* fix(bp-external-dns): hide CRD-emitting resources behind Capabilities gates (refs #190)
Wrap the Catalyst overlay's ServiceMonitor and ExternalSecret templates
in `.Capabilities.APIVersions.Has` checks so a cold install on a fresh
Sovereign — where bp-kube-prometheus-stack and bp-external-secrets have
not yet reconciled — no longer fails with `no matches for kind X in
version Y`. The values toggles (`externalDns.serviceMonitor.enabled`,
`externalDns.externalSecret.enabled`) remain — Capabilities is defense
in depth so an operator flipping the toggle on a Sovereign that hasn't
reached Phase 2 doesn't break the bp-external-dns reconcile.
Verified locally: `helm template` with toggles off renders 0 of these
resources; with toggles ON and `--api-versions monitoring.coreos.com/v1
--api-versions external-secrets.io/v1beta1` both render exactly once.
Bump version 1.1.0 → 1.1.2 to align with the Phase-1 architectural-fix
wave from issue #190.
* fix(bp-powerdns): hide CRD-emitting resources behind Capabilities gates (refs #190)
Three Catalyst overlay templates emit resources whose CRDs ship in OTHER
charts and were unconditionally rendered, causing a cold install of
bp-powerdns to fail with `no matches for kind X` on a Sovereign that
hasn't yet reconciled the upstream chart:
- cnpg-cluster.yaml → postgresql.cnpg.io/v1 Cluster
(CRD ships in bp-cnpg)
- api-ingress.yaml → traefik.io/v1alpha1 Middleware
(CRD ships with the Traefik controller;
k3s ships it by default but a Sovereign
overlay MAY disable Traefik in favour
of cilium-only ingress)
- crossplane-floatingip.yaml → compose.openova.io/v1alpha1 HetznerFloatingIP
(CRD ships when the Catalyst Crossplane
composition family lands — see GAP
DISCLOSURE in that template)
Each is wrapped in `.Capabilities.APIVersions.Has "<group>/<version>"`.
The Traefik router-middleware annotation on the Ingress is similarly
gated so the auth posture cleanly moves to the Sovereign's chosen
ingress controller when Traefik is absent.
Verified locally: `helm template` with default values renders 0 of
these resources; with `--api-versions postgresql.cnpg.io/v1
--api-versions traefik.io/v1alpha1 --api-versions compose.openova.io/v1alpha1`
plus `--set crossplane.floatingIP.enabled=true`, all three render
exactly once. Existing tests/observability-toggle.sh still passes.
Bump version 1.1.1 → 1.1.2.
* fix(bp-powerdns): bump blueprint.yaml to match Chart.yaml 1.1.2 after Capabilities gate work
---------
Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
bcd2e7980a