odoo-tower/admin-platform-v3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8024015b9efc33e8d5114a92b38c9e73677bad5f
admin-platform-v3/values.yaml
Claude 8024015b9e tower 0.61.21 — migrate + template-deploy use tenant CF resolver 
Phase C made instance-create tenant-aware for Cloudflare DNS, but
migrate.go and templates_deploy.go kept using the legacy global
*cloudflareClient (zone=odoosky.org). Result: a tenant migrate to
4th.online silently created the A record under odoosky.org as a
literal subdomain ('odoo16v2.tenants.4th.online.odoosky.org' →
right IP) — Tower logged 'DNS A record set' successfully because
the API accepted the call, but the actual hostname the user
browses to was never published to the right zone.

Both flows now use cfResolver.clientFor(tenantID, fqdn) to find
the tenant's CF token + correct zone. If no token covers the
domain, the op fails with a clear 'configure tenant CF token'
message instead of silently writing to the wrong zone.
2026-04-30 17:31:44 +03:00

72 lines
2.0 KiB
YAML
Raw Blame History

# admin-platform-v3 — Tower platform default values.
backend:
enabled: true
image:
# Tower images live alongside the Docker Hub mirror on
# gitlab.odoosky.cloud — separate path, same registry. Pulled with
# the docker-mirror-pull deploy token (read-only registry scope),
# so every cluster that runs Tower needs the same imagePullSecret
# provisioned out-of-band (until cluster-platform-v3 owns it).
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
tag: "0.61.21"
pullPolicy: IfNotPresent
imagePullSecrets:
- name: docker-mirror-pull
replicas: 1
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: "1"
memory: 256Mi
persistence:
enabled: true
size: 1Gi
frontend:
enabled: true
image:
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower-ui
tag: "0.61.20"
pullPolicy: IfNotPresent
imagePullSecrets:
- name: docker-mirror-pull
replicas: 1
resources:
requests:
cpu: 10m
memory: 16Mi
limits:
cpu: 250m
memory: 64Mi
# Tower needs to talk to:
# - Gitea (create tenant repos, commit values.yaml)
# - ArgoCD (apply Application manifests)
#
# The credentials live in a K8s Secret in the same namespace, populated
# from the ExistingSecret pattern (so they aren't checked into Git).
# In Step 5+ we replace this with External Secrets sourcing from
# OpenBao at vault.odoosky.org.
config:
giteaURL: https://git.odoosky.org
giteaOrg: odoo-tower
chartRepo: instance-template-v3
argoCDURL: https://argocd.odoosky.org
argoCDUsername: admin
argoCDDestination: https://kubernetes.default.svc
argoCDProject: default
argoCDNamespace: argocd
tenantNamespace: tenants
# The Secret name (in the same namespace as Tower) that holds
# GITEA_TOKEN and ARGOCD_PASSWORD keys. Created out-of-band before
# this chart is applied.
existingSecret: tower-credentials
ingress:
domain: tower.odoosky.org
certIssuer: letsencrypt-prod
entryPoint: websecure
Reference in New Issue View Git Blame Copy Permalink