infra/overlays/upc-dev/forte-drop-minio/forte-drop-minio.yaml

@@ -0,0 +1,40 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forte-drop-minio
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/name: forte-drop-minio
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/upc-dev/forte-drop-minio/resources
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: forte-drop
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - Validate=true
+    - ServerSideApply=true
+
+  ignoreDifferences:
+  - group: apps
+    kind: StatefulSet
+    jsonPointers:
+    - /spec/volumeClaimTemplates

infra/overlays/upc-dev/forte-drop-minio/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- forte-drop-minio.yaml

infra/overlays/upc-dev/forte-drop-minio/resources/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- minio.yaml
+- forte-drop-minio-creds-sealed.yaml

infra/overlays/upc-dev/forte-drop-minio/resources/minio.yaml

@@ -0,0 +1,146 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: forte-drop-minio
+  namespace: forte-drop
+  labels:
+    app.kubernetes.io/name: minio
+    app.kubernetes.io/instance: forte-drop
+    app.kubernetes.io/component: object-storage
+spec:
+  type: ClusterIP
+  ports:
+  - name: http-api
+    port: 9000
+    targetPort: http-api
+  - name: http-console
+    port: 9001
+    targetPort: http-console
+  selector:
+    app.kubernetes.io/name: minio
+    app.kubernetes.io/instance: forte-drop
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: forte-drop-minio
+  namespace: forte-drop
+  labels:
+    app.kubernetes.io/name: minio
+    app.kubernetes.io/instance: forte-drop
+    app.kubernetes.io/component: object-storage
+spec:
+  serviceName: forte-drop-minio
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: minio
+      app.kubernetes.io/instance: forte-drop
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: minio
+        app.kubernetes.io/instance: forte-drop
+        app.kubernetes.io/component: object-storage
+    spec:
+      containers:
+      - name: minio
+        image: quay.io/minio/minio:latest
+        args:
+        - server
+        - /data
+        - --console-address
+        - :9001
+        ports:
+        - name: http-api
+          containerPort: 9000
+        - name: http-console
+          containerPort: 9001
+        env:
+        - name: MINIO_ROOT_USER
+          valueFrom:
+            secretKeyRef:
+              name: forte-drop-minio-creds
+              key: root-user
+        - name: MINIO_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: forte-drop-minio-creds
+              key: root-password
+        volumeMounts:
+        - name: data
+          mountPath: /data
+        livenessProbe:
+          httpGet:
+            path: /minio/health/live
+            port: http-api
+          initialDelaySeconds: 30
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /minio/health/ready
+            port: http-api
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 1Gi
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      storageClassName: upcloud-block-storage-maxiops
+      resources:
+        requests:
+          storage: 20Gi
+---
+# Bootstrap job — creates the 'drops' bucket once MinIO is reachable.
+# Idempotent: `mc mb --ignore-existing` skips if bucket already exists.
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: forte-drop-minio-bootstrap
+  namespace: forte-drop
+  labels:
+    app.kubernetes.io/name: minio
+    app.kubernetes.io/instance: forte-drop
+    app.kubernetes.io/component: bootstrap
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+spec:
+  backoffLimit: 5
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: mc
+        image: quay.io/minio/mc:latest
+        env:
+        - name: MINIO_ROOT_USER
+          valueFrom:
+            secretKeyRef:
+              name: forte-drop-minio-creds
+              key: root-user
+        - name: MINIO_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: forte-drop-minio-creds
+              key: root-password
+        command:
+        - sh
+        - -c
+        - |
+          set -e
+          until mc alias set local http://forte-drop-minio:9000 "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" 2>/dev/null; do
+            echo "waiting for minio..."
+            sleep 2
+          done
+          mc mb --ignore-existing local/drops
+          echo "bucket 'drops' ready"

infra/overlays/upc-dev/forte-drop-postgresql/forte-drop-postgresql.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: forte-drop
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forte-drop-postgresql
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/name: forte-drop-postgresql
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/upc-dev/forte-drop-postgresql/resources
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: forte-drop
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - Validate=true
+    - ServerSideApply=true
+
+  ignoreDifferences:
+  - group: apps
+    kind: StatefulSet
+    jsonPointers:
+    - /spec/volumeClaimTemplates

infra/overlays/upc-dev/forte-drop-postgresql/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- forte-drop-postgresql.yaml

infra/overlays/upc-dev/forte-drop-postgresql/resources/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- postgresql.yaml
+- forte-drop-pg-creds-sealed.yaml

infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml

@@ -0,0 +1,99 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: forte-drop-postgresql
+  namespace: forte-drop
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: forte-drop
+    app.kubernetes.io/component: database
+spec:
+  type: ClusterIP
+  ports:
+  - name: tcp-postgresql
+    port: 5432
+    targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: forte-drop
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: forte-drop-postgresql
+  namespace: forte-drop
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: forte-drop
+    app.kubernetes.io/component: database
+spec:
+  serviceName: forte-drop-postgresql
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/instance: forte-drop
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/instance: forte-drop
+        app.kubernetes.io/component: database
+    spec:
+      containers:
+      - name: postgresql
+        image: postgres:16-alpine
+        ports:
+        - name: tcp-postgresql
+          containerPort: 5432
+        env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: forte-drop-pg-creds
+              key: pgusername
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: forte-drop-pg-creds
+              key: pgpassword
+        - name: POSTGRES_DB
+          value: drops
+        - name: PGDATA
+          value: /var/lib/postgresql/data/pgdata
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - pg_isready -U "$POSTGRES_USER" -d drops
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - pg_isready -U "$POSTGRES_USER" -d drops
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      storageClassName: upcloud-block-storage-maxiops
+      resources:
+        requests:
+          storage: 5Gi

infra/overlays/upc-dev/kustomization.yaml

@@ -4,6 +4,8 @@ resources:
 - ../../base
 - vaultwarden-postgresql
 - vaultwarden
+- forte-drop-postgresql
+- forte-drop-minio
 
 # No patches needed — base already has "upc-dev" paths
 # upc-dev is the default/base cluster