Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity
Files
gitea-pages
launchpad/REFERENCE/index.html
gitea-actions 8812b02458 Deploy docs
2026-04-18 18:39:51 +00:00

4220 lines
266 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Documentation for the GitOps-managed Kubernetes cluster">
<link rel="prev" href="../OPERATIONS-RUNBOOK/">
<link rel="icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
<title>Technical Reference - K8s Launchpad</title>
<link rel="stylesheet" href="../assets/stylesheets/main.484c7ddc.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.ab4e12ef.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#technical-reference" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="K8s Launchpad" class="md-header__button md-logo" aria-label="K8s Launchpad" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
K8s Launchpad
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Technical Reference
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
<input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.forteapps.net/Forte/launchpad" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
</div>
<div class="md-source__repository">
Forte/launchpad
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="K8s Launchpad" class="md-nav__button md-logo" aria-label="K8s Launchpad" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
K8s Launchpad
</label>
<div class="md-nav__source">
<a href="https://git.forteapps.net/Forte/launchpad" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
</div>
<div class="md-source__repository">
Forte/launchpad
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../GITOPS-ARCHITECTURE/" class="md-nav__link">
<span class="md-ellipsis">
GitOps Architecture
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../DEVELOPER-GUIDE/" class="md-nav__link">
<span class="md-ellipsis">
Developer Guide
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../OPERATIONS-RUNBOOK/" class="md-nav__link">
<span class="md-ellipsis">
Operations Runbook
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Technical Reference
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Technical Reference
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#table-of-contents" class="md-nav__link">
<span class="md-ellipsis">
Table of Contents
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#architecture-components" class="md-nav__link">
<span class="md-ellipsis">
Architecture Components
</span>
</a>
<nav class="md-nav" aria-label="Architecture Components">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#cluster-specifications" class="md-nav__link">
<span class="md-ellipsis">
Cluster Specifications
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#network-architecture" class="md-nav__link">
<span class="md-ellipsis">
Network Architecture
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#repository-reference" class="md-nav__link">
<span class="md-ellipsis">
Repository Reference
</span>
</a>
<nav class="md-nav" aria-label="Repository Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#config-repository-launchpad" class="md-nav__link">
<span class="md-ellipsis">
Config Repository: launchpad
</span>
</a>
<nav class="md-nav" aria-label="Config Repository: launchpad">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#directory-structure" class="md-nav__link">
<span class="md-ellipsis">
Directory Structure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#key-files" class="md-nav__link">
<span class="md-ellipsis">
Key Files
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#helm-charts-repository-forte-helm" class="md-nav__link">
<span class="md-ellipsis">
Helm Charts Repository: forte-helm
</span>
</a>
<nav class="md-nav" aria-label="Helm Charts Repository: forte-helm">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#chart-forteapp" class="md-nav__link">
<span class="md-ellipsis">
Chart: forteapp
</span>
</a>
<nav class="md-nav" aria-label="Chart: forteapp">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#templates" class="md-nav__link">
<span class="md-ellipsis">
Templates
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#default-values-schema" class="md-nav__link">
<span class="md-ellipsis">
Default Values Schema
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#helm-values-repository-helm-values" class="md-nav__link">
<span class="md-ellipsis">
Helm Values Repository: helm-values
</span>
</a>
<nav class="md-nav" aria-label="Helm Values Repository: helm-values">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#structure" class="md-nav__link">
<span class="md-ellipsis">
Structure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example-mcp10xvaluesyaml" class="md-nav__link">
<span class="md-ellipsis">
Example: mcp10x/values.yaml
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#helm-chart-reference" class="md-nav__link">
<span class="md-ellipsis">
Helm Chart Reference
</span>
</a>
<nav class="md-nav" aria-label="Helm Chart Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#template-functions" class="md-nav__link">
<span class="md-ellipsis">
Template Functions
</span>
</a>
<nav class="md-nav" aria-label="Template Functions">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#forteappfullname" class="md-nav__link">
<span class="md-ellipsis">
forteapp.fullname
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#forteapplabels" class="md-nav__link">
<span class="md-ellipsis">
forteapp.labels
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#forteappselectorlabels" class="md-nav__link">
<span class="md-ellipsis">
forteapp.selectorLabels
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#deployment-specification" class="md-nav__link">
<span class="md-ellipsis">
Deployment Specification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#ingressroute-specification" class="md-nav__link">
<span class="md-ellipsis">
IngressRoute Specification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#certificate-specification" class="md-nav__link">
<span class="md-ellipsis">
Certificate Specification
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#argocd-configuration" class="md-nav__link">
<span class="md-ellipsis">
ArgoCD Configuration
</span>
</a>
<nav class="md-nav" aria-label="ArgoCD Configuration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#application-manifest-schema" class="md-nav__link">
<span class="md-ellipsis">
Application Manifest Schema
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sync-waves" class="md-nav__link">
<span class="md-ellipsis">
Sync Waves
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sync-options" class="md-nav__link">
<span class="md-ellipsis">
Sync Options
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#retry-policy" class="md-nav__link">
<span class="md-ellipsis">
Retry Policy
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#infrastructure-components" class="md-nav__link">
<span class="md-ellipsis">
Infrastructure Components
</span>
</a>
<nav class="md-nav" aria-label="Infrastructure Components">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#traefik" class="md-nav__link">
<span class="md-ellipsis">
Traefik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#cert-manager" class="md-nav__link">
<span class="md-ellipsis">
Cert-Manager
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kyverno" class="md-nav__link">
<span class="md-ellipsis">
Kyverno
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sealed-secrets" class="md-nav__link">
<span class="md-ellipsis">
Sealed Secrets
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prometheus" class="md-nav__link">
<span class="md-ellipsis">
Prometheus
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#grafana" class="md-nav__link">
<span class="md-ellipsis">
Grafana
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#loki" class="md-nav__link">
<span class="md-ellipsis">
Loki
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tempo" class="md-nav__link">
<span class="md-ellipsis">
Tempo
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#fluent-bit" class="md-nav__link">
<span class="md-ellipsis">
Fluent-Bit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitea" class="md-nav__link">
<span class="md-ellipsis">
Gitea
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitea-actions-runners" class="md-nav__link">
<span class="md-ellipsis">
Gitea Actions Runners
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#keycloak-client-registrar" class="md-nav__link">
<span class="md-ellipsis">
Keycloak Client Registrar
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#renovate" class="md-nav__link">
<span class="md-ellipsis">
Renovate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitea-pages" class="md-nav__link">
<span class="md-ellipsis">
Gitea Pages
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#kyverno-policies" class="md-nav__link">
<span class="md-ellipsis">
Kyverno Policies
</span>
</a>
<nav class="md-nav" aria-label="Kyverno Policies">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#secret-cloner" class="md-nav__link">
<span class="md-ellipsis">
Secret Cloner
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#keycloak-client-config-cloner" class="md-nav__link">
<span class="md-ellipsis">
Keycloak Client Config Cloner
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#default-namespace-blocker" class="md-nav__link">
<span class="md-ellipsis">
Default Namespace Blocker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bare-pod-cleaner" class="md-nav__link">
<span class="md-ellipsis">
Bare Pod Cleaner
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#auth-sidecar-injector" class="md-nav__link">
<span class="md-ellipsis">
Auth Sidecar Injector
</span>
</a>
<nav class="md-nav" aria-label="Auth Sidecar Injector">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#trigger-annotation" class="md-nav__link">
<span class="md-ellipsis">
Trigger Annotation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#authentication-modes" class="md-nav__link">
<span class="md-ellipsis">
Authentication Modes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sidecar-container-specification" class="md-nav__link">
<span class="md-ellipsis">
Sidecar Container Specification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#generated-resources" class="md-nav__link">
<span class="md-ellipsis">
Generated Resources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#excluded-namespaces" class="md-nav__link">
<span class="md-ellipsis">
Excluded Namespaces
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#health-checks" class="md-nav__link">
<span class="md-ellipsis">
Health Checks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#request-flow" class="md-nav__link">
<span class="md-ellipsis">
Request Flow
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configuration-reference" class="md-nav__link">
<span class="md-ellipsis">
Configuration Reference
</span>
</a>
<nav class="md-nav" aria-label="Configuration Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#environment-variables" class="md-nav__link">
<span class="md-ellipsis">
Environment Variables
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#resource-limits" class="md-nav__link">
<span class="md-ellipsis">
Resource Limits
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#storage-classes" class="md-nav__link">
<span class="md-ellipsis">
Storage Classes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#api-endpoints" class="md-nav__link">
<span class="md-ellipsis">
API Endpoints
</span>
</a>
<nav class="md-nav" aria-label="API Endpoints">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#argocd-api" class="md-nav__link">
<span class="md-ellipsis">
ArgoCD API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prometheus-api" class="md-nav__link">
<span class="md-ellipsis">
Prometheus API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tempo-api" class="md-nav__link">
<span class="md-ellipsis">
Tempo API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#loki-api" class="md-nav__link">
<span class="md-ellipsis">
Loki API
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#glossary" class="md-nav__link">
<span class="md-ellipsis">
Glossary
</span>
</a>
<nav class="md-nav" aria-label="Glossary">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#terms" class="md-nav__link">
<span class="md-ellipsis">
Terms
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#annotations-reference" class="md-nav__link">
<span class="md-ellipsis">
Annotations Reference
</span>
</a>
<nav class="md-nav" aria-label="Annotations Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#argocd-annotations" class="md-nav__link">
<span class="md-ellipsis">
ArgoCD Annotations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kyverno-annotations" class="md-nav__link">
<span class="md-ellipsis">
Kyverno Annotations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-annotations" class="md-nav__link">
<span class="md-ellipsis">
Custom Annotations
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#labels-reference" class="md-nav__link">
<span class="md-ellipsis">
Labels Reference
</span>
</a>
<nav class="md-nav" aria-label="Labels Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#standard-labels" class="md-nav__link">
<span class="md-ellipsis">
Standard Labels
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-labels" class="md-nav__link">
<span class="md-ellipsis">
Custom Labels
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#version-matrix" class="md-nav__link">
<span class="md-ellipsis">
Version Matrix
</span>
</a>
<nav class="md-nav" aria-label="Version Matrix">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#component-versions" class="md-nav__link">
<span class="md-ellipsis">
Component Versions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kubernetes-compatibility" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes Compatibility
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#table-of-contents" class="md-nav__link">
<span class="md-ellipsis">
Table of Contents
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#architecture-components" class="md-nav__link">
<span class="md-ellipsis">
Architecture Components
</span>
</a>
<nav class="md-nav" aria-label="Architecture Components">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#cluster-specifications" class="md-nav__link">
<span class="md-ellipsis">
Cluster Specifications
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#network-architecture" class="md-nav__link">
<span class="md-ellipsis">
Network Architecture
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#repository-reference" class="md-nav__link">
<span class="md-ellipsis">
Repository Reference
</span>
</a>
<nav class="md-nav" aria-label="Repository Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#config-repository-launchpad" class="md-nav__link">
<span class="md-ellipsis">
Config Repository: launchpad
</span>
</a>
<nav class="md-nav" aria-label="Config Repository: launchpad">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#directory-structure" class="md-nav__link">
<span class="md-ellipsis">
Directory Structure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#key-files" class="md-nav__link">
<span class="md-ellipsis">
Key Files
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#helm-charts-repository-forte-helm" class="md-nav__link">
<span class="md-ellipsis">
Helm Charts Repository: forte-helm
</span>
</a>
<nav class="md-nav" aria-label="Helm Charts Repository: forte-helm">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#chart-forteapp" class="md-nav__link">
<span class="md-ellipsis">
Chart: forteapp
</span>
</a>
<nav class="md-nav" aria-label="Chart: forteapp">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#templates" class="md-nav__link">
<span class="md-ellipsis">
Templates
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#default-values-schema" class="md-nav__link">
<span class="md-ellipsis">
Default Values Schema
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#helm-values-repository-helm-values" class="md-nav__link">
<span class="md-ellipsis">
Helm Values Repository: helm-values
</span>
</a>
<nav class="md-nav" aria-label="Helm Values Repository: helm-values">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#structure" class="md-nav__link">
<span class="md-ellipsis">
Structure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example-mcp10xvaluesyaml" class="md-nav__link">
<span class="md-ellipsis">
Example: mcp10x/values.yaml
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#helm-chart-reference" class="md-nav__link">
<span class="md-ellipsis">
Helm Chart Reference
</span>
</a>
<nav class="md-nav" aria-label="Helm Chart Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#template-functions" class="md-nav__link">
<span class="md-ellipsis">
Template Functions
</span>
</a>
<nav class="md-nav" aria-label="Template Functions">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#forteappfullname" class="md-nav__link">
<span class="md-ellipsis">
forteapp.fullname
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#forteapplabels" class="md-nav__link">
<span class="md-ellipsis">
forteapp.labels
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#forteappselectorlabels" class="md-nav__link">
<span class="md-ellipsis">
forteapp.selectorLabels
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#deployment-specification" class="md-nav__link">
<span class="md-ellipsis">
Deployment Specification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#ingressroute-specification" class="md-nav__link">
<span class="md-ellipsis">
IngressRoute Specification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#certificate-specification" class="md-nav__link">
<span class="md-ellipsis">
Certificate Specification
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#argocd-configuration" class="md-nav__link">
<span class="md-ellipsis">
ArgoCD Configuration
</span>
</a>
<nav class="md-nav" aria-label="ArgoCD Configuration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#application-manifest-schema" class="md-nav__link">
<span class="md-ellipsis">
Application Manifest Schema
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sync-waves" class="md-nav__link">
<span class="md-ellipsis">
Sync Waves
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sync-options" class="md-nav__link">
<span class="md-ellipsis">
Sync Options
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#retry-policy" class="md-nav__link">
<span class="md-ellipsis">
Retry Policy
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#infrastructure-components" class="md-nav__link">
<span class="md-ellipsis">
Infrastructure Components
</span>
</a>
<nav class="md-nav" aria-label="Infrastructure Components">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#traefik" class="md-nav__link">
<span class="md-ellipsis">
Traefik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#cert-manager" class="md-nav__link">
<span class="md-ellipsis">
Cert-Manager
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kyverno" class="md-nav__link">
<span class="md-ellipsis">
Kyverno
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sealed-secrets" class="md-nav__link">
<span class="md-ellipsis">
Sealed Secrets
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prometheus" class="md-nav__link">
<span class="md-ellipsis">
Prometheus
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#grafana" class="md-nav__link">
<span class="md-ellipsis">
Grafana
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#loki" class="md-nav__link">
<span class="md-ellipsis">
Loki
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tempo" class="md-nav__link">
<span class="md-ellipsis">
Tempo
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#fluent-bit" class="md-nav__link">
<span class="md-ellipsis">
Fluent-Bit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitea" class="md-nav__link">
<span class="md-ellipsis">
Gitea
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitea-actions-runners" class="md-nav__link">
<span class="md-ellipsis">
Gitea Actions Runners
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#keycloak-client-registrar" class="md-nav__link">
<span class="md-ellipsis">
Keycloak Client Registrar
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#renovate" class="md-nav__link">
<span class="md-ellipsis">
Renovate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#gitea-pages" class="md-nav__link">
<span class="md-ellipsis">
Gitea Pages
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#kyverno-policies" class="md-nav__link">
<span class="md-ellipsis">
Kyverno Policies
</span>
</a>
<nav class="md-nav" aria-label="Kyverno Policies">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#secret-cloner" class="md-nav__link">
<span class="md-ellipsis">
Secret Cloner
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#keycloak-client-config-cloner" class="md-nav__link">
<span class="md-ellipsis">
Keycloak Client Config Cloner
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#default-namespace-blocker" class="md-nav__link">
<span class="md-ellipsis">
Default Namespace Blocker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bare-pod-cleaner" class="md-nav__link">
<span class="md-ellipsis">
Bare Pod Cleaner
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#auth-sidecar-injector" class="md-nav__link">
<span class="md-ellipsis">
Auth Sidecar Injector
</span>
</a>
<nav class="md-nav" aria-label="Auth Sidecar Injector">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#trigger-annotation" class="md-nav__link">
<span class="md-ellipsis">
Trigger Annotation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#authentication-modes" class="md-nav__link">
<span class="md-ellipsis">
Authentication Modes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sidecar-container-specification" class="md-nav__link">
<span class="md-ellipsis">
Sidecar Container Specification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#generated-resources" class="md-nav__link">
<span class="md-ellipsis">
Generated Resources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#excluded-namespaces" class="md-nav__link">
<span class="md-ellipsis">
Excluded Namespaces
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#health-checks" class="md-nav__link">
<span class="md-ellipsis">
Health Checks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#request-flow" class="md-nav__link">
<span class="md-ellipsis">
Request Flow
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configuration-reference" class="md-nav__link">
<span class="md-ellipsis">
Configuration Reference
</span>
</a>
<nav class="md-nav" aria-label="Configuration Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#environment-variables" class="md-nav__link">
<span class="md-ellipsis">
Environment Variables
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#resource-limits" class="md-nav__link">
<span class="md-ellipsis">
Resource Limits
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#storage-classes" class="md-nav__link">
<span class="md-ellipsis">
Storage Classes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#api-endpoints" class="md-nav__link">
<span class="md-ellipsis">
API Endpoints
</span>
</a>
<nav class="md-nav" aria-label="API Endpoints">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#argocd-api" class="md-nav__link">
<span class="md-ellipsis">
ArgoCD API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prometheus-api" class="md-nav__link">
<span class="md-ellipsis">
Prometheus API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tempo-api" class="md-nav__link">
<span class="md-ellipsis">
Tempo API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#loki-api" class="md-nav__link">
<span class="md-ellipsis">
Loki API
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#glossary" class="md-nav__link">
<span class="md-ellipsis">
Glossary
</span>
</a>
<nav class="md-nav" aria-label="Glossary">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#terms" class="md-nav__link">
<span class="md-ellipsis">
Terms
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#annotations-reference" class="md-nav__link">
<span class="md-ellipsis">
Annotations Reference
</span>
</a>
<nav class="md-nav" aria-label="Annotations Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#argocd-annotations" class="md-nav__link">
<span class="md-ellipsis">
ArgoCD Annotations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kyverno-annotations" class="md-nav__link">
<span class="md-ellipsis">
Kyverno Annotations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-annotations" class="md-nav__link">
<span class="md-ellipsis">
Custom Annotations
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#labels-reference" class="md-nav__link">
<span class="md-ellipsis">
Labels Reference
</span>
</a>
<nav class="md-nav" aria-label="Labels Reference">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#standard-labels" class="md-nav__link">
<span class="md-ellipsis">
Standard Labels
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-labels" class="md-nav__link">
<span class="md-ellipsis">
Custom Labels
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#version-matrix" class="md-nav__link">
<span class="md-ellipsis">
Version Matrix
</span>
</a>
