Configure prod k8s overlay for FLASHApp deployment

[t0mdavid-m]

Summary

Wire the prod Kustomize overlay to actually deploy FLASHApp instead of the inherited template-app placeholders, plus a few sizing knobs and a CI fix needed for :latest to exist at all on this fork.

Overlay (k8s/overlays/prod/kustomization.yaml)

• namePrefix and commonLabels.app: template-app → flashapp
• Image: ghcr.io/openms/streamlit-template:main-full → ghcr.io/openms/flashapp:latest
• IngressRoute hosts: template.webapps.openms.{de,org} → flashapp.webapps.openms.{de,org}
• IngressRoute service ref + both Redis URL patches updated to flashapp-*
• Memory tier component: memory-tier-low → memory-tier-high
• New patch op: rq-worker Deployment replicas: 1 → 5

Base (k8s/base/workspace-pvc.yaml)

• Workspace PVC: 500Gi → 3Ti (PVC name and claimName untouched so kustomize still scopes it to flashapp-workspaces-pvc)

CI (.github/workflows/build-and-test.yml)

• Flip the latest-tag enable gate from refs/heads/main → refs/heads/develop for both the OCI image (line 79) and the Apptainer SIF (line 306). FLASHApp's CI only triggers on develop pushes and v* tags, so without this change :latest would never get published and ImagePullBackOff would block the cluster.

Operator notes (post-merge)

1. Cluster operator runs kubectl apply -k k8s/overlays/prod/ against the OpenMS cluster.
2. Verify rollout: kubectl -n openms rollout status deployment/flashapp-streamlit deployment/flashapp-rq-worker.
3. Browser-check https://flashapp.webapps.openms.de (and .org).
4. Future develop merges: re-apply isn't enough — :latest doesn't trigger a rollout on its own. Run kubectl -n openms rollout restart deployment/flashapp-streamlit deployment/flashapp-rq-worker after each CI run to pick up the rebuilt image.

Caveats

• RWO PVC co-location: workspaces-pvc is ReadWriteOnce. After rollout, 2 streamlit + 5 rq-worker = 7 pods must share one node. If pods sit Pending, scale rq-worker back down or switch the storage class to RWX.
• memory-tier-high: requires worker nodes labelled openms.de/memory-tier=high. Confirms with cluster admin that capacity exists alongside the existing heavy DIA apps.
• 3Ti PVC: needs 3Ti free in cinder-csi. In-place expansion of an already-deployed PVC requires allowVolumeExpansion: true on the StorageClass — recreate, don't edit, if expansion isn't allowed.

Test plan

• CI lint-manifests passes against the rewritten overlay
• CI build job publishes ghcr.io/openms/flashapp:latest (verify on GHCR after merge)
• CI publish-apptainer job publishes ghcr.io/openms/flashapp/sif:latest
• CI test-traefik / test-nginx kind jobs come up under the new flashapp- resource names
• Cluster kubectl apply -k succeeds; pods reach Ready
• https://flashapp.webapps.openms.de and https://flashapp.webapps.openms.org both serve the app

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated build workflow to publish latest image tags on develop branch
  • Increased workspace storage capacity from 500GB to 3TB
  • Updated production environment configuration and deployment settings

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR updates CI/CD tagging strategy to publish latest Docker images and SIF packages from the develop branch instead of main, and reconfigures production Kubernetes deployment from template-app to flashapp with increased storage capacity and updated resource patches.

Changes

CI/CD Tagging Strategy

Layer / File(s)	Summary
Docker and SIF publish latest tag conditions .github/workflows/build-and-test.yml	Both the Docker image build and SIF publishing jobs update their metadata-action tag rules to enable the latest tag on pushes to the develop branch (when matrix variant is full).

Production flashapp Deployment Configuration

Layer / File(s)	Summary
Production storage provisioning k8s/base/workspace-pvc.yaml	Workspace PVC storage capacity increases from 500Gi to 3Ti to support production demands.
flashapp deployment setup and patching k8s/overlays/prod/kustomization.yaml	Production Kustomize configuration replaces template-app with flashapp: component selection, namePrefix, commonLabels, and image references are updated to flashapp; patches reconfigure IngressRoute host matching, Redis connection env vars, and rq-worker replicas to 5.

🐰 A rabbit hops through Kubernetes with glee,
Latest tags now flow from develop, you see!
Storage grows vast, from five-hundred to three,
FlashApp now shines in production, so free!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the main change: configuring production Kubernetes overlay for FLASHApp deployment, which is the primary focus across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch deploy_cluster

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}