53d8a21a19
The instance row's '<code>.tenants.odoosky.org' was being computed client-side from the code alone, so a tenant whose domain is '4th.online' still saw 'odoo16.tenants.odoosky.org' in the list + the Open button — wrong zone, no cert, scary Firefox warning. Backend: Argo App now carries an 'odoosky.io/domain' annotation written at create time from req.Domain (the values.yaml domain), read back in argoApplicationSummary.Domain. Delete handler reads the same annotation so DNS cleanup hits the right Cloudflare zone instead of the platform default. Frontend: Instance.domain field, used by InstancesView, Vitals, ActionBar, with a fallback to the legacy pattern for any pre-Phase-F Argo App that hasn't been backfilled yet. Backfill for live odoo16: kubectl annotate done out-of-band.
72 lines
2.0 KiB
YAML
72 lines
2.0 KiB
YAML
# admin-platform-v3 — Tower platform default values.
|
|
|
|
backend:
|
|
enabled: true
|
|
image:
|
|
# Tower images live alongside the Docker Hub mirror on
|
|
# gitlab.odoosky.cloud — separate path, same registry. Pulled with
|
|
# the docker-mirror-pull deploy token (read-only registry scope),
|
|
# so every cluster that runs Tower needs the same imagePullSecret
|
|
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
|
tag: "0.61.5"
|
|
pullPolicy: IfNotPresent
|
|
imagePullSecrets:
|
|
- name: docker-mirror-pull
|
|
replicas: 1
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 256Mi
|
|
persistence:
|
|
enabled: true
|
|
size: 1Gi
|
|
|
|
frontend:
|
|
enabled: true
|
|
image:
|
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower-ui
|
|
tag: "0.61.9"
|
|
pullPolicy: IfNotPresent
|
|
imagePullSecrets:
|
|
- name: docker-mirror-pull
|
|
replicas: 1
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
limits:
|
|
cpu: 250m
|
|
memory: 64Mi
|
|
|
|
# Tower needs to talk to:
|
|
# - Gitea (create tenant repos, commit values.yaml)
|
|
# - ArgoCD (apply Application manifests)
|
|
#
|
|
# The credentials live in a K8s Secret in the same namespace, populated
|
|
# from the ExistingSecret pattern (so they aren't checked into Git).
|
|
# In Step 5+ we replace this with External Secrets sourcing from
|
|
# OpenBao at vault.odoosky.org.
|
|
config:
|
|
giteaURL: https://git.odoosky.org
|
|
giteaOrg: odoo-tower
|
|
chartRepo: instance-template-v3
|
|
argoCDURL: https://argocd.odoosky.org
|
|
argoCDUsername: admin
|
|
argoCDDestination: https://kubernetes.default.svc
|
|
argoCDProject: default
|
|
argoCDNamespace: argocd
|
|
tenantNamespace: tenants
|
|
# The Secret name (in the same namespace as Tower) that holds
|
|
# GITEA_TOKEN and ARGOCD_PASSWORD keys. Created out-of-band before
|
|
# this chart is applied.
|
|
existingSecret: tower-credentials
|
|
|
|
ingress:
|
|
domain: tower.odoosky.org
|
|
certIssuer: letsencrypt-prod
|
|
entryPoint: websecure
|