aefcac742a
Servers connected via the URL-token flow take ~5 min for the
cluster-platform-v3 chart to install. Without a gate, an over-eager
operator could click Deploy on a fresh server and land an instance
on a half-built cluster — Argo sync errors on missing CRDs, Pod
ImagePullBackOff on the in-cluster registry that doesn't exist yet.
Two layers, both shipped here:
Backend (defensive, non-bypassable):
- argoCluster gains substrateStatus enum (ready | preparing |
degraded | unknown) and substrateETA (RFC3339, when preparing)
derived from the per-cluster <name>-platform Argo App's
health+sync + the App's createdAt + 5min budget.
- handleCreateInstance + handleApplyMigration refuse with 409 +
"server still preparing — please wait" when the gate fails.
Same posture as the in-flight-delete check we shipped in 0.61.11.
Frontend (visible UX, prevents the user reaching the gate):
- DeployInstanceDrawer + MigrateDrawer server pickers disable
rows where substrateStatus !== ready/unknown. Disabled rows
show "Preparing · ~Xm" with a live countdown.
- Default-server selection prefers a deployable row.
- PlatformAppBadge shows the same countdown on the server card +
detail vitals panel — operator can watch it tick down without
leaving the Servers list.
- Drawers auto-poll listServers() while a preparing server is
visible — rows enable themselves the moment the chart lands.
72 lines
2.0 KiB
YAML
72 lines
2.0 KiB
YAML
# admin-platform-v3 — Tower platform default values.
|
|
|
|
backend:
|
|
enabled: true
|
|
image:
|
|
# Tower images live alongside the Docker Hub mirror on
|
|
# gitlab.odoosky.cloud — separate path, same registry. Pulled with
|
|
# the docker-mirror-pull deploy token (read-only registry scope),
|
|
# so every cluster that runs Tower needs the same imagePullSecret
|
|
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
|
tag: "0.61.13"
|
|
pullPolicy: IfNotPresent
|
|
imagePullSecrets:
|
|
- name: docker-mirror-pull
|
|
replicas: 1
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 256Mi
|
|
persistence:
|
|
enabled: true
|
|
size: 1Gi
|
|
|
|
frontend:
|
|
enabled: true
|
|
image:
|
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower-ui
|
|
tag: "0.61.13"
|
|
pullPolicy: IfNotPresent
|
|
imagePullSecrets:
|
|
- name: docker-mirror-pull
|
|
replicas: 1
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
limits:
|
|
cpu: 250m
|
|
memory: 64Mi
|
|
|
|
# Tower needs to talk to:
|
|
# - Gitea (create tenant repos, commit values.yaml)
|
|
# - ArgoCD (apply Application manifests)
|
|
#
|
|
# The credentials live in a K8s Secret in the same namespace, populated
|
|
# from the ExistingSecret pattern (so they aren't checked into Git).
|
|
# In Step 5+ we replace this with External Secrets sourcing from
|
|
# OpenBao at vault.odoosky.org.
|
|
config:
|
|
giteaURL: https://git.odoosky.org
|
|
giteaOrg: odoo-tower
|
|
chartRepo: instance-template-v3
|
|
argoCDURL: https://argocd.odoosky.org
|
|
argoCDUsername: admin
|
|
argoCDDestination: https://kubernetes.default.svc
|
|
argoCDProject: default
|
|
argoCDNamespace: argocd
|
|
tenantNamespace: tenants
|
|
# The Secret name (in the same namespace as Tower) that holds
|
|
# GITEA_TOKEN and ARGOCD_PASSWORD keys. Created out-of-band before
|
|
# this chart is applied.
|
|
existingSecret: tower-credentials
|
|
|
|
ingress:
|
|
domain: tower.odoosky.org
|
|
certIssuer: letsencrypt-prod
|
|
entryPoint: websecure
|