- Delete gingress templates (deployment, rbac, service)
- Remove gingress config block from values.yaml
- Switch ingress class to nginx with full annotations:
- Unlimited body size for large file uploads
- WebSocket support with 1h timeouts
- Cookie-based session affinity
- Real IP passthrough via X-Forwarded-For
PVC name is now immutable — hardcoded in all 4 deployment templates instead
of being a configurable Helm value. Removed pvcName from values.yaml and
--set pvcName from deploy.sh. This ensures the PVC can never be renamed or
deleted by Helm operations, only manually via kubectl.
Email worker and other pods fail with "Read-only file system" when
readOnlyRootFilesystem is true, since they need to write temp files.
Also adds debug print statements for database connection lifecycle.
ConfigMap values are in seconds (e.g. connection_timeout=30 means 30s),
but Duration::from_millis() interpreted them as ms (30ms), causing pool
timeout on startup. Changed to from_secs(). Also removed Namespace from
Helm chart to prevent cascade deletion of PVC/ConfigMap on uninstall.
- Set primary domain gitdata.ai and static.gitdata.ai with cert-manager TLS
- Add LoadBalancer service for gitserver SSH (port 2222)
- Exclude .server.yaml from Helm packaging
- Add gitignore and prettier configuration files for project scaffolding
- Implement room access control service with project member verification
- Create user access key management with CRUD operations and activity logging
- Add accordion UI component for frontend expandable sections
- Implement room AI configuration with list, upsert, and delete operations
- Add AI event types for agent join/leave/status change tracking
- Create streaming AI processing services for mode and react patterns
- Build room AI service with model detection and idempotency handling
- Integrate chat service orchestration for AI message processing
- Add typing indicators and stream cancellation for AI interactions
- Implement mention parsing and context extraction for AI agents
Add HorizontalPodAutoscaler (autoscaling/v2) using CPU and memory utilization
metrics to all deployment templates: app, static, gitserver, git-hook,
operator, adminrpc. Email-worker is excluded as requested.
- CPU target: 80% average utilization
- Memory target: 80% average utilization
- Each service has per-service min/max replicas in values.yaml
- Operator autoscaling defaults to disabled (enabled: false)
- Conditional via {{ if .Values.<service>.autoscaling.enabled }}
Health monitoring:
- gitserver: /health endpoint on port 8021 (DB + Redis ping)
- git-hook: hyper health server on port 8083 with /health
- email-worker: hyper health server on port 8084 with /health
- K8s probes updated to httpGet for all three services
Metrics (via /metrics endpoint):
- git-hook: hook_tasks_total/success/failed/locked/retried/exhausted,
hook_sync_branches/tags_changed_total
- email: email_queued/consumed/sent/failed_total,
email_validation_skipped/build_errors/send_attempts_total
The adminrpc binary runs HTTP endpoints on port grpc_port+1 (9091),
but k8s deployment only exposed port 9090 (gRPC). The /api/admin/*
HTTP routes were unreachable from the admin dashboard frontend.
- Add http container port 9091 to Deployment
- Add http named port to k8s Service
- Point liveness/readiness probes to HTTP port 9091
- Add http_port: 9091 to Helm values.yaml
Frontend:
- Add Discord-style 3-column layout (server icons / channel sidebar / chat)
- AI Studio design system: new CSS token palette (--room-* vars)
- Replace all hardcoded Discord colors with CSS variable tokens
- Add RoomSettingsPanel (name, visibility, AI model management)
- Settings + Member list panels mutually exclusive (don't overlap)
- AI models shown at top of member list with green accent
- Fix TS errors: TipTap SuggestionOptions, unused imports, StarterKit options
- Remove MentionInput, MentionPopover, old room components (废弃代码清理)
Backend:
- RoomAiResponse returns model_name from agents.model JOIN
- room_ai_list and room_ai_upsert fetch model name for each config
- AiConfigData ws-protocol interface updated with model_name
Note: RoomSettingsPanel UI still uses shadcn defaults (未完全迁移到AI Studio)
GitHook controller was generating a Deployment without any persistent
storage — only a ConfigMap volume at /config. The worker needs /data to
access repo storage paths (APP_REPOS_ROOT defaults to /data/repos).
Changes:
- GitHookSpec: added storage_size field (default 10Gi), matching the
pattern already used by GitServerSpec
- git_hook.rs reconcile(): now creates a PVC ({name}-data) before the
Deployment, mounts it at /data, and sets APP_REPOS_ROOT=/data/repos
- git-hook-crd.yaml: synced storageSize field into the CRD schema
The git-hook worker needs /data to access repo storage paths, but the
deployment defined the shared-data PVC volume at pod level without
attaching it to the container via volumeMounts. Added the missing
volumeMounts block (name: shared-data, mountPath: /data) so the PVC is
properly mounted into the git-hook container, consistent with app and
static deployments.
validate_origin() only allowed localhost origins by default, causing
production WebSocket connections to be rejected. Now it reads
APP_DOMAIN_URL and APP_STATIC_DOMAIN from env and automatically
adds their http/https/ws/wss variants to the allowed origins list.
Also add APP_DOMAIN_URL to the production configmap.
Without a shared cookie signing key, each pod generates a random key on
startup. Requests that hit different pods fail session validation, causing
CaptchaError when the captcha and login requests route to different pods.
- Add procps to git-hook and email-worker Dockerfiles (provides pgrep)
- Change all exec probes from pgrep to kill -0 1 (more reliable, bash built-in)
- Add startupProbe to gitserver with 30 failure threshold (5min max startup time)
- Increase gitserver liveness initialDelay to 30s for slower SSH init
ConfigMap was removed from Helm chart (managed externally).
Secret contains all required env vars (APP_DATABASE_URL, APP_REDIS_URL,
SMTP credentials, SSH domain/key, etc.) and is always rendered
(helm.sh/resource-policy: keep prevents deletion on upgrade).
Also add APP_SSH_PORT and APP_SSH_SERVER_PRIVATE_KEY to secret template.
Replace individual configMapKeyRef env vars with envFrom + configMapRef
to inject the full ConfigMap, plus minimal env blocks for static values.
Also remove resources block from operator deployment (K8s schema validation).
