cameleer/cameleer-saas
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 5: K8s Operational Layer (was Phase 3) #25

New Issue
Open
opened 2026-03-30 09:23:49 +02:00 by claude · 0 comments
claude commented 2026-03-30 09:23:49 +02:00
Owner
Copy Link

Overview

Add Kubernetes support as the second RuntimeOrchestrator implementation. Same product works on K8s with operational enhancements (namespace isolation, auto-scaling, GitOps).

Architecture decision (2026-04-04): Moved from Phase 3 to Phase 5. Docker-first development means K8s is an operational enhancement, not a prerequisite. All features work in Docker Compose first; K8s adds isolation, scaling, and GitOps. See docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md.

Depends On

  • Phase 4 (#28 — Observability Pipeline, proves the RuntimeOrchestrator interface)

Related Epics

  • #3 (Tenant Provisioning & Lifecycle)
  • #8 (Networking & Tenant Isolation)

Key Deliverables

  • KubernetesRuntimeOrchestrator — fabric8 kubernetes-client implementation
  • Kaniko-based image builds — daemonless builds inside K8s, push to registry
  • Flux CD integration — GitOps deployment for the platform itself
  • Namespace-per-tenant provisioning — automated namespace creation with ResourceQuotas
  • NetworkPolicies — default deny between tenants, allow rules for shared services
  • Helm chart — for K8s deployment of the full platform
  • Registry integration — Gitea registry (SaaS) or registry:2 (self-hosted)
  • cert-manager — TLS certificate lifecycle (replaces Traefik ACME in K8s)

K8s-Only Features (Not Available in Docker)

Feature Docker K8s
Auto-scaling No HPA
Network isolation Docker networks NetworkPolicies
GitOps Manual updates Flux CD
Rolling updates Manual restart Native
Certificate management Traefik ACME cert-manager

Key Dependencies

  • io.fabric8:kubernetes-client — K8s API client
  • Kaniko — daemonless image builds
  • Flux CD — GitOps

PRD Reference

Sections 6 (Tenant Provisioning), 11 (Networking & Tenant Isolation)
Superseded by: docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md

## Overview Add Kubernetes support as the second RuntimeOrchestrator implementation. Same product works on K8s with operational enhancements (namespace isolation, auto-scaling, GitOps). > **Architecture decision (2026-04-04):** Moved from Phase 3 to Phase 5. Docker-first development means K8s is an operational enhancement, not a prerequisite. All features work in Docker Compose first; K8s adds isolation, scaling, and GitOps. See `docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md`. ## Depends On - Phase 4 (#28 — Observability Pipeline, proves the RuntimeOrchestrator interface) ## Related Epics - #3 (Tenant Provisioning & Lifecycle) - #8 (Networking & Tenant Isolation) ## Key Deliverables - **KubernetesRuntimeOrchestrator** — fabric8 kubernetes-client implementation - **Kaniko-based image builds** — daemonless builds inside K8s, push to registry - **Flux CD integration** — GitOps deployment for the platform itself - **Namespace-per-tenant provisioning** — automated namespace creation with ResourceQuotas - **NetworkPolicies** — default deny between tenants, allow rules for shared services - **Helm chart** — for K8s deployment of the full platform - **Registry integration** — Gitea registry (SaaS) or registry:2 (self-hosted) - **cert-manager** — TLS certificate lifecycle (replaces Traefik ACME in K8s) ## K8s-Only Features (Not Available in Docker) | Feature | Docker | K8s | |---------|--------|-----| | Auto-scaling | No | HPA | | Network isolation | Docker networks | NetworkPolicies | | GitOps | Manual updates | Flux CD | | Rolling updates | Manual restart | Native | | Certificate management | Traefik ACME | cert-manager | ## Key Dependencies - `io.fabric8:kubernetes-client` — K8s API client - Kaniko — daemonless image builds - Flux CD — GitOps ## PRD Reference Sections 6 (Tenant Provisioning), 11 (Networking & Tenant Isolation) Superseded by: `docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md`
claude added the infranetworkingphase-3 labels 2026-03-30 09:24:44 +02:00
claude changed title from Phase 3: K8s Infrastructure + Provisioning to Phase 5: K8s Operational Layer (was Phase 3) 2026-04-04 14:40:05 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
auth
Identity, authentication, OIDC, RBAC
 billing
Billing, metering, and Stripe integration
 day-1
Required for initial launch
 epic
Top-level epic grouping related issues
 future
Planned for future release
 infra
Infrastructure, GitOps, K8s orchestration
 licensing
License module and feature gating
 networking
Network isolation, VPN, tenant separation
 observability
Observability integration (cameleer3-server)
 ops
Platform operations and self-monitoring
 phase-1
Phase 1: Foundation + Auth
 phase-2
Phase 2: Tenants + Licensing
 phase-3
Phase 3: Runtime Orchestration + Environments
 phase-4
Phase 4: Observability Pipeline + Inbound Routing
 phase-5
Phase 5: K8s Operational Layer
 phase-6
Phase 6: Billing + Metering
 phase-7
Phase 7: Billing + Metering
 phase-8
Phase 8: Security Hardening + Self-Monitoring
 phase-9
Phase 9: Frontend (React Shell)
 platform
SaaS management platform
 runtime
Camel application runtime
 secrets
Secrets management and vault integration
 security
Security, compliance, SOC 2, audit
 task
Implementation task within a phase
No Label infra networking phase-3
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-saas#25
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?