AMD-AGI · weilei0120 · Apr 23, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 8, 2026
@@ -234,4 +234,8 @@ Web/apps/*/dist/
 Web/pnpm-debug.log*
 Web/apps/*/.env.development.local
 Web/apps/*/.env.production
-*.tsbuildinfo
+*.tsbuildinfo
+
+# ── Bootstrap ────────────────────────────────────────────────────
+Bootstrap/kubespray/
+Bootstrap/kubespray-venv/
@@ -80,8 +80,8 @@ install_higress() {
     # --namespace: specify the installation namespace
     # --create-namespace: create namespace if it doesn't exist
     # -f: specify custom configuration file
-    helm upgrade --install higress oci://registry-1.docker.io/primussafe/higress \
-        --namespace higress-system --version 2.1.8 \
+    helm upgrade --install higress higress.io/higress \
+        --namespace higress-system --version 2.2.0 \
         --create-namespace \
         -f "${SCRIPT_DIR}/values.yaml"
 
@@ -92,9 +92,7 @@ install_higress() {
 install_gateway_api() {
     log_info "Deploying Kubernetes Gateway API CRDs..."
 
-    # Install Gateway API v1.0.0 experimental version
-    # Includes GatewayClass, Gateway, HTTPRoute, TCPRoute and other CRDs
-    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml
+    kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/experimental-install.yaml
 
     log_info "Gateway API CRDs deployment completed"
 }

@@ -0,0 +1,13 @@
+apiVersion: chainsaw.kyverno.io/v1alpha2
+kind: Configuration
+metadata:
+  name: bootstrap-tests
+spec:
+  timeouts:
+    apply: 10s
+    assert: 10s
+    exec: 15s
+  cleanup:
+    skipDelete: false
+  execution:
+    failFast: true
@@ -0,0 +1,42 @@
+# Bootstrap Infrastructure Tests
+
+Infrastructure unit tests for Bootstrap components using [Kyverno Chainsaw](https://kyverno.github.io/chainsaw/latest/).
+
+## Prerequisites
+
+Quickstart Chainsaw: https://kyverno.github.io/chainsaw/latest/quick-start/install/
+
+You also need `kubectl` configured with access to the target cluster.
+
+## Running Tests
+
+From the `Bootstrap` directory:
+
+```bash
+cd ~/Primus-SaFE/Bootstrap
+sudo nerdctl run --rm \
+    -v ./tests/:/chainsaw/ \
+    -v ${HOME}/.kube/:/etc/kubeconfig/ \
+    -e KUBECONFIG=/etc/kubeconfig/config \
+    --network=host \
+    ghcr.io/kyverno/chainsaw \
+    test /chainsaw --config /chainsaw/.chainsaw.yaml
+```
+
+## Test Structure
+
+Each Bootstrap component gets its own folder containing a `chainsaw-test.yaml`:
+
+```
+tests/
+  .chainsaw.yaml          # Shared configuration
+  higress/
+    chainsaw-test.yaml    # Higress deployment health checks
+  README.md
+```
+
+## Available Tests
+
+| Test | What it verifies |
+|------|------------------|
+| `higress/` | higress-controller ready, higress-gateway pods running, Gateway resource exists |
@@ -0,0 +1,40 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: higress-deployment-health
+spec:
+  description: Verify that the Higress gateway deployment is healthy after running Bootstrap/higress/higress.sh
+  steps:
+  # Step 1: higress-controller Deployment has ready replicas
+  - name: higress-controller-is-ready
+    try:
+    - assert:
+        resource:
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: higress-controller
+            namespace: higress-system
+          status:
+            (readyReplicas > `0`): true
+
+  # Step 2: At least one higress-gateway pod is Running
+  - name: higress-gateway-pods-running
+    try:
+    - script:
+        content: |
+          kubectl get pods -n higress-system -l app=higress-gateway \
+            -o jsonpath='{.items[0].status.phase}'
+        check:
+          ($stdout): Running
+
+  # Step 3: Gateway resource exists in the cluster
+  - name: gateway-resource-exists
+    try:
+    - assert:
+        resource:
+          apiVersion: gateway.networking.k8s.io/v1
+          kind: Gateway
+          metadata:
+            name: ssh-gateway
+            namespace: higress-system