openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
050f87e267
openova/clusters/otech.omani.works/bootstrap-kit/17-valkey.yaml
e3mrah ca295c78a4
feat(bootstrap-kit): storage+DB foundation batch — slots 15-19 (W2.K1; resolves #254) (#262) 
W2.K1 of the bootstrap-kit expansion plan (docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md).
Adds the Tier 5 storage+DB foundation as 5 contiguous HRs, mirrored across
the 3 cluster manifest trees (_template, otech.omani.works, omantel.omani.works).

| Slot | File                       | Blueprint           | Tier | dependsOn (Flux) |
|-----:|----------------------------|---------------------|------|------------------|
|   15 | 15-external-secrets.yaml   | bp-external-secrets | 0/3  | bp-openbao(08), bp-cert-manager(02) |
|   16 | 16-cnpg.yaml               | bp-cnpg             | 5    | bp-flux(03) |
|   17 | 17-valkey.yaml             | bp-valkey           | 5    | bp-flux(03) |
|   18 | 18-seaweedfs.yaml          | bp-seaweedfs        | 5    | bp-flux(03), bp-cert-manager(02) |
|   19 | 19-harbor.yaml             | bp-harbor           | 5    | bp-cnpg(16), bp-seaweedfs(18), bp-cert-manager(02) |

Per docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md §2.3 the dependsOn graph for
Tier 5 is finite-depth: ESO routes through bp-openbao (slot 08, Tier 1)
so Flux gates ESO install on OpenBao Ready=True regardless of slot order;
bp-cnpg and bp-valkey only need Flux Ready (their own CRDs ship in-chart);
bp-seaweedfs requests TLS from cert-manager; bp-harbor closes the cohort
by depending on cnpg + seaweedfs + cert-manager.

All 5 HRs use spec.install.disableWait=true + spec.upgrade.disableWait=true
per docs/INVIOLABLE-PRINCIPLES.md #3 (event-driven; Flux dependsOn is the
gate, not Helm timeout). Replaces the pre-PR-250 blanket spec.timeout: 15m
band-aid pattern.

Namespaces:
  bp-external-secrets → external-secrets-system
  bp-cnpg             → cnpg-system
  bp-valkey           → valkey
  bp-seaweedfs        → seaweedfs
  bp-harbor           → harbor

Resolves issue #254 — bp-powerdns pod stuck in CreateContainerConfigError
because pdns-pg-app Secret is generated by a CNPG Cluster CR; without the
operator the secret never materializes. Wiring bp-cnpg into the kit is
the structural fix; PR #248's disableWait keeps the HR Ready=True while
the pod itself recovers once the Cluster CR materializes the Secret.

Validation:
  kubectl kustomize clusters/_template/bootstrap-kit/         → 54 objects, 19 HRs
  kubectl kustomize clusters/otech.omani.works/bootstrap-kit/ → 54 objects, 19 HRs
  kubectl kustomize clusters/omantel.omani.works/bootstrap-kit/ → 54 objects, 19 HRs

Path isolation: this commit touches only slots 15-19 + the 3 kustomization.yaml
files (numeric-append). Charts under platform/<name>/ are NOT touched —
chart authoring is owned by separate parallel agents per the W2 dispatch.
The HelmRelease 1.0.0 version is the first-release convention (cf. slot 14
bp-crossplane-claims:1.0.0 in PR #247); the OCI artifact lands once the
chart is authored and the blueprint-release workflow publishes it.

Closes #254

Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 17:18:12 +04:00

63 lines
1.6 KiB
YAML
Raw Blame History

# bp-valkey — Catalyst bootstrap-kit Blueprint, W2.K1 slot 17.
# Redis-compatible cache (Valkey is the BSD-licensed Redis fork). Used by
# Catalyst control-plane services for ephemeral session/state, and by
# downstream Apps that need a Redis wire-protocol cache.
#
# Per docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md §2.3 (Tier 5 storage+DB
# foundation) — Valkey runs alongside CNPG so Apps can pick the right
# storage shape per workload (relational vs cache).
#
# Wrapper chart: platform/valkey/chart/
# Catalyst-curated values: platform/valkey/chart/values.yaml
# Reconciled by: Flux on the new Sovereign's k3s control plane.
---
apiVersion: v1
kind: Namespace
metadata:
name: valkey
labels:
catalyst.openova.io/sovereign: SOVEREIGN_FQDN_PLACEHOLDER
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: bp-valkey
namespace: flux-system
spec:
type: oci
interval: 15m
url: oci://ghcr.io/openova-io
secretRef:
name: ghcr-pull
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: bp-valkey
namespace: flux-system
spec:
interval: 15m
releaseName: valkey
targetNamespace: valkey
# Valkey is a self-contained cache — only needs Flux Ready.
dependsOn:
- name: bp-flux
chart:
spec:
chart: bp-valkey
version: 1.0.0
sourceRef:
kind: HelmRepository
name: bp-valkey
namespace: flux-system
# Event-driven install per docs/INVIOLABLE-PRINCIPLES.md #3.
install:
disableWait: true
remediation:
retries: 3
upgrade:
disableWait: true
remediation:
retries: 3
Reference in New Issue View Git Blame Copy Permalink