From 39497fec1ba6adf7a2079b36f6ae303d61544868 Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Thu, 30 Apr 2026 16:22:00 +0000 Subject: [PATCH] release: deploy-hardening II complete (v2.X.0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase 16 of the deploy-hardening II master bundle. All 16 phases shipped on master ahead of v2.0.66 (16 commits since Bundle I release; 5 commits for Bundle II itself): Phase 0: setup + recon + 14 frozen decisions confirmed Phase 1: 11 sidecars in docker-compose.test.yml (apache, haproxy, traefik, caddy, envoy, postfix, dovecot, openssh, f5-mock-icontrol, k8s-kind, windows-iis) + in-tree f5-mock-icontrol Go server Phases 2-13: 122 named TestVendorEdge___E2E tests across 13 connectors + shared helpers Phase 14: docs/deployment-vendor-matrix.md (the procurement deliverable) + 5 per-connector deep-dive docs (nginx, k8s, iis, apache, f5) Phase 15: per-vendor CI matrix job in .github/workflows/ci.yml (12 vendors on ubuntu-latest + IIS/WinCertStore on windows-latest, fail-fast: false) Phase 16: release notes + reddit-beat + Active Focus + tag handoff Closes the third procurement-checklist gap with Venafi/DigiCert/ Sectigo: vendor-specific deployment recipes tested against real binaries. Test depth at bundle close (per-connector totals): apache 34, caddy 30, envoy 31, f5 56, haproxy 36, iis 46, javakeystore 25, k8ssecret 24, nginx 59, postfix 30, ssh 61, traefik 30, wincertstore 25 Plus 122 TestVendorEdge_*_E2E across the bundle. Backwards compat preserved — no API surface changes; the bundle is purely test infrastructure + docs + CI matrix. Cowork artifacts: - cowork/deploy-hardening-ii/baseline.md (Phase 0 recon) - cowork/deploy-hardening-ii/v2.X.0-release-notes.md - cowork/deploy-hardening-ii/reddit-beat.md (don't auto-post) Spec preserved at cowork/deploy-hardening-ii-prompt.md. V3-Pro deferrals (documented in release notes): - Real Envoy SDS gRPC server (file-mode is V2 contract) - cert-manager Certificate CR as first-class deploy target - Multi-region deployment coordination - Cert-pinning verification against mobile-app pin manifests - SOC 2 evidence-report generator - Customer-paid validation matrices - A managed-deploy-orchestration UI Operator picks the exact v2.X.0 tag value.