<nav class="md-nav" aria-label="Version Matrix">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#component-versions" class="md-nav__link">
<span class="md-ellipsis">
Component Versions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kubernetes-compatibility" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes Compatibility
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="technical-reference">Technical Reference<a class="headerlink" href="#technical-reference" title="Permanent link">&para;</a></h1>
<h2 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h2>
<ul>
<li><a href="#architecture-components">Architecture Components</a></li>
<li><a href="#repository-reference">Repository Reference</a></li>
<li><a href="#helm-chart-reference">Helm Chart Reference</a></li>
<li><a href="#argocd-configuration">ArgoCD Configuration</a></li>
<li><a href="#infrastructure-components">Infrastructure Components</a></li>
<li><a href="#kyverno-policies">Kyverno Policies</a></li>
<li><a href="#configuration-reference">Configuration Reference</a></li>
<li><a href="#api-endpoints">API Endpoints</a></li>
<li><a href="#glossary">Glossary</a></li>
</ul>
<hr />
<h2 id="architecture-components">Architecture Components<a class="headerlink" href="#architecture-components" title="Permanent link">&para;</a></h2>
<h3 id="cluster-specifications">Cluster Specifications<a class="headerlink" href="#cluster-specifications" title="Permanent link">&para;</a></h3>
<table>
<thead>
<tr>
<th>Component</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Provider</strong></td>
<td>UpCloud Managed Kubernetes</td>
</tr>
<tr>
<td><strong>Environment</strong></td>
<td>Production (internal use)</td>
</tr>
<tr>
<td><strong>Cluster Count</strong></td>
<td>Multi-cluster (upc-dev, upc-prod)</td>
</tr>
<tr>
<td><strong>GitOps Tool</strong></td>
<td>ArgoCD</td>
</tr>
<tr>
<td><strong>Ingress Controller</strong></td>
<td>Traefik v2</td>
</tr>
<tr>
<td><strong>Certificate Management</strong></td>
<td>Cert-Manager + Let's Encrypt</td>
</tr>
<tr>
<td><strong>Policy Engine</strong></td>
<td>Kyverno</td>
</tr>
<tr>
<td><strong>Secret Management</strong></td>
<td>Sealed Secrets (Bitnami)</td>
</tr>
<tr>
<td><strong>Monitoring</strong></td>
<td>Prometheus + Grafana</td>
</tr>
<tr>
<td><strong>Logging</strong></td>
<td>Loki + Fluent-Bit</td>
</tr>
<tr>
<td><strong>Tracing</strong></td>
<td>Tempo (OTLP)</td>
</tr>
<tr>
<td><strong>Container Scanning</strong></td>
<td>Trivy</td>
</tr>
<tr>
<td><strong>Version Control</strong></td>
<td>Gitea</td>
</tr>
</tbody>
</table>
<h3 id="network-architecture">Network Architecture<a class="headerlink" href="#network-architecture" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a>Internet
<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a>
<a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a>
<a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a>[DNS: *.forteapps.net]
<a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a>
<a id="__codelineno-0-6" name="__codelineno-0-6" href="#__codelineno-0-6"></a>
<a id="__codelineno-0-7" name="__codelineno-0-7" href="#__codelineno-0-7"></a>[UpCloud LoadBalancer]
<a id="__codelineno-0-8" name="__codelineno-0-8" href="#__codelineno-0-8"></a>
<a id="__codelineno-0-9" name="__codelineno-0-9" href="#__codelineno-0-9"></a>
<a id="__codelineno-0-10" name="__codelineno-0-10" href="#__codelineno-0-10"></a>[Traefik Ingress Controller]
<a id="__codelineno-0-11" name="__codelineno-0-11" href="#__codelineno-0-11"></a>
<a id="__codelineno-0-12" name="__codelineno-0-12" href="#__codelineno-0-12"></a> ├──► IngressRoute (TLS termination via Cert-Manager)
<a id="__codelineno-0-13" name="__codelineno-0-13" href="#__codelineno-0-13"></a>
<a id="__codelineno-0-14" name="__codelineno-0-14" href="#__codelineno-0-14"></a> ├──► Service (ClusterIP)
<a id="__codelineno-0-15" name="__codelineno-0-15" href="#__codelineno-0-15"></a> │ │
<a id="__codelineno-0-16" name="__codelineno-0-16" href="#__codelineno-0-16"></a> │ └──► Pod (Application Container)
<a id="__codelineno-0-17" name="__codelineno-0-17" href="#__codelineno-0-17"></a>
<a id="__codelineno-0-18" name="__codelineno-0-18" href="#__codelineno-0-18"></a> └──► Service (Database - ClusterIP)
<a id="__codelineno-0-19" name="__codelineno-0-19" href="#__codelineno-0-19"></a>
<a id="__codelineno-0-20" name="__codelineno-0-20" href="#__codelineno-0-20"></a> └──► StatefulSet (PostgreSQL)
</code></pre></div>
<hr />
<h2 id="repository-reference">Repository Reference<a class="headerlink" href="#repository-reference" title="Permanent link">&para;</a></h2>
<h3 id="config-repository-launchpad">Config Repository: <code>launchpad</code><a class="headerlink" href="#config-repository-launchpad" title="Permanent link">&para;</a></h3>
<p><strong>URL</strong>: <code>https://git.forteapps.net/Forte/launchpad</code></p>
<h4 id="directory-structure">Directory Structure<a class="headerlink" href="#directory-structure" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a>launchpad/
<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a>├── bootstrap.sh # Cluster initialization script
<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a>├── _app-of-apps-upc-dev.yaml # Root ArgoCD Application (upc-dev)
<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a>├── _app-of-apps-upc-prod.yaml # Root ArgoCD Application (upc-prod)
<a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a>
<a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a>├── infra/ # Infrastructure applications
<a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a>│ ├── cluster-resources-application.yaml
<a id="__codelineno-1-8" name="__codelineno-1-8" href="#__codelineno-1-8"></a>│ ├── enterprise-apps.yaml
<a id="__codelineno-1-9" name="__codelineno-1-9" href="#__codelineno-1-9"></a>│ ├── traefik-application.yaml
<a id="__codelineno-1-10" name="__codelineno-1-10" href="#__codelineno-1-10"></a>│ ├── cert-manager-application.yaml
<a id="__codelineno-1-11" name="__codelineno-1-11" href="#__codelineno-1-11"></a>│ ├── kyverno.yaml
<a id="__codelineno-1-12" name="__codelineno-1-12" href="#__codelineno-1-12"></a>│ ├── kyverno-policies.yaml
<a id="__codelineno-1-13" name="__codelineno-1-13" href="#__codelineno-1-13"></a>│ ├── prometheus.yaml
<a id="__codelineno-1-14" name="__codelineno-1-14" href="#__codelineno-1-14"></a>│ ├── grafana.yaml
<a id="__codelineno-1-15" name="__codelineno-1-15" href="#__codelineno-1-15"></a>│ ├── loki.yaml
<a id="__codelineno-1-16" name="__codelineno-1-16" href="#__codelineno-1-16"></a>│ ├── tempo.yaml
<a id="__codelineno-1-17" name="__codelineno-1-17" href="#__codelineno-1-17"></a>│ ├── fluent-bit.yaml
<a id="__codelineno-1-18" name="__codelineno-1-18" href="#__codelineno-1-18"></a>│ ├── trivy.yaml
<a id="__codelineno-1-19" name="__codelineno-1-19" href="#__codelineno-1-19"></a>│ ├── gitea.yaml
<a id="__codelineno-1-20" name="__codelineno-1-20" href="#__codelineno-1-20"></a>│ ├── gitea-actions.yaml
<a id="__codelineno-1-21" name="__codelineno-1-21" href="#__codelineno-1-21"></a>│ ├── sealedsecrets.yaml
<a id="__codelineno-1-22" name="__codelineno-1-22" href="#__codelineno-1-22"></a>│ ├── secrets.yaml
<a id="__codelineno-1-23" name="__codelineno-1-23" href="#__codelineno-1-23"></a>│ ├── renovate.yaml
<a id="__codelineno-1-24" name="__codelineno-1-24" href="#__codelineno-1-24"></a>│ └── values/
<a id="__codelineno-1-25" name="__codelineno-1-25" href="#__codelineno-1-25"></a>│ ├── argocd-values.yaml
<a id="__codelineno-1-26" name="__codelineno-1-26" href="#__codelineno-1-26"></a>│ ├── prometheus-values.yaml
<a id="__codelineno-1-27" name="__codelineno-1-27" href="#__codelineno-1-27"></a>│ ├── grafana-values.yaml
<a id="__codelineno-1-28" name="__codelineno-1-28" href="#__codelineno-1-28"></a>│ ├── loki-values.yaml
<a id="__codelineno-1-29" name="__codelineno-1-29" href="#__codelineno-1-29"></a>│ ├── tempo-values.yaml
<a id="__codelineno-1-30" name="__codelineno-1-30" href="#__codelineno-1-30"></a>│ ├── gitea-values.yaml
<a id="__codelineno-1-31" name="__codelineno-1-31" href="#__codelineno-1-31"></a>│ ├── gitea-actions-values.yaml
<a id="__codelineno-1-32" name="__codelineno-1-32" href="#__codelineno-1-32"></a>│ ├── fluent-bit-values.yaml
<a id="__codelineno-1-33" name="__codelineno-1-33" href="#__codelineno-1-33"></a>│ └── renovate-values.yaml
<a id="__codelineno-1-34" name="__codelineno-1-34" href="#__codelineno-1-34"></a>
<a id="__codelineno-1-35" name="__codelineno-1-35" href="#__codelineno-1-35"></a>├── apps/ # Business applications
<a id="__codelineno-1-36" name="__codelineno-1-36" href="#__codelineno-1-36"></a>│ ├── mcp10x.yaml
<a id="__codelineno-1-37" name="__codelineno-1-37" href="#__codelineno-1-37"></a>│ ├── musicman.yaml
<a id="__codelineno-1-38" name="__codelineno-1-38" href="#__codelineno-1-38"></a>│ ├── dot-ai-stack.yaml
<a id="__codelineno-1-39" name="__codelineno-1-39" href="#__codelineno-1-39"></a>│ └── argo-mcp.yaml
<a id="__codelineno-1-40" name="__codelineno-1-40" href="#__codelineno-1-40"></a>
<a id="__codelineno-1-41" name="__codelineno-1-41" href="#__codelineno-1-41"></a>├── cluster-resources/ # Cluster-level resources
<a id="__codelineno-1-42" name="__codelineno-1-42" href="#__codelineno-1-42"></a>│ ├── cert-manager-namespace.yaml
<a id="__codelineno-1-43" name="__codelineno-1-43" href="#__codelineno-1-43"></a>│ ├── secrets-namespace.yaml
<a id="__codelineno-1-44" name="__codelineno-1-44" href="#__codelineno-1-44"></a>│ ├── letsencrypt-issuer.yaml
<a id="__codelineno-1-45" name="__codelineno-1-45" href="#__codelineno-1-45"></a>│ ├── kyverno-config.yaml
<a id="__codelineno-1-46" name="__codelineno-1-46" href="#__codelineno-1-46"></a>│ ├── argocd-notifications-secret-sealed.yaml
<a id="__codelineno-1-47" name="__codelineno-1-47" href="#__codelineno-1-47"></a>│ ├── forte10x-repo-credentials-sealed.yaml
<a id="__codelineno-1-48" name="__codelineno-1-48" href="#__codelineno-1-48"></a>│ ├── mcp10x-repo-credentials-sealed.yaml
<a id="__codelineno-1-49" name="__codelineno-1-49" href="#__codelineno-1-49"></a>│ └── policies/
<a id="__codelineno-1-50" name="__codelineno-1-50" href="#__codelineno-1-50"></a>│ ├── deployment-verifier.yaml
<a id="__codelineno-1-51" name="__codelineno-1-51" href="#__codelineno-1-51"></a>│ ├── label-checker.yaml
<a id="__codelineno-1-52" name="__codelineno-1-52" href="#__codelineno-1-52"></a>│ ├── bare-pod-cleaner.yaml
<a id="__codelineno-1-53" name="__codelineno-1-53" href="#__codelineno-1-53"></a>│ ├── replicaset-cleaner.yaml
<a id="__codelineno-1-54" name="__codelineno-1-54" href="#__codelineno-1-54"></a>│ ├── default-ns-blocker.yaml
<a id="__codelineno-1-55" name="__codelineno-1-55" href="#__codelineno-1-55"></a>│ ├── secret-cloner.yaml
<a id="__codelineno-1-56" name="__codelineno-1-56" href="#__codelineno-1-56"></a>│ ├── keycloak-client-cloner.yaml
<a id="__codelineno-1-57" name="__codelineno-1-57" href="#__codelineno-1-57"></a>│ └── auth-sidecar-injector.yaml
<a id="__codelineno-1-58" name="__codelineno-1-58" href="#__codelineno-1-58"></a>
<a id="__codelineno-1-59" name="__codelineno-1-59" href="#__codelineno-1-59"></a>├── secrets/ # Application secrets (sealed)
<a id="__codelineno-1-60" name="__codelineno-1-60" href="#__codelineno-1-60"></a>│ ├── argocd-mcp-credentials.yaml
<a id="__codelineno-1-61" name="__codelineno-1-61" href="#__codelineno-1-61"></a>│ ├── dot-ai-secrets.yaml
<a id="__codelineno-1-62" name="__codelineno-1-62" href="#__codelineno-1-62"></a>│ ├── gitea-credentials-sealed.yaml
<a id="__codelineno-1-63" name="__codelineno-1-63" href="#__codelineno-1-63"></a>│ ├── gitea-runner-token-sealed.yaml
<a id="__codelineno-1-64" name="__codelineno-1-64" href="#__codelineno-1-64"></a>│ ├── mcp10x-credentials-sealed.yaml
<a id="__codelineno-1-65" name="__codelineno-1-65" href="#__codelineno-1-65"></a>│ └── musicman-credentials.yaml
<a id="__codelineno-1-66" name="__codelineno-1-66" href="#__codelineno-1-66"></a>
<a id="__codelineno-1-67" name="__codelineno-1-67" href="#__codelineno-1-67"></a>├── private/ # Local-only (Git-ignored)
<a id="__codelineno-1-68" name="__codelineno-1-68" href="#__codelineno-1-68"></a>│ ├── *.yaml
<a id="__codelineno-1-69" name="__codelineno-1-69" href="#__codelineno-1-69"></a>│ └── *.sh
<a id="__codelineno-1-70" name="__codelineno-1-70" href="#__codelineno-1-70"></a>
<a id="__codelineno-1-71" name="__codelineno-1-71" href="#__codelineno-1-71"></a>└── docs/ # Documentation
<a id="__codelineno-1-72" name="__codelineno-1-72" href="#__codelineno-1-72"></a> ├── GITOPS-ARCHITECTURE.md
<a id="__codelineno-1-73" name="__codelineno-1-73" href="#__codelineno-1-73"></a> ├── DEVELOPER-GUIDE.md
<a id="__codelineno-1-74" name="__codelineno-1-74" href="#__codelineno-1-74"></a> ├── OPERATIONS-RUNBOOK.md
<a id="__codelineno-1-75" name="__codelineno-1-75" href="#__codelineno-1-75"></a> └── REFERENCE.md
</code></pre></div>
<h4 id="key-files">Key Files<a class="headerlink" href="#key-files" title="Permanent link">&para;</a></h4>
<p><strong><code>bootstrap.sh</code></strong>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="ch">#!/bin/zsh</span>
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="c1"># Initializes cluster with ArgoCD</span>
<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a>
<a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a>ArgoCd<span class="o">()</span><span class="w"> </span><span class="o">{</span>
<a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a><span class="w"> </span>helm<span class="w"> </span>upgrade<span class="w"> </span>--install<span class="w"> </span>argocd<span class="w"> </span>argo-cd<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a><span class="w"> </span>--repo<span class="w"> </span>https://argoproj.github.io/argo-helm<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-2-7" name="__codelineno-2-7" href="#__codelineno-2-7"></a><span class="w"> </span>--namespace<span class="w"> </span>argocd<span class="w"> </span>--create-namespace<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-2-8" name="__codelineno-2-8" href="#__codelineno-2-8"></a><span class="w"> </span>--values<span class="w"> </span>infra/values/base/argocd-values.yaml<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-2-9" name="__codelineno-2-9" href="#__codelineno-2-9"></a><span class="w"> </span>--set<span class="w"> </span>notifications.context.clusterName<span class="o">=</span><span class="s2">&quot;</span><span class="nv">$CLUSTER_NAME</span><span class="s2">&quot;</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-2-10" name="__codelineno-2-10" href="#__codelineno-2-10"></a><span class="w"> </span>--timeout<span class="w"> </span>60s<span class="w"> </span>--atomic
<a id="__codelineno-2-11" name="__codelineno-2-11" href="#__codelineno-2-11"></a>
<a id="__codelineno-2-12" name="__codelineno-2-12" href="#__codelineno-2-12"></a><span class="w"> </span>kubectl<span class="w"> </span>apply<span class="w"> </span>-f<span class="w"> </span>_app-of-apps-upc-dev.yaml<span class="w"> </span>-n<span class="w"> </span>argocd<span class="w"> </span><span class="c1"># or _app-of-apps-upc-prod.yaml</span>
<a id="__codelineno-2-13" name="__codelineno-2-13" href="#__codelineno-2-13"></a><span class="o">}</span>
</code></pre></div></p>
<p><strong><code>_app-of-apps-upc-dev.yaml</code></strong> / <strong><code>_app-of-apps-upc-prod.yaml</code></strong>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">argoproj.io/v1alpha1</span>
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Application</span>
<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">infrastructure-apps</span>
<a id="__codelineno-3-5" name="__codelineno-3-5" href="#__codelineno-3-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">argocd</span>
<a id="__codelineno-3-6" name="__codelineno-3-6" href="#__codelineno-3-6"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-3-7" name="__codelineno-3-7" href="#__codelineno-3-7"></a><span class="w"> </span><span class="nt">project</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span>
<a id="__codelineno-3-8" name="__codelineno-3-8" href="#__codelineno-3-8"></a><span class="w"> </span><span class="nt">source</span><span class="p">:</span>
<a id="__codelineno-3-9" name="__codelineno-3-9" href="#__codelineno-3-9"></a><span class="w"> </span><span class="nt">repoURL</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ssh://git@git.forteapps.net:2222/Forte/launchpad.git</span>
<a id="__codelineno-3-10" name="__codelineno-3-10" href="#__codelineno-3-10"></a><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">infra</span>
<a id="__codelineno-3-11" name="__codelineno-3-11" href="#__codelineno-3-11"></a><span class="w"> </span><span class="nt">destination</span><span class="p">:</span>
<a id="__codelineno-3-12" name="__codelineno-3-12" href="#__codelineno-3-12"></a><span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://kubernetes.default.svc</span>
<a id="__codelineno-3-13" name="__codelineno-3-13" href="#__codelineno-3-13"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span>
<a id="__codelineno-3-14" name="__codelineno-3-14" href="#__codelineno-3-14"></a><span class="w"> </span><span class="nt">syncPolicy</span><span class="p">:</span>
<a id="__codelineno-3-15" name="__codelineno-3-15" href="#__codelineno-3-15"></a><span class="w"> </span><span class="nt">automated</span><span class="p">:</span>
<a id="__codelineno-3-16" name="__codelineno-3-16" href="#__codelineno-3-16"></a><span class="w"> </span><span class="nt">prune</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-3-17" name="__codelineno-3-17" href="#__codelineno-3-17"></a><span class="w"> </span><span class="nt">selfHeal</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</code></pre></div></p>
<hr />
<h3 id="helm-charts-repository-forte-helm">Helm Charts Repository: <code>forte-helm</code><a class="headerlink" href="#helm-charts-repository-forte-helm" title="Permanent link">&para;</a></h3>
<p><strong>URL</strong>: <code>https://github.com/fortedigital/forte-helm</code></p>
<h4 id="chart-forteapp">Chart: <code>forteapp</code><a class="headerlink" href="#chart-forteapp" title="Permanent link">&para;</a></h4>
<p><strong>Version</strong>: 0.1.0
<strong>App Version</strong>: 1.0.0
<strong>Type</strong>: application</p>
<h5 id="templates">Templates<a class="headerlink" href="#templates" title="Permanent link">&para;</a></h5>
<table>
<thead>
<tr>
<th>Template</th>
<th>Purpose</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>_helpers.tpl</code></td>
<td>Template helper functions</td>
</tr>
<tr>
<td><code>namespace.yaml</code></td>
<td>Namespace resource</td>
</tr>
<tr>
<td><code>deployment.yaml</code></td>
<td>Main application Deployment</td>
</tr>
<tr>
<td><code>service.yaml</code></td>
<td>ClusterIP Service</td>
</tr>
<tr>
<td><code>ingressroute.yaml</code></td>
<td>Traefik IngressRoute</td>
</tr>
<tr>
<td><code>certificate.yaml</code></td>
<td>Cert-Manager Certificate</td>
</tr>
<tr>
<td><code>configmap.yaml</code></td>
<td>Application ConfigMap</td>
</tr>
<tr>
<td><code>secret-auth-tokens.yaml</code></td>
<td>Authentication tokens</td>
</tr>
<tr>
<td><code>hpa.yaml</code></td>
<td>Horizontal Pod Autoscaler</td>
</tr>
<tr>
<td><code>database-statefulset.yaml</code></td>
<td>Optional PostgreSQL StatefulSet</td>
</tr>
<tr>
<td><code>database-service.yaml</code></td>
<td>PostgreSQL Service</td>
</tr>
</tbody>
</table>
<h5 id="default-values-schema">Default Values Schema<a class="headerlink" href="#default-values-schema" title="Permanent link">&para;</a></h5>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a><span class="nt">app</span><span class="p">:</span>
<a id="__codelineno-4-2" name="__codelineno-4-2" href="#__codelineno-4-2"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span>
<a id="__codelineno-4-3" name="__codelineno-4-3" href="#__codelineno-4-3"></a><span class="w"> </span><span class="nt">repository</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># Required</span>
<a id="__codelineno-4-4" name="__codelineno-4-4" href="#__codelineno-4-4"></a><span class="w"> </span><span class="nt">tag</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># Required</span>
<a id="__codelineno-4-5" name="__codelineno-4-5" href="#__codelineno-4-5"></a><span class="w"> </span><span class="nt">pullPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">IfNotPresent</span>
<a id="__codelineno-4-6" name="__codelineno-4-6" href="#__codelineno-4-6"></a><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3000</span>
<a id="__codelineno-4-7" name="__codelineno-4-7" href="#__codelineno-4-7"></a>
<a id="__codelineno-4-8" name="__codelineno-4-8" href="#__codelineno-4-8"></a><span class="w"> </span><span class="nt">replicaCount</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1</span>
<a id="__codelineno-4-9" name="__codelineno-4-9" href="#__codelineno-4-9"></a>
<a id="__codelineno-4-10" name="__codelineno-4-10" href="#__codelineno-4-10"></a><span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-4-11" name="__codelineno-4-11" href="#__codelineno-4-11"></a><span class="w"> </span><span class="nt">requests</span><span class="p">:</span>
<a id="__codelineno-4-12" name="__codelineno-4-12" href="#__codelineno-4-12"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">100m</span>
<a id="__codelineno-4-13" name="__codelineno-4-13" href="#__codelineno-4-13"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">128Mi</span>
<a id="__codelineno-4-14" name="__codelineno-4-14" href="#__codelineno-4-14"></a><span class="w"> </span><span class="nt">limits</span><span class="p">:</span>
<a id="__codelineno-4-15" name="__codelineno-4-15" href="#__codelineno-4-15"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">500m</span>
<a id="__codelineno-4-16" name="__codelineno-4-16" href="#__codelineno-4-16"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">512Mi</span>
<a id="__codelineno-4-17" name="__codelineno-4-17" href="#__codelineno-4-17"></a>
<a id="__codelineno-4-18" name="__codelineno-4-18" href="#__codelineno-4-18"></a><span class="w"> </span><span class="nt">hpa</span><span class="p">:</span>
<a id="__codelineno-4-19" name="__codelineno-4-19" href="#__codelineno-4-19"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-4-20" name="__codelineno-4-20" href="#__codelineno-4-20"></a><span class="w"> </span><span class="nt">minReplicas</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<a id="__codelineno-4-21" name="__codelineno-4-21" href="#__codelineno-4-21"></a><span class="w"> </span><span class="nt">maxReplicas</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10</span>
<a id="__codelineno-4-22" name="__codelineno-4-22" href="#__codelineno-4-22"></a><span class="w"> </span><span class="nt">targetCPUUtilizationPercentage</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">70</span>
<a id="__codelineno-4-23" name="__codelineno-4-23" href="#__codelineno-4-23"></a>
<a id="__codelineno-4-24" name="__codelineno-4-24" href="#__codelineno-4-24"></a><span class="w"> </span><span class="nt">extraEnv</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[]</span>
<a id="__codelineno-4-25" name="__codelineno-4-25" href="#__codelineno-4-25"></a><span class="w"> </span><span class="c1"># - name: KEY</span>
<a id="__codelineno-4-26" name="__codelineno-4-26" href="#__codelineno-4-26"></a><span class="w"> </span><span class="c1"># value: &quot;value&quot;</span>
<a id="__codelineno-4-27" name="__codelineno-4-27" href="#__codelineno-4-27"></a>
<a id="__codelineno-4-28" name="__codelineno-4-28" href="#__codelineno-4-28"></a><span class="w"> </span><span class="nt">envSecretName</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># Reference to Secret</span>
<a id="__codelineno-4-29" name="__codelineno-4-29" href="#__codelineno-4-29"></a><span class="w"> </span><span class="nt">nodeEnv</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">production</span>
<a id="__codelineno-4-30" name="__codelineno-4-30" href="#__codelineno-4-30"></a>
<a id="__codelineno-4-31" name="__codelineno-4-31" href="#__codelineno-4-31"></a><span class="nt">db</span><span class="p">:</span>
<a id="__codelineno-4-32" name="__codelineno-4-32" href="#__codelineno-4-32"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-4-33" name="__codelineno-4-33" href="#__codelineno-4-33"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">postgres</span>
<a id="__codelineno-4-34" name="__codelineno-4-34" href="#__codelineno-4-34"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span>
<a id="__codelineno-4-35" name="__codelineno-4-35" href="#__codelineno-4-35"></a><span class="w"> </span><span class="nt">repository</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">postgres</span>
<a id="__codelineno-4-36" name="__codelineno-4-36" href="#__codelineno-4-36"></a><span class="w"> </span><span class="nt">tag</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;16-alpine&quot;</span>
<a id="__codelineno-4-37" name="__codelineno-4-37" href="#__codelineno-4-37"></a>
<a id="__codelineno-4-38" name="__codelineno-4-38" href="#__codelineno-4-38"></a><span class="w"> </span><span class="nt">service</span><span class="p">:</span>
<a id="__codelineno-4-39" name="__codelineno-4-39" href="#__codelineno-4-39"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterIP</span>
<a id="__codelineno-4-40" name="__codelineno-4-40" href="#__codelineno-4-40"></a><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5432</span>
