Summary of required fixes

1. Unify all database names → devportal (remove any remaining portal)
2. Clarify Odoo login variables → rename ODOO_DB_USER/PASSWORD → ODOO_USER/PASSWORD
3. Implement /healthz endpoint in FastAPI (required by K8s probes)
4. Fix build script → actually use --no-cache when building the API image
5. Use only one env patch (patch-api-env.yaml) → disable conflicting patch files
6. Remove plaintext Secrets → use secretGenerator instead
7. Unify API port to 8000 (Service and Ingress remain on port 80)

---

🧩 1. Update .env.example

Replace the file content with this version:

# ---- API ----
API_PORT=8000
LOG_LEVEL=INFO

# ---- PostgreSQL (for portal) ----
POSTGRES_HOST=db
POSTGRES_PORT=5432
POSTGRES_DB=devportal
POSTGRES_USER=dev
POSTGRES_PASSWORD=dev

# Explicit DSN used by the API container
DATABASE_URL=postgresql+psycopg2://dev:dev@db:5432/devportal

# ---- Odoo (JSON-RPC login; NOT Postgres) ----
ODOO_URL=http://odoo:8069
ODOO_DB=odoo
ODOO_USER=admin
ODOO_PASSWORD=admin

# ---- Chroma (vector DB) ----
CHROMA_URL=http://chroma:8000

# ---- OpenAI (optional) ----
OPENAI_API_KEY=
OPENAI_API_BASE=

# ---- Misc ----
TZ=Asia/Tokyo

# ---- Local host ports ----
PORTAL_LOCAL_PORT=18080
ODOO_LOCAL_PORT=8069
CHROMA_LOCAL_PORT=8000
POSTGRES_LOCAL_PORT=5432

Notes

• Removed duplicate DB_* variables → use POSTGRES_* only.
• Unified the API port to 8000.
• Renamed Odoo login variables to ODOO_USER / ODOO_PASSWORD.

---

🗃️ 2. Fix database name in init-configmap.yaml

In k8s/base/postgres/init-configmap.yaml, replace the remaining portal entries with devportal:

-- old
-- IF NOT EXISTS (SELECT FROM pg_database WHERE datname = 'portal') THEN

-- new
IF NOT EXISTS (SELECT FROM pg_database WHERE datname = 'devportal') THEN
  EXECUTE format('CREATE DATABASE %I OWNER %I', 'devportal',
                 current_setting('app.portal_user', true));
END IF;

This ensures both SQL and bash scripts create only one database (devportal).

---

🩺 3. Add /healthz to FastAPI

In api/app/main.py (or equivalent), add the following after the FastAPI() app definition:

from fastapi import FastAPI, Response, status as http_status

app = FastAPI(title="Dev Portal API", version="0.2.0")

@app.get("/healthz")
def healthz():
    # Optional: add DB or Chroma heartbeat checks here
    # return Response(status_code=http_status.HTTP_503_SERVICE_UNAVAILABLE) on failure
    return {"status": "ok"}

This endpoint allows readiness/liveness probes in Kubernetes to work correctly.

---

🏗️ 4. Fix deploy-api.sh

Use --no-cache to actually rebuild the image.

#!/bin/bash
# Script: deploy-api.sh
# Purpose: Build the dev-portal-api Docker image (for Minikube)

set -euo pipefail

# Use Minikube's Docker daemon
eval "$(minikube docker-env)"

cd "$(dirname "$0")/api"
TAG=latest

docker build --no-cache -t dev-portal-api:$TAG -f Dockerfile .
echo "✅ Built image dev-portal-api:$TAG (Minikube Docker)"

---

⚙️ 5. Keep only patch-api-env.yaml as the “source of truth”

• Keep k8s/overlays/local/patch-api-env.yaml — it already uses $patch: replace to replace all env entries.
• Disable (rename) patch-api-env-from-secret.yaml to .off, so it’s not applied by Kustomize.
• Ensure there are no duplicate variables between these patches.

---

🔒 6. Remove plaintext Secrets

• Rename k8s/overlays/local/secret-api-db.yaml → secret-api-db.yaml.off.
• Rely on the secretGenerator already defined in kustomization.yaml (api-auth and postgres-auth).
• The database URL should be dynamically constructed inside the Pod from separate env vars.

---

🌐 7. Port and Ingress consistency

• The API container runs on port 8000, but the Service and Ingress expose port 80.
  No changes needed if already configured.
• Update documentation to reflect that the local API URL is: http://api.local/

---

🌉 8. Access policy and /etc/hosts

Each developer should add this line:

echo "$(minikube ip) api.local odoo.local" | sudo tee -a /etc/hosts

Then access:

• API → http://api.local/
• Odoo → http://odoo.local/
• FastAPI docs → http://api.local/docs

scripts/pfwd.sh should mainly be used for:

• Database (postgres)
• Chroma (chroma)
  If Ingress works, you don’t need to port-forward the API.

---

🔍 9. Verification steps

# 1. Start Minikube and enable ingress
sh minikube_setup.sh

# 2. Build image inside Minikube Docker
sh deploy-api.sh

# 3. Apply Kustomize overlay
sh scripts/apply_local.sh

# 4. Check health endpoint
curl -sf http://api.local/healthz
# → {"status":"ok"}

# 5. Check OpenAPI docs
curl -I http://api.local/docs

# 6. Optional: test Odoo
curl -I http://odoo.local/web

# 7. Optional: test DB
# psql -h localhost -p 15432 -U dev -d devportal -c 'select 1'

---

📋 10. PR Template

Title:
chore(local): unify DB name, add /healthz, and clean up Kustomize patches

Summary

• Unified DB name → devportal
• Added FastAPI /healthz for probes
• Fixed Docker build to use --no-cache
• Cleaned .env.example (API_PORT=8000, ODOO_USER/PASSWORD)
• Disabled duplicate patch files (patch-api-env-from-secret.yaml)
• Removed plaintext Secret (secret-api-db.yaml)
• Verified Ingress access via api.local and odoo.local

Test Steps

1. sh minikube_setup.sh
2. Add hosts entry for api.local and odoo.local
3. sh deploy-api.sh
4. sh scripts/apply_local.sh
5. curl -sf http://api.local/healthz
6. Confirm http://api.local/docs works
7. Confirm http://odoo.local/web responds