Goal: Cloud deployment is reproducible and stable on GKE via GitOps, with all services healthy and reachable over HTTPS.

Scope

• Monitor and resolve the current "Deploy to GKE" workflow run
• Verify web, api-backend, streaming-proxy deployments are healthy
• Confirm API ↔ PostgreSQL connectivity (respecting NetworkPolicies)
• Validate public health endpoints (HTTPS)
• Ensure SSL certificates and ingress routing
• Run end-to-end smoke validation

Acceptance Criteria (Definition of Done)

• A successful run of
  • Deploy Postgres via Helm
  • Deploy to GKE (all 3 jobs: web, api, streaming) on main
• All deployments show desired=available, readiness OK, no crash loops
• API connects to Postgres; migration status verified
• Health endpoints return 200: API, streaming, web
• TLS certs provisioned and Ingress resolvable via DNS
• E2E validation script passes; basic user flow tested

Dependencies

• WIF SA permissions to run Cloud Build and access GKE
• DNS pointing to LoadBalancer IP and ManagedCertificate readiness

Tracking

• Child issues (to be populated below) will be linked here.

Effort: M (2–4 days)
Priority: P0

Testing & Validation

• Use GitHub Actions runs on main
• kubectl get deploy, describe pods, events
• curl health endpoints over HTTPS
• Inspect API logs for DB connectivity
• Validate ManagedCertificate/Ingress status
• Run scripts/deploy/run_tunnel_validation.sh