Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity
532 Commits 22 Branches 0 Tags
275ec675dae014447dfe4c74b11fe64bd3c9ef42
Commit Graph

532 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jørgen Stensrud
275ec675da fix(apps): drop dangling namespace.yaml ref (enterprise-apps ComparisonError) (#19) 
0a98674 deleted `namespace.yaml` but `apps/overlays/upc-dev/forte-drop/kustomization.yaml` still lists it → `kustomize build` fails → the **enterprise-apps** app-of-apps has a ComparisonError and the whole overlay stopped syncing. Visible symptom: `secret "forte-drop-secrets" not found` on all forte-drop pods (the SealedSecret no longer applies).

One-line fix: remove the dangling resource entry. The namespace itself is fine — the forte-drop Application has `CreateNamespace=true`.

@danijel.simeunovic — pairs with your cleanup; after this merges the secret re-applies and the pods only need the right image tag (helm-prod-values PR #4: `buildcache` → `v20260604-200105-1316f7a`, buildcache is the buildx cache manifest, not a runnable image).

Co-authored-by: Sten <sten@Sten-sin-MacBook-Pro.local>
Reviewed-on: #19
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
 2026-06-05 08:44:56 +00:00
Danijel Simeunovic
0a98674a27 not needed 2026-06-05 00:05:56 +02:00
Jørgen Stensrud
b713ec853c feat(apps): forte-drop web + mcp argocd apps (prod) (#18) 
## Summary

ArgoCD Applications + Keycloak clients + sealed secret for forte-drop **web + mcp** (PROD).

## What changed

- **forte-drop** + **forte-drop-mcp** ArgoCD Applications (two-source: forte-helm chart + helm-prod-values).
- **namespace.yaml** — explicit `forte-drop` Namespace at sync-wave -1, `Prune=false` (avoids first-sync race for namespaced resources; doesn't cascade-delete on base removal).
- **keycloak-client-forte-drop** + **keycloak-client-forte-drop-mcp** — labeled config Secrets; the registrar creates the OIDC clients in the `forte` realm within ~2 min.
- **forte-drop-secrets** SealedSecret — UpCloud S3 creds (existing drops bucket) + PG creds + PASSWORD_GATE_SECRET. Consumed by both deployments + the pg-backup CronJob.
- **forte-drop-web PDB** — minAvailable 1 (selector verified against the live forteapp chart's pod labels).
- Wired into `apps/overlays/upc-dev` (NOT base → stays out of upc-prod).

## Post-merge manual step (one-time)

`auth-oidc` SealedSecret for the web sidecar is still commented out — it needs the `client-secret` the Keycloak registrar writes to `forte-drop-oidc-credentials` after first sync:

```bash
CLIENT_SECRET=$(kubectl -n forte-drop get secret forte-drop-oidc-credentials -o jsonpath='{.data.client-secret}' | base64 -d)
kubectl create secret generic auth-oidc -n forte-drop \
  --from-literal=client-secret="$CLIENT_SECRET" \
  --from-literal=cookie-secret="$(openssl rand -hex 32)" \
  --dry-run=client -o yaml > private/auth-oidc.yaml
kubeseal --format=yaml --controller-name=sealed-secrets-controller --controller-namespace=kube-system \
  < private/auth-oidc.yaml > apps/base/forte-drop/auth-oidc-sealed.yaml
# uncomment in kustomization, commit, push
```

## Depends on

- launchpad PR #17 (postgres + namespace via CreateNamespace).
- helm-prod-values forte-drop PR (values).

## Review

- [x] codex: namespace first-sync race → fixed (explicit namespace, sync-wave -1).
- [x] Keycloak registrar unblocked (stale chibisafe/minio config secrets removed; registrar green).

🤖 Generated with Claude Code

Co-authored-by: Sten <sten@Sten-sin-MacBook-Pro.local>
Co-authored-by: Sten <sten@Mac.domain_not_set.invalid>
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Reviewed-on: #18
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
 2026-06-04 18:47:08 +00:00
Danijel Simeunovic
dffb9c43f0 dbunk delete 2026-06-03 20:16:37 +02:00
Danijel Simeunovic
33f0463c1f upc dev spec 2026-06-03 20:14:21 +02:00
Danijel Simeunovic
a997a6b81e kc cleanup 2026-06-03 17:41:10 +02:00
Danijel Simeunovic
071f57f1d3 kc cleanup 2026-06-03 17:39:02 +02:00
Danijel Simeunovic
ecf871f0e4 kc fix 2026-06-03 17:36:29 +02:00
Danijel Simeunovic
376d81a5ac keycloak client cleanup 2026-06-03 17:28:08 +02:00
Danijel Simeunovic
428de7af78 tofu config and docs 2026-05-31 20:48:25 +02:00
Danijel Simeunovic
24c59256c9 tofu+tools 2026-05-31 19:53:26 +02:00
Danijel Simeunovic
e319295f62 bunker host 2026-05-29 22:06:08 +02:00
Danijel Simeunovic
a7106bc8f4 new tls wildcard 2026-05-29 21:58:34 +02:00
Danijel Simeunovic
6d874111da tenantID 2026-05-29 21:51:27 +02:00
Danijel Simeunovic
a8cc103e4c dns01 2026-05-29 21:48:32 +02:00
Ghost
a9dbaf5354 feature/tofu (#15) 
@thomas.solbjor her er "import" av tofu fra ditt repo med justeringer for å tilpasse patterns her. Også minimalisert til å kun opprette cluster, ingen managed services som postgres etc. Ta en titt.

Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Reviewed-on: #15
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Co-authored-by: Ghost <>
Co-committed-by: Ghost <>
 2026-05-29 15:48:28 +00:00
Danijel Simeunovic
6e175e9e8c docs 2026-05-29 15:20:51 +02:00
jorgen.stensrud
396c771f59 feat(homepage): list forte_drop in Apps (#16) 
Adds forte_drop as an external service entry in the upc-dev Homepage portal.

- Target host: https://drop.hackathon.forteapps.net (current Coolify deploy).
- One-line addition under `services > Apps` in `infra/values/upc-dev/homepage-values.yaml`.
- Will be retargeted to https://drop.forteapps.net once the K8s migration ships (spec in forte_drop repo: docs/superpowers/specs/2026-05-28-k8s-migration-design.md).

Zero risk — pure metadata, no cluster mutation beyond Homepage refresh.

Co-authored-by: Sten <sten@Mac.domain_not_set.invalid>
Reviewed-on: #16
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
 2026-05-28 14:04:05 +00:00
Danijel Simeunovic
0582cd9917 policy 2026-05-27 23:23:21 +02:00
Danijel Simeunovic
c49d03d7f7 onlySSO 2026-05-16 23:04:11 +02:00
Danijel Simeunovic
d47dba2ae5 signups 2026-05-16 22:12:04 +02:00
Danijel Simeunovic
cf9eb47ecf script fix 2026-05-16 22:08:56 +02:00
Danijel Simeunovic
3eca723f05 diffs 2026-05-16 22:05:02 +02:00
Danijel Simeunovic
f36996da11 script fix 2026-05-16 21:57:44 +02:00
Danijel Simeunovic
6bf7db21d0 registrar error 2026-05-16 21:55:44 +02:00
Danijel Simeunovic
2641d55784 scopes 2026-05-16 21:53:36 +02:00
Danijel Simeunovic
117297effc sso vw 2026-05-16 21:47:59 +02:00
Danijel Simeunovic
fda90f9e01 adminToken enc 2026-05-16 21:34:34 +02:00
Danijel Simeunovic
1124377d97 adminToken 2026-05-16 21:29:14 +02:00
Danijel Simeunovic
c0710b89bb no signup 2026-05-16 21:15:38 +02:00
Danijel Simeunovic
d7bda18aea domain 2026-05-16 21:11:17 +02:00
Danijel Simeunovic
2796e1b9d3 name 2026-05-16 21:09:04 +02:00
Danijel Simeunovic
d7a0c26117 icon 2026-05-16 21:08:36 +02:00
Danijel Simeunovic
693f2f9168 homepage 2026-05-16 21:07:29 +02:00
Danijel Simeunovic
2509ef062c domain restriction 2026-05-16 20:58:00 +02:00
Danijel Simeunovic
957757e557 host 2026-05-16 20:51:44 +02:00
Danijel Simeunovic
070799da05 bitw 2026-05-16 20:49:25 +02:00
Danijel Simeunovic
1a2817e537 domain fix 2026-05-16 20:42:17 +02:00
Danijel Simeunovic
b47b0035f5 smtp auth 2026-05-16 20:38:21 +02:00
Danijel Simeunovic
d3fac4d43e smtp port 2026-05-16 20:34:22 +02:00
Danijel Simeunovic
c37bd3ef04 from 2026-05-16 20:30:32 +02:00
Danijel Simeunovic
ad661ba3dd allow signup 2026-05-16 20:27:36 +02:00
Danijel Simeunovic
a9625f96e6 db secrets 2026-05-16 20:23:58 +02:00
Danijel Simeunovic
cb64edc927 cleanup 2026-05-16 20:18:48 +02:00
Danijel Simeunovic
ac1c242fb9 kust 2026-05-16 20:17:14 +02:00
Danijel Simeunovic
4b29c07fd6 secret 2026-05-16 20:15:37 +02:00
Danijel Simeunovic
52732626e5 ignorediffs 2026-05-16 20:10:19 +02:00
Danijel Simeunovic
8634436dd4 StatefulSet 2026-05-16 20:07:17 +02:00
Danijel Simeunovic
a8baa169e9 secrets vw 2026-05-16 20:00:22 +02:00
Danijel Simeunovic
73ef3a6e12 pg fix 2026-05-16 19:49:38 +02:00