<a id="__codelineno-4-41" name="__codelineno-4-41" href="#__codelineno-4-41"></a><span class="w"> </span><span class="nt">targetPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5432</span>
<a id="__codelineno-4-42" name="__codelineno-4-42" href="#__codelineno-4-42"></a>
<a id="__codelineno-4-43" name="__codelineno-4-43" href="#__codelineno-4-43"></a><span class="w"> </span><span class="nt">persistence</span><span class="p">:</span>
<a id="__codelineno-4-44" name="__codelineno-4-44" href="#__codelineno-4-44"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-4-45" name="__codelineno-4-45" href="#__codelineno-4-45"></a><span class="w"> </span><span class="nt">storageClass</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-4-46" name="__codelineno-4-46" href="#__codelineno-4-46"></a><span class="w"> </span><span class="nt">accessMode</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ReadWriteOnce</span>
<a id="__codelineno-4-47" name="__codelineno-4-47" href="#__codelineno-4-47"></a><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5Gi</span>
<a id="__codelineno-4-48" name="__codelineno-4-48" href="#__codelineno-4-48"></a>
<a id="__codelineno-4-49" name="__codelineno-4-49" href="#__codelineno-4-49"></a><span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-4-50" name="__codelineno-4-50" href="#__codelineno-4-50"></a><span class="w"> </span><span class="nt">requests</span><span class="p">:</span>
<a id="__codelineno-4-51" name="__codelineno-4-51" href="#__codelineno-4-51"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;256Mi&quot;</span>
<a id="__codelineno-4-52" name="__codelineno-4-52" href="#__codelineno-4-52"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;250m&quot;</span>
<a id="__codelineno-4-53" name="__codelineno-4-53" href="#__codelineno-4-53"></a><span class="w"> </span><span class="nt">limits</span><span class="p">:</span>
<a id="__codelineno-4-54" name="__codelineno-4-54" href="#__codelineno-4-54"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1Gi&quot;</span>
<a id="__codelineno-4-55" name="__codelineno-4-55" href="#__codelineno-4-55"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1000m&quot;</span>
<a id="__codelineno-4-56" name="__codelineno-4-56" href="#__codelineno-4-56"></a>
<a id="__codelineno-4-57" name="__codelineno-4-57" href="#__codelineno-4-57"></a><span class="w"> </span><span class="nt">extraEnv</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[]</span>
<a id="__codelineno-4-58" name="__codelineno-4-58" href="#__codelineno-4-58"></a><span class="w"> </span><span class="nt">envSecretName</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-4-59" name="__codelineno-4-59" href="#__codelineno-4-59"></a>
<a id="__codelineno-4-60" name="__codelineno-4-60" href="#__codelineno-4-60"></a><span class="w"> </span><span class="nt">livenessProbe</span><span class="p">:</span>
<a id="__codelineno-4-61" name="__codelineno-4-61" href="#__codelineno-4-61"></a><span class="w"> </span><span class="nt">exec</span><span class="p">:</span>
<a id="__codelineno-4-62" name="__codelineno-4-62" href="#__codelineno-4-62"></a><span class="w"> </span><span class="nt">command</span><span class="p">:</span>
<a id="__codelineno-4-63" name="__codelineno-4-63" href="#__codelineno-4-63"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pg_isready</span>
<a id="__codelineno-4-64" name="__codelineno-4-64" href="#__codelineno-4-64"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">-U</span>
<a id="__codelineno-4-65" name="__codelineno-4-65" href="#__codelineno-4-65"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db_user</span>
<a id="__codelineno-4-66" name="__codelineno-4-66" href="#__codelineno-4-66"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">-d</span>
<a id="__codelineno-4-67" name="__codelineno-4-67" href="#__codelineno-4-67"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db_name</span>
<a id="__codelineno-4-68" name="__codelineno-4-68" href="#__codelineno-4-68"></a><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">30</span>
<a id="__codelineno-4-69" name="__codelineno-4-69" href="#__codelineno-4-69"></a><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10</span>
<a id="__codelineno-4-70" name="__codelineno-4-70" href="#__codelineno-4-70"></a>
<a id="__codelineno-4-71" name="__codelineno-4-71" href="#__codelineno-4-71"></a><span class="w"> </span><span class="nt">readinessProbe</span><span class="p">:</span>
<a id="__codelineno-4-72" name="__codelineno-4-72" href="#__codelineno-4-72"></a><span class="w"> </span><span class="nt">exec</span><span class="p">:</span>
<a id="__codelineno-4-73" name="__codelineno-4-73" href="#__codelineno-4-73"></a><span class="w"> </span><span class="nt">command</span><span class="p">:</span>
<a id="__codelineno-4-74" name="__codelineno-4-74" href="#__codelineno-4-74"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pg_isready</span>
<a id="__codelineno-4-75" name="__codelineno-4-75" href="#__codelineno-4-75"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">-U</span>
<a id="__codelineno-4-76" name="__codelineno-4-76" href="#__codelineno-4-76"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db_user</span>
<a id="__codelineno-4-77" name="__codelineno-4-77" href="#__codelineno-4-77"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">-d</span>
<a id="__codelineno-4-78" name="__codelineno-4-78" href="#__codelineno-4-78"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db_name</span>
<a id="__codelineno-4-79" name="__codelineno-4-79" href="#__codelineno-4-79"></a><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
<a id="__codelineno-4-80" name="__codelineno-4-80" href="#__codelineno-4-80"></a><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
<a id="__codelineno-4-81" name="__codelineno-4-81" href="#__codelineno-4-81"></a>
<a id="__codelineno-4-82" name="__codelineno-4-82" href="#__codelineno-4-82"></a><span class="nt">service</span><span class="p">:</span>
<a id="__codelineno-4-83" name="__codelineno-4-83" href="#__codelineno-4-83"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterIP</span>
<a id="__codelineno-4-84" name="__codelineno-4-84" href="#__codelineno-4-84"></a><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3000</span>
<a id="__codelineno-4-85" name="__codelineno-4-85" href="#__codelineno-4-85"></a>
<a id="__codelineno-4-86" name="__codelineno-4-86" href="#__codelineno-4-86"></a><span class="nt">ingress</span><span class="p">:</span>
<a id="__codelineno-4-87" name="__codelineno-4-87" href="#__codelineno-4-87"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-4-88" name="__codelineno-4-88" href="#__codelineno-4-88"></a><span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-4-89" name="__codelineno-4-89" href="#__codelineno-4-89"></a><span class="w"> </span><span class="nt">entrypoint</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">websecure</span>
<a id="__codelineno-4-90" name="__codelineno-4-90" href="#__codelineno-4-90"></a><span class="w"> </span><span class="nt">tls</span><span class="p">:</span>
<a id="__codelineno-4-91" name="__codelineno-4-91" href="#__codelineno-4-91"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-4-92" name="__codelineno-4-92" href="#__codelineno-4-92"></a><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-4-93" name="__codelineno-4-93" href="#__codelineno-4-93"></a><span class="w"> </span><span class="nt">clusterIssuer</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">letsencrypt-prod</span>
<a id="__codelineno-4-94" name="__codelineno-4-94" href="#__codelineno-4-94"></a>
<a id="__codelineno-4-95" name="__codelineno-4-95" href="#__codelineno-4-95"></a><span class="nt">auth</span><span class="p">:</span>
<a id="__codelineno-4-96" name="__codelineno-4-96" href="#__codelineno-4-96"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"> </span><span class="c1"># Enable authentication sidecar injection</span>
<a id="__codelineno-4-97" name="__codelineno-4-97" href="#__codelineno-4-97"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span><span class="w"> </span><span class="c1"># Authentication mode: &quot;token&quot; or &quot;oidc&quot;</span>
<a id="__codelineno-4-98" name="__codelineno-4-98" href="#__codelineno-4-98"></a>
<a id="__codelineno-4-99" name="__codelineno-4-99" href="#__codelineno-4-99"></a><span class="w"> </span><span class="c1"># Token-based authentication configuration</span>
<a id="__codelineno-4-100" name="__codelineno-4-100" href="#__codelineno-4-100"></a><span class="w"> </span><span class="nt">tokens</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[]</span><span class="w"> </span><span class="c1"># List of valid bearer tokens (hex strings, 32+ bytes recommended)</span>
<a id="__codelineno-4-101" name="__codelineno-4-101" href="#__codelineno-4-101"></a><span class="w"> </span><span class="c1"># - d4f88f6d9292c10cc3e21c4aad56d2be485db532b54fe961d738e1137d247823</span>
<a id="__codelineno-4-102" name="__codelineno-4-102" href="#__codelineno-4-102"></a><span class="w"> </span><span class="c1"># - 8803f621acc3898df1d7a8f514bc3602551a0681a8f747bd4e43c3c5849d57a7</span>
<a id="__codelineno-4-103" name="__codelineno-4-103" href="#__codelineno-4-103"></a>
<a id="__codelineno-4-104" name="__codelineno-4-104" href="#__codelineno-4-104"></a><span class="w"> </span><span class="c1"># OIDC authentication configuration</span>
<a id="__codelineno-4-105" name="__codelineno-4-105" href="#__codelineno-4-105"></a><span class="w"> </span><span class="nt">oidc</span><span class="p">:</span>
<a id="__codelineno-4-106" name="__codelineno-4-106" href="#__codelineno-4-106"></a><span class="w"> </span><span class="nt">authority</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># OIDC provider URL (e.g., https://auth.example.com/realms/master)</span>
<a id="__codelineno-4-107" name="__codelineno-4-107" href="#__codelineno-4-107"></a><span class="w"> </span><span class="nt">clientId</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># OIDC client ID registered with provider</span>
<a id="__codelineno-4-108" name="__codelineno-4-108" href="#__codelineno-4-108"></a><span class="w"> </span><span class="nt">scopes</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;openid,profile,email&quot;</span><span class="w"> </span><span class="c1"># OAuth scopes (comma-separated)</span>
<a id="__codelineno-4-109" name="__codelineno-4-109" href="#__codelineno-4-109"></a><span class="w"> </span><span class="nt">callbackPath</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/auth/callback</span><span class="w"> </span><span class="c1"># OAuth callback path (default: /auth/callback)</span>
<a id="__codelineno-4-110" name="__codelineno-4-110" href="#__codelineno-4-110"></a><span class="w"> </span><span class="c1"># Note: Client secret must be in &#39;auth-oidc&#39; Secret (client-secret key)</span>
<a id="__codelineno-4-111" name="__codelineno-4-111" href="#__codelineno-4-111"></a><span class="w"> </span><span class="c1"># Cookie secret must be in &#39;auth-oidc&#39; Secret (cookie-secret key)</span>
<a id="__codelineno-4-112" name="__codelineno-4-112" href="#__codelineno-4-112"></a>
<a id="__codelineno-4-113" name="__codelineno-4-113" href="#__codelineno-4-113"></a><span class="nt">configmap</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[]</span><span class="w"> </span><span class="c1"># Application ConfigMap key-value pairs</span>
<a id="__codelineno-4-114" name="__codelineno-4-114" href="#__codelineno-4-114"></a><span class="c1"># KEY: value</span>
<a id="__codelineno-4-115" name="__codelineno-4-115" href="#__codelineno-4-115"></a><span class="c1"># DB_HOST: postgres</span>
<a id="__codelineno-4-116" name="__codelineno-4-116" href="#__codelineno-4-116"></a><span class="c1"># DB_PORT: &quot;5432&quot;</span>
</code></pre></div>
<hr />
<h3 id="helm-values-repository-helm-values">Helm Values Repository: <code>helm-values</code><a class="headerlink" href="#helm-values-repository-helm-values" title="Permanent link">&para;</a></h3>
<p><strong>URL</strong>: <code>https://github.com/fortedigital/helm-values.git</code></p>
<h4 id="structure">Structure<a class="headerlink" href="#structure" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a>helm-values/
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a>├── mcp10x/
<a id="__codelineno-5-3" name="__codelineno-5-3" href="#__codelineno-5-3"></a>│ └── values.yaml
<a id="__codelineno-5-4" name="__codelineno-5-4" href="#__codelineno-5-4"></a>├── musicman/
<a id="__codelineno-5-5" name="__codelineno-5-5" href="#__codelineno-5-5"></a>│ └── values.yaml
<a id="__codelineno-5-6" name="__codelineno-5-6" href="#__codelineno-5-6"></a>├── mcpcoder/
<a id="__codelineno-5-7" name="__codelineno-5-7" href="#__codelineno-5-7"></a>│ └── values.yaml
<a id="__codelineno-5-8" name="__codelineno-5-8" href="#__codelineno-5-8"></a>└── argocd-mcp/
<a id="__codelineno-5-9" name="__codelineno-5-9" href="#__codelineno-5-9"></a> └── values.yaml
</code></pre></div>
<h4 id="example-mcp10xvaluesyaml">Example: <code>mcp10x/values.yaml</code><a class="headerlink" href="#example-mcp10xvaluesyaml" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a><span class="nt">app</span><span class="p">:</span>
<a id="__codelineno-6-2" name="__codelineno-6-2" href="#__codelineno-6-2"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span>
<a id="__codelineno-6-3" name="__codelineno-6-3" href="#__codelineno-6-3"></a><span class="w"> </span><span class="nt">repository</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/fortedigital/10x</span>
<a id="__codelineno-6-4" name="__codelineno-6-4" href="#__codelineno-6-4"></a><span class="w"> </span><span class="nt">tag</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2.0.4</span><span class="w"> </span><span class="c1"># Updated by CI/CD</span>
<a id="__codelineno-6-5" name="__codelineno-6-5" href="#__codelineno-6-5"></a>
<a id="__codelineno-6-6" name="__codelineno-6-6" href="#__codelineno-6-6"></a><span class="w"> </span><span class="nt">extraEnv</span><span class="p">:</span>
<a id="__codelineno-6-7" name="__codelineno-6-7" href="#__codelineno-6-7"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PORT</span>
<a id="__codelineno-6-8" name="__codelineno-6-8" href="#__codelineno-6-8"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;3000&quot;</span>
<a id="__codelineno-6-9" name="__codelineno-6-9" href="#__codelineno-6-9"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SKILLS_DIR</span>
<a id="__codelineno-6-10" name="__codelineno-6-10" href="#__codelineno-6-10"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/app/skills&quot;</span>
<a id="__codelineno-6-11" name="__codelineno-6-11" href="#__codelineno-6-11"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">FLOWCASE_ENDPOINT</span>
<a id="__codelineno-6-12" name="__codelineno-6-12" href="#__codelineno-6-12"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://forte.cvpartner.com/api/&quot;</span>
<a id="__codelineno-6-13" name="__codelineno-6-13" href="#__codelineno-6-13"></a>
<a id="__codelineno-6-14" name="__codelineno-6-14" href="#__codelineno-6-14"></a><span class="w"> </span><span class="nt">envSecretName</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;app-credentials&quot;</span>
<a id="__codelineno-6-15" name="__codelineno-6-15" href="#__codelineno-6-15"></a>
<a id="__codelineno-6-16" name="__codelineno-6-16" href="#__codelineno-6-16"></a><span class="nt">auth</span><span class="p">:</span>
<a id="__codelineno-6-17" name="__codelineno-6-17" href="#__codelineno-6-17"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-6-18" name="__codelineno-6-18" href="#__codelineno-6-18"></a><span class="w"> </span><span class="nt">tokens</span><span class="p">:</span>
<a id="__codelineno-6-19" name="__codelineno-6-19" href="#__codelineno-6-19"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">d4f88f6d9292c10cc3e21c4aad56d2be485db532b54fe961d738e1137d247823</span>
<a id="__codelineno-6-20" name="__codelineno-6-20" href="#__codelineno-6-20"></a>
<a id="__codelineno-6-21" name="__codelineno-6-21" href="#__codelineno-6-21"></a><span class="nt">ingress</span><span class="p">:</span>
<a id="__codelineno-6-22" name="__codelineno-6-22" href="#__codelineno-6-22"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-6-23" name="__codelineno-6-23" href="#__codelineno-6-23"></a><span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mcp10x.forteapps.net</span>
</code></pre></div>
<hr />
<h2 id="helm-chart-reference">Helm Chart Reference<a class="headerlink" href="#helm-chart-reference" title="Permanent link">&para;</a></h2>
<h3 id="template-functions">Template Functions<a class="headerlink" href="#template-functions" title="Permanent link">&para;</a></h3>
<h4 id="forteappfullname"><code>forteapp.fullname</code><a class="headerlink" href="#forteappfullname" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-7-1" name="__codelineno-7-1" href="#__codelineno-7-1"></a><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.fullname&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-7-2" name="__codelineno-7-2" href="#__codelineno-7-2"></a><span class="c1"># Output: &lt;release-name&gt;</span>
</code></pre></div>
<h4 id="forteapplabels"><code>forteapp.labels</code><a class="headerlink" href="#forteapplabels" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-8-1" name="__codelineno-8-1" href="#__codelineno-8-1"></a><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.labels&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-8-2" name="__codelineno-8-2" href="#__codelineno-8-2"></a><span class="c1"># Output:</span>
<a id="__codelineno-8-3" name="__codelineno-8-3" href="#__codelineno-8-3"></a><span class="c1"># app.kubernetes.io/name: forteapp</span>
<a id="__codelineno-8-4" name="__codelineno-8-4" href="#__codelineno-8-4"></a><span class="c1"># app.kubernetes.io/instance: &lt;release-name&gt;</span>
<a id="__codelineno-8-5" name="__codelineno-8-5" href="#__codelineno-8-5"></a><span class="c1"># app.kubernetes.io/version: &lt;chart-version&gt;</span>
<a id="__codelineno-8-6" name="__codelineno-8-6" href="#__codelineno-8-6"></a><span class="c1"># app.kubernetes.io/managed-by: Helm</span>
</code></pre></div>
<h4 id="forteappselectorlabels"><code>forteapp.selectorLabels</code><a class="headerlink" href="#forteappselectorlabels" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1" href="#__codelineno-9-1"></a><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.selectorLabels&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-9-2" name="__codelineno-9-2" href="#__codelineno-9-2"></a><span class="c1"># Output:</span>
<a id="__codelineno-9-3" name="__codelineno-9-3" href="#__codelineno-9-3"></a><span class="c1"># app.kubernetes.io/name: forteapp</span>
<a id="__codelineno-9-4" name="__codelineno-9-4" href="#__codelineno-9-4"></a><span class="c1"># app.kubernetes.io/instance: &lt;release-name&gt;</span>
</code></pre></div>
<h3 id="deployment-specification">Deployment Specification<a class="headerlink" href="#deployment-specification" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1" href="#__codelineno-10-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apps/v1</span>
<a id="__codelineno-10-2" name="__codelineno-10-2" href="#__codelineno-10-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Deployment</span>
<a id="__codelineno-10-3" name="__codelineno-10-3" href="#__codelineno-10-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-10-4" name="__codelineno-10-4" href="#__codelineno-10-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.fullname&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-5" name="__codelineno-10-5" href="#__codelineno-10-5"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-10-6" name="__codelineno-10-6" href="#__codelineno-10-6"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- include &quot;forteapp.labels&quot; . | nindent 4</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-7" name="__codelineno-10-7" href="#__codelineno-10-7"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-10-8" name="__codelineno-10-8" href="#__codelineno-10-8"></a><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.app.replicaCount</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-9" name="__codelineno-10-9" href="#__codelineno-10-9"></a><span class="w"> </span><span class="nt">selector</span><span class="p">:</span>
<a id="__codelineno-10-10" name="__codelineno-10-10" href="#__codelineno-10-10"></a><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span>
<a id="__codelineno-10-11" name="__codelineno-10-11" href="#__codelineno-10-11"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- include &quot;forteapp.selectorLabels&quot; . | nindent 6</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-12" name="__codelineno-10-12" href="#__codelineno-10-12"></a><span class="w"> </span><span class="nt">template</span><span class="p">:</span>
<a id="__codelineno-10-13" name="__codelineno-10-13" href="#__codelineno-10-13"></a><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-10-14" name="__codelineno-10-14" href="#__codelineno-10-14"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span>
<a id="__codelineno-10-15" name="__codelineno-10-15" href="#__codelineno-10-15"></a><span class="w"> </span><span class="nt">policies.forteapps.io/auth</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.auth.enabled | quote</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-16" name="__codelineno-10-16" href="#__codelineno-10-16"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-10-17" name="__codelineno-10-17" href="#__codelineno-10-17"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- include &quot;forteapp.selectorLabels&quot; . | nindent 8</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-18" name="__codelineno-10-18" href="#__codelineno-10-18"></a><span class="w"> </span><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-10-19" name="__codelineno-10-19" href="#__codelineno-10-19"></a><span class="w"> </span><span class="nt">containers</span><span class="p">:</span>
<a id="__codelineno-10-20" name="__codelineno-10-20" href="#__codelineno-10-20"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app</span>
<a id="__codelineno-10-21" name="__codelineno-10-21" href="#__codelineno-10-21"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.Values.app.image.repository</span><span class="nv"> </span><span class="s">}}:{{</span><span class="nv"> </span><span class="s">.Values.app.image.tag</span><span class="nv"> </span><span class="s">}}&quot;</span>
<a id="__codelineno-10-22" name="__codelineno-10-22" href="#__codelineno-10-22"></a><span class="w"> </span><span class="nt">imagePullPolicy</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.app.image.pullPolicy</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-23" name="__codelineno-10-23" href="#__codelineno-10-23"></a><span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
<a id="__codelineno-10-24" name="__codelineno-10-24" href="#__codelineno-10-24"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http</span>
<a id="__codelineno-10-25" name="__codelineno-10-25" href="#__codelineno-10-25"></a><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.app.image.containerPort</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-26" name="__codelineno-10-26" href="#__codelineno-10-26"></a><span class="w"> </span><span class="nt">env</span><span class="p">:</span>
<a id="__codelineno-10-27" name="__codelineno-10-27" href="#__codelineno-10-27"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">NODE_ENV</span>
<a id="__codelineno-10-28" name="__codelineno-10-28" href="#__codelineno-10-28"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.app.nodeEnv | quote</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-29" name="__codelineno-10-29" href="#__codelineno-10-29"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- with .Values.app.extraEnv</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-30" name="__codelineno-10-30" href="#__codelineno-10-30"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- toYaml . | nindent 8</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-31" name="__codelineno-10-31" href="#__codelineno-10-31"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- end</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-32" name="__codelineno-10-32" href="#__codelineno-10-32"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- if .Values.app.envSecretName</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-33" name="__codelineno-10-33" href="#__codelineno-10-33"></a><span class="w"> </span><span class="nt">envFrom</span><span class="p">:</span>
<a id="__codelineno-10-34" name="__codelineno-10-34" href="#__codelineno-10-34"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretRef</span><span class="p">:</span>
<a id="__codelineno-10-35" name="__codelineno-10-35" href="#__codelineno-10-35"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.app.envSecretName</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-36" name="__codelineno-10-36" href="#__codelineno-10-36"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- end</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-37" name="__codelineno-10-37" href="#__codelineno-10-37"></a><span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-10-38" name="__codelineno-10-38" href="#__codelineno-10-38"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- toYaml .Values.app.resources | nindent 10</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-10-39" name="__codelineno-10-39" href="#__codelineno-10-39"></a><span class="w"> </span><span class="nt">securityContext</span><span class="p">:</span>
