Sten
cc354867ed
fix(apps): drop dangling namespace.yaml ref after 0a98674
...
namespace.yaml was deleted but kustomization still listed it, so
kustomize build fails and the enterprise-apps app-of-apps cannot
render the overlay (ComparisonError) — forte-drop-secrets and the
other overlay resources stopped syncing. The namespace itself is
owned by the forte-drop Application's CreateNamespace=true.
2026-06-05 00:11:59 +02:00
0a98674a27
not needed
2026-06-05 00:05:56 +02:00
b713ec853c
feat(apps): forte-drop web + mcp argocd apps (prod) ( #18 )
...
## Summary
ArgoCD Applications + Keycloak clients + sealed secret for forte-drop **web + mcp** (PROD).
## What changed
- **forte-drop** + **forte-drop-mcp** ArgoCD Applications (two-source: forte-helm chart + helm-prod-values).
- **namespace.yaml** — explicit `forte-drop` Namespace at sync-wave -1, `Prune=false` (avoids first-sync race for namespaced resources; doesn't cascade-delete on base removal).
- **keycloak-client-forte-drop** + **keycloak-client-forte-drop-mcp** — labeled config Secrets; the registrar creates the OIDC clients in the `forte` realm within ~2 min.
- **forte-drop-secrets** SealedSecret — UpCloud S3 creds (existing drops bucket) + PG creds + PASSWORD_GATE_SECRET. Consumed by both deployments + the pg-backup CronJob.
- **forte-drop-web PDB** — minAvailable 1 (selector verified against the live forteapp chart's pod labels).
- Wired into `apps/overlays/upc-dev` (NOT base → stays out of upc-prod).
## Post-merge manual step (one-time)
`auth-oidc` SealedSecret for the web sidecar is still commented out — it needs the `client-secret` the Keycloak registrar writes to `forte-drop-oidc-credentials` after first sync:
```bash
CLIENT_SECRET=$(kubectl -n forte-drop get secret forte-drop-oidc-credentials -o jsonpath='{.data.client-secret}' | base64 -d)
kubectl create secret generic auth-oidc -n forte-drop \
--from-literal=client-secret="$CLIENT_SECRET" \
--from-literal=cookie-secret="$(openssl rand -hex 32)" \
--dry-run=client -o yaml > private/auth-oidc.yaml
kubeseal --format=yaml --controller-name=sealed-secrets-controller --controller-namespace=kube-system \
< private/auth-oidc.yaml > apps/base/forte-drop/auth-oidc-sealed.yaml
# uncomment in kustomization, commit, push
```
## Depends on
- launchpad PR #17 (postgres + namespace via CreateNamespace).
- helm-prod-values forte-drop PR (values).
## Review
- [x] codex: namespace first-sync race → fixed (explicit namespace, sync-wave -1).
- [x] Keycloak registrar unblocked (stale chibisafe/minio config secrets removed; registrar green).
🤖 Generated with Claude Code
Co-authored-by: Sten <sten@Sten-sin-MacBook-Pro.local >
Co-authored-by: Sten <sten@Mac.domain_not_set.invalid>
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
Reviewed-on: #18
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
2026-06-04 18:47:08 +00:00
dffb9c43f0
dbunk delete
2026-06-03 20:16:37 +02:00
33f0463c1f
upc dev spec
2026-06-03 20:14:21 +02:00
a997a6b81e
kc cleanup
2026-06-03 17:41:10 +02:00
071f57f1d3
kc cleanup
2026-06-03 17:39:02 +02:00
ecf871f0e4
kc fix
2026-06-03 17:36:29 +02:00
376d81a5ac
keycloak client cleanup
2026-06-03 17:28:08 +02:00
428de7af78
tofu config and docs
2026-05-31 20:48:25 +02:00
24c59256c9
tofu+tools
2026-05-31 19:53:26 +02:00
e319295f62
bunker host
2026-05-29 22:06:08 +02:00
a7106bc8f4
new tls wildcard
2026-05-29 21:58:34 +02:00
6d874111da
tenantID
2026-05-29 21:51:27 +02:00
a8cc103e4c
dns01
2026-05-29 21:48:32 +02:00
Ghost
a9dbaf5354
feature/tofu ( #15 )
...
