and `unidesk.ai/deploy-*` annotations.
|
||||
9. Verify health through the Kubernetes API service proxy and require the live commit to match the requested commit.
|
||||
8. For `frontend`, sync auth/session settings from main-server `config.json.auth` into the dev runtime Secret/ConfigMap before rollout.
|
||||
9. Stamp the Deployment with `UNIDESK_DEPLOY_*` env and `unidesk.ai/deploy-*` annotations.
|
||||
10. Verify health through the Kubernetes API service proxy and require the live commit to match the requested commit.
|
||||
|
||||
The dev path is not a fallback system. If GitHub fetch, provider-gateway egress, Docker build, native k3s, containerd import, kubectl apply or live health verification fails, the job fails with logs. It must not fall back to building on the master server, using a dirty worktree, direct D601 public ports, NodePort, or another deployment command.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user