`registry: "chrislusf/"` in values.yaml produced `chrislusf//seaweedfs:4.22`
because the vendored chart's _helpers.tpl renders
`printf "%s/%s:%s" $registryName $name $tag` — the trailing slash joined
with the separator slash made an invalid image reference.
Fix: `registry: "chrislusf/"` → `registry: "chrislusf"`.
Bump bp-seaweedfs 1.1.0 → 1.1.1. Update bootstrap-kit refs in _template,
otech.omani.works, omantel.omani.works (1.0.1 → 1.1.1).
Co-authored-by: alierenbaysal <alierenbaysal@openova.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Upstream seaweedfs/seaweedfs templates/shared/security-configmap.yaml
uses Helm template fromToml; helm-controller v1.1.0's bundled helm SDK
(v3.x older than 3.13) doesn't define fromToml so the install fails:
parse error at security-configmap.yaml:21: function fromToml not defined
Setting global.seaweedfs.enableSecurity: false skips the entire template.
Internal SeaweedFS API is cluster-IP only on Sovereign-1; chart-level
security is acceptable to defer until helm-controller is bumped.
Bumped 1.0.0 → 1.0.1.
Unblocks the chain: bp-loki, bp-mimir, bp-tempo, bp-velero, bp-harbor,
bp-grafana all dependsOn bp-seaweedfs.
Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
W2.K1 of the bootstrap-kit expansion plan (docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md).
Adds the Tier 5 storage+DB foundation as 5 contiguous HRs, mirrored across
the 3 cluster manifest trees (_template, otech.omani.works, omantel.omani.works).
| Slot | File | Blueprint | Tier | dependsOn (Flux) |
|-----:|----------------------------|---------------------|------|------------------|
| 15 | 15-external-secrets.yaml | bp-external-secrets | 0/3 | bp-openbao(08), bp-cert-manager(02) |
| 16 | 16-cnpg.yaml | bp-cnpg | 5 | bp-flux(03) |
| 17 | 17-valkey.yaml | bp-valkey | 5 | bp-flux(03) |
| 18 | 18-seaweedfs.yaml | bp-seaweedfs | 5 | bp-flux(03), bp-cert-manager(02) |
| 19 | 19-harbor.yaml | bp-harbor | 5 | bp-cnpg(16), bp-seaweedfs(18), bp-cert-manager(02) |
Per docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md §2.3 the dependsOn graph for
Tier 5 is finite-depth: ESO routes through bp-openbao (slot 08, Tier 1)
so Flux gates ESO install on OpenBao Ready=True regardless of slot order;
bp-cnpg and bp-valkey only need Flux Ready (their own CRDs ship in-chart);
bp-seaweedfs requests TLS from cert-manager; bp-harbor closes the cohort
by depending on cnpg + seaweedfs + cert-manager.
All 5 HRs use spec.install.disableWait=true + spec.upgrade.disableWait=true
per docs/INVIOLABLE-PRINCIPLES.md #3 (event-driven; Flux dependsOn is the
gate, not Helm timeout). Replaces the pre-PR-250 blanket spec.timeout: 15m
band-aid pattern.
Namespaces:
bp-external-secrets → external-secrets-system
bp-cnpg → cnpg-system
bp-valkey → valkey
bp-seaweedfs → seaweedfs
bp-harbor → harbor
Resolves issue #254 — bp-powerdns pod stuck in CreateContainerConfigError
because pdns-pg-app Secret is generated by a CNPG Cluster CR; without the
operator the secret never materializes. Wiring bp-cnpg into the kit is
the structural fix; PR #248's disableWait keeps the HR Ready=True while
the pod itself recovers once the Cluster CR materializes the Secret.
Validation:
kubectl kustomize clusters/_template/bootstrap-kit/ → 54 objects, 19 HRs
kubectl kustomize clusters/otech.omani.works/bootstrap-kit/ → 54 objects, 19 HRs
kubectl kustomize clusters/omantel.omani.works/bootstrap-kit/ → 54 objects, 19 HRs
Path isolation: this commit touches only slots 15-19 + the 3 kustomization.yaml
files (numeric-append). Charts under platform/<name>/ are NOT touched —
chart authoring is owned by separate parallel agents per the W2 dispatch.
The HelmRelease 1.0.0 version is the first-release convention (cf. slot 14
bp-crossplane-claims:1.0.0 in PR #247); the OCI artifact lands once the
chart is authored and the blueprint-release workflow publishes it.
Closes#254
Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
