Update SnapAPI plan for K3s infrastructure

projects/ideas/product-ideas.md

@@ -26,10 +26,10 @@ URL → PNG/JPEG/WebP screenshot via API. Full-page capture, custom viewports, w
 | CaptureKit | $7/1K | Newer, limited track record |
 
 ### Tech Stack
-- Node.js + Puppeteer/Playwright in Docker
+- Node.js + Puppeteer/Playwright (same as DocFast)
 - Same auth/billing pattern as DocFast (Stripe)
-- PostgreSQL for usage tracking
-- Hetzner CAX11 or shared with DocFast
+- PostgreSQL for usage tracking (CNPG shared cluster)
+- Runs on existing K3s cluster in own namespace
 
 ### MVP Timeline: 2-3 weeks
 
@@ -39,10 +39,15 @@ URL → PNG/JPEG/WebP screenshot via API. Full-page capture, custom viewports, w
 
 ### Phase 1: Infrastructure (Day 1-2)
 1. Create Forgejo repo `openclawd/snapapi`
-2. Set up Hetzner server (or colocate with DocFast)
-3. Domain: pick a domain (snapapi.dev? screenshotapi.eu? capturefast.dev?)
-4. SSL + nginx reverse proxy
-5. PostgreSQL database
+2. Create K8s namespace `snapapi` on existing K3s cluster
+3. Create database `snapapi` on CNPG cluster (`main-db` in `postgres` namespace)
+4. Create K8s secrets (`snapapi-secrets`) in `snapapi` namespace — DB URL, Stripe keys
+5. Create `forgejo-registry` imagePullSecret in `snapapi` namespace
+6. Domain: pick a domain (snapapi.dev? screenshotapi.eu? capturefast.dev?)
+7. DNS: A record → 46.225.37.135 (Hetzner LB)
+8. Ingress + cert-manager TLS (same ClusterIssuer `letsencrypt-prod`)
+9. Set up CI/CD: deploy.yml (main→staging) + promote.yml (tag→prod)
+10. Deployer SA with RBAC scoped to `snapapi` namespace
 
 ### Phase 2: Core Product (Day 3-7)
 1. API endpoint: `POST /v1/screenshot` with URL, viewport, format, full-page options
@@ -63,12 +68,12 @@ URL → PNG/JPEG/WebP screenshot via API. Full-page capture, custom viewports, w
 4. SEO basics (meta tags, sitemap, JSON-LD)
 
 ### Phase 5: Operations (Day 14-17)
-1. CEO skill file (copy DocFast CEO pattern)
+1. CEO skill file (copy DocFast CEO pattern, update with K3s infra)
 2. Uptime monitor cron
 3. Support mailbox (FreeScout)
 4. Support agent cron
 5. CEO scheduling (morning/afternoon/evening sessions)
-6. Off-site backup (BorgBackup to Storage Box)
+6. Borg backup (pg_dump to Storage Box — same setup as DocFast)
 
 ### Phase 6: Launch (Day 17-21)
 1. Marketing specialist for launch copy
@@ -76,9 +81,21 @@ URL → PNG/JPEG/WebP screenshot via API. Full-page capture, custom viewports, w
 3. SEO quick wins
 4. Monitor first users
 
+### K3s Deployment Details
+```
+Namespace: snapapi (prod), snapapi-staging (staging)
+Database: snapapi / snapapi_staging on main-db-pooler.postgres.svc:5432
+Registry: git.cloonar.com/openclawd/snapapi
+Ingress: Traefik, TLS via cert-manager
+Replicas: 2 prod, 1 staging
+LB: same Hetzner LB (46.225.37.135) — no extra infra cost!
+```
+
+**Cost for SnapAPI infrastructure: €0/mo extra** (runs on existing K3s cluster + shared DB)
+
 ### Key Learnings from DocFast to Apply
 - Ship with `.env` persistence from day 1 (no recurring checkout failures)
-- CI/CD with secrets from Forgejo from the start
+- CI/CD with staged deployment from the start (main→staging, tag→prod)
 - `overflow-x: clip` not `hidden` for sticky nav
 - FreeScout `text` field needs HTML for formatting
 - FreeScout threads are reverse chronological
@@ -87,7 +104,11 @@ URL → PNG/JPEG/WebP screenshot via API. Full-page capture, custom viewports, w
 - Build-time HTML templating (zero deps)
 - Status page from day 1
 - Brotli compression from day 1
-- Server healthcheck cron from day 1
+- Uptime monitor cron from day 1
+- Separate staging DB from day 1 (never share prod DB!)
+- HA: readiness probe every 5s, fail after 2; tolerations 10s
+- HA: podAntiAffinity to spread across workers
+- CEO sessions need 1 hour timeout (runTimeoutSeconds: 3600)
 
 ---