<a id="__codelineno-10-40" name="__codelineno-10-40" href="#__codelineno-10-40"></a><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-10-41" name="__codelineno-10-41" href="#__codelineno-10-41"></a><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
</code></pre></div>
<h3 id="ingressroute-specification">IngressRoute Specification<a class="headerlink" href="#ingressroute-specification" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1" href="#__codelineno-11-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">traefik.io/v1alpha1</span>
<a id="__codelineno-11-2" name="__codelineno-11-2" href="#__codelineno-11-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">IngressRoute</span>
<a id="__codelineno-11-3" name="__codelineno-11-3" href="#__codelineno-11-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-11-4" name="__codelineno-11-4" href="#__codelineno-11-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.fullname&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-11-5" name="__codelineno-11-5" href="#__codelineno-11-5"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-11-6" name="__codelineno-11-6" href="#__codelineno-11-6"></a><span class="w"> </span><span class="nt">entryPoints</span><span class="p">:</span>
<a id="__codelineno-11-7" name="__codelineno-11-7" href="#__codelineno-11-7"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.ingress.entrypoint</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-11-8" name="__codelineno-11-8" href="#__codelineno-11-8"></a><span class="w"> </span><span class="nt">routes</span><span class="p">:</span>
<a id="__codelineno-11-9" name="__codelineno-11-9" href="#__codelineno-11-9"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Host(`{{ .Values.ingress.host }}`)</span>
<a id="__codelineno-11-10" name="__codelineno-11-10" href="#__codelineno-11-10"></a><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Rule</span>
<a id="__codelineno-11-11" name="__codelineno-11-11" href="#__codelineno-11-11"></a><span class="w"> </span><span class="nt">services</span><span class="p">:</span>
<a id="__codelineno-11-12" name="__codelineno-11-12" href="#__codelineno-11-12"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.fullname&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-11-13" name="__codelineno-11-13" href="#__codelineno-11-13"></a><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.service.port</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-11-14" name="__codelineno-11-14" href="#__codelineno-11-14"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- if .Values.ingress.tls.enabled</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-11-15" name="__codelineno-11-15" href="#__codelineno-11-15"></a><span class="w"> </span><span class="nt">tls</span><span class="p">:</span>
<a id="__codelineno-11-16" name="__codelineno-11-16" href="#__codelineno-11-16"></a><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">default .Release.Name .Values.ingress.tls.secretName</span><span class="w"> </span><span class="p p-Indicator">}}</span><span class="l l-Scalar l-Scalar-Plain">-tls</span>
<a id="__codelineno-11-17" name="__codelineno-11-17" href="#__codelineno-11-17"></a><span class="w"> </span><span class="p p-Indicator">{{</span><span class="nv">- end</span><span class="w"> </span><span class="p p-Indicator">}}</span>
</code></pre></div>
<h3 id="certificate-specification">Certificate Specification<a class="headerlink" href="#certificate-specification" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1" href="#__codelineno-12-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert-manager.io/v1</span>
<a id="__codelineno-12-2" name="__codelineno-12-2" href="#__codelineno-12-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Certificate</span>
<a id="__codelineno-12-3" name="__codelineno-12-3" href="#__codelineno-12-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-12-4" name="__codelineno-12-4" href="#__codelineno-12-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">include &quot;forteapp.fullname&quot; .</span><span class="w"> </span><span class="p p-Indicator">}}</span><span class="l l-Scalar l-Scalar-Plain">-tls</span>
<a id="__codelineno-12-5" name="__codelineno-12-5" href="#__codelineno-12-5"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-12-6" name="__codelineno-12-6" href="#__codelineno-12-6"></a><span class="w"> </span><span class="nt">secretName</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">default .Release.Name .Values.ingress.tls.secretName</span><span class="w"> </span><span class="p p-Indicator">}}</span><span class="l l-Scalar l-Scalar-Plain">-tls</span>
<a id="__codelineno-12-7" name="__codelineno-12-7" href="#__codelineno-12-7"></a><span class="w"> </span><span class="nt">issuerRef</span><span class="p">:</span>
<a id="__codelineno-12-8" name="__codelineno-12-8" href="#__codelineno-12-8"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.ingress.tls.clusterIssuer</span><span class="w"> </span><span class="p p-Indicator">}}</span>
<a id="__codelineno-12-9" name="__codelineno-12-9" href="#__codelineno-12-9"></a><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterIssuer</span>
<a id="__codelineno-12-10" name="__codelineno-12-10" href="#__codelineno-12-10"></a><span class="w"> </span><span class="nt">dnsNames</span><span class="p">:</span>
<a id="__codelineno-12-11" name="__codelineno-12-11" href="#__codelineno-12-11"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="p p-Indicator">{{</span><span class="w"> </span><span class="nv">.Values.ingress.host</span><span class="w"> </span><span class="p p-Indicator">}}</span>
</code></pre></div>
<hr />
<h2 id="argocd-configuration">ArgoCD Configuration<a class="headerlink" href="#argocd-configuration" title="Permanent link">&para;</a></h2>
<h3 id="application-manifest-schema">Application Manifest Schema<a class="headerlink" href="#application-manifest-schema" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-13-1" name="__codelineno-13-1" href="#__codelineno-13-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">argoproj.io/v1alpha1</span>
<a id="__codelineno-13-2" name="__codelineno-13-2" href="#__codelineno-13-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Application</span>
<a id="__codelineno-13-3" name="__codelineno-13-3" href="#__codelineno-13-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-13-4" name="__codelineno-13-4" href="#__codelineno-13-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-name&gt;</span>
<a id="__codelineno-13-5" name="__codelineno-13-5" href="#__codelineno-13-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">argocd</span>
<a id="__codelineno-13-6" name="__codelineno-13-6" href="#__codelineno-13-6"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span>
<a id="__codelineno-13-7" name="__codelineno-13-7" href="#__codelineno-13-7"></a><span class="w"> </span><span class="nt">argocd.argoproj.io/sync-wave</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1&quot;</span>
<a id="__codelineno-13-8" name="__codelineno-13-8" href="#__codelineno-13-8"></a><span class="w"> </span><span class="nt">notifications.argoproj.io/subscribe.on-sync-succeeded.slack</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-13-9" name="__codelineno-13-9" href="#__codelineno-13-9"></a><span class="w"> </span><span class="nt">notifications.argoproj.io/subscribe.on-sync-failed.slack</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-13-10" name="__codelineno-13-10" href="#__codelineno-13-10"></a><span class="w"> </span><span class="nt">notifications.argoproj.io/subscribe.on-degraded.slack</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-13-11" name="__codelineno-13-11" href="#__codelineno-13-11"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-13-12" name="__codelineno-13-12" href="#__codelineno-13-12"></a><span class="w"> </span><span class="nt">app.kubernetes.io/name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-name&gt;</span>
<a id="__codelineno-13-13" name="__codelineno-13-13" href="#__codelineno-13-13"></a><span class="w"> </span><span class="nt">app.kubernetes.io/part-of</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apps</span>
<a id="__codelineno-13-14" name="__codelineno-13-14" href="#__codelineno-13-14"></a><span class="w"> </span><span class="nt">app.kubernetes.io/managed-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">argocd</span>
<a id="__codelineno-13-15" name="__codelineno-13-15" href="#__codelineno-13-15"></a><span class="w"> </span><span class="nt">finalizers</span><span class="p">:</span>
<a id="__codelineno-13-16" name="__codelineno-13-16" href="#__codelineno-13-16"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">resources-finalizer.argocd.argoproj.io</span>
<a id="__codelineno-13-17" name="__codelineno-13-17" href="#__codelineno-13-17"></a>
<a id="__codelineno-13-18" name="__codelineno-13-18" href="#__codelineno-13-18"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-13-19" name="__codelineno-13-19" href="#__codelineno-13-19"></a><span class="w"> </span><span class="nt">project</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span>
<a id="__codelineno-13-20" name="__codelineno-13-20" href="#__codelineno-13-20"></a>
<a id="__codelineno-13-21" name="__codelineno-13-21" href="#__codelineno-13-21"></a><span class="w"> </span><span class="c1"># Multi-source configuration</span>
<a id="__codelineno-13-22" name="__codelineno-13-22" href="#__codelineno-13-22"></a><span class="w"> </span><span class="nt">sources</span><span class="p">:</span>
<a id="__codelineno-13-23" name="__codelineno-13-23" href="#__codelineno-13-23"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">repoURL</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://github.com/fortedigital/forte-helm</span>
<a id="__codelineno-13-24" name="__codelineno-13-24" href="#__codelineno-13-24"></a><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">forteapp</span>
<a id="__codelineno-13-25" name="__codelineno-13-25" href="#__codelineno-13-25"></a><span class="w"> </span><span class="nt">targetRevision</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">HEAD</span>
<a id="__codelineno-13-26" name="__codelineno-13-26" href="#__codelineno-13-26"></a><span class="w"> </span><span class="nt">helm</span><span class="p">:</span>
<a id="__codelineno-13-27" name="__codelineno-13-27" href="#__codelineno-13-27"></a><span class="w"> </span><span class="nt">valueFiles</span><span class="p">:</span>
<a id="__codelineno-13-28" name="__codelineno-13-28" href="#__codelineno-13-28"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">$values/&lt;app-name&gt;/values.yaml</span>
<a id="__codelineno-13-29" name="__codelineno-13-29" href="#__codelineno-13-29"></a>
<a id="__codelineno-13-30" name="__codelineno-13-30" href="#__codelineno-13-30"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">repoURL</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">git@github.com:fortedigital/helm-values.git</span>
<a id="__codelineno-13-31" name="__codelineno-13-31" href="#__codelineno-13-31"></a><span class="w"> </span><span class="nt">targetRevision</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">HEAD</span>
<a id="__codelineno-13-32" name="__codelineno-13-32" href="#__codelineno-13-32"></a><span class="w"> </span><span class="nt">ref</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">values</span>
<a id="__codelineno-13-33" name="__codelineno-13-33" href="#__codelineno-13-33"></a>
<a id="__codelineno-13-34" name="__codelineno-13-34" href="#__codelineno-13-34"></a><span class="w"> </span><span class="nt">destination</span><span class="p">:</span>
<a id="__codelineno-13-35" name="__codelineno-13-35" href="#__codelineno-13-35"></a><span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://kubernetes.default.svc</span>
<a id="__codelineno-13-36" name="__codelineno-13-36" href="#__codelineno-13-36"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-name&gt;</span>
<a id="__codelineno-13-37" name="__codelineno-13-37" href="#__codelineno-13-37"></a>
<a id="__codelineno-13-38" name="__codelineno-13-38" href="#__codelineno-13-38"></a><span class="w"> </span><span class="nt">syncPolicy</span><span class="p">:</span>
<a id="__codelineno-13-39" name="__codelineno-13-39" href="#__codelineno-13-39"></a><span class="w"> </span><span class="nt">automated</span><span class="p">:</span>
<a id="__codelineno-13-40" name="__codelineno-13-40" href="#__codelineno-13-40"></a><span class="w"> </span><span class="nt">prune</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-13-41" name="__codelineno-13-41" href="#__codelineno-13-41"></a><span class="w"> </span><span class="nt">selfHeal</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-13-42" name="__codelineno-13-42" href="#__codelineno-13-42"></a><span class="w"> </span><span class="nt">allowEmpty</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-13-43" name="__codelineno-13-43" href="#__codelineno-13-43"></a>
<a id="__codelineno-13-44" name="__codelineno-13-44" href="#__codelineno-13-44"></a><span class="w"> </span><span class="nt">syncOptions</span><span class="p">:</span>
<a id="__codelineno-13-45" name="__codelineno-13-45" href="#__codelineno-13-45"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">CreateNamespace=true</span>
<a id="__codelineno-13-46" name="__codelineno-13-46" href="#__codelineno-13-46"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Validate=true</span>
<a id="__codelineno-13-47" name="__codelineno-13-47" href="#__codelineno-13-47"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ServerSideApply=true</span>
<a id="__codelineno-13-48" name="__codelineno-13-48" href="#__codelineno-13-48"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Replace=false</span>
<a id="__codelineno-13-49" name="__codelineno-13-49" href="#__codelineno-13-49"></a>
<a id="__codelineno-13-50" name="__codelineno-13-50" href="#__codelineno-13-50"></a><span class="w"> </span><span class="nt">retry</span><span class="p">:</span>
<a id="__codelineno-13-51" name="__codelineno-13-51" href="#__codelineno-13-51"></a><span class="w"> </span><span class="nt">limit</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
<a id="__codelineno-13-52" name="__codelineno-13-52" href="#__codelineno-13-52"></a><span class="w"> </span><span class="nt">backoff</span><span class="p">:</span>
<a id="__codelineno-13-53" name="__codelineno-13-53" href="#__codelineno-13-53"></a><span class="w"> </span><span class="nt">duration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5s</span>
<a id="__codelineno-13-54" name="__codelineno-13-54" href="#__codelineno-13-54"></a><span class="w"> </span><span class="nt">factor</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<a id="__codelineno-13-55" name="__codelineno-13-55" href="#__codelineno-13-55"></a><span class="w"> </span><span class="nt">maxDuration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3m</span>
<a id="__codelineno-13-56" name="__codelineno-13-56" href="#__codelineno-13-56"></a>
<a id="__codelineno-13-57" name="__codelineno-13-57" href="#__codelineno-13-57"></a><span class="w"> </span><span class="nt">ignoreDifferences</span><span class="p">:</span>
<a id="__codelineno-13-58" name="__codelineno-13-58" href="#__codelineno-13-58"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apps</span>
<a id="__codelineno-13-59" name="__codelineno-13-59" href="#__codelineno-13-59"></a><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Deployment</span>
<a id="__codelineno-13-60" name="__codelineno-13-60" href="#__codelineno-13-60"></a><span class="w"> </span><span class="nt">jsonPointers</span><span class="p">:</span>
<a id="__codelineno-13-61" name="__codelineno-13-61" href="#__codelineno-13-61"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/spec/replicas</span>
</code></pre></div>
<h3 id="sync-waves">Sync Waves<a class="headerlink" href="#sync-waves" title="Permanent link">&para;</a></h3>
<table>
<thead>
<tr>
<th>Wave</th>
<th>Components</th>
<th>Purpose</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>-1</code></td>
<td>Namespaces</td>
<td>Create namespaces first</td>
</tr>
<tr>
<td><code>0</code></td>
<td>Kyverno</td>
<td>Install policy engine</td>
</tr>
<tr>
<td><code>1</code></td>
<td>Cluster resources, infrastructure</td>
<td>Base infrastructure</td>
</tr>
<tr>
<td><code>2+</code></td>
<td>Applications</td>
<td>Business applications</td>
</tr>
</tbody>
</table>
<h3 id="sync-options">Sync Options<a class="headerlink" href="#sync-options" title="Permanent link">&para;</a></h3>
<table>
<thead>
<tr>
<th>Option</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>CreateNamespace=true</code></td>
<td>Automatically create target namespace</td>
</tr>
<tr>
<td><code>Validate=true</code></td>
<td>Validate resources before applying</td>
</tr>
<tr>
<td><code>ServerSideApply=true</code></td>
<td>Use server-side apply (safer)</td>
</tr>
<tr>
<td><code>Replace=false</code></td>
<td>Don't use kubectl replace</td>
</tr>
<tr>
<td><code>Prune=true</code></td>
<td>Delete resources not in Git</td>
</tr>
</tbody>
</table>
<h3 id="retry-policy">Retry Policy<a class="headerlink" href="#retry-policy" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-14-1" name="__codelineno-14-1" href="#__codelineno-14-1"></a><span class="nt">retry</span><span class="p">:</span>
<a id="__codelineno-14-2" name="__codelineno-14-2" href="#__codelineno-14-2"></a><span class="w"> </span><span class="nt">limit</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span><span class="w"> </span><span class="c1"># Max retry attempts</span>
<a id="__codelineno-14-3" name="__codelineno-14-3" href="#__codelineno-14-3"></a><span class="w"> </span><span class="nt">backoff</span><span class="p">:</span>
<a id="__codelineno-14-4" name="__codelineno-14-4" href="#__codelineno-14-4"></a><span class="w"> </span><span class="nt">duration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5s</span><span class="w"> </span><span class="c1"># Initial backoff</span>
<a id="__codelineno-14-5" name="__codelineno-14-5" href="#__codelineno-14-5"></a><span class="w"> </span><span class="nt">factor</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span><span class="w"> </span><span class="c1"># Exponential factor</span>
<a id="__codelineno-14-6" name="__codelineno-14-6" href="#__codelineno-14-6"></a><span class="w"> </span><span class="nt">maxDuration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3m</span><span class="w"> </span><span class="c1"># Max backoff time</span>
</code></pre></div>
<p><strong>Retry Schedule</strong>:
1. 5 seconds
2. 10 seconds
3. 20 seconds
4. 40 seconds
5. 80 seconds (capped at 3 minutes)</p>
<hr />
<h2 id="infrastructure-components">Infrastructure Components<a class="headerlink" href="#infrastructure-components" title="Permanent link">&para;</a></h2>
<h3 id="traefik">Traefik<a class="headerlink" href="#traefik" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>traefik/traefik</code>
<strong>Version</strong>: Latest
<strong>Namespace</strong>: <code>traefik</code></p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-15-1" name="__codelineno-15-1" href="#__codelineno-15-1"></a><span class="c1"># infra/base/traefik-application.yaml</span>
<a id="__codelineno-15-2" name="__codelineno-15-2" href="#__codelineno-15-2"></a><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<a id="__codelineno-15-3" name="__codelineno-15-3" href="#__codelineno-15-3"></a>
<a id="__codelineno-15-4" name="__codelineno-15-4" href="#__codelineno-15-4"></a><span class="nt">service</span><span class="p">:</span>
<a id="__codelineno-15-5" name="__codelineno-15-5" href="#__codelineno-15-5"></a><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">LoadBalancer</span>
<a id="__codelineno-15-6" name="__codelineno-15-6" href="#__codelineno-15-6"></a>
<a id="__codelineno-15-7" name="__codelineno-15-7" href="#__codelineno-15-7"></a><span class="nt">ingressRoute</span><span class="p">:</span>
<a id="__codelineno-15-8" name="__codelineno-15-8" href="#__codelineno-15-8"></a><span class="w"> </span><span class="nt">dashboard</span><span class="p">:</span>
<a id="__codelineno-15-9" name="__codelineno-15-9" href="#__codelineno-15-9"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-15-10" name="__codelineno-15-10" href="#__codelineno-15-10"></a>
<a id="__codelineno-15-11" name="__codelineno-15-11" href="#__codelineno-15-11"></a><span class="nt">ports</span><span class="p">:</span>
<a id="__codelineno-15-12" name="__codelineno-15-12" href="#__codelineno-15-12"></a><span class="w"> </span><span class="nt">web</span><span class="p">:</span>
<a id="__codelineno-15-13" name="__codelineno-15-13" href="#__codelineno-15-13"></a><span class="w"> </span><span class="nt">redirectTo</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">websecure</span><span class="w"> </span><span class="c1"># HTTP → HTTPS redirect</span>
<a id="__codelineno-15-14" name="__codelineno-15-14" href="#__codelineno-15-14"></a><span class="w"> </span><span class="nt">websecure</span><span class="p">:</span>
<a id="__codelineno-15-15" name="__codelineno-15-15" href="#__codelineno-15-15"></a><span class="w"> </span><span class="nt">tls</span><span class="p">:</span>
<a id="__codelineno-15-16" name="__codelineno-15-16" href="#__codelineno-15-16"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</code></pre></div></p>
<p><strong>Endpoints</strong>:
- HTTP: <code>:80</code> → Redirects to HTTPS
- HTTPS: <code>:443</code></p>
<h3 id="cert-manager">Cert-Manager<a class="headerlink" href="#cert-manager" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>jetstack/cert-manager</code>
<strong>Namespace</strong>: <code>cert-manager</code></p>
<p><strong>ClusterIssuer</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-16-1" name="__codelineno-16-1" href="#__codelineno-16-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert-manager.io/v1</span>
<a id="__codelineno-16-2" name="__codelineno-16-2" href="#__codelineno-16-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterIssuer</span>
<a id="__codelineno-16-3" name="__codelineno-16-3" href="#__codelineno-16-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-16-4" name="__codelineno-16-4" href="#__codelineno-16-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">letsencrypt-prod</span>
<a id="__codelineno-16-5" name="__codelineno-16-5" href="#__codelineno-16-5"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-16-6" name="__codelineno-16-6" href="#__codelineno-16-6"></a><span class="w"> </span><span class="nt">acme</span><span class="p">:</span>
<a id="__codelineno-16-7" name="__codelineno-16-7" href="#__codelineno-16-7"></a><span class="w"> </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-v02.api.letsencrypt.org/directory</span>
<a id="__codelineno-16-8" name="__codelineno-16-8" href="#__codelineno-16-8"></a><span class="w"> </span><span class="nt">email</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin@forteapps.net</span>
<a id="__codelineno-16-9" name="__codelineno-16-9" href="#__codelineno-16-9"></a><span class="w"> </span><span class="nt">privateKeySecretRef</span><span class="p">:</span>
<a id="__codelineno-16-10" name="__codelineno-16-10" href="#__codelineno-16-10"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">letsencrypt-prod-key</span>
<a id="__codelineno-16-11" name="__codelineno-16-11" href="#__codelineno-16-11"></a><span class="w"> </span><span class="nt">solvers</span><span class="p">:</span>
<a id="__codelineno-16-12" name="__codelineno-16-12" href="#__codelineno-16-12"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">http01</span><span class="p">:</span>
<a id="__codelineno-16-13" name="__codelineno-16-13" href="#__codelineno-16-13"></a><span class="w"> </span><span class="nt">ingress</span><span class="p">:</span>
<a id="__codelineno-16-14" name="__codelineno-16-14" href="#__codelineno-16-14"></a><span class="w"> </span><span class="nt">class</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">traefik</span>
</code></pre></div></p>
<h3 id="kyverno">Kyverno<a class="headerlink" href="#kyverno" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>kyverno/kyverno</code>
<strong>Namespace</strong>: <code>kyverno</code></p>
<p><strong>Policies</strong>:
- Secret cloner
- Default namespace blocker
- Bare pod cleaner
- ReplicaSet cleaner
- Deployment verifier
- Auth sidecar injector</p>
<h3 id="sealed-secrets">Sealed Secrets<a class="headerlink" href="#sealed-secrets" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>sealed-secrets/sealed-secrets-controller</code>
<strong>Namespace</strong>: <code>kube-system</code></p>
<p><strong>Public Certificate</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-17-1" name="__codelineno-17-1" href="#__codelineno-17-1"></a>kubeseal<span class="w"> </span>--fetch-cert<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-17-2" name="__codelineno-17-2" href="#__codelineno-17-2"></a><span class="w"> </span>--controller-name<span class="o">=</span>sealed-secrets-controller<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-17-3" name="__codelineno-17-3" href="#__codelineno-17-3"></a><span class="w"> </span>--controller-namespace<span class="o">=</span>kube-system<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-17-4" name="__codelineno-17-4" href="#__codelineno-17-4"></a><span class="w"> </span>&gt;<span class="w"> </span>pub-cert.pem
