b713ec853c
feat(apps): forte-drop web + mcp argocd apps (prod) ( #18 )
...
## Summary
ArgoCD Applications + Keycloak clients + sealed secret for forte-drop **web + mcp** (PROD).
## What changed
- **forte-drop** + **forte-drop-mcp** ArgoCD Applications (two-source: forte-helm chart + helm-prod-values).
- **namespace.yaml** — explicit `forte-drop` Namespace at sync-wave -1, `Prune=false` (avoids first-sync race for namespaced resources; doesn't cascade-delete on base removal).
- **keycloak-client-forte-drop** + **keycloak-client-forte-drop-mcp** — labeled config Secrets; the registrar creates the OIDC clients in the `forte` realm within ~2 min.
- **forte-drop-secrets** SealedSecret — UpCloud S3 creds (existing drops bucket) + PG creds + PASSWORD_GATE_SECRET. Consumed by both deployments + the pg-backup CronJob.
- **forte-drop-web PDB** — minAvailable 1 (selector verified against the live forteapp chart's pod labels).
- Wired into `apps/overlays/upc-dev` (NOT base → stays out of upc-prod).
## Post-merge manual step (one-time)
`auth-oidc` SealedSecret for the web sidecar is still commented out — it needs the `client-secret` the Keycloak registrar writes to `forte-drop-oidc-credentials` after first sync:
```bash
CLIENT_SECRET=$(kubectl -n forte-drop get secret forte-drop-oidc-credentials -o jsonpath='{.data.client-secret}' | base64 -d)
kubectl create secret generic auth-oidc -n forte-drop \
--from-literal=client-secret="$CLIENT_SECRET" \
--from-literal=cookie-secret="$(openssl rand -hex 32)" \
--dry-run=client -o yaml > private/auth-oidc.yaml
kubeseal --format=yaml --controller-name=sealed-secrets-controller --controller-namespace=kube-system \
< private/auth-oidc.yaml > apps/base/forte-drop/auth-oidc-sealed.yaml
# uncomment in kustomization, commit, push
```
## Depends on
- launchpad PR #17 (postgres + namespace via CreateNamespace).
- helm-prod-values forte-drop PR (values).
## Review
- [x] codex: namespace first-sync race → fixed (explicit namespace, sync-wave -1).
- [x] Keycloak registrar unblocked (stale chibisafe/minio config secrets removed; registrar green).
🤖 Generated with Claude Code
Co-authored-by: Sten <sten@Sten-sin-MacBook-Pro.local >
Co-authored-by: Sten <sten@Mac.domain_not_set.invalid>
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
Reviewed-on: #18
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
2026-06-04 18:47:08 +00:00
a997a6b81e
kc cleanup
2026-06-03 17:41:10 +02:00
071f57f1d3
kc cleanup
2026-06-03 17:39:02 +02:00
ecf871f0e4
kc fix
2026-06-03 17:36:29 +02:00
376d81a5ac
keycloak client cleanup
2026-06-03 17:28:08 +02:00
e319295f62
bunker host
2026-05-29 22:06:08 +02:00
a7106bc8f4
new tls wildcard
2026-05-29 21:58:34 +02:00
396c771f59
feat(homepage): list forte_drop in Apps ( #16 )
...
Adds forte_drop as an external service entry in the upc-dev Homepage portal.
- Target host: https://drop.hackathon.forteapps.net (current Coolify deploy).
- One-line addition under `services > Apps` in `infra/values/upc-dev/homepage-values.yaml`.
- Will be retargeted to https://drop.forteapps.net once the K8s migration ships (spec in forte_drop repo: docs/superpowers/specs/2026-05-28-k8s-migration-design.md).
Zero risk — pure metadata, no cluster mutation beyond Homepage refresh.
Co-authored-by: Sten <sten@Mac.domain_not_set.invalid>
Reviewed-on: #16
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
2026-05-28 14:04:05 +00:00
c49d03d7f7
onlySSO
2026-05-16 23:04:11 +02:00
d47dba2ae5
signups
2026-05-16 22:12:04 +02:00
cf9eb47ecf
script fix
2026-05-16 22:08:56 +02:00
f36996da11
script fix
2026-05-16 21:57:44 +02:00
6bf7db21d0
registrar error
2026-05-16 21:55:44 +02:00
117297effc
sso vw
2026-05-16 21:47:59 +02:00
1124377d97
adminToken
2026-05-16 21:29:14 +02:00
c0710b89bb
no signup
2026-05-16 21:15:38 +02:00
d7bda18aea
domain
2026-05-16 21:11:17 +02:00
2796e1b9d3
name
2026-05-16 21:09:04 +02:00
d7a0c26117
icon
2026-05-16 21:08:36 +02:00
693f2f9168
homepage
2026-05-16 21:07:29 +02:00
2509ef062c
domain restriction
2026-05-16 20:58:00 +02:00
957757e557
host
2026-05-16 20:51:44 +02:00
070799da05
bitw
2026-05-16 20:49:25 +02:00
1a2817e537
domain fix
2026-05-16 20:42:17 +02:00
b47b0035f5
smtp auth
2026-05-16 20:38:21 +02:00
d3fac4d43e
smtp port
2026-05-16 20:34:22 +02:00
c37bd3ef04
from
2026-05-16 20:30:32 +02:00
ad661ba3dd
allow signup
2026-05-16 20:27:36 +02:00
cb64edc927
cleanup
2026-05-16 20:18:48 +02:00
8634436dd4
StatefulSet
2026-05-16 20:07:17 +02:00
a8baa169e9
secrets vw
2026-05-16 20:00:22 +02:00
302705d374
icon
2026-05-16 19:45:19 +02:00
f3286ef77e
homepage vw
2026-05-16 19:44:17 +02:00
f2c56156bf
vw postgres
2026-05-16 18:10:14 +02:00
21fb50ba00
vw fixes
2026-05-16 15:55:18 +02:00
b90b630b06
comment
2026-05-16 15:52:10 +02:00
66de9b8a0a
replicas
2026-05-16 15:48:13 +02:00
f048b47a0f
vaultwarden
2026-05-16 15:39:55 +02:00
66f40427ee
mappings
2026-05-15 15:47:25 +02:00
332881cbd0
fix
2026-05-14 23:47:14 +02:00
f363afa087
browser flow override
2026-05-14 23:43:40 +02:00
bc42347cb6
gitea+ACCOUNT_LINKING
2026-05-14 21:30:53 +02:00
80d7bff4bc
groups
2026-05-14 21:18:17 +02:00
3644a3ec87
mappers
2026-05-14 21:14:57 +02:00
bd478478f1
fix attemt
2026-05-14 20:40:44 +02:00
67b1d95509
account linking
2026-05-14 19:39:38 +02:00
fff95d98a5
remove protocol mappers
2026-05-13 23:15:28 +02:00
8b743efa43
KC fix
2026-05-13 23:13:09 +02:00
f19f7c9237
icon
2026-04-29 12:07:04 +02:00
31fb476a78
row
2026-04-29 10:06:02 +02:00
