Skip to main content

Staging Deployment Infrastructure

Date: 2026-04-15 Scope: Production Dockerfiles, K8s manifests, CI/CD, and infra agent handoff for pssaas-staging on AKS

What Was Done

ADR-020: Shared Kubernetes Cluster with PSX

Formalized the decision to deploy PSSaaS to the same AKS cluster (pss-cluster) as PSX, using dedicated pssaas-* namespaces while sharing pss-platform services (Keycloak, Vault). PSX ADR-085 already anticipates this. Phased adoption — Docker Compose stays for local dev.

Production Dockerfiles

  • docs-site/Dockerfile.prod — Multi-stage: npm ci + npm run build → nginx serving static site at /docs/ on port 3000. Health check at /healthz.
  • src/backend/Dockerfile.prod — Multi-stage: dotnet publish -c Release → aspnet:8.0 runtime on port 8080. Health check at /api/health.

Kubernetes Manifests

infra/azure/k8s/pssaas-staging/services.yaml — ConfigMap + 3 Deployments + 3 Services:

ServiceImagePortResources
docsghcr.io/.../docs:latest300050-200m CPU, 64-128Mi RAM
apighcr.io/.../api:latest8080100-500m CPU, 256-512Mi RAM
redisredis:7-alpine637950-200m CPU, 64-128Mi RAM

API connects to SQL MI via secret-injected connection string (no local SQL Server in K8s).

Ingress

infra/azure/k8s/ingress/pssaas-ingress.yaml — Routes pssaas.staging.powerseller.com:

  • /docs/ → docs service
  • /api/ → api service
  • / → redirect to /docs/
  • TLS via cert-manager (letsencrypt-prod)

CI/CD

Two GitHub Actions workflows:

  • .github/workflows/_build-image.yaml — Reusable: build + push to GHCR with SHA tag
  • .github/workflows/deploy-staging.yaml — Path-filtered builds (docs vs API), kubectl set image deployment

Infra Agent Handoff

infra/azure/HANDOFF-INFRA-AGENT.md — 8-step playbook for the PSX infra agent: namespace creation, secrets, manifests, DNS, TLS verification, image build, health checks, Superset connection.

Files Created

  • docs-site/Dockerfile.prod
  • src/backend/Dockerfile.prod
  • infra/azure/k8s/pssaas-staging/services.yaml
  • infra/azure/k8s/ingress/pssaas-ingress.yaml
  • infra/azure/scripts/create-pssaas-secrets.ps1
  • .github/workflows/deploy-staging.yaml
  • .github/workflows/_build-image.yaml
  • infra/azure/HANDOFF-INFRA-AGENT.md
  • docs-site/docs/adr/adr-020-shared-k8s-namespaces.md

What's Next

  1. Kevin relays the handoff prompt to the PSX infra agent
  2. Infra agent creates namespace, secrets, DNS, and applies manifests
  3. First images built (either via CI/CD trigger or manual docker push)
  4. Staff access docs at https://pssaas.staging.powerseller.com/docs/
  5. Staff explore API at https://pssaas.staging.powerseller.com/api/swagger/