</code></pre></div></p>
<h3 id="prometheus">Prometheus<a class="headerlink" href="#prometheus" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>prometheus-community/prometheus</code>
<strong>Namespace</strong>: <code>monitoring</code></p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-18-1" name="__codelineno-18-1" href="#__codelineno-18-1"></a><span class="nt">server</span><span class="p">:</span>
<a id="__codelineno-18-2" name="__codelineno-18-2" href="#__codelineno-18-2"></a><span class="w"> </span><span class="nt">persistentVolume</span><span class="p">:</span>
<a id="__codelineno-18-3" name="__codelineno-18-3" href="#__codelineno-18-3"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-18-4" name="__codelineno-18-4" href="#__codelineno-18-4"></a><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10Gi</span>
<a id="__codelineno-18-5" name="__codelineno-18-5" href="#__codelineno-18-5"></a>
<a id="__codelineno-18-6" name="__codelineno-18-6" href="#__codelineno-18-6"></a><span class="nt">alertmanager</span><span class="p">:</span>
<a id="__codelineno-18-7" name="__codelineno-18-7" href="#__codelineno-18-7"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-18-8" name="__codelineno-18-8" href="#__codelineno-18-8"></a>
<a id="__codelineno-18-9" name="__codelineno-18-9" href="#__codelineno-18-9"></a><span class="nt">nodeExporter</span><span class="p">:</span>
<a id="__codelineno-18-10" name="__codelineno-18-10" href="#__codelineno-18-10"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-18-11" name="__codelineno-18-11" href="#__codelineno-18-11"></a>
<a id="__codelineno-18-12" name="__codelineno-18-12" href="#__codelineno-18-12"></a><span class="nt">kubeStateMetrics</span><span class="p">:</span>
<a id="__codelineno-18-13" name="__codelineno-18-13" href="#__codelineno-18-13"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</code></pre></div></p>
<h3 id="grafana">Grafana<a class="headerlink" href="#grafana" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>grafana/grafana</code>
<strong>Namespace</strong>: <code>monitoring</code></p>
<p><strong>Datasources</strong>:
- Prometheus
- Loki
- Tempo</p>
<h3 id="loki">Loki<a class="headerlink" href="#loki" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>grafana/loki-stack</code>
<strong>Namespace</strong>: <code>monitoring</code></p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-19-1" name="__codelineno-19-1" href="#__codelineno-19-1"></a><span class="nt">loki</span><span class="p">:</span>
<a id="__codelineno-19-2" name="__codelineno-19-2" href="#__codelineno-19-2"></a><span class="w"> </span><span class="nt">persistence</span><span class="p">:</span>
<a id="__codelineno-19-3" name="__codelineno-19-3" href="#__codelineno-19-3"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-19-4" name="__codelineno-19-4" href="#__codelineno-19-4"></a><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10Gi</span>
<a id="__codelineno-19-5" name="__codelineno-19-5" href="#__codelineno-19-5"></a>
<a id="__codelineno-19-6" name="__codelineno-19-6" href="#__codelineno-19-6"></a><span class="nt">promtail</span><span class="p">:</span>
<a id="__codelineno-19-7" name="__codelineno-19-7" href="#__codelineno-19-7"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span><span class="w"> </span><span class="c1"># Using Fluent-Bit instead</span>
</code></pre></div></p>
<h3 id="tempo">Tempo<a class="headerlink" href="#tempo" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>grafana/tempo</code>
<strong>Version</strong>: 1.24.4
<strong>Namespace</strong>: <code>monitoring</code></p>
<p><strong>Purpose</strong>: Distributed tracing backend receiving OTLP traces from Traefik and other instrumented services.</p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-20-1" name="__codelineno-20-1" href="#__codelineno-20-1"></a><span class="nt">tempo</span><span class="p">:</span>
<a id="__codelineno-20-2" name="__codelineno-20-2" href="#__codelineno-20-2"></a><span class="w"> </span><span class="nt">storage</span><span class="p">:</span>
<a id="__codelineno-20-3" name="__codelineno-20-3" href="#__codelineno-20-3"></a><span class="w"> </span><span class="nt">trace</span><span class="p">:</span>
<a id="__codelineno-20-4" name="__codelineno-20-4" href="#__codelineno-20-4"></a><span class="w"> </span><span class="nt">backend</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">local</span>
<a id="__codelineno-20-5" name="__codelineno-20-5" href="#__codelineno-20-5"></a><span class="w"> </span><span class="nt">local</span><span class="p">:</span>
<a id="__codelineno-20-6" name="__codelineno-20-6" href="#__codelineno-20-6"></a><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/var/tempo/traces</span>
<a id="__codelineno-20-7" name="__codelineno-20-7" href="#__codelineno-20-7"></a><span class="w"> </span><span class="nt">receivers</span><span class="p">:</span>
<a id="__codelineno-20-8" name="__codelineno-20-8" href="#__codelineno-20-8"></a><span class="w"> </span><span class="nt">otlp</span><span class="p">:</span>
<a id="__codelineno-20-9" name="__codelineno-20-9" href="#__codelineno-20-9"></a><span class="w"> </span><span class="nt">protocols</span><span class="p">:</span>
<a id="__codelineno-20-10" name="__codelineno-20-10" href="#__codelineno-20-10"></a><span class="w"> </span><span class="nt">grpc</span><span class="p">:</span>
<a id="__codelineno-20-11" name="__codelineno-20-11" href="#__codelineno-20-11"></a><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;0.0.0.0:4317&quot;</span>
<a id="__codelineno-20-12" name="__codelineno-20-12" href="#__codelineno-20-12"></a><span class="w"> </span><span class="nt">http</span><span class="p">:</span>
<a id="__codelineno-20-13" name="__codelineno-20-13" href="#__codelineno-20-13"></a><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;0.0.0.0:4318&quot;</span>
<a id="__codelineno-20-14" name="__codelineno-20-14" href="#__codelineno-20-14"></a>
<a id="__codelineno-20-15" name="__codelineno-20-15" href="#__codelineno-20-15"></a><span class="nt">persistence</span><span class="p">:</span>
<a id="__codelineno-20-16" name="__codelineno-20-16" href="#__codelineno-20-16"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-20-17" name="__codelineno-20-17" href="#__codelineno-20-17"></a><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10Gi</span>
</code></pre></div></p>
<p><strong>Endpoints</strong>:
- gRPC OTLP receiver: <code>:4317</code>
- HTTP OTLP receiver: <code>:4318</code>
- Query API: <code>:3200</code></p>
<p><strong>Grafana Integration</strong>:
- Trace-to-logs correlation with Loki (by namespace, pod, container)
- Trace-to-metrics correlation with Prometheus (by service name)
- Service graph and node graph visualization</p>
<h3 id="fluent-bit">Fluent-Bit<a class="headerlink" href="#fluent-bit" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>fluent/fluent-bit</code>
<strong>Namespace</strong>: <code>monitoring</code></p>
<p><strong>Output</strong>: Loki</p>
<h3 id="gitea">Gitea<a class="headerlink" href="#gitea" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>gitea/gitea</code>
<strong>Version</strong>: 12.5.0 (app v1.25.4)
<strong>Namespace</strong>: <code>gitea</code></p>
<p><strong>Purpose</strong>: Self-hosted Git repository hosting with pull requests, issues, CI/CD (Gitea Actions), container registry, and package registry.</p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-21-1" name="__codelineno-21-1" href="#__codelineno-21-1"></a><span class="c1"># infra/base/gitea.yaml + infra/values/base/gitea-values.yaml</span>
<a id="__codelineno-21-2" name="__codelineno-21-2" href="#__codelineno-21-2"></a><span class="nt">ingress</span><span class="p">:</span>
<a id="__codelineno-21-3" name="__codelineno-21-3" href="#__codelineno-21-3"></a><span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">git.forteapps.net</span>
<a id="__codelineno-21-4" name="__codelineno-21-4" href="#__codelineno-21-4"></a><span class="w"> </span><span class="nt">tls</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert-manager (letsencrypt-prod)</span>
<a id="__codelineno-21-5" name="__codelineno-21-5" href="#__codelineno-21-5"></a>
<a id="__codelineno-21-6" name="__codelineno-21-6" href="#__codelineno-21-6"></a><span class="nt">gitea</span><span class="p">:</span>
<a id="__codelineno-21-7" name="__codelineno-21-7" href="#__codelineno-21-7"></a><span class="w"> </span><span class="nt">admin</span><span class="p">:</span>
<a id="__codelineno-21-8" name="__codelineno-21-8" href="#__codelineno-21-8"></a><span class="w"> </span><span class="nt">existingSecret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gitea-credentials</span>
<a id="__codelineno-21-9" name="__codelineno-21-9" href="#__codelineno-21-9"></a><span class="w"> </span><span class="nt">config</span><span class="p">:</span>
<a id="__codelineno-21-10" name="__codelineno-21-10" href="#__codelineno-21-10"></a><span class="w"> </span><span class="nt">service</span><span class="p">:</span>
<a id="__codelineno-21-11" name="__codelineno-21-11" href="#__codelineno-21-11"></a><span class="w"> </span><span class="nt">DISABLE_REGISTRATION</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-21-12" name="__codelineno-21-12" href="#__codelineno-21-12"></a><span class="w"> </span><span class="nt">ALLOW_ONLY_EXTERNAL_REGISTRATION</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-21-13" name="__codelineno-21-13" href="#__codelineno-21-13"></a><span class="w"> </span><span class="nt">actions</span><span class="p">:</span>
<a id="__codelineno-21-14" name="__codelineno-21-14" href="#__codelineno-21-14"></a><span class="w"> </span><span class="nt">ENABLED</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-21-15" name="__codelineno-21-15" href="#__codelineno-21-15"></a><span class="w"> </span><span class="nt">packages</span><span class="p">:</span>
<a id="__codelineno-21-16" name="__codelineno-21-16" href="#__codelineno-21-16"></a><span class="w"> </span><span class="nt">ENABLED</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-21-17" name="__codelineno-21-17" href="#__codelineno-21-17"></a><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span>
<a id="__codelineno-21-18" name="__codelineno-21-18" href="#__codelineno-21-18"></a><span class="w"> </span><span class="nt">ENABLED</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-21-19" name="__codelineno-21-19" href="#__codelineno-21-19"></a>
<a id="__codelineno-21-20" name="__codelineno-21-20" href="#__codelineno-21-20"></a><span class="nt">postgresql</span><span class="p">:</span>
<a id="__codelineno-21-21" name="__codelineno-21-21" href="#__codelineno-21-21"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-21-22" name="__codelineno-21-22" href="#__codelineno-21-22"></a><span class="w"> </span><span class="nt">persistence</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8Gi (upcloud-block-storage-maxiops)</span>
</code></pre></div></p>
<p><strong>Authentication</strong>: Keycloak OIDC via <code>forte</code> realm (client ID: <code>gitea</code>). Protocol mapper: <code>email_verified</code> hardcoded claim (<code>true</code>, boolean) on ID token, Access token, and Userinfo.</p>
<p><strong>Endpoints</strong>:
- Web UI: <code>https://git.forteapps.net</code>
- SSH: port 22 (ClusterIP)
- Metrics: <code>/metrics</code> (Prometheus scrape)</p>
<p><strong>Secrets</strong>: <code>gitea-credentials</code> (SealedSecret) containing <code>admin-password</code>, <code>postgres-password</code>, <code>secret</code> (OIDC client secret)</p>
<h3 id="gitea-actions-runners">Gitea Actions Runners<a class="headerlink" href="#gitea-actions-runners" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>actions</code> (from <code>https://dl.gitea.com/charts</code>)
<strong>Namespace</strong>: <code>gitea</code>
<strong>Sync Wave</strong>: 2 (deploys after Gitea)</p>
<p><strong>Purpose</strong>: Act runners execute Gitea Actions CI/CD workflows. Deployed as a StatefulSet with a Docker-in-Docker sidecar for container-based job execution.</p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-22-1" name="__codelineno-22-1" href="#__codelineno-22-1"></a><span class="c1"># infra/base/gitea-actions.yaml + infra/values/base/gitea-actions-values.yaml</span>
<a id="__codelineno-22-2" name="__codelineno-22-2" href="#__codelineno-22-2"></a><span class="nt">replicaCount</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3</span>
<a id="__codelineno-22-3" name="__codelineno-22-3" href="#__codelineno-22-3"></a>
<a id="__codelineno-22-4" name="__codelineno-22-4" href="#__codelineno-22-4"></a><span class="nt">runner</span><span class="p">:</span>
<a id="__codelineno-22-5" name="__codelineno-22-5" href="#__codelineno-22-5"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-22-6" name="__codelineno-22-6" href="#__codelineno-22-6"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;ubuntu-latest:docker://node:20-bookworm&quot;</span>
<a id="__codelineno-22-7" name="__codelineno-22-7" href="#__codelineno-22-7"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;ubuntu-22.04:docker://node:20-bookworm&quot;</span>
<a id="__codelineno-22-8" name="__codelineno-22-8" href="#__codelineno-22-8"></a><span class="w"> </span><span class="nt">existingSecret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gitea-runner-token</span>
<a id="__codelineno-22-9" name="__codelineno-22-9" href="#__codelineno-22-9"></a>
<a id="__codelineno-22-10" name="__codelineno-22-10" href="#__codelineno-22-10"></a><span class="nt">gitea</span><span class="p">:</span>
<a id="__codelineno-22-11" name="__codelineno-22-11" href="#__codelineno-22-11"></a><span class="w"> </span><span class="nt">instance</span><span class="p">:</span>
<a id="__codelineno-22-12" name="__codelineno-22-12" href="#__codelineno-22-12"></a><span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http://gitea-http.gitea.svc.cluster.local:3000</span>
<a id="__codelineno-22-13" name="__codelineno-22-13" href="#__codelineno-22-13"></a>
<a id="__codelineno-22-14" name="__codelineno-22-14" href="#__codelineno-22-14"></a><span class="nt">dind</span><span class="p">:</span>
<a id="__codelineno-22-15" name="__codelineno-22-15" href="#__codelineno-22-15"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># Docker-in-Docker sidecar (privileged)</span>
</code></pre></div></p>
<p><strong>Resources</strong>:</p>
<table>
<thead>
<tr>
<th>Container</th>
<th>CPU Request</th>
<th>Memory Request</th>
<th>CPU Limit</th>
<th>Memory Limit</th>
</tr>
</thead>
<tbody>
<tr>
<td>Runner</td>
<td>250m</td>
<td>256Mi</td>
<td>1</td>
<td>1Gi</td>
</tr>
<tr>
<td>DinD sidecar</td>
<td>250m</td>
<td>256Mi</td>
<td>1</td>
<td>1Gi</td>
</tr>
</tbody>
</table>
<p><strong>Secrets</strong>: <code>gitea-runner-token</code> (SealedSecret) containing <code>token</code> (instance-level runner registration token from <code>/admin/runners</code>)</p>
<p><strong>Setup Steps</strong>:
1. Get runner registration token from Gitea admin panel (<code>/admin/runners</code>)
2. Fill in <code>private/gitea-runner-token.yaml</code> with the token
3. Seal: <code>kubeseal --format yaml &lt; private/gitea-runner-token.yaml &gt; secrets/gitea-runner-token-sealed.yaml</code>
4. Commit and push — ArgoCD deploys runners automatically</p>
<p><strong>Verification</strong>:
- <code>kubectl get statefulset -n gitea</code> — 3/3 runners ready
- Gitea admin panel (<code>/admin/runners</code>) — runners show as Online
- Create test workflow in <code>.gitea/workflows/test.yml</code> — job executes</p>
<h3 id="keycloak-client-registrar">Keycloak Client Registrar<a class="headerlink" href="#keycloak-client-registrar" title="Permanent link">&para;</a></h3>
<p><strong>Type</strong>: CronJob (deployed via Keycloak Helm chart <code>extraDeploy</code>)
<strong>Namespace</strong>: <code>keycloak</code>
<strong>Schedule</strong>: <code>*/2 * * * *</code> (every 2 minutes)</p>
<p><strong>Purpose</strong>: Handles two responsibilities:
1. <strong>Legacy sync</strong> — extracts secrets from Keycloak clients with <code>k8s.secret.sync: "true"</code> attribute (same as former PostSync syncer)
2. <strong>Self-service registration</strong> — processes config Secrets (cloned by Kyverno) to register new OIDC clients and sync their credentials</p>
<p><strong>How It Works</strong>:</p>
<p><em>Legacy path (existing clients like Gitea):</em>
1. Authenticates to Keycloak Admin API using admin credentials from <code>keycloak-credentials</code> secret
2. Queries all clients in the <code>forte</code> realm
3. Filters clients with <code>k8s.secret.sync: "true"</code> attribute
4. For each matching client, retrieves the auto-generated secret via Keycloak Admin API
5. Creates/updates a K8s Secret in the target namespace (from <code>k8s.secret.namespace</code> attribute)
6. Always writes a central copy to the <code>secrets</code> namespace</p>
<p><em>Self-service path (new clients):</em>
1. Lists Secrets in <code>keycloak</code> namespace with label <code>keycloak.forteapps.net/client-config=true</code>
2. For each config Secret, parses <code>client.json</code> and computes a config hash
3. Skips if hash matches annotation and credential Secret already exists
4. Creates or updates the Keycloak client via Admin API
5. Fetches the generated client secret
6. Upserts credential Secret in target namespace + central <code>secrets</code> namespace
7. Annotates config Secret with sync status, config hash, and timestamp</p>
<p><strong>Resources</strong>:
- <code>ServiceAccount</code>: <code>keycloak-client-registrar</code> (namespace: <code>keycloak</code>)
- <code>ClusterRole</code>: <code>keycloak-client-registrar</code> (secrets: get/list/create/update/patch; namespaces: get/list)
- <code>ClusterRoleBinding</code>: <code>keycloak-client-registrar</code>
- <code>CronJob</code>: <code>keycloak-client-registrar</code></p>
<p><strong>Kyverno Policy</strong>: <code>keycloak-client-config-cloner</code> — clones labeled Secrets from app namespaces to <code>keycloak</code> namespace (see <a href="#kyverno-policies">Kyverno Policies</a>)</p>
<p><strong>Legacy Client Attributes</strong> (set in <code>forte-realm.json</code>):</p>
<table>
<thead>
<tr>
<th>Attribute</th>
<th>Required</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>k8s.secret.sync</code></td>
<td>Yes</td>
<td></td>
<td>Set to <code>"true"</code> to enable syncing</td>
</tr>
<tr>
<td><code>k8s.secret.namespace</code></td>
<td>Yes</td>
<td></td>
<td>Target K8s namespace</td>
</tr>
<tr>
<td><code>k8s.secret.name</code></td>
<td>Yes</td>
<td></td>
<td>Name of the K8s Secret</td>
</tr>
<tr>
<td><code>k8s.secret.client-id-key</code></td>
<td>No</td>
<td><code>client-id</code></td>
<td>Field name for client ID in the Secret</td>
</tr>
<tr>
<td><code>k8s.secret.client-secret-key</code></td>
<td>No</td>
<td><code>client-secret</code></td>
<td>Field name for client secret in the Secret</td>
</tr>
</tbody>
</table>
<p><strong>Self-Service Config Secret Schema</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-23-1" name="__codelineno-23-1" href="#__codelineno-23-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-23-2" name="__codelineno-23-2" href="#__codelineno-23-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
<a id="__codelineno-23-3" name="__codelineno-23-3" href="#__codelineno-23-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-23-4" name="__codelineno-23-4" href="#__codelineno-23-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keycloak-client-&lt;app&gt;</span>
<a id="__codelineno-23-5" name="__codelineno-23-5" href="#__codelineno-23-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-namespace&gt;</span>
<a id="__codelineno-23-6" name="__codelineno-23-6" href="#__codelineno-23-6"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-23-7" name="__codelineno-23-7" href="#__codelineno-23-7"></a><span class="w"> </span><span class="nt">keycloak.forteapps.net/client-config</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-23-8" name="__codelineno-23-8" href="#__codelineno-23-8"></a><span class="nt">stringData</span><span class="p">:</span>
<a id="__codelineno-23-9" name="__codelineno-23-9" href="#__codelineno-23-9"></a><span class="w"> </span><span class="nt">client.json</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
<a id="__codelineno-23-10" name="__codelineno-23-10" href="#__codelineno-23-10"></a><span class="w"> </span><span class="no">{</span>
<a id="__codelineno-23-11" name="__codelineno-23-11" href="#__codelineno-23-11"></a><span class="w"> </span><span class="no">&quot;clientId&quot;: &quot;&lt;app&gt;&quot;,</span>
<a id="__codelineno-23-12" name="__codelineno-23-12" href="#__codelineno-23-12"></a><span class="w"> </span><span class="no">&quot;name&quot;: &quot;&lt;App Name&gt;&quot;,</span>
<a id="__codelineno-23-13" name="__codelineno-23-13" href="#__codelineno-23-13"></a><span class="w"> </span><span class="no">&quot;redirectUris&quot;: [&quot;https://&lt;app&gt;.forteapps.net/*&quot;],</span>
<a id="__codelineno-23-14" name="__codelineno-23-14" href="#__codelineno-23-14"></a><span class="w"> </span><span class="no">&quot;webOrigins&quot;: [&quot;https://&lt;app&gt;.forteapps.net&quot;],</span>
<a id="__codelineno-23-15" name="__codelineno-23-15" href="#__codelineno-23-15"></a><span class="w"> </span><span class="no">&quot;defaultClientScopes&quot;: [&quot;openid&quot;, &quot;email&quot;, &quot;profile&quot;],</span>
<a id="__codelineno-23-16" name="__codelineno-23-16" href="#__codelineno-23-16"></a><span class="w"> </span><span class="no">&quot;protocolMappers&quot;: [],</span>
<a id="__codelineno-23-17" name="__codelineno-23-17" href="#__codelineno-23-17"></a><span class="w"> </span><span class="no">&quot;secret&quot;: {</span>
<a id="__codelineno-23-18" name="__codelineno-23-18" href="#__codelineno-23-18"></a><span class="w"> </span><span class="no">&quot;namespace&quot;: &quot;&lt;app-namespace&gt;&quot;,</span>
<a id="__codelineno-23-19" name="__codelineno-23-19" href="#__codelineno-23-19"></a><span class="w"> </span><span class="no">&quot;name&quot;: &quot;&lt;app&gt;-oidc-credentials&quot;,</span>
<a id="__codelineno-23-20" name="__codelineno-23-20" href="#__codelineno-23-20"></a><span class="w"> </span><span class="no">&quot;keys&quot;: { &quot;clientId&quot;: &quot;client-id&quot;, &quot;clientSecret&quot;: &quot;client-secret&quot; }</span>
<a id="__codelineno-23-21" name="__codelineno-23-21" href="#__codelineno-23-21"></a><span class="w"> </span><span class="no">}</span>
<a id="__codelineno-23-22" name="__codelineno-23-22" href="#__codelineno-23-22"></a><span class="w"> </span><span class="no">}</span>
</code></pre></div></p>
<p><strong>Created Credential Secret Format</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-24-1" name="__codelineno-24-1" href="#__codelineno-24-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-24-2" name="__codelineno-24-2" href="#__codelineno-24-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
<a id="__codelineno-24-3" name="__codelineno-24-3" href="#__codelineno-24-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-24-4" name="__codelineno-24-4" href="#__codelineno-24-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;target-name&gt;</span>
<a id="__codelineno-24-5" name="__codelineno-24-5" href="#__codelineno-24-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;target-namespace&gt;</span>
<a id="__codelineno-24-6" name="__codelineno-24-6" href="#__codelineno-24-6"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-24-7" name="__codelineno-24-7" href="#__codelineno-24-7"></a><span class="w"> </span><span class="nt">app.kubernetes.io/managed-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">keycloak-client-registrar</span>
<a id="__codelineno-24-8" name="__codelineno-24-8" href="#__codelineno-24-8"></a><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Opaque</span>
<a id="__codelineno-24-9" name="__codelineno-24-9" href="#__codelineno-24-9"></a><span class="nt">data</span><span class="p">:</span>
<a id="__codelineno-24-10" name="__codelineno-24-10" href="#__codelineno-24-10"></a><span class="w"> </span><span class="nt">&lt;client-id-key&gt;</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;base64-encoded client ID&gt;</span>
<a id="__codelineno-24-11" name="__codelineno-24-11" href="#__codelineno-24-11"></a><span class="w"> </span><span class="nt">&lt;client-secret-key&gt;</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;base64-encoded client secret&gt;</span>
</code></pre></div></p>
<p><strong>Config Secret Annotations</strong> (set by registrar):</p>
<table>
<thead>
<tr>
<th>Annotation</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>keycloak.forteapps.net/config-hash</code></td>
<td>SHA-256 hash of client.json for change detection</td>
</tr>
<tr>
<td><code>keycloak.forteapps.net/sync-status</code></td>
<td><code>synced</code> or <code>error</code></td>
</tr>
<tr>
<td><code>keycloak.forteapps.net/last-sync</code></td>
<td>ISO 8601 timestamp of last successful sync</td>
</tr>
</tbody>
</table>
<p><strong>Verification</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-25-1" name="__codelineno-25-1" href="#__codelineno-25-1"></a><span class="c1"># Check CronJob status</span>
