From 2913c4f27a12761ff5f80b3702dcad994a61b785 Mon Sep 17 00:00:00 2001
From: e3mrah <81884938+emrahbaysal@users.noreply.github.com>
Date: Fri, 1 May 2026 16:55:07 +0400
Subject: [PATCH] =?UTF-8?q?feat(bp-grafana):=20chart-verified=20=E2=80=94?=
 =?UTF-8?q?=20smoke=20OK=20on=20contabo=20+=20per-Sovereign=20overlay=20dr?=
 =?UTF-8?q?ift=20fix=20(closes=20#381)=20(#416)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

bp-grafana 1.0.0 was published by blueprint-release run 25214143810 on
commit a1bd5502 (alongside the #387 Gateway API HTTPRoute templates).
This commit verifies the chart on contabo and brings the per-Sovereign
overlays in line with the _template (and with the bp-keycloak pattern
shipped in #377).

Verification:
  - helm template defaults → 13 kinds (HTTPRoute skip-renders when
    gateway.host is empty, per the #387/#402 if-host-emit pattern)
  - helm template with gateway.host=grafana.test.example.com → 14 kinds
    (incl. HTTPRoute)
  - smoke install in grafana-smoke ns: 1/1 Ready in 65s; in-cluster GET
    http://smoke-grafana/login → HTTP 200; /api/health → 200; image
    docker.io/grafana/grafana:12.3.1 confirmed; smoke torn down clean.

Per-Sovereign overlay drift fix:
  - clusters/omantel.omani.works/bootstrap-kit/25-grafana.yaml — add
    values.gateway.host = grafana.omantel.omani.works (was missing).
  - clusters/otech.omani.works/bootstrap-kit/25-grafana.yaml — add
    values.gateway.host = grafana.otech.omani.works (was missing).

Both now match the _template and the bp-keycloak otech overlay shape.

Scope clarification: the original ticket said "Bundle: Alloy + Loki +
Mimir + Tempo + Grafana dashboards" but the actual chart split has
Alloy/Loki/Mimir/Tempo as sibling Blueprints at slots 21-24, with
bp-grafana as the visualizer-only at slot 25. WBS §2 row updated to
reflect this. Each LGTM sibling has its own ticket.

Closes #381

Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 clusters/omantel.omani.works/bootstrap-kit/25-grafana.yaml | 7 +++++++
 clusters/otech.omani.works/bootstrap-kit/25-grafana.yaml   | 7 +++++++
 docs/omantel-handover-wbs.md                               | 4 ++--
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/clusters/omantel.omani.works/bootstrap-kit/25-grafana.yaml b/clusters/omantel.omani.works/bootstrap-kit/25-grafana.yaml
index e5101fca..c05f5d9e 100644
--- a/clusters/omantel.omani.works/bootstrap-kit/25-grafana.yaml
+++ b/clusters/omantel.omani.works/bootstrap-kit/25-grafana.yaml
@@ -73,3 +73,10 @@ spec:
     disableWait: true
     remediation:
       retries: 3
+  # Per-Sovereign overrides — issue #387:
+  # Wire the per-Sovereign hostname into the HTTPRoute template
+  # (platform/grafana/chart/templates/httproute.yaml). The HTTPRoute
+  # attaches to cilium-gateway/kube-system installed by 01-cilium.yaml.
+  values:
+    gateway:
+      host: grafana.omantel.omani.works
diff --git a/clusters/otech.omani.works/bootstrap-kit/25-grafana.yaml b/clusters/otech.omani.works/bootstrap-kit/25-grafana.yaml
index 730ae14f..aaa0062b 100644
--- a/clusters/otech.omani.works/bootstrap-kit/25-grafana.yaml
+++ b/clusters/otech.omani.works/bootstrap-kit/25-grafana.yaml
@@ -73,3 +73,10 @@ spec:
     disableWait: true
     remediation:
       retries: 3
+  # Per-Sovereign overrides — issue #387:
+  # Wire the per-Sovereign hostname into the HTTPRoute template
+  # (platform/grafana/chart/templates/httproute.yaml). The HTTPRoute
+  # attaches to cilium-gateway/kube-system installed by 01-cilium.yaml.
+  values:
+    gateway:
+      host: grafana.otech.omani.works
diff --git a/docs/omantel-handover-wbs.md b/docs/omantel-handover-wbs.md
index a23b1128..eb7b2298 100644
--- a/docs/omantel-handover-wbs.md
+++ b/docs/omantel-handover-wbs.md
@@ -43,7 +43,7 @@ A handed-over Sovereign must own its own GitOps loop, its own DNS, its own cert
 | 19 | `bp-velero` | Cluster-state backup → Hetzner Object Storage | ❌ not deployed; chart needs S3 endpoint rework ([#384](https://github.com/openova-io/openova/issues/384)) |
 | 20 | `bp-kyverno` | Admission policy | ❌ not deployed ([#379](https://github.com/openova-io/openova/issues/379)) |
 | 21 | `bp-trivy` | Image CVE scanning | ❌ not deployed ([#380](https://github.com/openova-io/openova/issues/380)) |
-| 22 | `bp-grafana` | Bundle: Alloy + Loki + Mimir + Tempo + Grafana dashboards | ❌ not deployed ([#381](https://github.com/openova-io/openova/issues/381)) |
+| 22 | `bp-grafana` | Grafana visualizer (Alloy/Loki/Mimir/Tempo are sibling slots 21-24) | ✅ chart-verified on contabo ([#381](https://github.com/openova-io/openova/issues/381)) |
 | 23 | `bp-catalyst-platform` | catalyst-api + catalyst-ui + helmwatch (the self-sufficient console) | ✅ deployed; needs single-blueprint verification ([#385](https://github.com/openova-io/openova/issues/385)) |
 
 > **Correction note (2026-05-01):** earlier draft listed `bp-traefik` as #3. That was wrong — Traefik is contabo-only legacy demo infra. Sovereigns ingress through Cilium Gateway API + Envoy. #372 closed; replaced by [#387](https://github.com/openova-io/openova/issues/387) (Gateway API migration audit across all minimal-set blueprint charts).
@@ -349,7 +349,7 @@ If founder wants to amend ADR-0001 with §13 formalised (S3 vs SeaweedFS rule),
 | #376 | (parked) | | |
 | #379 | (parked) | | |
 | #380 | (parked) | | |
-| #381 | (parked) | | |
+| #381 | ✅ chart-verified — `bp-grafana:1.0.0` published by blueprint-release run `25214143810` on commit `a1bd5502`. Helm template renders cleanly: defaults → 13 kinds (skip-render of HTTPRoute when `gateway.host` empty); with `gateway.host` set → 14 kinds (incl. HTTPRoute). Smoke install on contabo (`grafana-smoke` ns) reached 1/1 Ready in 65s, in-cluster `/login` returned HTTP 200, `/api/health` returned 200, image `docker.io/grafana/grafana:12.3.1` confirmed. Smoke torn down clean. Per-Sovereign overlay drift fixed: `gateway.host: grafana.<sovereign-fqdn>` now wired in `_template/`, `omantel.omani.works/`, and `otech.omani.works/` (parity with bp-keycloak). Wizard catalog already lists bp-grafana at slot 25. NOTE: scope reframed — bp-grafana is the Grafana visualizer only; Alloy/Loki/Mimir/Tempo are separate sibling Blueprints (slots 21-24). Sovereign-impact deferred to Phase 8. | (this PR) | bp-grafana:1.0.0 published; smoke evidence captured |
 | #382 | (parked) | | |
 | #383 | (parked) | | |
 | #384 | (parked) | | |