DevFW-CICD/poc-core-deploy
18
0
Fork 0
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat/local-setup #3

Open
manuel.ganter wants to merge 18 commits from feat/local-setup into main
pull from: feat/local-setup
merge into: DevFW-CICD:main
Conversation 3 Commits 18 Files changed 33 +699 -44
manuel.ganter commented 2026-05-20 14:31:03 +00:00
Owner
Copy link
No description provided. 
Empty string rendered as null and was rejected by cnpg Cluster CRD.
local-path is the default StorageClass on k3s / orbstack.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Dev cluster Etcd CRs use replicas=3 + csi-disk. Single-node local
cluster needs replicas=1 + local-path. New overlays/local/ patch only
the Etcd resource; apply-argo-apps.sh swaps the source path for the
local bootstrap.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Aligns layout with kcp/base. Adds kustomization.yaml so the local
overlay can reference the directory as a kustomize base. Updates the
Application source path and apply-argo-apps.sh swap rule.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
ArgoCD treated oci:// URLs as HTTP helm repos (helm pull --repo)
producing "object required". Add a Repository Secret with
enableOCI: true so the pull uses native OCI semantics.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
v2.13 lacked reliable OCI Helm auto-detection. Pin newest stable
upstream releases.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Dev cluster's zitadelHost is the public hostname which routes to the
remote Zitadel instance — local PAT is invalid against that instance
(AUTH-7fs1e). Use the in-cluster Service URL.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Zitadel rejects requests whose Host header does not match the
configured ExternalDomain (QUERY-1kIjX, Instance not found). Override
ExternalDomain to the in-cluster Service FQDN on local clusters and
disable Ingress/TLS to keep the simple HTTP path working.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
nail.khunafin reviewed 2026-05-21 08:40:34 +00:00
Makefile
@ -0,0 +24,4 @@
@echo "Foundation handed off to ArgoCD."
@echo " UI: kubectl -n $(ARGOCD_NS) port-forward svc/argocd-server 8080:80"
@echo " Watch: kubectl -n $(ARGOCD_NS) get applications -w"
@echo " Admin pwd: kubectl -n $(ARGOCD_NS) get secret argocd-cluster -o jsonpath='{.data.admin\\.password}' | base64 -d"
nail.khunafin commented 2026-05-21 08:40:34 +00:00
Member
Copy link

" Admin pwd: kubectl -n $(ARGOCD_NS) get secret argocd-cluster -o jsonpath='{.data.admin\.password}' | base64 -d ; echo"

To avoid the % appears

No echo:

kubectl -n argocd get secret argocd-cluster -o jsonpath='{.data.admin.password}' | base64 -d
XUi6CKZSatFDwM8WzfoY1xJBbjQ9T0NO%

With echo:

kubectl -n argocd get secret argocd-cluster -o jsonpath='{.data.admin.password}' | base64 -d; echo
XUi6CKZSatFDwM8WzfoY1xJBbjQ9T0NO

My setup:

➜ poc-core-deploy git:(feat/local-setup) ✗ echo $SHELL
/bin/zsh
➜ poc-core-deploy git:(feat/local-setup) ✗ uname -a
Darwin T001c88fda 25.4.0 Darwin Kernel Version 25.4.0: Thu Mar 19 19:30:44 PDT 2026; root:xnu-12377.101.15~1/RELEASE_ARM64_T6000 arm64

" Admin pwd: kubectl -n $(ARGOCD_NS) get secret argocd-cluster -o jsonpath='{.data.admin\\.password}' | base64 -d ; echo" To avoid the % appears No echo: > > kubectl -n argocd get secret argocd-cluster -o jsonpath='{.data.admin\.password}' | base64 -d > XUi6CKZSatFDwM8WzfoY1xJBbjQ9T0NO% With echo: > > kubectl -n argocd get secret argocd-cluster -o jsonpath='{.data.admin\.password}' | base64 -d; echo > XUi6CKZSatFDwM8WzfoY1xJBbjQ9T0NO My setup: > ➜ poc-core-deploy git:(feat/local-setup) ✗ echo $SHELL /bin/zsh ➜ poc-core-deploy git:(feat/local-setup) ✗ uname -a Darwin T001c88fda 25.4.0 Darwin Kernel Version 25.4.0: Thu Mar 19 19:30:44 PDT 2026; root:xnu-12377.101.15~1/RELEASE_ARM64_T6000 arm64
manuel.ganter commented 2026-05-21 09:29:03 +00:00
Author
Owner
Copy link

solved in !3 (commit 22b635d6e6)

solved in https://edp.buildth.ing/DevFW-CICD/poc-core-deploy/pulls/3/commits/22b635d6e6f731ff7a4fd0ae3b2187a2afe54e4a
manuel.ganter marked this conversation as resolved
nail.khunafin reviewed 2026-05-22 10:32:37 +00:00
apisix/overlays/devfw-dev/kustomization.yaml
@ -0,0 +1,19 @@
# Local single-node-cluster overlay for apisix/base.
#
# Patches the etcd-apisix Etcd CR:
# - replicas: 3 -> 1 (HA can't schedule on one node)
nail.khunafin commented 2026-05-22 10:29:48 +00:00
Member
Copy link

This comment does not match the content below

This comment does not match the content below
apisix/overlays/local/kustomization.yaml
@ -0,0 +2,4 @@
#
# Patches the etcd-apisix Etcd CR:
# - replicas: 3 -> 1 (HA can't schedule on one node)
# - storageClass: csi-disk -> local-path (k3s / orbstack default)
nail.khunafin commented 2026-05-22 10:29:56 +00:00
Member
Copy link

This comment does not match the content below.

This comment does not match the content below.
nail.khunafin commented 2026-05-22 13:21:35 +00:00
Member
Copy link

It would also make sense to add a default kcp workspace creation. These are mentioned in different parts of the project, but it is not clear when and by whom they should be set up.

I mean root:orgs and others:

root
├── orgs/                                ← APIBinding(tenants.tenancy.edgeconnect.eu)
│   ├── Tenant/acme                       ← customer-authored intent
│   ├── Tenant/contoso
│   └── ws-acme, ws-contoso, …            ← per-org workspaces (created by workspace-ctrl)
└── controllers/
    └── tenant-controller/
        └── APIExport(tenants.tenancy.edgeconnect.eu)
            └── virtual workspace endpoint   ← aggregator watches here
It would also make sense to add a default kcp workspace creation. These are mentioned in different parts of the project, but it is not clear when and by whom they should be set up. I mean **root:orgs** and others: ``` root ├── orgs/ ← APIBinding(tenants.tenancy.edgeconnect.eu) │ ├── Tenant/acme ← customer-authored intent │ ├── Tenant/contoso │ └── ws-acme, ws-contoso, … ← per-org workspaces (created by workspace-ctrl) └── controllers/ └── tenant-controller/ └── APIExport(tenants.tenancy.edgeconnect.eu) └── virtual workspace endpoint ← aggregator watches here ```
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/local-setup:feat/local-setup
git switch feat/local-setup

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff feat/local-setup
git switch feat/local-setup
git rebase main
git switch main
git merge --ff-only feat/local-setup
git switch feat/local-setup
git rebase main
git switch main
git merge --no-ff feat/local-setup
git switch main
git merge --squash feat/local-setup
git switch main
git merge --ff-only feat/local-setup
git switch main
git merge feat/local-setup
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
DevFW-CICD/poc-core-deploy!3
No description provided.