Skip to content

Verify Hybrid Portal Burst Lane

Intent

  • Purpose: Confirm that the neutral portal web tier is healthy on the burst cluster while identity remains upstream.
  • Trigger: Pre-demo validation, release review, or confirmation after a portal-lane refresh.
  • Impact: Verifies the GitOps root, in-cluster workload health, public route behaviour, and the upstream authentication boundary.
  • Severity: P2
  • Rollback: Verification only. If the lane is unhealthy, pause rollout and reconcile the relevant GitOps or runtime-bundle state before proceeding.

Preconditions

  • The burst cluster and its kubeconfig are already published.
  • The portal-lane GitOps root is already deployed.
  • The upstream identity service is reachable.

Verify GitOps state

hyops show module platform/k8s/argocd-bootstrap#gke_burst_portal_gitops --env dev

Expected:

  • status=ok
  • root_app_name: hyops-dev-burst-portal-stage1
  • workloads_target_path: targets/internal/dev-burst-portal-stage1

Verify cluster state

KUBECONFIG="$HOME/.hybridops/envs/dev/state/kubeconfigs/gke-burst.yaml" \
kubectl -n argocd get applications.argoproj.io

KUBECONFIG="$HOME/.hybridops/envs/dev/state/kubeconfigs/gke-burst.yaml" \
kubectl -n portal get ingress,deploy,pods,externalsecret,secret

Expected:

  • hyops-dev-burst-portal-stage1 is Synced and Healthy
  • showcase-portal is running at the expected replica count
  • showcase-portal-secrets reports Ready=True

Verify public route behaviour

curl -fsSI https://learn.hybridops.tech/learn/login
curl -fsSI https://learn.hybridops.tech/learn/account
curl -fsSI 'https://learn.hybridops.tech/learn/auth/start?next=%2Flearn%2Faccount'

Expected:

  • /learn/login returns 200
  • /learn/account returns 302
  • the auth start route redirects to the upstream identity service
  • the callback target remains on https://learn.hybridops.tech/learn/auth/callback

Optional runtime proof

When the lane depends on a private runtime payload, confirm the current bundle bridge as well:

hyops show module platform/k8s/runtime-bundle-secret#showcase_portal_runtime_dev_burst --env dev

Browser confirmation

Open:

  • https://learn.hybridops.tech/learn/login
  • https://learn.hybridops.tech/learn/account

What to confirm:

  • the login page is served from the burst web lane
  • protected routes redirect cleanly to the upstream identity service
  • the hybrid boundary remains intentional and visible

References