Wire ArgoCD app-of-apps + buyerchat Argo Rollouts canary

[ykstorm]

What

Makes the README's two standing claims true: a real ArgoCD app-of-apps, and an Argo Rollouts canary for buyerchat. Built against 2ebc478 (HEAD at branch time — no drift from the plan).

Changes

Infra wrapper charts

• infra/argo-rollouts/ and infra/argocd/ — Chart.yaml pins the upstream argo-helm charts (argo-rollouts 2.41.0, argo-cd 9.5.21) as dependencies, plus minimal values.yaml and a README. Unlike the older values-only overlays these are self-contained so helm lint runs in CI and the app-of-apps can render them from an in-repo path. Chart.lock is committed; the vendored charts/*.tgz are gitignored and re-fetched by helm dependency build.

App-of-apps

• argocd/root-app.yaml — the root Application pointing at argocd/apps/ with automated sync + prune + self-heal.
• argocd/apps/*.yaml — one child Application per component that actually exists: 6 total (ingress-nginx, cert-manager, sealed-secrets, kube-prometheus-stack, argo-rollouts, buyerchat). Values-only overlays use ArgoCD multi-source ($values); the wrapper charts and buyerchat point at in-repo paths.

buyerchat Rollout + analysis

• helm/buyerchat/templates/rollout.yaml — Argo Rollout, canary 25→50→75→100 with an analysis gate at 25%. Pod spec is a verbatim copy of the Deployment (security context, tcpSocket probes + rationale, volumes, NetworkPolicies all carried over unchanged).
• helm/buyerchat/templates/analysis-template.yaml — AnalysisTemplate querying the kps Prometheus.
• deployment.yaml wrapped in {{- if not .Values.rollout.enabled }} so exactly one of Deployment/Rollout renders.
• values.yaml gains a rollout: block (default enabled: false); values.dev.yaml sets enabled: true.

Wiring + CI + docs

• Makefile / scripts/up.ps1 — install argo-rollouts then argocd, apply the app-of-apps root, add rollout-status; the stale "until Day 6" comment is gone.
• .github/workflows/ci.yml — a gitops job that lints/renders the wrapper charts, renders the rollout-enabled buyerchat, and validates the app-of-apps manifests (all -ignore-missing-schemas for the CRD kinds).
• README.md — child-app count set to the real 6; canary section made accurate. docs/gitops.md documents the flow.

Honesty note on the analysis query

The AnalysisTemplate uses a conservative up-based liveness query (fraction of buyerchat targets Prometheus reports scrapeable), not a request-success-rate. buyerchat runs degraded with no app source in this repo, so its exported metric names can't be confirmed. The template carries a TODO marking the one query to swap once the image exports request counters on /api/metrics. It does not claim a success-rate gate it can't compute.

Done criteria (run locally, all pass)

helm lint helm/buyerchat            → 0 failed
helm lint infra/argo-rollouts       → 0 failed
helm lint infra/argocd              → 0 failed
helm template ... -f values.dev.yaml | kubeconform -strict -ignore-missing-schemas  → Valid 5 / Invalid 0 / Skipped 4
helm template helm/buyerchat        | kubeconform -strict -ignore-missing-schemas  → Valid 6 / Invalid 0 / Skipped 2
kubeconform -strict -ignore-missing-schemas argocd/root-app.yaml argocd/apps/*.yaml → 7 valid/skipped, 0 invalid

Count checks: kind: Rollout (dev) = 1, kind: Deployment (dev) = 0, kind: Deployment (default) = 1, kind: AnalysisTemplate (dev) = 1, child Applications = 6, until Day 6 in up.ps1 = 0.

Maintenance note

The buyerchat pod template now lives in both deployment.yaml and rollout.yaml. A change to the pod spec must be made in both. Extracting it into a shared _helpers.tpl named template is a worthwhile follow-up (out of scope here).

🤖 Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.