docs

docs/OPERATIONS-RUNBOOK.md

@@ -85,7 +85,8 @@ kubectl get applications -n argocd
 
 1. **Configure DNS** for ingress domains:
    - `argocd.127.0.0.1.nip.io` (local dev)
-   - `*.forteapps.net` (production)
+   - `*.forteapps.net` (dev)
+   - `*.fortedigital.com` (production)
 
 2. **Verify Let's Encrypt certificates**:
    ```bash
@@ -107,7 +108,7 @@ kubectl get applications -n argocd
 
 ### ArgoCD Repository Access Setup
 
-ArgoCD needs SSH access to private Git repositories to pull manifests and Helm values. This section covers setting up deploy keys for GitHub repositories.
+ArgoCD needs SSH access to private Git repositories to pull manifests and Helm values. This section covers setting up deploy keys for Gitea repositories.
 
 #### Why Deploy Keys?
 
@@ -119,7 +120,7 @@ ArgoCD needs SSH access to private Git repositories to pull manifests and Helm v
 #### Prerequisites
 
 - kubectl access to the cluster
-- Write access to the GitHub repository
+- Write access to the Gitea repository
 - ArgoCD installed and running
 
 #### Setup Procedure
@@ -138,16 +139,16 @@ ssh-keygen -t rsa -b 4096 -C "argocd-deploy-key-launchpad" -f argocd-deploy-key
 
 This creates two files:
 - `argocd-deploy-key` - Private key (keep secret)
-- `argocd-deploy-key.pub` - Public key (add to GitHub)
+- `argocd-deploy-key.pub` - Public key (add to Gitea)
 
-**Step 2: Add Public Key to GitHub**
+**Step 2: Add Public Key to Gitea**
 
 1. Copy the public key:
    ```bash
    cat argocd-deploy-key.pub
    ```
 
-2. Go to GitHub repository settings:
+2. Go to Gitea repository settings:
    - Navigate to: `https://git.forteapps.net/Forte/launchpad/settings/keys`
    - Or: Repository → Settings → Deploy keys
 
@@ -157,12 +158,12 @@ This creates two files:
    - ☐ Allow write access (leave unchecked - read-only is sufficient)
    - Click **"Add key"**
 
-4. Repeat for the `helm-values` repository if it's private:
+4. Repeat for the `helm-prod-values` repository if it's private:
    ```bash
-   # Generate separate key for helm-values repo
-   ssh-keygen -t ed25519 -C "argocd-deploy-key-helm-values" -f argocd-helm-values-key -N ""
+   # Generate separate key for helm-prod-values repo
+   ssh-keygen -t ed25519 -C "argocd-deploy-key-helm-prod-values" -f argocd-helm-prod-values-key -N ""
 
-   # Add to: https://github.com/fortedigital/helm-values/settings/keys
+   # Add to: https://git.forteapps.net/Forte/helm-prod-values/settings/keys
    ```
 
 **Step 3: Create Kubernetes Secret**
@@ -270,7 +271,7 @@ rm /tmp/test-repo-access.yaml
    # Generate new key
    ssh-keygen -t ed25519 -C "argocd-deploy-key-$(date +%Y%m)" -f argocd-new-key -N ""
 
-   # Add new public key to GitHub (keep old key for now)
+   # Add new public key to Gitea (keep old key for now)
 
    # Update Kubernetes secret
    kubectl create secret generic repo-launchpad \
@@ -278,7 +279,7 @@ rm /tmp/test-repo-access.yaml
      --namespace=argocd \
      --dry-run=client -o yaml | kubectl apply -f -
 
-   # Test access, then remove old deploy key from GitHub
+   # Test access, then remove old deploy key from Gitea
 
    # Clean up
    shred -u argocd-new-key
@@ -289,7 +290,7 @@ rm /tmp/test-repo-access.yaml
    # List all repository secrets
    kubectl get secrets -n argocd -l argocd.argoproj.io/secret-type=repository
 
-   # Review deploy keys in GitHub
+   # Review deploy keys in Gitea
    # Visit: https://git.forteapps.net/Forte/launchpad/settings/keys
    ```
 
@@ -312,16 +313,16 @@ kubectl get secret repo-launchpad -n argocd -o yaml | grep argocd.argoproj.io/se
 # Check ArgoCD application controller logs
 kubectl logs -n argocd deployment/argocd-application-controller | grep -i "permission denied"
 
-# Verify deploy key is added to GitHub
+# Verify deploy key is added to Gitea
 # Visit: https://git.forteapps.net/Forte/launchpad/settings/keys
 ```
 
 **Issue: "Host key verification failed"**
 
 ```bash
-# Add GitHub to known_hosts
+# Add Gitea to known_hosts
 kubectl exec -n argocd deployment/argocd-repo-server -- \
-  ssh-keyscan github.com >> ~/.ssh/known_hosts
+  ssh-keyscan git.forteapps.net >> ~/.ssh/known_hosts
 
 # Or disable strict host key checking (less secure)
 kubectl patch secret repo-launchpad -n argocd \
@@ -346,16 +347,16 @@ kubectl rollout restart deployment argocd-application-controller -n argocd
 
