Adds the 7 Tier-6 observability HelmReleases per
docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md §2.4 (W2.K2 batch). Files added in
all three cluster directories (_template, omantel.omani.works,
otech.omani.works) and listed in each cluster's kustomization.yaml.
Slots:
| Slot | Blueprint | dependsOn |
|-----:|----------------------|----------------------------------------------------|
| 20 | bp-opentelemetry | bp-cert-manager |
| 21 | bp-alloy | bp-opentelemetry |
| 22 | bp-loki | bp-seaweedfs |
| 23 | bp-mimir | bp-seaweedfs |
| 24 | bp-tempo | bp-seaweedfs |
| 25 | bp-grafana | bp-cnpg, bp-loki, bp-mimir, bp-tempo, bp-keycloak |
| 26 | bp-langfuse | bp-cnpg, bp-keycloak, bp-cert-manager |
Pattern follows existing slot files (e.g. 11-powerdns, 13-bp-catalyst-
platform): Namespace + HelmRepository (oci://ghcr.io/openova-io,
ghcr-pull secret) + HelmRelease with disableWait: true on install and
upgrade per the locked decision in MEMORY/session-2026-04-30-handover.md
(disableWait avoids deadlock when downstream backends or CRDs are not
yet reconciled; runtime convergence is observed via kubectl, not gated
on Helm).
Validated with W2.K0's scripts/check-bootstrap-deps.sh — 0 drift, 0
cycles, all 21 declared slots match scripts/expected-bootstrap-deps.yaml.
Forward-prep notice for slot 26 (bp-langfuse): bp-langfuse:1.0.0 has
not yet published to ghcr.io/openova-io due to issue #215 (Helm v3.16 +
GHCR manifest 500 with nested OCI subchart deps). W1.G is the concurrent
track fixing the publish path. Until that lands, this HelmRelease will
fail to install with a chart-pull error; this is expected and the HR
file is committed now so Flux reconciles automatically once the OCI
artifact is published.
Refs: docs/BOOTSTRAP-KIT-EXPANSION-PLAN.md §2.4, §3.1, §4
Depends on (deferred — flagged in PR body): #215 (langfuse publish)
Co-authored-by: hatiyildiz <269457768+hatiyildiz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
