openova

History

e3mrah 74d526c276 fix: bp-gateway-api 5→10 CRDs + bp-gitea CNPG + bp-harbor CNPG race fix + DAG audit (#592 ) * fix(bp-gitea): switch to CNPG-managed postgres, drop bitnamilegacy subchart (Closes #584) The bundled Bitnami postgresql subchart pulls docker.io/bitnamilegacy/postgresql which is unavailable (DH deprecated namespace) — gitea-postgresql-0 stuck in ImagePullBackOff on otech22, cascading to gitea Init:CrashLoopBackOff. Mirrors the bp-harbor pattern (PR #578): provision a CNPG Cluster CR (gitea-pg, namespace gitea, 5Gi, pg16) + a reflector-managed gitea-database-secret, wiring GITEA__database__PASSWD from the CNPG-generated gitea-pg-app Secret. All Bitnami subchart config removed; postgresql.enabled: false. Bootstrap-kit (template + otech + omantel): bump bp-gitea 1.1.2 → 1.2.0, add dependsOn: bp-cnpg so the postgresql.cnpg.io/v1 CRD is registered before the Capabilities gate in cnpg-cluster.yaml fires. omantel overlay migrated from legacy ingress: to gateway: (Cilium Gateway API, issue #387). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(dependency-audit): add bp-reflector (5a) to expected DAG + external-dns dep edge bp-reflector was added to the bootstrap-kit (slot 05a) in issue #543 but was never registered in scripts/expected-bootstrap-deps.yaml, causing the dependency-graph-audit CI gate to error on every PR that includes this branch. Also declare bp-reflector in bp-external-dns's depends_on to match the actual HR file (12-external-dns.yaml dependsOn bp-reflector). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(bp-gateway-api): update CRD-count test 5→10 for experimental channel + DAG audit Two fixes to unblock bp-gateway-api:1.1.0 OCI publish and the dependency-graph-audit CI gate: 1. crd-render.sh: expect 10 CRDs (experimental channel) not 5. Chart 1.1.0 vendors experimental-install.yaml (TLSRoute, TCPRoute, UDPRoute, BackendLBPolicy, BackendTLSPolicy in addition to 5 standard CRDs) because Cilium 1.16.x checks for TLSRoute at operator startup. Without this fix the blueprint-release workflow for 1.1.0 fails the chart-test step and never pushes to GHCR — leaving all 13 dependent HRs stuck dependency-not-ready on every Sovereign. 2. expected-bootstrap-deps.yaml: add bp-reflector (slot 5a) and update bp-external-dns depends_on to include bp-reflector. bp-reflector was added to the bootstrap-kit in issue #543 but was missing from the expected DAG, causing dependency-graph-audit ERRORs on every PR. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: alierenbaysal <alierenbaysal@openova.io> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: hatiyildiz <hatice@openova.io>	2026-05-02 15:20:05 +04:00
..
chart	fix: bp-gateway-api 5→10 CRDs + bp-gitea CNPG + bp-harbor CNPG race fix + DAG audit (#592 )	2026-05-02 15:20:05 +04:00
blueprint.yaml	fix(cloud-init): install Gateway API v1.1.0 CRDs before cilium so operator registers gateway controller (#581 )	2026-05-02 13:23:32 +04:00

fix: bp-gateway-api 5→10 CRDs + bp-gitea CNPG + bp-harbor CNPG race fix + DAG audit (#592 )

* fix(bp-gitea): switch to CNPG-managed postgres, drop bitnamilegacy subchart (Closes #584)

The bundled Bitnami postgresql subchart pulls docker.io/bitnamilegacy/postgresql
which is unavailable (DH deprecated namespace) — gitea-postgresql-0 stuck in
ImagePullBackOff on otech22, cascading to gitea Init:CrashLoopBackOff.

Mirrors the bp-harbor pattern (PR #578): provision a CNPG Cluster CR (gitea-pg,
namespace gitea, 5Gi, pg16) + a reflector-managed gitea-database-secret, wiring
GITEA__database__PASSWD from the CNPG-generated gitea-pg-app Secret. All Bitnami
subchart config removed; postgresql.enabled: false.

Bootstrap-kit (template + otech + omantel): bump bp-gitea 1.1.2 → 1.2.0, add
dependsOn: bp-cnpg so the postgresql.cnpg.io/v1 CRD is registered before the
Capabilities gate in cnpg-cluster.yaml fires. omantel overlay migrated from
legacy ingress: to gateway: (Cilium Gateway API, issue #387).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(dependency-audit): add bp-reflector (5a) to expected DAG + external-dns dep edge

bp-reflector was added to the bootstrap-kit (slot 05a) in issue #543 but was
never registered in scripts/expected-bootstrap-deps.yaml, causing the
dependency-graph-audit CI gate to error on every PR that includes this branch.
Also declare bp-reflector in bp-external-dns's depends_on to match the actual
HR file (12-external-dns.yaml dependsOn bp-reflector).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(bp-gateway-api): update CRD-count test 5→10 for experimental channel + DAG audit

Two fixes to unblock bp-gateway-api:1.1.0 OCI publish and the
dependency-graph-audit CI gate:

1. crd-render.sh: expect 10 CRDs (experimental channel) not 5.
   Chart 1.1.0 vendors experimental-install.yaml (TLSRoute, TCPRoute,
   UDPRoute, BackendLBPolicy, BackendTLSPolicy in addition to 5 standard
   CRDs) because Cilium 1.16.x checks for TLSRoute at operator startup.
   Without this fix the blueprint-release workflow for 1.1.0 fails the
   chart-test step and never pushes to GHCR — leaving all 13 dependent
   HRs stuck dependency-not-ready on every Sovereign.

2. expected-bootstrap-deps.yaml: add bp-reflector (slot 5a) and update
   bp-external-dns depends_on to include bp-reflector. bp-reflector was
   added to the bootstrap-kit in issue #543 but was missing from the
   expected DAG, causing dependency-graph-audit ERRORs on every PR.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: alierenbaysal <alierenbaysal@openova.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: hatiyildiz <hatice@openova.io>

2026-05-02 15:20:05 +04:00

chart

fix: bp-gateway-api 5→10 CRDs + bp-gitea CNPG + bp-harbor CNPG race fix + DAG audit (#592 )

2026-05-02 15:20:05 +04:00

blueprint.yaml

fix(cloud-init): install Gateway API v1.1.0 CRDs before cilium so operator registers gateway controller (#581 )

2026-05-02 13:23:32 +04:00