<a id="__codelineno-25-2" name="__codelineno-25-2" href="#__codelineno-25-2"></a>kubectl<span class="w"> </span>get<span class="w"> </span>cronjobs<span class="w"> </span>-n<span class="w"> </span>keycloak
<a id="__codelineno-25-3" name="__codelineno-25-3" href="#__codelineno-25-3"></a>
<a id="__codelineno-25-4" name="__codelineno-25-4" href="#__codelineno-25-4"></a><span class="c1"># View latest registrar logs</span>
<a id="__codelineno-25-5" name="__codelineno-25-5" href="#__codelineno-25-5"></a>kubectl<span class="w"> </span>logs<span class="w"> </span>-n<span class="w"> </span>keycloak<span class="w"> </span>job/<span class="k">$(</span>kubectl<span class="w"> </span>get<span class="w"> </span><span class="nb">jobs</span><span class="w"> </span>-n<span class="w"> </span>keycloak<span class="w"> </span>--sort-by<span class="o">=</span>.metadata.creationTimestamp<span class="w"> </span>-o<span class="w"> </span><span class="nv">jsonpath</span><span class="o">=</span><span class="s1">&#39;{.items[-1].metadata.name}&#39;</span><span class="k">)</span>
<a id="__codelineno-25-6" name="__codelineno-25-6" href="#__codelineno-25-6"></a>
<a id="__codelineno-25-7" name="__codelineno-25-7" href="#__codelineno-25-7"></a><span class="c1"># Verify created secret</span>
<a id="__codelineno-25-8" name="__codelineno-25-8" href="#__codelineno-25-8"></a>kubectl<span class="w"> </span>get<span class="w"> </span>secret<span class="w"> </span>&lt;name&gt;<span class="w"> </span>-n<span class="w"> </span>&lt;namespace&gt;<span class="w"> </span>-o<span class="w"> </span>yaml
<a id="__codelineno-25-9" name="__codelineno-25-9" href="#__codelineno-25-9"></a>
<a id="__codelineno-25-10" name="__codelineno-25-10" href="#__codelineno-25-10"></a><span class="c1"># Check config Secret annotations (self-service)</span>
<a id="__codelineno-25-11" name="__codelineno-25-11" href="#__codelineno-25-11"></a>kubectl<span class="w"> </span>get<span class="w"> </span>secret<span class="w"> </span>keycloak-client-&lt;app&gt;<span class="w"> </span>-n<span class="w"> </span>keycloak<span class="w"> </span>-o<span class="w"> </span><span class="nv">jsonpath</span><span class="o">=</span><span class="s1">&#39;{.metadata.annotations}&#39;</span>
</code></pre></div></p>
<p><strong>See</strong>: <a href="../DEVELOPER-GUIDE/#adding-a-new-keycloak-client">Developer Guide - Adding a New Keycloak Client</a></p>
<h3 id="renovate">Renovate<a class="headerlink" href="#renovate" title="Permanent link">&para;</a></h3>
<p><strong>Chart</strong>: <code>renovate</code> (OCI: <code>ghcr.io/renovatebot/charts</code>)
<strong>Version</strong>: 46.109.0 (app v43.113.0)
<strong>Namespace</strong>: <code>renovate</code>
<strong>Sync Wave</strong>: 2</p>
<p><strong>Purpose</strong>: Automated dependency update bot. Runs as a CronJob that scans Gitea repositories for outdated dependencies and creates pull requests with updates.</p>
<p><strong>Configuration</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-26-1" name="__codelineno-26-1" href="#__codelineno-26-1"></a><span class="c1"># infra/base/renovate.yaml + infra/values/base/renovate-values.yaml</span>
<a id="__codelineno-26-2" name="__codelineno-26-2" href="#__codelineno-26-2"></a><span class="nt">cronjob</span><span class="p">:</span>
<a id="__codelineno-26-3" name="__codelineno-26-3" href="#__codelineno-26-3"></a><span class="w"> </span><span class="nt">schedule</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;@daily&quot;</span>
<a id="__codelineno-26-4" name="__codelineno-26-4" href="#__codelineno-26-4"></a><span class="w"> </span><span class="nt">concurrencyPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Forbid</span>
<a id="__codelineno-26-5" name="__codelineno-26-5" href="#__codelineno-26-5"></a>
<a id="__codelineno-26-6" name="__codelineno-26-6" href="#__codelineno-26-6"></a><span class="nt">renovate</span><span class="p">:</span>
<a id="__codelineno-26-7" name="__codelineno-26-7" href="#__codelineno-26-7"></a><span class="w"> </span><span class="nt">config</span><span class="p">:</span>
<a id="__codelineno-26-8" name="__codelineno-26-8" href="#__codelineno-26-8"></a><span class="w"> </span><span class="nt">platform</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gitea</span>
<a id="__codelineno-26-9" name="__codelineno-26-9" href="#__codelineno-26-9"></a><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://git.forteapps.net</span>
<a id="__codelineno-26-10" name="__codelineno-26-10" href="#__codelineno-26-10"></a><span class="w"> </span><span class="nt">autodiscover</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-26-11" name="__codelineno-26-11" href="#__codelineno-26-11"></a><span class="w"> </span><span class="nt">gitAuthor</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Renovate</span><span class="nv"> </span><span class="s">Bot</span><span class="nv"> </span><span class="s">&lt;renovate@forteapps.net&gt;&quot;</span>
<a id="__codelineno-26-12" name="__codelineno-26-12" href="#__codelineno-26-12"></a><span class="w"> </span><span class="nt">packageRules</span><span class="p">:</span>
<a id="__codelineno-26-13" name="__codelineno-26-13" href="#__codelineno-26-13"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">matchRepositories</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;**/10x&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-14" name="__codelineno-26-14" href="#__codelineno-26-14"></a><span class="w"> </span><span class="nt">assignees</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;edvard.unsvag&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-15" name="__codelineno-26-15" href="#__codelineno-26-15"></a><span class="w"> </span><span class="nt">reviewers</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;edvard.unsvag&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-16" name="__codelineno-26-16" href="#__codelineno-26-16"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">matchRepositories</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;**/auth-sidecar&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-17" name="__codelineno-26-17" href="#__codelineno-26-17"></a><span class="w"> </span><span class="nt">assignees</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;danijel.simeunovic&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-18" name="__codelineno-26-18" href="#__codelineno-26-18"></a><span class="w"> </span><span class="nt">reviewers</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;danijel.simeunovic&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-19" name="__codelineno-26-19" href="#__codelineno-26-19"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">matchRepositories</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;**/forte-helm&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-20" name="__codelineno-26-20" href="#__codelineno-26-20"></a><span class="w"> </span><span class="nt">assignees</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;danijel.simeunovic&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-21" name="__codelineno-26-21" href="#__codelineno-26-21"></a><span class="w"> </span><span class="nt">reviewers</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;danijel.simeunovic&quot;</span><span class="p p-Indicator">]</span>
<a id="__codelineno-26-22" name="__codelineno-26-22" href="#__codelineno-26-22"></a>
<a id="__codelineno-26-23" name="__codelineno-26-23" href="#__codelineno-26-23"></a><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-26-24" name="__codelineno-26-24" href="#__codelineno-26-24"></a><span class="w"> </span><span class="nt">requests</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="nt"> cpu</span><span class="p">:</span><span class="w"> </span><span class="nv">500m</span><span class="p p-Indicator">,</span><span class="nt"> memory</span><span class="p">:</span><span class="w"> </span><span class="nv">1Gi</span><span class="w"> </span><span class="p p-Indicator">}</span>
<a id="__codelineno-26-25" name="__codelineno-26-25" href="#__codelineno-26-25"></a><span class="w"> </span><span class="nt">limits</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="nt"> cpu</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2&quot;</span><span class="p p-Indicator">,</span><span class="nt"> memory</span><span class="p">:</span><span class="w"> </span><span class="nv">4Gi</span><span class="w"> </span><span class="p p-Indicator">}</span>
</code></pre></div></p>
<p><strong>Note</strong>: Assignees and reviewers are only applied at PR creation time. Existing PRs must be closed and recreated for new assignment rules to take effect.</p>
<p><strong>Secrets</strong>: <code>renovate-env</code> (SealedSecret in <code>secrets</code> namespace, cloned by Kyverno) containing:
- <code>RENOVATE_TOKEN</code> — Gitea PAT with repo write + issue write permissions
- <code>RENOVATE_GITHUB_COM_TOKEN</code> — GitHub PAT (public_repo read-only) for changelog fetching</p>
<p><strong>Setup Steps</strong>:
1. Fill in <code>private/renovate-env.yaml</code> with tokens
2. Seal: <code>kubeseal --format yaml &lt; private/renovate-env.yaml &gt; secrets/renovate-env-sealed.yaml</code>
3. Commit and push — ArgoCD deploys the CronJob, Kyverno clones the secret</p>
<p><strong>Verification</strong>:
- <code>kubectl get cronjob -n renovate</code> — CronJob exists
- <code>kubectl create job --from=cronjob/renovate renovate-test -n renovate</code> — manual trigger
- <code>kubectl logs -n renovate job/renovate-test</code> — check logs</p>
<h3 id="gitea-pages">Gitea Pages<a class="headerlink" href="#gitea-pages" title="Permanent link">&para;</a></h3>
<p><strong>Purpose</strong>: Hosts the MkDocs documentation site for this repository.</p>
<p><strong>How It Works</strong>:
- A Gitea Actions workflow (<code>.gitea/workflows/docs.yaml</code>) builds MkDocs on push to <code>main</code>
- The built site is force-pushed to the <code>gitea-pages</code> branch
- Gitea serves the static site from that branch</p>
<p><strong>URL</strong>: <code>https://git.forteapps.net/Forte/launchpad/pages/</code></p>
<p><strong>Configuration</strong>:
- Gitea server config: <code>ENABLE_GITEA_PAGES: true</code> (in gitea-values.yaml)
- MkDocs config: <code>mkdocs.yml</code> (repo root)
- Source files: <code>docs/</code> directory
- Theme: Material for MkDocs</p>
<p><strong>Trigger Paths</strong>:
- <code>docs/**</code>
- <code>mkdocs.yml</code>
- <code>Dockerfile.docs</code>
- <code>nginx.conf</code></p>
<hr />
<h2 id="kyverno-policies">Kyverno Policies<a class="headerlink" href="#kyverno-policies" title="Permanent link">&para;</a></h2>
<h3 id="secret-cloner">Secret Cloner<a class="headerlink" href="#secret-cloner" title="Permanent link">&para;</a></h3>
<p><strong>File</strong>: <code>cluster-resources/policies/secret-cloner.yaml</code></p>
<p><strong>Purpose</strong>: Automatically clone secrets from <code>secrets</code> namespace to new namespaces</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-27-1" name="__codelineno-27-1" href="#__codelineno-27-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kyverno.io/v1</span>
<a id="__codelineno-27-2" name="__codelineno-27-2" href="#__codelineno-27-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterPolicy</span>
<a id="__codelineno-27-3" name="__codelineno-27-3" href="#__codelineno-27-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-27-4" name="__codelineno-27-4" href="#__codelineno-27-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sync-secret-with-multi-clone</span>
<a id="__codelineno-27-5" name="__codelineno-27-5" href="#__codelineno-27-5"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-27-6" name="__codelineno-27-6" href="#__codelineno-27-6"></a><span class="w"> </span><span class="nt">rules</span><span class="p">:</span>
<a id="__codelineno-27-7" name="__codelineno-27-7" href="#__codelineno-27-7"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">clone-secret</span>
<a id="__codelineno-27-8" name="__codelineno-27-8" href="#__codelineno-27-8"></a><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
<a id="__codelineno-27-9" name="__codelineno-27-9" href="#__codelineno-27-9"></a><span class="w"> </span><span class="nt">any</span><span class="p">:</span>
<a id="__codelineno-27-10" name="__codelineno-27-10" href="#__codelineno-27-10"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-27-11" name="__codelineno-27-11" href="#__codelineno-27-11"></a><span class="w"> </span><span class="nt">kinds</span><span class="p">:</span>
<a id="__codelineno-27-12" name="__codelineno-27-12" href="#__codelineno-27-12"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Namespace</span>
<a id="__codelineno-27-13" name="__codelineno-27-13" href="#__codelineno-27-13"></a><span class="w"> </span><span class="nt">generate</span><span class="p">:</span>
<a id="__codelineno-27-14" name="__codelineno-27-14" href="#__codelineno-27-14"></a><span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-27-15" name="__codelineno-27-15" href="#__codelineno-27-15"></a><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
<a id="__codelineno-27-16" name="__codelineno-27-16" href="#__codelineno-27-16"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">request.object.metadata.name</span><span class="nv"> </span><span class="s">}}&quot;</span>
<a id="__codelineno-27-17" name="__codelineno-27-17" href="#__codelineno-27-17"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">request.object.metadata.name</span><span class="nv"> </span><span class="s">}}&quot;</span>
<a id="__codelineno-27-18" name="__codelineno-27-18" href="#__codelineno-27-18"></a><span class="w"> </span><span class="nt">synchronize</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-27-19" name="__codelineno-27-19" href="#__codelineno-27-19"></a><span class="w"> </span><span class="nt">clone</span><span class="p">:</span>
<a id="__codelineno-27-20" name="__codelineno-27-20" href="#__codelineno-27-20"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secrets</span>
<a id="__codelineno-27-21" name="__codelineno-27-21" href="#__codelineno-27-21"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">shared-credentials</span>
</code></pre></div>
<p><strong>Label Requirement</strong>: Secrets must have <code>allowedToBeCloned: "true"</code></p>
<h3 id="keycloak-client-config-cloner">Keycloak Client Config Cloner<a class="headerlink" href="#keycloak-client-config-cloner" title="Permanent link">&para;</a></h3>
<p><strong>File</strong>: <code>cluster-resources/policies/keycloak-client-cloner.yaml</code></p>
<p><strong>Purpose</strong>: Clones Secrets labeled <code>keycloak.forteapps.net/client-config: "true"</code> from app namespaces to the <code>keycloak</code> namespace. This allows apps to declare their OIDC client configuration in their own namespace, which the <a href="#keycloak-client-registrar">Keycloak Client Registrar</a> then processes.</p>
<p><strong>Trigger</strong>: Any Secret with label <code>keycloak.forteapps.net/client-config: "true"</code> created outside the <code>keycloak</code> namespace.</p>
<p><strong>Behavior</strong>:
- Generates a copy of the Secret in the <code>keycloak</code> namespace with the same name
- Adds source tracking annotations (<code>keycloak.forteapps.net/source-namespace</code>, <code>keycloak.forteapps.net/source-name</code>)
- <code>synchronize: true</code> — changes to the source Secret are reflected in the clone</p>
<h3 id="default-namespace-blocker">Default Namespace Blocker<a class="headerlink" href="#default-namespace-blocker" title="Permanent link">&para;</a></h3>
<p><strong>File</strong>: <code>cluster-resources/policies/default-ns-blocker.yaml</code></p>
<p><strong>Purpose</strong>: Prevent resources from being created in <code>default</code> namespace</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-28-1" name="__codelineno-28-1" href="#__codelineno-28-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kyverno.io/v1</span>
<a id="__codelineno-28-2" name="__codelineno-28-2" href="#__codelineno-28-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterPolicy</span>
<a id="__codelineno-28-3" name="__codelineno-28-3" href="#__codelineno-28-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-28-4" name="__codelineno-28-4" href="#__codelineno-28-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">disallow-default-namespace</span>
<a id="__codelineno-28-5" name="__codelineno-28-5" href="#__codelineno-28-5"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-28-6" name="__codelineno-28-6" href="#__codelineno-28-6"></a><span class="w"> </span><span class="nt">validationFailureAction</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">enforce</span>
<a id="__codelineno-28-7" name="__codelineno-28-7" href="#__codelineno-28-7"></a><span class="w"> </span><span class="nt">rules</span><span class="p">:</span>
<a id="__codelineno-28-8" name="__codelineno-28-8" href="#__codelineno-28-8"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">validate-namespace</span>
<a id="__codelineno-28-9" name="__codelineno-28-9" href="#__codelineno-28-9"></a><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
<a id="__codelineno-28-10" name="__codelineno-28-10" href="#__codelineno-28-10"></a><span class="w"> </span><span class="nt">any</span><span class="p">:</span>
<a id="__codelineno-28-11" name="__codelineno-28-11" href="#__codelineno-28-11"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-28-12" name="__codelineno-28-12" href="#__codelineno-28-12"></a><span class="w"> </span><span class="nt">kinds</span><span class="p">:</span>
<a id="__codelineno-28-13" name="__codelineno-28-13" href="#__codelineno-28-13"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Pod</span>
<a id="__codelineno-28-14" name="__codelineno-28-14" href="#__codelineno-28-14"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Deployment</span>
<a id="__codelineno-28-15" name="__codelineno-28-15" href="#__codelineno-28-15"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Service</span>
<a id="__codelineno-28-16" name="__codelineno-28-16" href="#__codelineno-28-16"></a><span class="w"> </span><span class="nt">validate</span><span class="p">:</span>
<a id="__codelineno-28-17" name="__codelineno-28-17" href="#__codelineno-28-17"></a><span class="w"> </span><span class="nt">message</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Using</span><span class="nv"> </span><span class="s">&#39;default&#39;</span><span class="nv"> </span><span class="s">namespace</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">not</span><span class="nv"> </span><span class="s">allowed&quot;</span>
<a id="__codelineno-28-18" name="__codelineno-28-18" href="#__codelineno-28-18"></a><span class="w"> </span><span class="nt">pattern</span><span class="p">:</span>
<a id="__codelineno-28-19" name="__codelineno-28-19" href="#__codelineno-28-19"></a><span class="w"> </span><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-28-20" name="__codelineno-28-20" href="#__codelineno-28-20"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;!default&quot;</span>
</code></pre></div>
<h3 id="bare-pod-cleaner">Bare Pod Cleaner<a class="headerlink" href="#bare-pod-cleaner" title="Permanent link">&para;</a></h3>
<p><strong>File</strong>: <code>cluster-resources/policies/bare-pod-cleaner.yaml</code></p>
<p><strong>Purpose</strong>: Delete pods without ownerReferences (not managed by Deployment/StatefulSet)</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-29-1" name="__codelineno-29-1" href="#__codelineno-29-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kyverno.io/v1</span>
<a id="__codelineno-29-2" name="__codelineno-29-2" href="#__codelineno-29-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterPolicy</span>
<a id="__codelineno-29-3" name="__codelineno-29-3" href="#__codelineno-29-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-29-4" name="__codelineno-29-4" href="#__codelineno-29-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cleanup-bare-pods</span>
<a id="__codelineno-29-5" name="__codelineno-29-5" href="#__codelineno-29-5"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-29-6" name="__codelineno-29-6" href="#__codelineno-29-6"></a><span class="w"> </span><span class="nt">rules</span><span class="p">:</span>
<a id="__codelineno-29-7" name="__codelineno-29-7" href="#__codelineno-29-7"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">delete-bare-pod</span>
<a id="__codelineno-29-8" name="__codelineno-29-8" href="#__codelineno-29-8"></a><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
<a id="__codelineno-29-9" name="__codelineno-29-9" href="#__codelineno-29-9"></a><span class="w"> </span><span class="nt">any</span><span class="p">:</span>
<a id="__codelineno-29-10" name="__codelineno-29-10" href="#__codelineno-29-10"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-29-11" name="__codelineno-29-11" href="#__codelineno-29-11"></a><span class="w"> </span><span class="nt">kinds</span><span class="p">:</span>
<a id="__codelineno-29-12" name="__codelineno-29-12" href="#__codelineno-29-12"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Pod</span>
<a id="__codelineno-29-13" name="__codelineno-29-13" href="#__codelineno-29-13"></a><span class="w"> </span><span class="nt">preconditions</span><span class="p">:</span>
<a id="__codelineno-29-14" name="__codelineno-29-14" href="#__codelineno-29-14"></a><span class="w"> </span><span class="nt">all</span><span class="p">:</span>
<a id="__codelineno-29-15" name="__codelineno-29-15" href="#__codelineno-29-15"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">request.object.metadata.ownerReferences[]</span><span class="nv"> </span><span class="s">||</span><span class="nv"> </span><span class="s">&#39;&#39;</span><span class="nv"> </span><span class="s">}}&quot;</span>
<a id="__codelineno-29-16" name="__codelineno-29-16" href="#__codelineno-29-16"></a><span class="w"> </span><span class="nt">operator</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Equals</span>
<a id="__codelineno-29-17" name="__codelineno-29-17" href="#__codelineno-29-17"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span>
<a id="__codelineno-29-18" name="__codelineno-29-18" href="#__codelineno-29-18"></a><span class="w"> </span><span class="nt">validate</span><span class="p">:</span>
<a id="__codelineno-29-19" name="__codelineno-29-19" href="#__codelineno-29-19"></a><span class="w"> </span><span class="nt">message</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Bare</span><span class="nv"> </span><span class="s">pods</span><span class="nv"> </span><span class="s">(without</span><span class="nv"> </span><span class="s">controllers)</span><span class="nv"> </span><span class="s">are</span><span class="nv"> </span><span class="s">not</span><span class="nv"> </span><span class="s">allowed&quot;</span>
<a id="__codelineno-29-20" name="__codelineno-29-20" href="#__codelineno-29-20"></a><span class="w"> </span><span class="nt">deny</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{}</span>
</code></pre></div>
<h3 id="auth-sidecar-injector">Auth Sidecar Injector<a class="headerlink" href="#auth-sidecar-injector" title="Permanent link">&para;</a></h3>
<p><strong>File</strong>: <code>cluster-resources/policies/auth-sidecar-injector.yaml</code></p>
<p><strong>Purpose</strong>: Automatically inject authentication sidecar into pods with authentication enabled</p>
<p><strong>Rules</strong>: 6 rules in the policy
1. <code>generate-auth-tokens-secret</code> - Creates Secret for token mode
2. <code>generate-auth-oidc-secret</code> - Creates Secret for OIDC mode
3. <code>inject-sidecar-token</code> - Injects auth sidecar for token mode
4. <code>inject-sidecar-oidc</code> - Injects auth sidecar for OIDC mode
5. <code>inject-sidecar-mcp</code> - Injects auth sidecar for MCP OAuth mode (RFC 9728 / RFC 7591)
6. <code>generate-auth-network-policy</code> - Creates NetworkPolicy to restrict ingress</p>
<h4 id="trigger-annotation">Trigger Annotation<a class="headerlink" href="#trigger-annotation" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-30-1" name="__codelineno-30-1" href="#__codelineno-30-1"></a><span class="nt">policies.forteapps.io/auth</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
</code></pre></div>
<h4 id="authentication-modes">Authentication Modes<a class="headerlink" href="#authentication-modes" title="Permanent link">&para;</a></h4>
<p><strong>Token Mode</strong> (default):
<div class="highlight"><pre><span></span><code><a id="__codelineno-31-1" name="__codelineno-31-1" href="#__codelineno-31-1"></a><span class="c1"># Annotations</span>
<a id="__codelineno-31-2" name="__codelineno-31-2" href="#__codelineno-31-2"></a><span class="nt">policies.forteapps.io/auth</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-31-3" name="__codelineno-31-3" href="#__codelineno-31-3"></a><span class="nt">policies.forteapps.io/auth-type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;token&quot;</span>
<a id="__codelineno-31-4" name="__codelineno-31-4" href="#__codelineno-31-4"></a><span class="nt">policies.forteapps.io/auth-token-secret-name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auth-tokens&quot;</span>
<a id="__codelineno-31-5" name="__codelineno-31-5" href="#__codelineno-31-5"></a><span class="nt">policies.forteapps.io/auth-upstream-url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://localhost:3000&quot;</span>
<a id="__codelineno-31-6" name="__codelineno-31-6" href="#__codelineno-31-6"></a>
