multi-cluster

README.md

@@ -83,20 +83,26 @@ This repository contains the complete GitOps configuration for our Kubernetes cl
 ├── bootstrap.sh                # Cluster initialization script
 ├── _app-of-apps.yaml          # Root ArgoCD Application (App-of-Apps pattern)
 │
-├── infra/                     # Infrastructure ArgoCD Applications
+├── infra/                     # Infrastructure ArgoCD Applications (Kustomize multi-cluster)
-│   ├── enterprise-apps.yaml   # Manages all apps in apps/ folder
+│   ├── base/                  # Base ArgoCD Application manifests (EU defaults)
-│   ├── traefik-application.yaml
+│   │   ├── kustomization.yaml
-│   ├── cert-manager-application.yaml
+│   │   ├── traefik-application.yaml
-│   ├── kyverno.yaml
+│   │   ├── keycloak.yaml
-│   ├── prometheus.yaml
+│   │   ├── grafana.yaml
-│   ├── grafana.yaml
+│   │   ├── gitea.yaml
-│   ├── loki.yaml
+│   │   ├── gitea-actions.yaml
-│   ├── tempo.yaml
+│   │   ├── tempo.yaml
-│   ├── fluent-bit.yaml
+│   │   ├── renovate.yaml
-│   ├── trivy.yaml
+│   │   ├── ...                # All other Application manifests
-│   ├── sealedsecrets.yaml
+│   │   └── secrets.yaml
-│   ├── renovate.yaml
+│   ├── overlays/              # Per-cluster overrides
+│   │   ├── upc-dev/           # UpCloud Dev cluster (uses base as-is)
+│   │   └── upc-prod/         # UpCloud Prod cluster (patches value paths)
+│   ├── dashboards/            # Grafana dashboard ConfigMaps
 │   └── values/                # Helm value overrides
+│       ├── base/              # Shared values (all clusters)
+│       ├── upc-dev/           # UpCloud Dev-specific values
+│       └── upc-prod/         # UpCloud Prod-specific values
 │
 ├── apps/                      # Business Applications
 │   ├── mcp10x.yaml
@@ -355,7 +361,7 @@ kubectl patch application myapp -n argocd \
 ## 📖 Key Concepts
 
 ### App-of-Apps Pattern
-`_app-of-apps.yaml` is the root Application that manages all other Applications in `infra/`. Each YAML in `infra/` becomes a child Application managed by ArgoCD.
+`_app-of-apps.yaml` is the root Application that manages all other Applications in `infra/`. Kustomize overlays in `infra/overlays/{upc-dev,upc-prod}/` render the base Applications with per-cluster patches (e.g., swapping value file paths from `upc-dev` to `upc-prod`).
 
 ### Multi-Source Pattern
 Applications reference both:
@@ -454,14 +460,14 @@ Documentation lives in `docs/`. To update:
 ### Current Environment
 - **Provider**: UpCloud Managed Kubernetes
 - **Environment**: Production (internal use only)
-- **Cluster**: Single cluster
+- **Clusters**: Multi-cluster (upc-dev, upc-prod) via Kustomize overlays
 - **Auth**: Disabled for ArgoCD (internal access)
 - **Backup**: None (cluster rebuildable via GitOps)
 
 ### Known Limitations
 - No automated backups (yet)
 - Secret rotation not automated
-- Single cluster (no multi-cluster setup)
+- Multi-cluster limited to upc-dev and upc-prod environments
 - DNS management is manual
 
 **Future improvements**: See [Operations Runbook - Disaster Recovery](docs/OPERATIONS-RUNBOOK.md#disaster-recovery)

_app-of-apps-upc-dev.yaml

@@ -20,7 +20,7 @@ spec:
   source:
     repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD
-    path: infra/overlays/eu
+    path: infra/overlays/upc-dev
   destination:
     server: https://kubernetes.default.svc
     namespace: default

_app-of-apps-upc-prod.yaml

@@ -20,7 +20,7 @@ spec:
   source:
     repoURL: git@github.com:fortedigital/sturdy-adventure.git
     targetRevision: HEAD
-    path: infra/overlays/us
+    path: infra/overlays/upc-prod
   destination:
     server: https://kubernetes.default.svc
     namespace: default

apps/base/dot-ai-stack.yaml

@@ -35,7 +35,7 @@ spec:
       releaseName: dot-ai-stack
       valueFiles:
       - $values/infra/values/base/dot-ai-stack-values.yaml
-      - $values/infra/values/eu/dot-ai-stack-values.yaml
+      - $values/infra/values/upc-dev/dot-ai-stack-values.yaml
 
   - repoURL: git@github.com:fortedigital/sturdy-adventure.git
     targetRevision: HEAD

apps/overlays/eu/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- ../../base
-
-# No patches needed — base already has "eu" paths
-# EU is the default/base cluster

apps/overlays/upc-dev/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base
+
+# No patches needed — base already has "upc-dev" paths
+# upc-dev is the default/base cluster

apps/overlays/upc-prod/kustomization.yaml

@@ -4,11 +4,11 @@ resources:
 - ../../base
 
 patches:
-# dot-ai-stack: swap eu → us
+# dot-ai-stack: swap upc-dev → upc-prod
 - target:
     kind: Application
     name: dot-ai-stack
   patch: |
     - op: replace
       path: /spec/sources/0/helm/valueFiles/1
-      value: $values/infra/values/us/dot-ai-stack-values.yaml
+      value: $values/infra/values/upc-prod/dot-ai-stack-values.yaml

docs/DEVELOPER-GUIDE.md

@@ -1364,7 +1364,7 @@ Existing clients (like Gitea) are defined directly in `forte-realm.json` inside
 
 #### Step 1: Add Client to Realm Config
 
-In `infra/values/keycloak-values.yaml`, add a new entry to the `clients` array in `forte-realm.json`:
+In `infra/values/base/keycloak-values.yaml`, add a new entry to the `clients` array in `forte-realm.json`:
 
 ```json
 {
@@ -1404,7 +1404,7 @@ existingSecret: myapp-oidc-credentials
 
 ```bash
 cd ~/dev/k8s/launchpad
-git add infra/values/keycloak-values.yaml
+git add infra/values/base/keycloak-values.yaml
 git commit -m "Add myapp Keycloak client with auto-sync"
 git push
 ```

docs/GITOPS-ARCHITECTURE.md

@@ -16,7 +16,7 @@ This Kubernetes cluster uses a **GitOps approach** powered by **ArgoCD**, where
 
 ### Key Characteristics
 - **Environment**: Production (internal use only)
-- **Cluster Type**: Single cluster, single environment
+- **Cluster Type**: Multi-cluster (upc-dev, upc-prod) via Kustomize overlays
 - **GitOps Tool**: ArgoCD
 - **Deployment Pattern**: App-of-Apps
 - **Secret Management**: Sealed Secrets (kubeseal)
@@ -62,8 +62,8 @@ This Kubernetes cluster uses a **GitOps approach** powered by **ArgoCD**, where
                                                         │
                                                         ▼
                                            ┌────────────────────────────────┐
-                                           │   Kubernetes Cluster           │
+                                           │   Kubernetes Clusters          │
-                                           │   (UpCloud Managed)            │
+                                           │   (UpCloud: upc-dev, upc-prod) │
                                            │                                │
                                            │  ┌──────────────────────────┐  │
                                            │  │    ArgoCD                │  │
@@ -116,74 +116,68 @@ This Kubernetes cluster uses a **GitOps approach** powered by **ArgoCD**, where
 ```
 launchpad/
 ├── bootstrap.sh                      # Cluster initialization script
-├── _app-of-apps.yaml                 # Root ArgoCD Application (App-of-Apps pattern)
+├── _app-of-apps-upc-dev.yaml        # Root ArgoCD Application (upc-dev cluster)
+├── _app-of-apps-upc-prod.yaml       # Root ArgoCD Application (upc-prod cluster)
 │
-├── infra/                            # Infrastructure ArgoCD Applications
+├── infra/                            # Infrastructure ArgoCD Applications (Kustomize)
-│   ├── enterprise-apps.yaml          # Parent app managing all apps in apps/
+│   ├── base/                         # Base Application manifests (upc-dev defaults)
-│   ├── cluster-resources-application.yaml
+│   │   ├── kustomization.yaml
-│   ├── traefik-application.yaml
+│   │   ├── traefik-application.yaml
-│   ├── cert-manager-application.yaml
+│   │   ├── keycloak.yaml
-│   ├── kyverno.yaml
+│   │   ├── grafana.yaml
-│   ├── kyverno-policies.yaml
+│   │   ├── gitea.yaml
-│   ├── prometheus.yaml
+│   │   ├── gitea-actions.yaml
-│   ├── grafana.yaml
+│   │   ├── tempo.yaml
-│   ├── loki.yaml
+│   │   ├── renovate.yaml
-│   ├── tempo.yaml
+│   │   ├── ...                       # All other Application manifests
-│   ├── fluent-bit.yaml
+│   │   └── secrets.yaml
-│   ├── trivy.yaml
+│   ├── overlays/                     # Per-cluster overrides
-│   ├── sealedsecrets.yaml
+│   │   ├── upc-dev/                  # UpCloud Dev (uses base as-is)
-│   ├── secrets.yaml
+│   │   └── upc-prod/                # UpCloud Prod (patches value paths)
+│   ├── dashboards/                   # Grafana dashboard ConfigMaps
 │   └── values/                       # Helm value overrides for infra
-│       ├── argocd-values.yaml
+│       ├── base/                     # Shared values (all clusters)
-│       ├── prometheus-values.yaml
+│       │   ├── traefik-values.yaml
-│       ├── grafana-values.yaml
+│       │   ├── keycloak-values.yaml
-│       ├── loki-values.yaml
+│       │   ├── grafana-values.yaml
-│       ├── tempo-values.yaml
+│       │   ├── prometheus-values.yaml
-│       └── fluent-bit-values.yaml
+│       │   ├── gitea-values.yaml
+│       │   └── ...
+│       ├── upc-dev/                  # upc-dev cluster-specific values
+│       │   ├── traefik-values.yaml
+│       │   ├── keycloak-values.yaml
+│       │   └── grafana-values.yaml
+│       └── upc-prod/                # upc-prod cluster-specific values
+│           ├── traefik-values.yaml
+│           ├── keycloak-values.yaml
+│           └── grafana-values.yaml
 │
-├── apps/                             # Business Application ArgoCD manifests
+├── apps/                             # Business Application ArgoCD manifests (Kustomize)
-│   ├── mcp10x.yaml                   # MCP 10X application
+│   ├── base/                         # Base app manifests
-│   ├── musicman.yaml                 # Music Man application
+│   │   ├── kustomization.yaml
-│   ├── dot-ai-stack.yaml             # Dot AI Stack
+│   │   ├── dot-ai-stack.yaml
-│   └── argo-mcp.yaml                 # ArgoCD MCP server
+│   │   └── ...
+│   └── overlays/
+│       ├── upc-dev/                  # Uses base as-is
+│       └── upc-prod/                # Patches value paths
 │
 ├── cluster-resources/                # Cluster-wide Kubernetes resources
-│   ├── cert-manager-namespace.yaml
+│   ├── ...
-│   ├── secrets-namespace.yaml
-│   ├── letsencrypt-issuer.yaml       # Let's Encrypt ClusterIssuer
-│   ├── kyverno-config.yaml
-│   ├── argocd-notifications-secret-sealed.yaml
-│   ├── forte10x-repo-credentials-sealed.yaml
-│   ├── mcp10x-repo-credentials-sealed.yaml
 │   └── policies/                     # Kyverno policies
-│       ├── deployment-verifier.yaml
-│       ├── label-checker.yaml
-│       ├── bare-pod-cleaner.yaml
-│       ├── replicaset-cleaner.yaml
-│       ├── default-ns-blocker.yaml
-│       ├── secret-cloner.yaml
-│       └── auth-sidecar-injector.yaml
 │
-├── secrets/                          # Application secrets (sealed)
+├── secrets/                          # Application secrets (sealed, per-cluster)
-│   ├── argocd-mcp-credentials.yaml
+│   └── upc-dev/                      # Secrets for upc-dev cluster
-│   ├── dot-ai-secrets.yaml
-│   ├── mcp10x-credentials-sealed.yaml
-│   └── musicman-credentials.yaml
 │
 ├── private/                          # Local-only files (NOT in Git)
-│   ├── *.yaml                        # Unsealed secrets
-│   └── *.sh                          # Helper scripts
 │
 └── docs/                             # Documentation
-    ├── GITOPS-ARCHITECTURE.md        # This file
-    ├── DEVELOPER-GUIDE.md
-    ├── OPERATIONS-RUNBOOK.md
-    └── REFERENCE.md
 ```
 
 **Key Points**:
-- `_app-of-apps.yaml` is the root Application that ArgoCD monitors
+- `_app-of-apps-upc-dev.yaml` and `_app-of-apps-upc-prod.yaml` are the per-cluster root Applications
-- `infra/enterprise-apps.yaml` auto-discovers all apps in `apps/` folder
+- Kustomize overlays in `infra/overlays/` render base Applications with per-cluster patches
+- Helm values are split: `values/base/` (shared) + `values/upc-dev/` or `values/upc-prod/` (cluster-specific)
+- `apps/` follows the same base/overlays pattern for business applications
 - Changes pushed to this repo trigger automatic syncs in ArgoCD
 - `private/` folder contains local-only files (Git-ignored)
 
@@ -295,7 +289,7 @@ app-repository/
 ### The App-of-Apps Pattern
 
 ```
-_app-of-apps.yaml (Root)
+_app-of-apps-{upc-dev,upc-prod}.yaml (Root, per cluster)
     │
     ├── infrastructure-apps (manages infra/)
     │   ├── cluster-resources-application
@@ -315,10 +309,10 @@ _app-of-apps.yaml (Root)
 ```
 
 **How It Works**:
-1. Bootstrap script installs ArgoCD and applies `_app-of-apps.yaml`
+1. Bootstrap script installs ArgoCD and applies `_app-of-apps-upc-dev.yaml` (or `upc-prod`)
-2. ArgoCD creates the root Application which monitors `infra/` folder
+2. ArgoCD creates the root Application which monitors the appropriate `infra/overlays/` folder
-3. Each YAML in `infra/` becomes a child Application
+3. Kustomize renders base Applications with cluster-specific patches
-4. `enterprise-apps.yaml` monitors `apps/` folder and auto-discovers applications
+4. `enterprise-apps` Application monitors the cluster's `apps/overlays/` folder
 5. ArgoCD continuously syncs (every 60s) and auto-heals drift
 
 ### Sync Waves & Ordering
@@ -363,6 +357,34 @@ spec:
 - Easy to update all apps by changing the chart
 - Environment-specific values isolated in separate repo
 
+### Multi-Cluster Pattern
+
+Kustomize overlays enable deploying the same Applications across clusters with different configurations:
+
+```yaml
+# infra/base/ contains default (upc-dev) Applications
+# Helm values are layered: base + cluster-specific
+valueFiles:
+- $values/infra/values/base/traefik-values.yaml    # Shared config
+- $values/infra/values/upc-dev/traefik-values.yaml  # Cluster-specific
+
+# infra/overlays/upc-prod/kustomization.yaml patches the second valueFile
+patches:
+- target:
+    kind: Application
+    name: traefik
+  patch: |
+    - op: replace
+      path: /spec/sources/0/helm/valueFiles/1
+      value: $values/infra/values/upc-prod/traefik-values.yaml
+```
+
+**Benefits**:
+- Single source of truth for Application definitions
+- Cluster-specific values isolated per overlay
+- Easy to add new clusters by creating a new overlay
+- Base values shared across all clusters reduce duplication
+
 ---
 
 ## CI/CD Pipeline

docs/OPERATIONS-RUNBOOK.md

@@ -207,7 +207,7 @@ kubectl get secrets -n argocd -l argocd.argoproj.io/secret-type=repository
 # Settings → Repositories → Should show "Successful" status
 
 # Test by creating an application
-kubectl apply -f _app-of-apps.yaml
+kubectl apply -f _app-of-apps-upc-dev.yaml   # or _app-of-apps-upc-prod.yaml
 
 # Check application sync status
 kubectl get applications -n argocd
@@ -1352,13 +1352,13 @@ kubectl get deployment argocd-server -n argocd \
   -o jsonpath='{.spec.template.spec.containers[0].image}'
 
 # Update version in values
-vim infra/values/argocd-values.yaml
+vim infra/values/base/argocd-values.yaml
 
 # Or upgrade via Helm directly
 helm upgrade argocd argo-cd \
   --repo https://argoproj.github.io/argo-helm \
   --namespace argocd \
-  --values infra/values/argocd-values.yaml \
+  --values infra/values/base/argocd-values.yaml \
   --version 6.0.0  # New version
 
 # Verify
@@ -1454,8 +1454,8 @@ kubectl top pods --all-namespaces --sort-by=cpu
 Example: Adding Redis
 
 ```bash
-# 1. Create application manifest
+# 1. Create application manifest in base/
-cat > infra/redis-application.yaml <<EOF
+cat > infra/base/redis-application.yaml <<EOF
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -1465,15 +1465,17 @@ metadata:
     argocd.argoproj.io/sync-wave: "1"
 spec:
   project: default
-  source:
+  sources:
-    repoURL: https://charts.bitnami.com/bitnami
+  - repoURL: https://charts.bitnami.com/bitnami
     chart: redis
     targetRevision: 18.0.0
     helm:
-      values: |
+      releaseName: redis
-        auth:
+      valueFiles:
-          enabled: true
+      - \$values/infra/values/base/redis-values.yaml
-          password: changeme
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    ref: values
   destination:
     server: https://kubernetes.default.svc
     namespace: redis
@@ -1485,30 +1487,37 @@ spec:
     - CreateNamespace=true
 EOF
 
-# 2. Commit and push
+# 2. Add to base kustomization
-git add infra/redis-application.yaml
+# Edit infra/base/kustomization.yaml and add: - redis-application.yaml
+
+# 3. Create base values file
+cat > infra/values/base/redis-values.yaml <<EOF
+auth:
+  enabled: true
+EOF
+
+# 4. Commit and push
+git add infra/base/redis-application.yaml infra/values/base/redis-values.yaml infra/base/kustomization.yaml
 git commit -m "Add Redis infrastructure component"
 git push
 
-# 3. ArgoCD will auto-sync within 60 seconds
+# 5. ArgoCD will auto-sync within 60 seconds
 ```
 
-### Multi-Cluster Setup (Future)
+### Multi-Cluster Setup
 
-For multi-cluster deployments:
+The repository supports multiple clusters via Kustomize overlays:
 
-```yaml
+- **upc-dev** (default): `infra/overlays/upc-dev/` — uses base Applications as-is
-# Different destinations per environment
+- **upc-prod**: `infra/overlays/upc-prod/` — patches value file paths from `upc-dev` to `upc-prod`
-# dev-cluster
-destination:
-  server: https://dev.k8s.example.com
-  namespace: myapp
 
-# prod-cluster
+Each cluster has its own:
-destination:
+- Root app-of-apps file: `_app-of-apps-upc-dev.yaml` / `_app-of-apps-upc-prod.yaml`
-  server: https://prod.k8s.example.com
+- Cluster-specific Helm values: `infra/values/upc-dev/` / `infra/values/upc-prod/`
-  namespace: myapp
+- Sealed secrets: `secrets/upc-dev/` (others as needed)
-```
+- Apps overlay: `apps/overlays/upc-dev/` / `apps/overlays/upc-prod/`
+
+To add a new cluster, create a new overlay directory (e.g., `infra/overlays/upc-staging/`) with patches that swap the value file paths.
 
 ### Blue-Green Deployments
 

docs/README.md

@@ -180,7 +180,7 @@ Reference for:
                             │
                             ▼
 ┌──────────────────────────────────────────────────────────────┐
-│               Kubernetes Cluster (UpCloud)                    │
+│          Kubernetes Clusters (UpCloud: upc-dev, upc-prod)     │
 │  ┌──────────────────────────────────────────────────────┐    │
 │  │  Infrastructure: Traefik, Cert-Manager, Kyverno     │    │
 │  ├──────────────────────────────────────────────────────┤    │
@@ -194,7 +194,7 @@ Reference for:
 ### Key Technologies
 
 - **GitOps**: ArgoCD
-- **Kubernetes**: UpCloud Managed Kubernetes
+- **Kubernetes**: UpCloud Managed Kubernetes (multi-cluster: upc-dev, upc-prod)
 - **Ingress**: Traefik v2
 - **Certificates**: Cert-Manager + Let's Encrypt
 - **Policies**: Kyverno

docs/REFERENCE.md

@@ -21,7 +21,7 @@
 |-----------|-------|
 | **Provider** | UpCloud Managed Kubernetes |
 | **Environment** | Production (internal use) |
-| **Cluster Count** | Single cluster |
+| **Cluster Count** | Multi-cluster (upc-dev, upc-prod) |
 | **GitOps Tool** | ArgoCD |
 | **Ingress Controller** | Traefik v2 |
 | **Certificate Management** | Cert-Manager + Let's Encrypt |
@@ -71,7 +71,8 @@ Internet
 ```
 launchpad/
 ├── bootstrap.sh                   # Cluster initialization script
-├── _app-of-apps.yaml              # Root ArgoCD Application
+├── _app-of-apps-upc-dev.yaml     # Root ArgoCD Application (upc-dev)
+├── _app-of-apps-upc-prod.yaml    # Root ArgoCD Application (upc-prod)
 │
 ├── infra/                         # Infrastructure applications
 │   ├── cluster-resources-application.yaml
@@ -156,15 +157,15 @@ ArgoCd() {
   helm upgrade --install argocd argo-cd \
     --repo https://argoproj.github.io/argo-helm \
     --namespace argocd --create-namespace \
-    --values infra/values/argocd-values.yaml \
+    --values infra/values/base/argocd-values.yaml \
     --set notifications.context.clusterName="$CLUSTER_NAME" \
     --timeout 60s --atomic
 
-  kubectl apply -f _app-of-apps.yaml -n argocd
+  kubectl apply -f _app-of-apps-upc-dev.yaml -n argocd   # or _app-of-apps-upc-prod.yaml
 }
 ```
 
-**`_app-of-apps.yaml`**
+**`_app-of-apps-upc-dev.yaml`** / **`_app-of-apps-upc-prod.yaml`**
 ```yaml
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -615,7 +616,7 @@ retry:
 
 **Configuration**:
 ```yaml
-# infra/traefik-application.yaml
+# infra/base/traefik-application.yaml
 replicas: 2
 
 service:
@@ -790,7 +791,7 @@ persistence:
 
 **Configuration**:
 ```yaml
-# infra/gitea.yaml + infra/values/gitea-values.yaml
+# infra/base/gitea.yaml + infra/values/base/gitea-values.yaml
 ingress:
   host: git.forteapps.net
   tls: cert-manager (letsencrypt-prod)
@@ -833,7 +834,7 @@ postgresql:
 
 **Configuration**:
 ```yaml
-# infra/gitea-actions.yaml + infra/values/gitea-actions-values.yaml
+# infra/base/gitea-actions.yaml + infra/values/base/gitea-actions-values.yaml
 replicaCount: 3
 
 runner:
@@ -994,7 +995,7 @@ kubectl get secret keycloak-client-<app> -n keycloak -o jsonpath='{.metadata.ann
 
 **Configuration**:
 ```yaml
-# infra/renovate.yaml + infra/values/renovate-values.yaml
+# infra/base/renovate.yaml + infra/values/base/renovate-values.yaml
 cronjob:
   schedule: "@daily"
   concurrencyPolicy: Forbid

infra/base/enterprise-apps.yaml

@@ -18,7 +18,7 @@ spec:
   source:
     repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD
-    path: apps/overlays/eu
+    path: apps/overlays/upc-dev
   destination:
     server: https://kubernetes.default.svc
     namespace: apps

infra/base/gitea-actions.yaml

@@ -21,7 +21,7 @@ spec:
     helm:
       releaseName: gitea-actions
       valueFiles:
-      - $values/infra/values/gitea-actions-values.yaml
+      - $values/infra/values/base/gitea-actions-values.yaml
 
   - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD

infra/base/gitea.yaml

@@ -21,7 +21,7 @@ spec:
     helm:
       releaseName: gitea
       valueFiles:
-      - $values/infra/values/gitea-values.yaml
+      - $values/infra/values/base/gitea-values.yaml
 
   - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD

infra/base/grafana.yaml

@@ -22,7 +22,7 @@ spec:
       releaseName: grafana
       valueFiles:
       - $values/infra/values/base/grafana-values.yaml
-      - $values/infra/values/eu/grafana-values.yaml
+      - $values/infra/values/upc-dev/grafana-values.yaml
 
   - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD

infra/base/keycloak.yaml

@@ -22,7 +22,7 @@ spec:
       releaseName: keycloak
       valueFiles:
       - $values/infra/values/base/keycloak-values.yaml
-      - $values/infra/values/eu/keycloak-values.yaml
+      - $values/infra/values/upc-dev/keycloak-values.yaml
 
   - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD

infra/base/kustomization.yaml

@@ -15,3 +15,9 @@ resources:
 - cluster-resources-application.yaml
 - kyverno-policies.yaml
 - secrets.yaml
+- gitea.yaml
+- gitea-actions.yaml
+- renovate.yaml
+- tempo.yaml
+- grafana-dashboards.yaml
+- network-policies-application.yaml

infra/base/renovate.yaml

@@ -21,7 +21,7 @@ spec:
     helm:
       releaseName: renovate
       valueFiles:
-      - $values/infra/values/renovate-values.yaml
+      - $values/infra/values/base/renovate-values.yaml
 
   - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD

infra/base/secrets.yaml

@@ -18,7 +18,7 @@ spec:
   project: default
   source:
     repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
-    path: secrets/eu
+    path: secrets/upc-dev
   destination:
     server: https://kubernetes.default.svc
     namespace: secrets

infra/base/tempo.yaml

@@ -21,7 +21,7 @@ spec:
     helm:
       releaseName: tempo
       valueFiles:
-      - $values/infra/values/tempo-values.yaml
+      - $values/infra/values/base/tempo-values.yaml
 
   - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
     targetRevision: HEAD

infra/base/traefik-application.yaml

@@ -29,7 +29,7 @@ spec:
       releaseName: traefik
       valueFiles:
       - $values/infra/values/base/traefik-values.yaml
-      - $values/infra/values/eu/traefik-values.yaml
+      - $values/infra/values/upc-dev/traefik-values.yaml
 
   - repoURL: git@github.com:fortedigital/sturdy-adventure.git
     targetRevision: HEAD

infra/overlays/eu/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- ../../base
-
-# No patches needed — base already has "eu" paths
-# EU is the default/base cluster

infra/overlays/upc-dev/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base
+
+# No patches needed — base already has "upc-dev" paths
+# upc-dev is the default/base cluster

infra/overlays/upc-prod/kustomization.yaml

@@ -4,47 +4,47 @@ resources:
 - ../../base
 
 patches:
-# Traefik: swap eu → us in valueFiles
+# Traefik: swap upc-dev → upc-prod in valueFiles
 - target:
     kind: Application
     name: traefik
   patch: |
     - op: replace
       path: /spec/sources/0/helm/valueFiles/1
-      value: $values/infra/values/us/traefik-values.yaml
+      value: $values/infra/values/upc-prod/traefik-values.yaml
 
-# Keycloak: swap eu → us
+# Keycloak: swap upc-dev → upc-prod
 - target:
     kind: Application
     name: keycloak
   patch: |
     - op: replace
       path: /spec/sources/0/helm/valueFiles/1
-      value: $values/infra/values/us/keycloak-values.yaml
+      value: $values/infra/values/upc-prod/keycloak-values.yaml
 
-# Grafana: swap eu → us
+# Grafana: swap upc-dev → upc-prod
 - target:
     kind: Application
     name: grafana
   patch: |
     - op: replace
       path: /spec/sources/0/helm/valueFiles/1
-      value: $values/infra/values/us/grafana-values.yaml
+      value: $values/infra/values/upc-prod/grafana-values.yaml
 
-# Secrets: change path to us
+# Secrets: change path to upc-prod
 - target:
     kind: Application
     name: secrets
   patch: |
     - op: replace
       path: /spec/source/path
-      value: secrets/us
+      value: secrets/upc-prod
 
-# Enterprise-apps: point to us overlay
+# Enterprise-apps: point to upc-prod overlay
 - target:
     kind: Application
     name: enterprise-apps
   patch: |
     - op: replace
       path: /spec/source/path
-      value: apps/overlays/us
+      value: apps/overlays/upc-prod