apiVersion: v2
name: cluster-platform-v3
description: |
  Per-cluster platform infrastructure for OdooSky v3. ArgoCD-managed
  on every connected customer K8s cluster. Provides:
    - odoosky-system namespace (where Tower spawns build Jobs and
      stores cluster-private credentials sourced from OpenBao)
    - Local container registry (Distribution v2). In-cluster
      BuildKit Jobs push addon images here; the chart consumes
      them as image volumes. Sovereignty + GFW resistance: no
      cross-cluster image transfer.
    - cert-manager + Traefik (vendored via Helm dependencies)
      so the substrate that used to be installed by bootstrap.sh
      now lives in Git, deployed by Tower's per-cluster Argo
      Application. Customer's "Connect Server" terminal stops
      at "kubeconfig sent" — the slow ACME wait happens here in
      the background.
    - tenants Namespace + tenants-wildcard Certificate. Per-tenant
      via .Values.tenant.{domain,wildcardHost}; cert-manager's
      DNS-01 solver pulls the Cloudflare token from the
      `cloudflare-api-token` Secret Tower kubectl-applies into the
      cert-manager namespace at Connect time (secrets stay out of
      Git).

type: application
version: 0.7.7
appVersion: "0.7.7"

# All 6 subcharts now resolve from registry.odoosky.cloud (mirrored
# 2026-05-08, KEDA stack added 2026-05-09). Mirror-first discipline
# + China-region readiness: a Jetstack / Traefik / Longhorn /
# external-secrets-io / KEDA outage no longer blocks new tenant
# cluster bootstrap.
#
# Original upstream sources (for re-sync if a chart bumps):
#   cert-manager     → https://charts.jetstack.io
#   traefik          → https://traefik.github.io/charts
#   longhorn         → https://charts.longhorn.io
#   external-secrets → https://charts.external-secrets.io
#   keda             → https://kedacore.github.io/charts
#   keda-add-ons-http→ https://kedacore.github.io/charts
#
# Re-sync recipe: `helm pull <chart> --repo <upstream> --version <v>`
# then `helm push <tgz> oci://registry.odoosky.cloud/odoosky/docker-mirror/charts`.
dependencies:
  - name: cert-manager
    version: "v1.16.1"
    repository: "oci://registry.odoosky.cloud/odoosky/docker-mirror/charts"
    condition: certManager.enabled
  - name: traefik
    version: "33.2.1"
    repository: "oci://registry.odoosky.cloud/odoosky/docker-mirror/charts"
    condition: traefik.enabled
  # Longhorn — CSI block storage with snapshot + clone primitives.
  # See ADR 0003 (in odooskyv3 monorepo). Phase 1 declares the
  # dependency but the chart's default is `longhorn.enabled=false`,
  # so `helm dep update` skips it on render unless a per-cluster
  # Argo Application sets the flag.
  - name: longhorn
    version: "1.7.2"
    repository: "oci://registry.odoosky.cloud/odoosky/docker-mirror/charts"
    condition: longhorn.enabled
  # External Secrets Operator — declarative Secret delivery from
  # OpenBao. Replaces Tower's imperative kubectl-stamp pattern for
  # the 5 substrate Secrets (Item #9, all phases shipped 2026-05-07).
  - name: external-secrets
    version: "0.10.7"
    repository: "oci://registry.odoosky.cloud/odoosky/docker-mirror/charts"
    condition: externalSecrets.enabled
  # KEDA core — event-driven autoscaler. Owns the ScaledObject CRD
  # and the metrics-server adapter that K8s' HPA reads from. Required
  # by KEDA HTTP add-on below; declared here so the install order is
  # correct (sync-wave 0 default; HTTP add-on at wave 1).
  #
  # Currently consumed by AI Studio (per-instance OpenCode pods that
  # scale 0↔1 on URL hit, see studio-template-v3). Enabled by default
  # because Studio is opt-in per-instance — clusters without any
  # Studio pay only for the KEDA control plane (~50 MB RAM).
  - name: keda
    version: "2.15.1"
    repository: "oci://registry.odoosky.cloud/odoosky/docker-mirror/charts"
    condition: keda.enabled
  # KEDA HTTP add-on — separate component that owns the
  # HTTPScaledObject CRD + the interceptor-proxy. Traefik routes
  # public traffic to the interceptor (in keda namespace), which
  # holds the request while it scales the target Deployment 0→1,
  # then forwards. After scaledownPeriod of no traffic, scales 1→0.
  #
  # AI Studio is the only current consumer; the add-on is harmless
  # idle (interceptor is just a small Go service). Studio chart
  # creates one HTTPScaledObject per (tenant, instance).
  - name: keda-add-ons-http
    version: "0.8.0"
    repository: "oci://registry.odoosky.cloud/odoosky/docker-mirror/charts"
    condition: kedaHttpAddon.enabled