40 Commits

Author	SHA1	Message	Date
Jørgen Stensrud	b713ec853c	feat(apps): forte-drop web + mcp argocd apps (prod) (#18) ... ## Summary ArgoCD Applications + Keycloak clients + sealed secret for forte-drop **web + mcp** (PROD). ## What changed - **forte-drop** + **forte-drop-mcp** ArgoCD Applications (two-source: forte-helm chart + helm-prod-values). - **namespace.yaml** — explicit `forte-drop` Namespace at sync-wave -1, `Prune=false` (avoids first-sync race for namespaced resources; doesn't cascade-delete on base removal). - **keycloak-client-forte-drop** + **keycloak-client-forte-drop-mcp** — labeled config Secrets; the registrar creates the OIDC clients in the `forte` realm within ~2 min. - **forte-drop-secrets** SealedSecret — UpCloud S3 creds (existing drops bucket) + PG creds + PASSWORD_GATE_SECRET. Consumed by both deployments + the pg-backup CronJob. - **forte-drop-web PDB** — minAvailable 1 (selector verified against the live forteapp chart's pod labels). - Wired into `apps/overlays/upc-dev` (NOT base → stays out of upc-prod). ## Post-merge manual step (one-time) `auth-oidc` SealedSecret for the web sidecar is still commented out — it needs the `client-secret` the Keycloak registrar writes to `forte-drop-oidc-credentials` after first sync: ```bash CLIENT_SECRET=$(kubectl -n forte-drop get secret forte-drop-oidc-credentials -o jsonpath='{.data.client-secret}' | base64 -d) kubectl create secret generic auth-oidc -n forte-drop \ --from-literal=client-secret="$CLIENT_SECRET" \ --from-literal=cookie-secret="$(openssl rand -hex 32)" \ --dry-run=client -o yaml > private/auth-oidc.yaml kubeseal --format=yaml --controller-name=sealed-secrets-controller --controller-namespace=kube-system \ < private/auth-oidc.yaml > apps/base/forte-drop/auth-oidc-sealed.yaml # uncomment in kustomization, commit, push ``` ## Depends on - launchpad PR #17 (postgres + namespace via CreateNamespace). - helm-prod-values forte-drop PR (values). ## Review - [x] codex: namespace first-sync race → fixed (explicit namespace, sync-wave -1). - [x] Keycloak registrar unblocked (stale chibisafe/minio config secrets removed; registrar green). 🤖 Generated with Claude Code Co-authored-by: Sten <sten@Sten-sin-MacBook-Pro.local> Co-authored-by: Sten <sten@Mac.domain_not_set.invalid> Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com> Reviewed-on: #18 Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>	2026-06-04 18:47:08 +00:00
Danijel Simeunovic	e319295f62	bunker host	2026-05-29 22:06:08 +02:00
jorgen.stensrud	396c771f59	feat(homepage): list forte_drop in Apps (#16) ... Adds forte_drop as an external service entry in the upc-dev Homepage portal. - Target host: https://drop.hackathon.forteapps.net (current Coolify deploy). - One-line addition under `services > Apps` in `infra/values/upc-dev/homepage-values.yaml`. - Will be retargeted to https://drop.forteapps.net once the K8s migration ships (spec in forte_drop repo: docs/superpowers/specs/2026-05-28-k8s-migration-design.md). Zero risk — pure metadata, no cluster mutation beyond Homepage refresh. Co-authored-by: Sten <sten@Mac.domain_not_set.invalid> Reviewed-on: #16 Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>	2026-05-28 14:04:05 +00:00
Danijel Simeunovic	c49d03d7f7	onlySSO	2026-05-16 23:04:11 +02:00
Danijel Simeunovic	d47dba2ae5	signups	2026-05-16 22:12:04 +02:00
Danijel Simeunovic	117297effc	sso vw	2026-05-16 21:47:59 +02:00
Danijel Simeunovic	1124377d97	adminToken	2026-05-16 21:29:14 +02:00
Danijel Simeunovic	c0710b89bb	no signup	2026-05-16 21:15:38 +02:00
Danijel Simeunovic	d7bda18aea	domain	2026-05-16 21:11:17 +02:00
Danijel Simeunovic	2796e1b9d3	name	2026-05-16 21:09:04 +02:00
Danijel Simeunovic	d7a0c26117	icon	2026-05-16 21:08:36 +02:00
Danijel Simeunovic	693f2f9168	homepage	2026-05-16 21:07:29 +02:00
Danijel Simeunovic	2509ef062c	domain restriction	2026-05-16 20:58:00 +02:00
Danijel Simeunovic	957757e557	host	2026-05-16 20:51:44 +02:00
Danijel Simeunovic	070799da05	bitw	2026-05-16 20:49:25 +02:00
Danijel Simeunovic	1a2817e537	domain fix	2026-05-16 20:42:17 +02:00
Danijel Simeunovic	b47b0035f5	smtp auth	2026-05-16 20:38:21 +02:00
Danijel Simeunovic	d3fac4d43e	smtp port	2026-05-16 20:34:22 +02:00
Danijel Simeunovic	c37bd3ef04	from	2026-05-16 20:30:32 +02:00
Danijel Simeunovic	ad661ba3dd	allow signup	2026-05-16 20:27:36 +02:00
Danijel Simeunovic	cb64edc927	cleanup	2026-05-16 20:18:48 +02:00
Danijel Simeunovic	8634436dd4	StatefulSet	2026-05-16 20:07:17 +02:00
Danijel Simeunovic	a8baa169e9	secrets vw	2026-05-16 20:00:22 +02:00
Danijel Simeunovic	302705d374	icon	2026-05-16 19:45:19 +02:00
Danijel Simeunovic	f3286ef77e	homepage vw	2026-05-16 19:44:17 +02:00
Danijel Simeunovic	f2c56156bf	vw postgres	2026-05-16 18:10:14 +02:00
Danijel Simeunovic	21fb50ba00	vw fixes	2026-05-16 15:55:18 +02:00
Danijel Simeunovic	b90b630b06	comment	2026-05-16 15:52:10 +02:00
Danijel Simeunovic	66de9b8a0a	replicas	2026-05-16 15:48:13 +02:00
Danijel Simeunovic	f048b47a0f	vaultwarden	2026-05-16 15:39:55 +02:00
Danijel Simeunovic	f19f7c9237	icon	2026-04-29 12:07:04 +02:00
Danijel Simeunovic	31fb476a78	row	2026-04-29 10:06:02 +02:00
Danijel Simeunovic	a088425b70	homepage config	2026-04-29 10:04:20 +02:00
Danijel Simeunovic	db6afaf180	vault ... Co-authored-by: Copilot <copilot@github.com>	2026-04-28 22:44:57 +02:00
Danijel Simeunovic	1c6f18b67c	homepage	2026-04-28 20:38:59 +02:00
Danijel Simeunovic	1281e8ef37	databunker	2026-04-27 12:54:18 +02:00
Danijel Simeunovic	45e502d74d	argocd tls	2026-04-25 11:49:17 +02:00
gitea_admin	8505481291	feature/multi-cloud (#14) ... Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com> Reviewed-on: #14	2026-04-24 08:48:53 +00:00
Danijel Simeunovic	73e253a579	traefik	2026-04-19 13:27:59 +02:00
Danijel Simeunovic	03a0d7c9ae	feature/multicluster ... Co-authored-by: Danijel Simeunovic <danijel.simeunovic@trumf.no> Reviewed-on: #4 Reviewed-by: gitea_admin <admin@forteapps.net>	2026-04-18 18:14:00 +00:00