servala/servala-portal
8
1
Fork 0
Code Issues 37 Pull requests 6 Projects 2 Releases 19 Packages 2 Activity Actions

WIP: Managed K8s with SSA and Sync UI #522

Draft
tobru wants to merge 4 commits from k8s-ssa into main
pull from: k8s-ssa
merge into: servala:main
Conversation 0 Commits 4 Files changed 30 +3955 -209
tobru commented 2026-05-21 14:16:22 +00:00
Owner
Copy link
No description provided.
renovate force-pushed k8s-ssa from 06130cfd04 to b4f455257e
All checks were successful
Tests / test (push) Successful in 1m0s
Details
2026-06-01 13:59:17 +00:00 Compare 
Add the SERVALA_SSA_WRITES flag (default off). When enabled, create_instance
and update_spec write to Kubernetes via server-side apply with per-concern
field managers instead of a single merge patch, matching the managers used by
the sync patcher so ownership stays consistent across create, update and sync.

_split_spec_by_manager assigns each spec field to exactly one manager (user-spec
excludes compute/hardcoded-owned paths). Writes use force=True to assert the
portal's declared state and lazily migrate existing objects' field ownership
from Update to Apply on their next edit. create_instance bootstraps the full
schema-complete spec under the user-spec manager, then carves out per-manager
ownership with forced slice applies. With the flag off, the legacy merge-patch
and create verbs are used unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
frontend: add staff instance sync UI and audit log
All checks were successful
Tests / test (push) Successful in 1m0s
Details
fec271fae4 
Add a staff-only /staff/sync/ tool that previews configuration drift between
the portal and live Kubernetes resources as a classic diff, then applies
selected fixes via the server-side-apply sync patcher. The flow is scope
picker -> drift report -> dry-run confirmation (surfacing SSA conflicts with
per-field force toggles) -> apply, with selections signed via Django's signer
to prevent tampering and re-scanned before apply to skip fields that drifted
again. Applies are capped per submission and gated by a new core.sync_instances
rules permission (staff by default, separately revocable).

Every applied/skipped/failed/stale field is recorded in a new
InstanceSyncAuditLog model.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
All checks were successful
Tests / test (push) Successful in 1m0s
Details
This pull request is marked as a work in progress.
This branch is out-of-date with the base branch
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin k8s-ssa:k8s-ssa
git switch k8s-ssa

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff k8s-ssa
git switch k8s-ssa
git rebase main
git switch main
git merge --ff-only k8s-ssa
git switch k8s-ssa
git rebase main
git switch main
git merge --no-ff k8s-ssa
git switch main
git merge --squash k8s-ssa
git switch main
git merge --ff-only k8s-ssa
git switch main
git merge k8s-ssa
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
API
Relates to API

  
Billing
Billing and invoicing

  
UI/UX
User interface and user experience

  
dependencies
Dependencies Update

  
bug
Something is not working

  
change
Change an existing feature

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
API
Billing
UI/UX
dependencies
bug
change
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
servala/servala-portal!522
No description provided.