Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity
518 Commits 22 Branches 0 Tags
47d1f1ec39cf318477e3cad0fa5aaaba599d66ae
Commit Graph

30 Commits

Author SHA1 Message Date
Sten
47d1f1ec39 fix(infra): drop bad postgres securityContext + un-own shared namespace
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 6s
Details 
Address Codex review on PR #17:

[P1] Postgres official image's entrypoint requires root to chown a
fresh PVC, then drops to the postgres user via gosu. Forcing
runAsNonRoot+runAsUser=999 blocks the chown and initdb fails on a
fresh volume. Drop the securityContext; matches the existing
vaultwarden-postgresql pattern.

[P2] The forte-drop namespace was declared as a managed resource
in the postgres Application. Since minio lives in the same
namespace from a separate Application, an Argo prune of the pg
app would delete the namespace and cascade-delete minio. Remove
the Namespace resource; rely on syncOptions: CreateNamespace=true
on both apps (already set).
 2026-05-28 16:13:08 +02:00
Sten
69848e42f0 fix(infra): pin minio/mc tags + add postgres securityContext + harden bootstrap script
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 15s
Details 
Address ai-review feedback on PR #17:
- Pin quay.io/minio/minio and mc to specific RELEASE tags (Renovate
  will bump). 'latest' is unpredictable in GitOps.
- Bootstrap script: set -e -> set -euo pipefail.
- Postgres container: runAsNonRoot, uid/gid 999, drop ALL caps,
  no privilege escalation. Matches PSS restricted profile.
 2026-05-28 16:05:48 +02:00
Sten
416615a9e0 feat(infra): add forte-drop sealed secrets
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 5s
Details 
Pg and minio credentials sealed against upc-dev sealed-secrets-controller.
 2026-05-28 15:56:24 +02:00
Sten
3ce93017f9 feat(infra): forte-drop postgres + minio for upc-dev
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 34s
Details 
Two new ArgoCD Applications:
- forte-drop-postgresql: in-cluster Postgres 16 StatefulSet, 5Gi PVC,
  POSTGRES_DB=drops, creds from forte-drop-pg-creds SealedSecret.
- forte-drop-minio: in-cluster MinIO StatefulSet, 20Gi PVC, bootstrap
  Job creates the 'drops' bucket post-sync, creds from
  forte-drop-minio-creds SealedSecret.

Both live in namespace 'forte-drop'. Mirrors the Vaultwarden pattern.

Sealed secrets are added in a follow-up commit by the maintainer:
  kubeseal --fetch-cert > pub.pem
  kubeseal --cert pub.pem --format yaml < private/forte-drop-pg-creds.yaml > \
    infra/overlays/upc-dev/forte-drop-postgresql/resources/forte-drop-pg-creds-sealed.yaml
  kubeseal --cert pub.pem --format yaml < private/forte-drop-minio-creds.yaml > \
    infra/overlays/upc-dev/forte-drop-minio/resources/forte-drop-minio-creds-sealed.yaml
 2026-05-28 14:33:19 +02:00
Danijel Simeunovic
2641d55784 scopes 2026-05-16 21:53:36 +02:00
Danijel Simeunovic
117297effc sso vw 2026-05-16 21:47:59 +02:00
Danijel Simeunovic
fda90f9e01 adminToken enc 2026-05-16 21:34:34 +02:00
Danijel Simeunovic
1124377d97 adminToken 2026-05-16 21:29:14 +02:00
Danijel Simeunovic
a9625f96e6 db secrets 2026-05-16 20:23:58 +02:00
Danijel Simeunovic
cb64edc927 cleanup 2026-05-16 20:18:48 +02:00
Danijel Simeunovic
ac1c242fb9 kust 2026-05-16 20:17:14 +02:00
Danijel Simeunovic
4b29c07fd6 secret 2026-05-16 20:15:37 +02:00
Danijel Simeunovic
52732626e5 ignorediffs 2026-05-16 20:10:19 +02:00
Danijel Simeunovic
a8baa169e9 secrets vw 2026-05-16 20:00:22 +02:00
Danijel Simeunovic
73ef3a6e12 pg fix 2026-05-16 19:49:38 +02:00
Danijel Simeunovic
74f4f86770 vw apps 2026-05-16 19:34:42 +02:00
Danijel Simeunovic
f2c56156bf vw postgres 2026-05-16 18:10:14 +02:00
Danijel Simeunovic
716c552be9 ns 2026-05-16 15:44:04 +02:00
Danijel Simeunovic
f048b47a0f vaultwarden 2026-05-16 15:39:55 +02:00
Danijel Simeunovic
1c6f18b67c homepage 2026-04-28 20:38:59 +02:00
Danijel Simeunovic
6a7de704f2 enterprise-apps 2026-04-27 17:34:43 +02:00
Danijel Simeunovic
be8bbd2c12 aksapps 2026-04-27 17:33:47 +02:00
Danijel Simeunovic
c469ab44b0 ent apps 2026-04-27 17:28:48 +02:00
Danijel Simeunovic
1281e8ef37 databunker 2026-04-27 12:54:18 +02:00
Danijel Simeunovic
b57459cf85 rm secrets2 2026-04-27 12:25:25 +02:00
Danijel Simeunovic
e8dd213685 rm secrets 2026-04-27 12:24:14 +02:00
Danijel Simeunovic
94c8265475 overlays2 2026-04-27 12:01:59 +02:00
Danijel Simeunovic
17d7c4a655 overlays 2026-04-27 11:49:10 +02:00
gitea_admin
8505481291 feature/multi-cloud (#14) 
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Reviewed-on: #14
 2026-04-24 08:48:53 +00:00
Danijel Simeunovic
03a0d7c9ae feature/multicluster
Some checks failed
Deploy Gitea Pages / build-and-deploy (push) Failing after 5s
Details 
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@trumf.no>
Reviewed-on: #4
Reviewed-by: gitea_admin <admin@forteapps.net>
 2026-04-18 18:14:00 +00:00