<a id="__codelineno-31-7" name="__codelineno-31-7" href="#__codelineno-31-7"></a><span class="c1"># Optional customization</span>
<a id="__codelineno-31-8" name="__codelineno-31-8" href="#__codelineno-31-8"></a><span class="nt">policies.forteapps.io/auth-image</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;ghcr.io/fortedigital/auth-sidecar&quot;</span>
<a id="__codelineno-31-9" name="__codelineno-31-9" href="#__codelineno-31-9"></a><span class="nt">policies.forteapps.io/auth-image-version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;latest&quot;</span>
</code></pre></div></p>
<p><strong>OIDC Mode</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-32-1" name="__codelineno-32-1" href="#__codelineno-32-1"></a><span class="c1"># Annotations (required)</span>
<a id="__codelineno-32-2" name="__codelineno-32-2" href="#__codelineno-32-2"></a><span class="nt">policies.forteapps.io/auth</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-32-3" name="__codelineno-32-3" href="#__codelineno-32-3"></a><span class="nt">policies.forteapps.io/auth-type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;oidc&quot;</span>
<a id="__codelineno-32-4" name="__codelineno-32-4" href="#__codelineno-32-4"></a><span class="nt">policies.forteapps.io/auth-oidc-authority</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://auth.example.com/realms/master&quot;</span>
<a id="__codelineno-32-5" name="__codelineno-32-5" href="#__codelineno-32-5"></a><span class="nt">policies.forteapps.io/auth-oidc-client-id</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;myapp&quot;</span>
<a id="__codelineno-32-6" name="__codelineno-32-6" href="#__codelineno-32-6"></a>
<a id="__codelineno-32-7" name="__codelineno-32-7" href="#__codelineno-32-7"></a><span class="c1"># Optional annotations</span>
<a id="__codelineno-32-8" name="__codelineno-32-8" href="#__codelineno-32-8"></a><span class="nt">policies.forteapps.io/auth-oidc-callback-path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/auth/callback&quot;</span>
<a id="__codelineno-32-9" name="__codelineno-32-9" href="#__codelineno-32-9"></a><span class="nt">policies.forteapps.io/auth-oidc-scopes</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;openid,profile,email&quot;</span>
<a id="__codelineno-32-10" name="__codelineno-32-10" href="#__codelineno-32-10"></a><span class="nt">policies.forteapps.io/auth-upstream-url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://localhost:3000&quot;</span>
<a id="__codelineno-32-11" name="__codelineno-32-11" href="#__codelineno-32-11"></a><span class="nt">policies.forteapps.io/auth-image</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;ghcr.io/fortedigital/auth-sidecar&quot;</span>
<a id="__codelineno-32-12" name="__codelineno-32-12" href="#__codelineno-32-12"></a><span class="nt">policies.forteapps.io/auth-image-version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;latest&quot;</span>
</code></pre></div></p>
<p><strong>MCP Mode</strong> (OAuth 2.0 for MCP servers, implements RFC 9728 / RFC 7591):
<div class="highlight"><pre><span></span><code><a id="__codelineno-33-1" name="__codelineno-33-1" href="#__codelineno-33-1"></a><span class="c1"># Annotations (required)</span>
<a id="__codelineno-33-2" name="__codelineno-33-2" href="#__codelineno-33-2"></a><span class="nt">policies.forteapps.io/auth</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-33-3" name="__codelineno-33-3" href="#__codelineno-33-3"></a><span class="nt">policies.forteapps.io/auth-type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mcp&quot;</span>
<a id="__codelineno-33-4" name="__codelineno-33-4" href="#__codelineno-33-4"></a><span class="nt">policies.forteapps.io/auth-mcp-resource</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://mcp.example.com&quot;</span>
<a id="__codelineno-33-5" name="__codelineno-33-5" href="#__codelineno-33-5"></a><span class="nt">policies.forteapps.io/auth-mcp-authority</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://auth.example.com&quot;</span>
<a id="__codelineno-33-6" name="__codelineno-33-6" href="#__codelineno-33-6"></a>
<a id="__codelineno-33-7" name="__codelineno-33-7" href="#__codelineno-33-7"></a><span class="c1"># Optional annotations</span>
<a id="__codelineno-33-8" name="__codelineno-33-8" href="#__codelineno-33-8"></a><span class="nt">policies.forteapps.io/auth-mcp-scopes</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;read,write&quot;</span>
<a id="__codelineno-33-9" name="__codelineno-33-9" href="#__codelineno-33-9"></a><span class="nt">policies.forteapps.io/auth-upstream-url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://localhost:3000&quot;</span>
<a id="__codelineno-33-10" name="__codelineno-33-10" href="#__codelineno-33-10"></a><span class="nt">policies.forteapps.io/auth-log-level</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;info&quot;</span>
<a id="__codelineno-33-11" name="__codelineno-33-11" href="#__codelineno-33-11"></a><span class="nt">policies.forteapps.io/auth-image</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;ghcr.io/fortedigital/auth-sidecar&quot;</span>
<a id="__codelineno-33-12" name="__codelineno-33-12" href="#__codelineno-33-12"></a><span class="nt">policies.forteapps.io/auth-image-version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;latest&quot;</span>
</code></pre></div></p>
<h4 id="sidecar-container-specification">Sidecar Container Specification<a class="headerlink" href="#sidecar-container-specification" title="Permanent link">&para;</a></h4>
<p><strong>Token Mode</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-34-1" name="__codelineno-34-1" href="#__codelineno-34-1"></a><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authn</span>
<a id="__codelineno-34-2" name="__codelineno-34-2" href="#__codelineno-34-2"></a><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/fortedigital/auth-sidecar:latest</span>
<a id="__codelineno-34-3" name="__codelineno-34-3" href="#__codelineno-34-3"></a><span class="nt">ports</span><span class="p">:</span>
<a id="__codelineno-34-4" name="__codelineno-34-4" href="#__codelineno-34-4"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
<a id="__codelineno-34-5" name="__codelineno-34-5" href="#__codelineno-34-5"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth</span>
<a id="__codelineno-34-6" name="__codelineno-34-6" href="#__codelineno-34-6"></a><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">TCP</span>
<a id="__codelineno-34-7" name="__codelineno-34-7" href="#__codelineno-34-7"></a><span class="nt">env</span><span class="p">:</span>
<a id="__codelineno-34-8" name="__codelineno-34-8" href="#__codelineno-34-8"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_MODE</span>
<a id="__codelineno-34-9" name="__codelineno-34-9" href="#__codelineno-34-9"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;token&quot;</span>
<a id="__codelineno-34-10" name="__codelineno-34-10" href="#__codelineno-34-10"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_LISTEN_ADDR</span>
<a id="__codelineno-34-11" name="__codelineno-34-11" href="#__codelineno-34-11"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;:8080&quot;</span>
<a id="__codelineno-34-12" name="__codelineno-34-12" href="#__codelineno-34-12"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_UPSTREAM_URL</span>
<a id="__codelineno-34-13" name="__codelineno-34-13" href="#__codelineno-34-13"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://localhost:3000&quot;</span>
<a id="__codelineno-34-14" name="__codelineno-34-14" href="#__codelineno-34-14"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_TOKEN_FILE</span>
<a id="__codelineno-34-15" name="__codelineno-34-15" href="#__codelineno-34-15"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/etc/auth/tokens&quot;</span>
<a id="__codelineno-34-16" name="__codelineno-34-16" href="#__codelineno-34-16"></a><span class="nt">volumeMounts</span><span class="p">:</span>
<a id="__codelineno-34-17" name="__codelineno-34-17" href="#__codelineno-34-17"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth-tokens</span>
<a id="__codelineno-34-18" name="__codelineno-34-18" href="#__codelineno-34-18"></a><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/auth</span>
<a id="__codelineno-34-19" name="__codelineno-34-19" href="#__codelineno-34-19"></a><span class="w"> </span><span class="nt">readOnly</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-34-20" name="__codelineno-34-20" href="#__codelineno-34-20"></a><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-34-21" name="__codelineno-34-21" href="#__codelineno-34-21"></a><span class="w"> </span><span class="nt">requests</span><span class="p">:</span>
<a id="__codelineno-34-22" name="__codelineno-34-22" href="#__codelineno-34-22"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
<a id="__codelineno-34-23" name="__codelineno-34-23" href="#__codelineno-34-23"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">32Mi</span>
<a id="__codelineno-34-24" name="__codelineno-34-24" href="#__codelineno-34-24"></a><span class="w"> </span><span class="nt">limits</span><span class="p">:</span>
<a id="__codelineno-34-25" name="__codelineno-34-25" href="#__codelineno-34-25"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">50m</span>
<a id="__codelineno-34-26" name="__codelineno-34-26" href="#__codelineno-34-26"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">64Mi</span>
<a id="__codelineno-34-27" name="__codelineno-34-27" href="#__codelineno-34-27"></a><span class="nt">securityContext</span><span class="p">:</span>
<a id="__codelineno-34-28" name="__codelineno-34-28" href="#__codelineno-34-28"></a><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-34-29" name="__codelineno-34-29" href="#__codelineno-34-29"></a><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-34-30" name="__codelineno-34-30" href="#__codelineno-34-30"></a><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span>
<a id="__codelineno-34-31" name="__codelineno-34-31" href="#__codelineno-34-31"></a><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="nv">ALL</span><span class="p p-Indicator">]</span>
</code></pre></div></p>
<p><strong>OIDC Mode</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-35-1" name="__codelineno-35-1" href="#__codelineno-35-1"></a><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authn</span>
<a id="__codelineno-35-2" name="__codelineno-35-2" href="#__codelineno-35-2"></a><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/fortedigital/auth-sidecar:latest</span>
<a id="__codelineno-35-3" name="__codelineno-35-3" href="#__codelineno-35-3"></a><span class="nt">ports</span><span class="p">:</span>
<a id="__codelineno-35-4" name="__codelineno-35-4" href="#__codelineno-35-4"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
<a id="__codelineno-35-5" name="__codelineno-35-5" href="#__codelineno-35-5"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth</span>
<a id="__codelineno-35-6" name="__codelineno-35-6" href="#__codelineno-35-6"></a><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">TCP</span>
<a id="__codelineno-35-7" name="__codelineno-35-7" href="#__codelineno-35-7"></a><span class="nt">env</span><span class="p">:</span>
<a id="__codelineno-35-8" name="__codelineno-35-8" href="#__codelineno-35-8"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_MODE</span>
<a id="__codelineno-35-9" name="__codelineno-35-9" href="#__codelineno-35-9"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;oidc&quot;</span>
<a id="__codelineno-35-10" name="__codelineno-35-10" href="#__codelineno-35-10"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_LISTEN_ADDR</span>
<a id="__codelineno-35-11" name="__codelineno-35-11" href="#__codelineno-35-11"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;:8080&quot;</span>
<a id="__codelineno-35-12" name="__codelineno-35-12" href="#__codelineno-35-12"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_UPSTREAM_URL</span>
<a id="__codelineno-35-13" name="__codelineno-35-13" href="#__codelineno-35-13"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://localhost:3000&quot;</span>
<a id="__codelineno-35-14" name="__codelineno-35-14" href="#__codelineno-35-14"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_OIDC_AUTHORITY</span>
<a id="__codelineno-35-15" name="__codelineno-35-15" href="#__codelineno-35-15"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://auth.example.com/realms/master&quot;</span>
<a id="__codelineno-35-16" name="__codelineno-35-16" href="#__codelineno-35-16"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_OIDC_CLIENT_ID</span>
<a id="__codelineno-35-17" name="__codelineno-35-17" href="#__codelineno-35-17"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;myapp&quot;</span>
<a id="__codelineno-35-18" name="__codelineno-35-18" href="#__codelineno-35-18"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_OIDC_CALLBACK_PATH</span>
<a id="__codelineno-35-19" name="__codelineno-35-19" href="#__codelineno-35-19"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/auth/callback&quot;</span>
<a id="__codelineno-35-20" name="__codelineno-35-20" href="#__codelineno-35-20"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_OIDC_SCOPES</span>
<a id="__codelineno-35-21" name="__codelineno-35-21" href="#__codelineno-35-21"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;openid,profile,email&quot;</span>
<a id="__codelineno-35-22" name="__codelineno-35-22" href="#__codelineno-35-22"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_OIDC_COOKIE_SECRET</span>
<a id="__codelineno-35-23" name="__codelineno-35-23" href="#__codelineno-35-23"></a><span class="w"> </span><span class="nt">valueFrom</span><span class="p">:</span>
<a id="__codelineno-35-24" name="__codelineno-35-24" href="#__codelineno-35-24"></a><span class="w"> </span><span class="nt">secretKeyRef</span><span class="p">:</span>
<a id="__codelineno-35-25" name="__codelineno-35-25" href="#__codelineno-35-25"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth-oidc</span>
<a id="__codelineno-35-26" name="__codelineno-35-26" href="#__codelineno-35-26"></a><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cookie-secret</span>
<a id="__codelineno-35-27" name="__codelineno-35-27" href="#__codelineno-35-27"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_OIDC_CLIENT_SECRET</span>
<a id="__codelineno-35-28" name="__codelineno-35-28" href="#__codelineno-35-28"></a><span class="w"> </span><span class="nt">valueFrom</span><span class="p">:</span>
<a id="__codelineno-35-29" name="__codelineno-35-29" href="#__codelineno-35-29"></a><span class="w"> </span><span class="nt">secretKeyRef</span><span class="p">:</span>
<a id="__codelineno-35-30" name="__codelineno-35-30" href="#__codelineno-35-30"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth-oidc</span>
<a id="__codelineno-35-31" name="__codelineno-35-31" href="#__codelineno-35-31"></a><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">client-secret</span>
<a id="__codelineno-35-32" name="__codelineno-35-32" href="#__codelineno-35-32"></a><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-35-33" name="__codelineno-35-33" href="#__codelineno-35-33"></a><span class="w"> </span><span class="nt">requests</span><span class="p">:</span>
<a id="__codelineno-35-34" name="__codelineno-35-34" href="#__codelineno-35-34"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
<a id="__codelineno-35-35" name="__codelineno-35-35" href="#__codelineno-35-35"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">32Mi</span>
<a id="__codelineno-35-36" name="__codelineno-35-36" href="#__codelineno-35-36"></a><span class="w"> </span><span class="nt">limits</span><span class="p">:</span>
<a id="__codelineno-35-37" name="__codelineno-35-37" href="#__codelineno-35-37"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">50m</span>
<a id="__codelineno-35-38" name="__codelineno-35-38" href="#__codelineno-35-38"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">64Mi</span>
<a id="__codelineno-35-39" name="__codelineno-35-39" href="#__codelineno-35-39"></a><span class="nt">securityContext</span><span class="p">:</span>
<a id="__codelineno-35-40" name="__codelineno-35-40" href="#__codelineno-35-40"></a><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-35-41" name="__codelineno-35-41" href="#__codelineno-35-41"></a><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-35-42" name="__codelineno-35-42" href="#__codelineno-35-42"></a><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span>
<a id="__codelineno-35-43" name="__codelineno-35-43" href="#__codelineno-35-43"></a><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="nv">ALL</span><span class="p p-Indicator">]</span>
</code></pre></div></p>
<p><strong>MCP Mode</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-36-1" name="__codelineno-36-1" href="#__codelineno-36-1"></a><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authn</span>
<a id="__codelineno-36-2" name="__codelineno-36-2" href="#__codelineno-36-2"></a><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/fortedigital/auth-sidecar:latest</span>
<a id="__codelineno-36-3" name="__codelineno-36-3" href="#__codelineno-36-3"></a><span class="nt">ports</span><span class="p">:</span>
<a id="__codelineno-36-4" name="__codelineno-36-4" href="#__codelineno-36-4"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
<a id="__codelineno-36-5" name="__codelineno-36-5" href="#__codelineno-36-5"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth</span>
<a id="__codelineno-36-6" name="__codelineno-36-6" href="#__codelineno-36-6"></a><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">TCP</span>
<a id="__codelineno-36-7" name="__codelineno-36-7" href="#__codelineno-36-7"></a><span class="nt">env</span><span class="p">:</span>
<a id="__codelineno-36-8" name="__codelineno-36-8" href="#__codelineno-36-8"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_MODE</span>
<a id="__codelineno-36-9" name="__codelineno-36-9" href="#__codelineno-36-9"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mcp&quot;</span>
<a id="__codelineno-36-10" name="__codelineno-36-10" href="#__codelineno-36-10"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_LISTEN_ADDR</span>
<a id="__codelineno-36-11" name="__codelineno-36-11" href="#__codelineno-36-11"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;:8080&quot;</span>
<a id="__codelineno-36-12" name="__codelineno-36-12" href="#__codelineno-36-12"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_LOG_LEVEL</span>
<a id="__codelineno-36-13" name="__codelineno-36-13" href="#__codelineno-36-13"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;info&quot;</span>
<a id="__codelineno-36-14" name="__codelineno-36-14" href="#__codelineno-36-14"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_UPSTREAM_URL</span>
<a id="__codelineno-36-15" name="__codelineno-36-15" href="#__codelineno-36-15"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://localhost:3000&quot;</span>
<a id="__codelineno-36-16" name="__codelineno-36-16" href="#__codelineno-36-16"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_MCP_RESOURCE</span>
<a id="__codelineno-36-17" name="__codelineno-36-17" href="#__codelineno-36-17"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://mcp.example.com&quot;</span>
<a id="__codelineno-36-18" name="__codelineno-36-18" href="#__codelineno-36-18"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_MCP_AUTHORIZATION_SERVERS</span>
<a id="__codelineno-36-19" name="__codelineno-36-19" href="#__codelineno-36-19"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://auth.example.com&quot;</span>
<a id="__codelineno-36-20" name="__codelineno-36-20" href="#__codelineno-36-20"></a><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">AUTH_MCP_SCOPES_SUPPORTED</span>
<a id="__codelineno-36-21" name="__codelineno-36-21" href="#__codelineno-36-21"></a><span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;read,write&quot;</span>
<a id="__codelineno-36-22" name="__codelineno-36-22" href="#__codelineno-36-22"></a><span class="nt">resources</span><span class="p">:</span>
<a id="__codelineno-36-23" name="__codelineno-36-23" href="#__codelineno-36-23"></a><span class="w"> </span><span class="nt">requests</span><span class="p">:</span>
<a id="__codelineno-36-24" name="__codelineno-36-24" href="#__codelineno-36-24"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10m</span>
<a id="__codelineno-36-25" name="__codelineno-36-25" href="#__codelineno-36-25"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">32Mi</span>
<a id="__codelineno-36-26" name="__codelineno-36-26" href="#__codelineno-36-26"></a><span class="w"> </span><span class="nt">limits</span><span class="p">:</span>
<a id="__codelineno-36-27" name="__codelineno-36-27" href="#__codelineno-36-27"></a><span class="w"> </span><span class="nt">cpu</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">50m</span>
<a id="__codelineno-36-28" name="__codelineno-36-28" href="#__codelineno-36-28"></a><span class="w"> </span><span class="nt">memory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">64Mi</span>
<a id="__codelineno-36-29" name="__codelineno-36-29" href="#__codelineno-36-29"></a><span class="nt">securityContext</span><span class="p">:</span>
<a id="__codelineno-36-30" name="__codelineno-36-30" href="#__codelineno-36-30"></a><span class="w"> </span><span class="nt">allowPrivilegeEscalation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<a id="__codelineno-36-31" name="__codelineno-36-31" href="#__codelineno-36-31"></a><span class="w"> </span><span class="nt">readOnlyRootFilesystem</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-36-32" name="__codelineno-36-32" href="#__codelineno-36-32"></a><span class="w"> </span><span class="nt">capabilities</span><span class="p">:</span>
<a id="__codelineno-36-33" name="__codelineno-36-33" href="#__codelineno-36-33"></a><span class="w"> </span><span class="nt">drop</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="nv">ALL</span><span class="p p-Indicator">]</span>
</code></pre></div></p>
<h4 id="generated-resources">Generated Resources<a class="headerlink" href="#generated-resources" title="Permanent link">&para;</a></h4>
<p><strong>Secret (Token Mode)</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-37-1" name="__codelineno-37-1" href="#__codelineno-37-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-37-2" name="__codelineno-37-2" href="#__codelineno-37-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
<a id="__codelineno-37-3" name="__codelineno-37-3" href="#__codelineno-37-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-37-4" name="__codelineno-37-4" href="#__codelineno-37-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth-tokens</span>
<a id="__codelineno-37-5" name="__codelineno-37-5" href="#__codelineno-37-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-namespace&gt;</span>
<a id="__codelineno-37-6" name="__codelineno-37-6" href="#__codelineno-37-6"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-37-7" name="__codelineno-37-7" href="#__codelineno-37-7"></a><span class="w"> </span><span class="nt">app.kubernetes.io/managed-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kyverno</span>
<a id="__codelineno-37-8" name="__codelineno-37-8" href="#__codelineno-37-8"></a><span class="w"> </span><span class="nt">app.kubernetes.io/created-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">inject-auth-sidecar</span>
<a id="__codelineno-37-9" name="__codelineno-37-9" href="#__codelineno-37-9"></a><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Opaque</span>
<a id="__codelineno-37-10" name="__codelineno-37-10" href="#__codelineno-37-10"></a><span class="nt">data</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{}</span><span class="w"> </span><span class="c1"># Populated by Helm chart</span>
</code></pre></div></p>
<p><strong>Secret (OIDC Mode)</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-38-1" name="__codelineno-38-1" href="#__codelineno-38-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-38-2" name="__codelineno-38-2" href="#__codelineno-38-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
<a id="__codelineno-38-3" name="__codelineno-38-3" href="#__codelineno-38-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-38-4" name="__codelineno-38-4" href="#__codelineno-38-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">auth-oidc</span>
<a id="__codelineno-38-5" name="__codelineno-38-5" href="#__codelineno-38-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-namespace&gt;</span>
<a id="__codelineno-38-6" name="__codelineno-38-6" href="#__codelineno-38-6"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-38-7" name="__codelineno-38-7" href="#__codelineno-38-7"></a><span class="w"> </span><span class="nt">app.kubernetes.io/managed-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kyverno</span>
<a id="__codelineno-38-8" name="__codelineno-38-8" href="#__codelineno-38-8"></a><span class="w"> </span><span class="nt">app.kubernetes.io/created-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">inject-auth-sidecar</span>
<a id="__codelineno-38-9" name="__codelineno-38-9" href="#__codelineno-38-9"></a><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Opaque</span>
<a id="__codelineno-38-10" name="__codelineno-38-10" href="#__codelineno-38-10"></a><span class="nt">data</span><span class="p">:</span>
