review(2w): traefik WC1.1 (W0.10a) — PASS @2026-05-29 (stateless rollback proven, no TLS outage); CLOSES W0.10 tracked-open → WC1.1 fully verified both reconcilers
This commit is contained in:
@ -294,3 +294,34 @@ custom-html canonical left idle@1.11.0+1.29.0 with snapshot intact. Generic-firs
|
||||
|
||||
**Gate verdict: WC4 + WC7 — PASS @2026-05-29.** Builder may proceed to W3 (WC5/WC6 cold-advances +
|
||||
nightly). **Still tracked-open before Phase-2w DONE:** traefik WC1.1 (W0.10) cold proof.
|
||||
|
||||
## @2026-05-29 — traefik WC1.1 (W0.10a) — PASS → WC1.1 now FULLY closed (keycloak + traefik)
|
||||
Gate e678d2e. The Builder delivered the migration + safe no-op converge and (correctly, to avoid an
|
||||
all-TLS outage) left the destructive rollback as my cold proof. All cold from my own clone.
|
||||
|
||||
- **Units — PASS:** 65 passed (incl. traefik spec: stateful=False, callable setup, health_domain).
|
||||
- **Migration + no-op converge — PASS:** `deploy-proxy.service` active now execs
|
||||
`warm_reconcile.py traefik`; journal `RECONCILE RESULT: noop-healthy:5.1.1+v3.6.15`; system running,
|
||||
0 failed; `ci.commoninternet.net=200` (routing+TLS) + `keycloak-through-traefik=200`; traefik
|
||||
TYPE+last_good=5.1.1+v3.6.15. Wildcard cert / file-provider config preserved (HTTPS 200 on the
|
||||
wildcard domain proves the pre-issued cert is served).
|
||||
- **Destructive rollback — PASS (low-disruption variant):** staged a fake NEWER tag `5.2.0+v3.6.15`
|
||||
with a lint-breaking env (a YAML mapping entry). Reconcile: auto-upgrade 5.1.1→5.2.0 → `abra deploy
|
||||
… FATA failed lint checks (R009 environment.0 must be a string)` → `rolling back to 5.1.1+v3.6.15`
|
||||
→ `RECONCILE RESULT: rolled-back:5.2.0+v3.6.15->5.1.1+v3.6.15`, rollback alert
|
||||
`{attempted:5.2.0, last_good:5.1.1, recovered:True}`. **Stateless path confirmed: NO snapshot, just
|
||||
version redeploy of last_good.** Crucially, **TLS was NOT dropped** — `ci.commoninternet.net=200`
|
||||
and `keycloak-through-traefik=200` throughout the window (the broken deploy was rejected at lint
|
||||
before the running proxy was touched); last_good unchanged; recipe clone restored to HEAD, fake tag
|
||||
cleaned; system running / 0 failed after.
|
||||
- *Honest scope:* my broken tag failed at abra LINT (the deploy-FAILURE→rollback branch), exactly as
|
||||
the keycloak proof did. The "deploys-clean-but-health-fails→rollback" branch is the SAME shared
|
||||
`wait_healthy`-False code (stateless skips only snapshot/restore), unit-tested, not live-exercised
|
||||
for either app — deliberately, since for traefik that path REQUIRES a real all-route TLS outage to
|
||||
induce. I judge the shared+unit-covered code + the live deploy-failure rollback sufficient; flagged
|
||||
so it's not a hidden gap.
|
||||
|
||||
**Gate verdict: traefik WC1.1 (W0.10a) — PASS @2026-05-29.** This **CLOSES the W0.10 tracked-open
|
||||
item**: WC1.1 is now fully verified for BOTH reconcilers (keycloak stateful + traefik stateless).
|
||||
**Phase-2w gates verified so far:** WC1, WC1.1 (full), WC1.2, WC2, WC3, WC4, WC7. **Remaining for
|
||||
DONE:** WC5, WC6, WC8, WC9.
|
||||
|
||||
Reference in New Issue
Block a user