 #### Multiple Repository Setup
 
-For the three-repository pattern (launchpad, forte-helm, helm-values):
+For the three-repository pattern (launchpad, forte-helm, helm-prod-values):
 
 ```bash
 # 1. launchpad (main config repo)
 ssh-keygen -t ed25519 -C "argocd-launchpad" -f key-sturdy -N ""
 # Add key-sturdy.pub to: https://git.forteapps.net/Forte/launchpad/settings/keys
 
-# 2. helm-values (private values repo)
-ssh-keygen -t ed25519 -C "argocd-helm-values" -f key-helm-values -N ""
-# Add key-helm-values.pub to: https://github.com/fortedigital/helm-values/settings/keys
+# 2. helm-prod-values (private values repo)
+ssh-keygen -t ed25519 -C "argocd-helm-prod-values" -f key-helm-prod-values -N ""
+# Add key-helm-prod-values.pub to: https://git.forteapps.net/Forte/helm-prod-values/settings/keys
 
 # 3. forte-helm (private helm charts repo)
 
@@ -366,14 +367,14 @@ kubectl create secret generic repo-launchpad \
   kubectl label --local -f - argocd.argoproj.io/secret-type=repository --dry-run=client -o yaml | \
   kubectl apply -f -
 
-kubectl create secret generic repo-helm-values \
-  --from-file=sshPrivateKey=key-helm-values \
+kubectl create secret generic repo-helm-prod-values \
+  --from-file=sshPrivateKey=key-helm-prod-values \
   --namespace=argocd --dry-run=client -o yaml | \
   kubectl label --local -f - argocd.argoproj.io/secret-type=repository --dry-run=client -o yaml | \
   kubectl apply -f -
 
 # Clean up keys
-shred -u key-sturdy key-helm-values
+shred -u key-sturdy key-helm-prod-values
 ```
 
 #### Converting HTTPS to SSH
@@ -390,7 +391,7 @@ If you're currently using HTTPS and want to switch to SSH:
 #   repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
 
 # 3. Update and commit
-find . -name "*.yaml" -type f -exec sed -i 's|https://github.com/fortedigital/|git@github.com:fortedigital/|g' {} +
+find . -name "*.yaml" -type f -exec sed -i 's|https://git.forteapps.net/Forte/|git@git.forteapps.net:Forte/|g' {} +
 
 git add .
 git commit -m "Switch from HTTPS to SSH for repository access"
@@ -494,7 +495,7 @@ spec:
 See [Developer Guide](DEVELOPER-GUIDE.md#deploying-your-first-application) for detailed steps.
 
 **Quick checklist:**
-- [ ] Create `helm-values/myapp/values.yaml`
+- [ ] Create `helm-prod-values/myapp/values.yaml`
 - [ ] Create `apps/myapp.yaml` in config repo
 - [ ] Create SealedSecret if needed
 - [ ] Commit and push changes
@@ -559,7 +560,7 @@ kubectl scale deployment myapp -n myapp --replicas=3
 
 #### GitOps Scaling
 
-Update `helm-values/myapp/values.yaml`:
+Update `helm-prod-values/myapp/values.yaml`:
 
 ```yaml
 app:
@@ -573,7 +574,7 @@ Commit and push - ArgoCD will sync.
 Enable Horizontal Pod Autoscaler:
 
 ```yaml
-# In helm-values/myapp/values.yaml
+# In helm-prod-values/myapp/values.yaml
 app:
   hpa:
     enabled: true
@@ -622,7 +623,7 @@ kubectl rollout undo deployment myapp -n myapp
 #### Option 3: Change Image Tag
 
 ```bash
-# Edit helm-values
+# Edit helm-prod-values
 cd ~/dev/k8s/helm-prod-values
 vim myapp/values.yaml
 
@@ -642,7 +643,7 @@ git push
 #### Update Resource Limits
 
 ```yaml
-# In helm-values/myapp/values.yaml
+# In helm-prod-values/myapp/values.yaml
 app:
   resources:
     requests:
@@ -656,7 +657,7 @@ app:
 #### Enable Database
 
 ```yaml
-# In helm-values/myapp/values.yaml
+# In helm-prod-values/myapp/values.yaml
 db:
   enabled: true
   persistence:
@@ -1266,7 +1267,7 @@ spec:
 **What Needs Backup**:
 - ❌ Cluster state (not backed up - recreate via GitOps)
 - ❌ Persistent volumes (currently not critical)
-- ✅ Git repositories (GitHub provides backup)
+- ✅ Git repositories (Gitea provides backup)
 - ⚠️ Secrets (sealed secrets in Git, unseal keys need safekeeping)
 
 ### Cluster Rebuild
@@ -1561,7 +1562,7 @@ git push
 kubectl scale deployment myapp -n myapp --replicas=0
 
 # Update Git
-vim helm-values/myapp/values.yaml
+vim helm-prod-values/myapp/values.yaml
 # Set replicaCount: 0
 git commit -am "Scale down myapp for maintenance"
 git push
@@ -1634,7 +1635,7 @@ echo "Remember to delete: $SECRET_FILE"
 
 - [ ] Application code repository created
 - [ ] Dockerfile created and tested
-- [ ] GitHub Actions workflow configured
+- [ ] Gitea Actions workflow configured
 - [ ] Helm values created in `helm-prod-values/`
 - [ ] ArgoCD application manifest created in `apps/`
 - [ ] Secrets created and sealed