<a id="__codelineno-38-11" name="__codelineno-38-11" href="#__codelineno-38-11"></a><span class="w"> </span><span class="nt">client-secret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;base64&gt;</span>
<a id="__codelineno-38-12" name="__codelineno-38-12" href="#__codelineno-38-12"></a><span class="w"> </span><span class="nt">cookie-secret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;base64&gt;</span>
</code></pre></div></p>
<p><strong>NetworkPolicy</strong>:
<div class="highlight"><pre><span></span><code><a id="__codelineno-39-1" name="__codelineno-39-1" href="#__codelineno-39-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">networking.k8s.io/v1</span>
<a id="__codelineno-39-2" name="__codelineno-39-2" href="#__codelineno-39-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">NetworkPolicy</span>
<a id="__codelineno-39-3" name="__codelineno-39-3" href="#__codelineno-39-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-39-4" name="__codelineno-39-4" href="#__codelineno-39-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;pod-name&gt;-auth-ingress</span>
<a id="__codelineno-39-5" name="__codelineno-39-5" href="#__codelineno-39-5"></a><span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;app-namespace&gt;</span>
<a id="__codelineno-39-6" name="__codelineno-39-6" href="#__codelineno-39-6"></a><span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
<a id="__codelineno-39-7" name="__codelineno-39-7" href="#__codelineno-39-7"></a><span class="w"> </span><span class="nt">app.kubernetes.io/managed-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kyverno</span>
<a id="__codelineno-39-8" name="__codelineno-39-8" href="#__codelineno-39-8"></a><span class="w"> </span><span class="nt">app.kubernetes.io/created-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">inject-auth-sidecar</span>
<a id="__codelineno-39-9" name="__codelineno-39-9" href="#__codelineno-39-9"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-39-10" name="__codelineno-39-10" href="#__codelineno-39-10"></a><span class="w"> </span><span class="nt">podSelector</span><span class="p">:</span>
<a id="__codelineno-39-11" name="__codelineno-39-11" href="#__codelineno-39-11"></a><span class="w"> </span><span class="nt">matchLabels</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;pod-labels&gt;</span>
<a id="__codelineno-39-12" name="__codelineno-39-12" href="#__codelineno-39-12"></a><span class="w"> </span><span class="nt">policyTypes</span><span class="p">:</span>
<a id="__codelineno-39-13" name="__codelineno-39-13" href="#__codelineno-39-13"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Ingress</span>
<a id="__codelineno-39-14" name="__codelineno-39-14" href="#__codelineno-39-14"></a><span class="w"> </span><span class="nt">ingress</span><span class="p">:</span>
<a id="__codelineno-39-15" name="__codelineno-39-15" href="#__codelineno-39-15"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
<a id="__codelineno-39-16" name="__codelineno-39-16" href="#__codelineno-39-16"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
<a id="__codelineno-39-17" name="__codelineno-39-17" href="#__codelineno-39-17"></a><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">TCP</span>
</code></pre></div></p>
<h4 id="excluded-namespaces">Excluded Namespaces<a class="headerlink" href="#excluded-namespaces" title="Permanent link">&para;</a></h4>
<p>The policy does NOT apply to:
- <code>kube-system</code>
- <code>kyverno</code>
- <code>argocd</code>
- <code>cert-manager</code>
- <code>monitoring</code></p>
<h4 id="health-checks">Health Checks<a class="headerlink" href="#health-checks" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-40-1" name="__codelineno-40-1" href="#__codelineno-40-1"></a><span class="nt">readinessProbe</span><span class="p">:</span>
<a id="__codelineno-40-2" name="__codelineno-40-2" href="#__codelineno-40-2"></a><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span>
<a id="__codelineno-40-3" name="__codelineno-40-3" href="#__codelineno-40-3"></a><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/healthz</span>
<a id="__codelineno-40-4" name="__codelineno-40-4" href="#__codelineno-40-4"></a><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
<a id="__codelineno-40-5" name="__codelineno-40-5" href="#__codelineno-40-5"></a><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<a id="__codelineno-40-6" name="__codelineno-40-6" href="#__codelineno-40-6"></a><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
<a id="__codelineno-40-7" name="__codelineno-40-7" href="#__codelineno-40-7"></a>
<a id="__codelineno-40-8" name="__codelineno-40-8" href="#__codelineno-40-8"></a><span class="nt">livenessProbe</span><span class="p">:</span>
<a id="__codelineno-40-9" name="__codelineno-40-9" href="#__codelineno-40-9"></a><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span>
<a id="__codelineno-40-10" name="__codelineno-40-10" href="#__codelineno-40-10"></a><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/healthz</span>
<a id="__codelineno-40-11" name="__codelineno-40-11" href="#__codelineno-40-11"></a><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
<a id="__codelineno-40-12" name="__codelineno-40-12" href="#__codelineno-40-12"></a><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
<a id="__codelineno-40-13" name="__codelineno-40-13" href="#__codelineno-40-13"></a><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10</span>
</code></pre></div>
<h4 id="request-flow">Request Flow<a class="headerlink" href="#request-flow" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-41-1" name="__codelineno-41-1" href="#__codelineno-41-1"></a>External Request → Traefik
<a id="__codelineno-41-2" name="__codelineno-41-2" href="#__codelineno-41-2"></a>
<a id="__codelineno-41-3" name="__codelineno-41-3" href="#__codelineno-41-3"></a>Service (port 8080)
<a id="__codelineno-41-4" name="__codelineno-41-4" href="#__codelineno-41-4"></a>
<a id="__codelineno-41-5" name="__codelineno-41-5" href="#__codelineno-41-5"></a>Pod: Auth Sidecar (port 8080)
<a id="__codelineno-41-6" name="__codelineno-41-6" href="#__codelineno-41-6"></a> ├─ Validate credentials
<a id="__codelineno-41-7" name="__codelineno-41-7" href="#__codelineno-41-7"></a> │ • Token mode: Check Bearer token
<a id="__codelineno-41-8" name="__codelineno-41-8" href="#__codelineno-41-8"></a> │ • OIDC mode: Validate session or redirect to IdP
<a id="__codelineno-41-9" name="__codelineno-41-9" href="#__codelineno-41-9"></a> │ • MCP mode: OAuth 2.0 via RFC 9728 discovery / RFC 7591 dynamic registration
<a id="__codelineno-41-10" name="__codelineno-41-10" href="#__codelineno-41-10"></a>
<a id="__codelineno-41-11" name="__codelineno-41-11" href="#__codelineno-41-11"></a>Forward to Application (localhost:3000)
<a id="__codelineno-41-12" name="__codelineno-41-12" href="#__codelineno-41-12"></a>
<a id="__codelineno-41-13" name="__codelineno-41-13" href="#__codelineno-41-13"></a>Application processes request
</code></pre></div>
<p><strong>See</strong>: <a href="../DEVELOPER-GUIDE/#enabling-authentication-for-applications">Developer Guide - Enabling Authentication</a> for usage examples.</p>
<hr />
<h2 id="configuration-reference">Configuration Reference<a class="headerlink" href="#configuration-reference" title="Permanent link">&para;</a></h2>
<h3 id="environment-variables">Environment Variables<a class="headerlink" href="#environment-variables" title="Permanent link">&para;</a></h3>
<p>Common environment variables used across applications:</p>
<table>
<thead>
<tr>
<th>Variable</th>
<th>Purpose</th>
<th>Example</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>NODE_ENV</code></td>
<td>Node.js environment</td>
<td><code>production</code></td>
</tr>
<tr>
<td><code>PORT</code></td>
<td>Application port</td>
<td><code>3000</code></td>
</tr>
<tr>
<td><code>DB_HOST</code></td>
<td>Database host</td>
<td><code>postgres</code></td>
</tr>
<tr>
<td><code>DB_PORT</code></td>
<td>Database port</td>
<td><code>5432</code></td>
</tr>
<tr>
<td><code>DB_USER</code></td>
<td>Database user</td>
<td><code>app_user</code></td>
</tr>
<tr>
<td><code>DB_NAME</code></td>
<td>Database name</td>
<td><code>app_db</code></td>
</tr>
<tr>
<td><code>DB_PASSWORD</code></td>
<td>Database password</td>
<td>From secret</td>
</tr>
<tr>
<td><code>API_KEY</code></td>
<td>External API key</td>
<td>From secret</td>
</tr>
</tbody>
</table>
<h3 id="resource-limits">Resource Limits<a class="headerlink" href="#resource-limits" title="Permanent link">&para;</a></h3>
<p>Recommended resource allocation:</p>
<table>
<thead>
<tr>
<th>Application Type</th>
<th>CPU Request</th>
<th>Memory Request</th>
<th>CPU Limit</th>
<th>Memory Limit</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Lightweight API</strong></td>
<td>100m</td>
<td>128Mi</td>
<td>500m</td>
<td>512Mi</td>
</tr>
<tr>
<td><strong>Standard Web App</strong></td>
<td>200m</td>
<td>256Mi</td>
<td>1000m</td>
<td>1Gi</td>
</tr>
<tr>
<td><strong>Heavy Processing</strong></td>
<td>500m</td>
<td>512Mi</td>
<td>2000m</td>
<td>2Gi</td>
</tr>
<tr>
<td><strong>Database</strong></td>
<td>250m</td>
<td>256Mi</td>
<td>1000m</td>
<td>1Gi</td>
</tr>
</tbody>
</table>
<h3 id="storage-classes">Storage Classes<a class="headerlink" href="#storage-classes" title="Permanent link">&para;</a></h3>
<p>Default storage class used: <strong>UpCloud default</strong> (varies by provider)</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-42-1" name="__codelineno-42-1" href="#__codelineno-42-1"></a><span class="nt">persistence</span><span class="p">:</span>
<a id="__codelineno-42-2" name="__codelineno-42-2" href="#__codelineno-42-2"></a><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<a id="__codelineno-42-3" name="__codelineno-42-3" href="#__codelineno-42-3"></a><span class="w"> </span><span class="nt">storageClass</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># Uses default</span>
<a id="__codelineno-42-4" name="__codelineno-42-4" href="#__codelineno-42-4"></a><span class="w"> </span><span class="nt">accessMode</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ReadWriteOnce</span>
<a id="__codelineno-42-5" name="__codelineno-42-5" href="#__codelineno-42-5"></a><span class="w"> </span><span class="nt">size</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5Gi</span>
</code></pre></div>
<hr />
<h2 id="api-endpoints">API Endpoints<a class="headerlink" href="#api-endpoints" title="Permanent link">&para;</a></h2>
<h3 id="argocd-api">ArgoCD API<a class="headerlink" href="#argocd-api" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-43-1" name="__codelineno-43-1" href="#__codelineno-43-1"></a># Server
<a id="__codelineno-43-2" name="__codelineno-43-2" href="#__codelineno-43-2"></a>https://argocd.127.0.0.1.nip.io
<a id="__codelineno-43-3" name="__codelineno-43-3" href="#__codelineno-43-3"></a>
<a id="__codelineno-43-4" name="__codelineno-43-4" href="#__codelineno-43-4"></a># Applications endpoint
<a id="__codelineno-43-5" name="__codelineno-43-5" href="#__codelineno-43-5"></a>GET /api/v1/applications
<a id="__codelineno-43-6" name="__codelineno-43-6" href="#__codelineno-43-6"></a>
<a id="__codelineno-43-7" name="__codelineno-43-7" href="#__codelineno-43-7"></a># Application details
<a id="__codelineno-43-8" name="__codelineno-43-8" href="#__codelineno-43-8"></a>GET /api/v1/applications/{name}
<a id="__codelineno-43-9" name="__codelineno-43-9" href="#__codelineno-43-9"></a>
<a id="__codelineno-43-10" name="__codelineno-43-10" href="#__codelineno-43-10"></a># Sync application
<a id="__codelineno-43-11" name="__codelineno-43-11" href="#__codelineno-43-11"></a>POST /api/v1/applications/{name}/sync
</code></pre></div>
<h3 id="prometheus-api">Prometheus API<a class="headerlink" href="#prometheus-api" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-44-1" name="__codelineno-44-1" href="#__codelineno-44-1"></a># Query endpoint
<a id="__codelineno-44-2" name="__codelineno-44-2" href="#__codelineno-44-2"></a>GET /api/v1/query?query={promql}
<a id="__codelineno-44-3" name="__codelineno-44-3" href="#__codelineno-44-3"></a>
<a id="__codelineno-44-4" name="__codelineno-44-4" href="#__codelineno-44-4"></a># Query range
<a id="__codelineno-44-5" name="__codelineno-44-5" href="#__codelineno-44-5"></a>GET /api/v1/query_range?query={promql}&amp;start={time}&amp;end={time}&amp;step={duration}
<a id="__codelineno-44-6" name="__codelineno-44-6" href="#__codelineno-44-6"></a>
<a id="__codelineno-44-7" name="__codelineno-44-7" href="#__codelineno-44-7"></a># Metrics
<a id="__codelineno-44-8" name="__codelineno-44-8" href="#__codelineno-44-8"></a>GET /api/v1/label/__name__/values
</code></pre></div>
<h3 id="tempo-api">Tempo API<a class="headerlink" href="#tempo-api" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-45-1" name="__codelineno-45-1" href="#__codelineno-45-1"></a># Search traces
<a id="__codelineno-45-2" name="__codelineno-45-2" href="#__codelineno-45-2"></a>GET /api/search?q={traceql}
<a id="__codelineno-45-3" name="__codelineno-45-3" href="#__codelineno-45-3"></a>
<a id="__codelineno-45-4" name="__codelineno-45-4" href="#__codelineno-45-4"></a># Get trace by ID
<a id="__codelineno-45-5" name="__codelineno-45-5" href="#__codelineno-45-5"></a>GET /api/traces/{traceID}
<a id="__codelineno-45-6" name="__codelineno-45-6" href="#__codelineno-45-6"></a>
<a id="__codelineno-45-7" name="__codelineno-45-7" href="#__codelineno-45-7"></a># Service tag values
<a id="__codelineno-45-8" name="__codelineno-45-8" href="#__codelineno-45-8"></a>GET /api/v2/search/tag/resource.service.name/values
</code></pre></div>
<h3 id="loki-api">Loki API<a class="headerlink" href="#loki-api" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-46-1" name="__codelineno-46-1" href="#__codelineno-46-1"></a># Query logs
<a id="__codelineno-46-2" name="__codelineno-46-2" href="#__codelineno-46-2"></a>GET /loki/api/v1/query?query={logql}
<a id="__codelineno-46-3" name="__codelineno-46-3" href="#__codelineno-46-3"></a>
<a id="__codelineno-46-4" name="__codelineno-46-4" href="#__codelineno-46-4"></a># Query range
<a id="__codelineno-46-5" name="__codelineno-46-5" href="#__codelineno-46-5"></a>GET /loki/api/v1/query_range?query={logql}&amp;start={time}&amp;end={time}
<a id="__codelineno-46-6" name="__codelineno-46-6" href="#__codelineno-46-6"></a>
<a id="__codelineno-46-7" name="__codelineno-46-7" href="#__codelineno-46-7"></a># Push logs
<a id="__codelineno-46-8" name="__codelineno-46-8" href="#__codelineno-46-8"></a>POST /loki/api/v1/push
</code></pre></div>
<hr />
<h2 id="glossary">Glossary<a class="headerlink" href="#glossary" title="Permanent link">&para;</a></h2>
<h3 id="terms">Terms<a class="headerlink" href="#terms" title="Permanent link">&para;</a></h3>
<p><strong>App-of-Apps</strong>: ArgoCD pattern where a parent Application manages child Applications</p>
<p><strong>GitOps</strong>: Operations approach where Git is the single source of truth</p>
<p><strong>IngressRoute</strong>: Traefik CRD for routing external traffic to services</p>
<p><strong>Multi-Source</strong>: ArgoCD feature allowing multiple Git sources per Application</p>
<p><strong>SealedSecret</strong>: Encrypted secret that can be safely stored in Git</p>
<p><strong>Sync Wave</strong>: Ordered deployment using annotations</p>
<p><strong>Self-Heal</strong>: ArgoCD automatically reverts manual cluster changes</p>
<p><strong>Prune</strong>: Automatically delete resources removed from Git</p>
<hr />
<h2 id="annotations-reference">Annotations Reference<a class="headerlink" href="#annotations-reference" title="Permanent link">&para;</a></h2>
<h3 id="argocd-annotations">ArgoCD Annotations<a class="headerlink" href="#argocd-annotations" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-47-1" name="__codelineno-47-1" href="#__codelineno-47-1"></a><span class="c1"># Sync wave (deployment order)</span>
<a id="__codelineno-47-2" name="__codelineno-47-2" href="#__codelineno-47-2"></a><span class="nt">argocd.argoproj.io/sync-wave</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1&quot;</span>
<a id="__codelineno-47-3" name="__codelineno-47-3" href="#__codelineno-47-3"></a>
<a id="__codelineno-47-4" name="__codelineno-47-4" href="#__codelineno-47-4"></a><span class="c1"># Refresh application</span>
<a id="__codelineno-47-5" name="__codelineno-47-5" href="#__codelineno-47-5"></a><span class="nt">argocd.argoproj.io/refresh</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;hard&quot;</span>
<a id="__codelineno-47-6" name="__codelineno-47-6" href="#__codelineno-47-6"></a>
<a id="__codelineno-47-7" name="__codelineno-47-7" href="#__codelineno-47-7"></a><span class="c1"># Compare options</span>
<a id="__codelineno-47-8" name="__codelineno-47-8" href="#__codelineno-47-8"></a><span class="nt">argocd.argoproj.io/compare-options</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">IgnoreExtraneous</span>
<a id="__codelineno-47-9" name="__codelineno-47-9" href="#__codelineno-47-9"></a>
<a id="__codelineno-47-10" name="__codelineno-47-10" href="#__codelineno-47-10"></a><span class="c1"># Sync options per resource</span>
<a id="__codelineno-47-11" name="__codelineno-47-11" href="#__codelineno-47-11"></a><span class="nt">argocd.argoproj.io/sync-options</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Prune=false</span>
</code></pre></div>
<h3 id="kyverno-annotations">Kyverno Annotations<a class="headerlink" href="#kyverno-annotations" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-48-1" name="__codelineno-48-1" href="#__codelineno-48-1"></a><span class="c1"># Exclude from policy</span>
<a id="__codelineno-48-2" name="__codelineno-48-2" href="#__codelineno-48-2"></a><span class="nt">policies.kyverno.io/exclude</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-48-3" name="__codelineno-48-3" href="#__codelineno-48-3"></a>
<a id="__codelineno-48-4" name="__codelineno-48-4" href="#__codelineno-48-4"></a><span class="c1"># Severity</span>
<a id="__codelineno-48-5" name="__codelineno-48-5" href="#__codelineno-48-5"></a><span class="nt">policies.kyverno.io/severity</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">high</span>
</code></pre></div>
<h3 id="custom-annotations">Custom Annotations<a class="headerlink" href="#custom-annotations" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-49-1" name="__codelineno-49-1" href="#__codelineno-49-1"></a><span class="c1"># Authentication enabled</span>
<a id="__codelineno-49-2" name="__codelineno-49-2" href="#__codelineno-49-2"></a><span class="nt">policies.forteapps.io/auth</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-49-3" name="__codelineno-49-3" href="#__codelineno-49-3"></a>
<a id="__codelineno-49-4" name="__codelineno-49-4" href="#__codelineno-49-4"></a><span class="c1"># OIDC configuration</span>
<a id="__codelineno-49-5" name="__codelineno-49-5" href="#__codelineno-49-5"></a><span class="nt">policies.forteapps.io/auth-oidc-authority</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://...&quot;</span>
<a id="__codelineno-49-6" name="__codelineno-49-6" href="#__codelineno-49-6"></a><span class="nt">policies.forteapps.io/auth-oidc-client-id</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;client-id&quot;</span>
</code></pre></div>
<hr />
<h2 id="labels-reference">Labels Reference<a class="headerlink" href="#labels-reference" title="Permanent link">&para;</a></h2>
<h3 id="standard-labels">Standard Labels<a class="headerlink" href="#standard-labels" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-50-1" name="__codelineno-50-1" href="#__codelineno-50-1"></a><span class="c1"># Application name</span>
<a id="__codelineno-50-2" name="__codelineno-50-2" href="#__codelineno-50-2"></a><span class="nt">app.kubernetes.io/name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myapp</span>
<a id="__codelineno-50-3" name="__codelineno-50-3" href="#__codelineno-50-3"></a>
<a id="__codelineno-50-4" name="__codelineno-50-4" href="#__codelineno-50-4"></a><span class="c1"># Application instance</span>
<a id="__codelineno-50-5" name="__codelineno-50-5" href="#__codelineno-50-5"></a><span class="nt">app.kubernetes.io/instance</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myapp</span>
<a id="__codelineno-50-6" name="__codelineno-50-6" href="#__codelineno-50-6"></a>
<a id="__codelineno-50-7" name="__codelineno-50-7" href="#__codelineno-50-7"></a><span class="c1"># Application version</span>
<a id="__codelineno-50-8" name="__codelineno-50-8" href="#__codelineno-50-8"></a><span class="nt">app.kubernetes.io/version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.0.0&quot;</span>
<a id="__codelineno-50-9" name="__codelineno-50-9" href="#__codelineno-50-9"></a>
<a id="__codelineno-50-10" name="__codelineno-50-10" href="#__codelineno-50-10"></a><span class="c1"># Component type</span>
<a id="__codelineno-50-11" name="__codelineno-50-11" href="#__codelineno-50-11"></a><span class="nt">app.kubernetes.io/component</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">frontend</span>
<a id="__codelineno-50-12" name="__codelineno-50-12" href="#__codelineno-50-12"></a>
<a id="__codelineno-50-13" name="__codelineno-50-13" href="#__codelineno-50-13"></a><span class="c1"># Part of larger application</span>
<a id="__codelineno-50-14" name="__codelineno-50-14" href="#__codelineno-50-14"></a><span class="nt">app.kubernetes.io/part-of</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ecommerce</span>
<a id="__codelineno-50-15" name="__codelineno-50-15" href="#__codelineno-50-15"></a>
<a id="__codelineno-50-16" name="__codelineno-50-16" href="#__codelineno-50-16"></a><span class="c1"># Managed by</span>
<a id="__codelineno-50-17" name="__codelineno-50-17" href="#__codelineno-50-17"></a><span class="nt">app.kubernetes.io/managed-by</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">argocd</span>
</code></pre></div>
<h3 id="custom-labels">Custom Labels<a class="headerlink" href="#custom-labels" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-51-1" name="__codelineno-51-1" href="#__codelineno-51-1"></a><span class="c1"># Allow secret cloning</span>
<a id="__codelineno-51-2" name="__codelineno-51-2" href="#__codelineno-51-2"></a><span class="nt">allowedToBeCloned</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;true&quot;</span>
<a id="__codelineno-51-3" name="__codelineno-51-3" href="#__codelineno-51-3"></a>
<a id="__codelineno-51-4" name="__codelineno-51-4" href="#__codelineno-51-4"></a><span class="c1"># Environment</span>
<a id="__codelineno-51-5" name="__codelineno-51-5" href="#__codelineno-51-5"></a><span class="nt">environment</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">production</span>
<a id="__codelineno-51-6" name="__codelineno-51-6" href="#__codelineno-51-6"></a>
<a id="__codelineno-51-7" name="__codelineno-51-7" href="#__codelineno-51-7"></a><span class="c1"># Team ownership</span>
<a id="__codelineno-51-8" name="__codelineno-51-8" href="#__codelineno-51-8"></a><span class="nt">team</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">platform</span>
</code></pre></div>
<hr />
<h2 id="version-matrix">Version Matrix<a class="headerlink" href="#version-matrix" title="Permanent link">&para;</a></h2>
<h3 id="component-versions">Component Versions<a class="headerlink" href="#component-versions" title="Permanent link">&para;</a></h3>
<table>
<thead>
<tr>
<th>Component</th>
<th>Version</th>
<th>Chart Version</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>ArgoCD</strong></td>
<td>2.9.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Traefik</strong></td>
<td>2.10.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Cert-Manager</strong></td>
<td>1.13.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Kyverno</strong></td>
<td>1.10.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Sealed Secrets</strong></td>
<td>0.24.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Prometheus</strong></td>
<td>2.47.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Grafana</strong></td>
<td>10.0.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Loki</strong></td>
<td>2.9.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Tempo</strong></td>
<td>2.6.0+</td>
<td>1.24.4</td>
</tr>
<tr>
<td><strong>Fluent-Bit</strong></td>
<td>2.1.0+</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Gitea</strong></td>
<td>1.25.4</td>
<td>12.5.0</td>
</tr>
<tr>
<td><strong>Gitea Act Runner</strong></td>
<td>Latest</td>
<td>Latest</td>
</tr>
<tr>
<td><strong>Renovate</strong></td>
<td>v43.113.0</td>
<td>46.109.0</td>
</tr>
<tr>
<td><strong>PostgreSQL</strong></td>
<td>16-alpine</td>
<td>N/A</td>
</tr>
<tr>
<td><strong>Trivy</strong></td>
<td>Latest</td>
<td>Latest</td>
</tr>
</tbody>
</table>
<h3 id="kubernetes-compatibility">Kubernetes Compatibility<a class="headerlink" href="#kubernetes-compatibility" title="Permanent link">&para;</a></h3>
<ul>
<li><strong>Minimum</strong>: 1.24+</li>
<li><strong>Tested</strong>: 1.28+</li>
<li><strong>Recommended</strong>: Latest stable</li>
</ul>
<hr />
<p><strong>Last Updated</strong>: 2026-04-16
<strong>Maintained By</strong>: Platform Team
<strong>Version</strong>: 1.0.0</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"annotate": null, "base": "..", "features": ["navigation.instant", "navigation.sections", "navigation.top", "search.highlight", "content.code.copy"], "search": "../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
<script src="../assets/javascripts/bundle.79ae519e.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink