From 6f6f8c1c55c78e78f55400e05895fe27f77a91d3 Mon Sep 17 00:00:00 2001 From: Sten Date: Fri, 29 May 2026 10:25:37 +0200 Subject: [PATCH] fix(apps): explicit forte-drop namespace (sync-wave -1, Prune=false) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Codex review: the apps overlay applies namespaced resources (keycloak-client Secrets, forte-drop-secrets, PDB) to forte-drop, but no base created the namespace — first sync on a fresh cluster raced ahead of the Applications' CreateNamespace and failed with 'namespaces forte-drop not found' until a retry. Add an explicit Namespace at sync-wave -1 so it exists before the wave-0 namespaced resources (covers both web + mcp bases via the shared parent). Prune=false keeps removing a base from cascade- deleting the namespace + postgres data + the other deployment. --- apps/base/forte-drop/kustomization.yaml | 1 + apps/base/forte-drop/namespace.yaml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 apps/base/forte-drop/namespace.yaml diff --git a/apps/base/forte-drop/kustomization.yaml b/apps/base/forte-drop/kustomization.yaml index f79762a..af947b2 100644 --- a/apps/base/forte-drop/kustomization.yaml +++ b/apps/base/forte-drop/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- namespace.yaml - forte-drop.yaml - keycloak-client-forte-drop.yaml - forte-drop-pdb.yaml diff --git a/apps/base/forte-drop/namespace.yaml b/apps/base/forte-drop/namespace.yaml new file mode 100644 index 0000000..dd91428 --- /dev/null +++ b/apps/base/forte-drop/namespace.yaml @@ -0,0 +1,17 @@ +# Owns the forte-drop namespace shared by the web + mcp deployments and the +# postgres StatefulSet (infra overlay). sync-wave -1 ensures the namespace exists +# before the namespaced Secrets/PDB in this base apply (avoids a first-sync +# "namespaces forte-drop not found" race when the business-apps parent syncs). +# Prune=false so removing this base never cascade-deletes the namespace (and with +# it postgres data + the mcp deployment) — matches the earlier decision to keep +# namespace ownership decoupled from any single workload. +apiVersion: v1 +kind: Namespace +metadata: + name: forte-drop + annotations: + argocd.argoproj.io/sync-wave: "-1" + argocd.argoproj.io/sync-options: Prune=false + labels: + app.kubernetes.io/managed-by: argocd + app.kubernetes.io/part-of: apps