add generic multi-user cluster onboarding system

Data-driven user onboarding: add a JSON entry to Vault KV k8s_users, apply vault + platform + woodpecker stacks, and everything is auto-generated. Vault stack: namespace creation, per-user Vault policies with secret isolation via identity entities/aliases, K8s deployer roles, CI policy update. Platform stack: domains field in k8s_users type, TLS secrets per user namespace, user domains merged into Cloudflare DNS, user-roles ConfigMap mounted in portal. Woodpecker stack: admin list auto-generated from k8s_users, WOODPECKER_OPEN=true. K8s-portal: dual-track onboarding (general/namespace-owner), namespace-owner dashboard with Vault/kubectl commands, setup script adds Vault+Terraform+Terragrunt, contributing page with CI pipeline template, versioned image tags in CI pipeline. New: stacks/_template/ with copyable stack template for namespace-owners.
2026-03-15 22:23:36 +00:00 · 2026-03-15 22:23:36 +00:00 · 0610ea30d4
commit 0610ea30d4
parent 5bc50af99e
13 changed files with 530 additions and 40 deletions
--- a/.woodpecker/k8s-portal.yml
+++ b/.woodpecker/k8s-portal.yml
@ -24,23 +24,23 @@ steps:
      context: stacks/platform/modules/k8s-portal/files
      platforms:
        - linux/amd64
-      auto_tag: true
+      tag: ["${CI_PIPELINE_NUMBER}", "latest"]
      cache_from: "viktorbarzin/k8s-portal:latest"
      cache_to: "type=inline"

  - name: deploy
    image: bitnami/kubectl:latest
    commands:
-      - "kubectl rollout restart deployment/k8s-portal -n k8s-portal"
+      - "kubectl set image deployment/k8s-portal portal=viktorbarzin/k8s-portal:${CI_PIPELINE_NUMBER} -n k8s-portal"
      - "kubectl rollout status deployment/k8s-portal -n k8s-portal --timeout=120s"
-      - "echo 'k8s-portal deployed successfully'"
+      - "echo 'k8s-portal deployed successfully (build ${CI_PIPELINE_NUMBER})'"

  - name: slack
    image: curlimages/curl
    commands:
      - |
        curl -s -X POST -H 'Content-type: application/json' \
-          --data "{\"text\":\"K8s Portal: build + deploy ${CI_PIPELINE_STATUS}\"}" \
+          --data "{\"text\":\"K8s Portal: build #${CI_PIPELINE_NUMBER} ${CI_PIPELINE_STATUS}\"}" \
          "$SLACK_WEBHOOK" || true
    environment:
      SLACK_WEBHOOK: