Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

zipline

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-05-27 21:41:18 +02:00
parent c49d03d7f7
commit cf2c1427fd
8 changed files with 216 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
docs/REFERENCE.md
View File

@@ -849,8 +849,6 @@ spec:
**Chart**: `sealed-secrets/sealed-secrets-controller`
**Namespace**: `kube-system`
**Directory Structure**: `secrets/base/` contains all SealedSecrets with a `kustomization.yaml`. Per-cloud overlays in `secrets/overlays/<cloud>/` reference the base via Kustomize. The ArgoCD `secrets` Application points to the active overlay (e.g., `secrets/overlays/upc-dev`), and `infra/overlays/upc-prod` patches the path to `secrets/overlays/upc-prod`.
To add cloud-specific secrets, create a new SealedSecret in the overlay directory and add it to the overlay's `kustomization.yaml`.
**Public Certificate**:
@@ -1109,6 +1107,41 @@ storage:
- `vaultwarden-oidc-credentials` (registrar-managed) — OIDC client ID + secret
- `vaultwarden-tls` — auto-managed by cert-manager
### MinIO
**Chart**: `minio/minio` from `https://charts.min.io/`
**Version**: 5.4.0
**Namespace**: `minio`
**Purpose**: S3-compatible object storage with web console and static website hosting.
**Configuration**:
```yaml
# infra/overlays/upc-dev/minio/ + infra/values/
mode: standalone
persistence:
size: 50Gi
consoleIngress:
hosts: [minio.forteapps.net]
ingress:
hosts: [s3.forteapps.net]
```
**Ports**: API (9000), Console (9001)
**TLS**: cert-manager auto-provisions Let's Encrypt certificates — `minio-console-tls` for Console, `minio-api-tls` for API.
**SSO**: Native OIDC via Keycloak `forte` realm (client ID: `minio`). Self-service client config Secret (`keycloak-client-minio`) triggers registrar. Policy claim mapper maps user attributes to MinIO policies.
**Endpoints**:
- Console: `https://minio.forteapps.net`
- S3 API: `https://s3.forteapps.net`
**Secrets**:
- `minio-credentials` (SealedSecret) — root user/password
- `minio-oidc-credentials` (registrar-managed) — OIDC client ID + secret
- `minio-console-tls`, `minio-api-tls` — auto-managed by cert-manager
### AI Code Review (ai-review)
**Type**: Gitea Actions workflow (`.gitea/workflows/ai-review.yaml`)
@@ -2003,8 +2036,8 @@ To add support for a new cloud (e.g., `oci-dev` for Oracle Cloud):
- `opencost-values.yaml` — pricing model or cloud billing integration
3. **Kustomize overlay**: `infra/overlays/oci-dev/kustomization.yaml` — patch `valueFiles[1]` for each Application
4. **App-of-apps**: `_app-of-apps-oci-dev.yaml` — points to `infra/overlays/oci-dev`
5. **Secrets overlay**: `secrets/overlays/oci-dev/kustomization.yaml` — references `../../base`, add cloud-specific SealedSecrets if needed
6. **Secrets patch**: Add patch to `infra/overlays/oci-dev/kustomization.yaml` to swap secrets path to `secrets/overlays/oci-dev`
5. **SealedSecrets**: Add cloud-specific SealedSecrets directly in the relevant app overlay directories (e.g., `infra/overlays/oci-dev/<app>/`) and include them in each overlay's `kustomization.yaml`
6. **Sealed Secrets controller**: Include `../../base/sealedsecrets` in `infra/overlays/oci-dev/kustomization.yaml` if the cluster needs the controller
7. **Bootstrap**: `./bootstrap.sh oci-dev`
---