updated k8s deployment and ingress config.

k8s/deployment.yaml

@@ -20,15 +20,13 @@ spec:
       labels:
         app: buildify
     spec:
-      serviceAccountName: ecr-service-account  # Service account with access to read ECR images
+      serviceAccountName: ecr-service-account
       containers:
-        -
-          name: buildify
-          image: 891377135844.dkr.ecr.us-east-1.amazonaws.com/buildify:development  # Using dev tag as the default for development
+        - name: buildify
+          image: 891377135844.dkr.ecr.us-east-1.amazonaws.com/buildify:development
           imagePullPolicy: Always
           ports:
-            -
-              containerPort: 5173
+            - containerPort: 5173
               name: http
           resources:
             requests:
@@ -38,28 +36,26 @@ spec:
               cpu: "1500m"
               memory: "1.5Gi"
           envFrom:
-            # Non-sensitive configuration (public settings)
             - configMapRef:
                 name: buildify-config
-            
-            # Authentication secrets from AWS Secrets Manager via ExternalSecret
-            # Contains: SESSION_SECRET, GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET
-            # These are infrastructure-level secrets managed by DevOps
             - secretRef:
                 name: buildify-auth-secrets
-            
-            # User-configurable API keys for LLM providers
-            # These are set through the application UI and can vary per user
-            # Contains: OPENAI_API_KEY, ANTHROPIC_API_KEY, BAYER_MGA_API_KEY, etc.
           livenessProbe:
             httpGet:
-              path: /
+              path: /healthz
               port: 5173
+              scheme: HTTP
             initialDelaySeconds: 30
             periodSeconds: 10
+            timeoutSeconds: 1
+            failureThreshold: 3
           readinessProbe:
             httpGet:
-              path: /
+              path: /healthz
               port: 5173
-            initialDelaySeconds: 5
+              scheme: HTTP
+            initialDelaySeconds: 10
             periodSeconds: 5
+            timeoutSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1

k8s/ingress.yaml

@@ -8,24 +8,23 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    # Ensure X-Forwarded-Proto header is set to propagate original protocol information
-    nginx.ingress.kubernetes.io/proxy-set-headers: "X-Forwarded-Proto https"
-    nginx.ingress.kubernetes.io/proxy-redirect-from: http
-    nginx.ingress.kubernetes.io/proxy-redirect-to: https
+    nginx.ingress.kubernetes.io/proxy-set-header: "X-Forwarded-Proto $scheme"
+    nginx.ingress.kubernetes.io/affinity: cookie
+    nginx.ingress.kubernetes.io/session-cookie-name: BUILDIFYSESSION
 spec:
   ingressClassName: nginx
   rules:
-  - host: buildify.phexhub-np.int.bayer.com
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: buildify
-            port:
-              number: 80
+    - host: buildify.phexhub-np.int.bayer.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: buildify
+                port:
+                  number: 80
   tls:
-  - hosts:
-    - buildify.phexhub-np.int.bayer.com
-    secretName: buildify-phexhub-dev-cluster-tls
+    - hosts:
+        - buildify.phexhub-np.int.bayer.com
+      secretName: buildify-phexhub-dev-cluster-tls