@thomas.solbjor her er "import" av tofu fra ditt repo med justeringer for å tilpasse patterns her. Også minimalisert til å kun opprette cluster, ingen managed services som postgres etc. Ta en titt.
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
Reviewed-on: #15
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
Co-authored-by: Ghost <>
Co-committed-by: Ghost <>
2026-05-29 15:48:28 +00:00
6e175e9e8c
docs
2026-05-29 15:20:51 +02:00
396c771f59
feat(homepage): list forte_drop in Apps ( #16 )
...
Adds forte_drop as an external service entry in the upc-dev Homepage portal.
- Target host: https://drop.hackathon.forteapps.net (current Coolify deploy).
- One-line addition under `services > Apps` in `infra/values/upc-dev/homepage-values.yaml`.
- Will be retargeted to https://drop.forteapps.net once the K8s migration ships (spec in forte_drop repo: docs/superpowers/specs/2026-05-28-k8s-migration-design.md).
Zero risk — pure metadata, no cluster mutation beyond Homepage refresh.
Co-authored-by: Sten <sten@Mac.domain_not_set.invalid>
Reviewed-on: #16
Reviewed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com >
2026-05-28 14:04:05 +00:00
0582cd9917
policy
2026-05-27 23:23:21 +02:00
c49d03d7f7
onlySSO
2026-05-16 23:04:11 +02:00
d47dba2ae5
signups
2026-05-16 22:12:04 +02:00
cf9eb47ecf
script fix
2026-05-16 22:08:56 +02:00
3eca723f05
diffs
2026-05-16 22:05:02 +02:00
f36996da11
script fix
2026-05-16 21:57:44 +02:00
6bf7db21d0
registrar error
2026-05-16 21:55:44 +02:00
2641d55784
scopes
2026-05-16 21:53:36 +02:00
117297effc
sso vw
2026-05-16 21:47:59 +02:00
fda90f9e01
adminToken enc
2026-05-16 21:34:34 +02:00
1124377d97
adminToken
2026-05-16 21:29:14 +02:00
c0710b89bb
no signup
2026-05-16 21:15:38 +02:00
d7bda18aea
domain
2026-05-16 21:11:17 +02:00
2796e1b9d3
name
2026-05-16 21:09:04 +02:00
d7a0c26117
icon
2026-05-16 21:08:36 +02:00
693f2f9168
homepage
2026-05-16 21:07:29 +02:00
2509ef062c
domain restriction
2026-05-16 20:58:00 +02:00
957757e557
host
2026-05-16 20:51:44 +02:00
070799da05
bitw
2026-05-16 20:49:25 +02:00
1a2817e537
domain fix
2026-05-16 20:42:17 +02:00
b47b0035f5
smtp auth
2026-05-16 20:38:21 +02:00
d3fac4d43e
smtp port
2026-05-16 20:34:22 +02:00
c37bd3ef04
from
2026-05-16 20:30:32 +02:00
ad661ba3dd
allow signup
2026-05-16 20:27:36 +02:00
a9625f96e6
db secrets
2026-05-16 20:23:58 +02:00
cb64edc927
cleanup
2026-05-16 20:18:48 +02:00
ac1c242fb9
kust
2026-05-16 20:17:14 +02:00
4b29c07fd6
secret
2026-05-16 20:15:37 +02:00
52732626e5
ignorediffs
2026-05-16 20:10:19 +02:00
8634436dd4
StatefulSet
2026-05-16 20:07:17 +02:00
a8baa169e9
secrets vw
2026-05-16 20:00:22 +02:00
73ef3a6e12
pg fix
2026-05-16 19:49:38 +02:00
