6685bd7441
Wave 28-B discovery: the bp-cnpg-pair Catalyst-curated Blueprint chart (platform/cnpg-pair/ @ 0.1.1) was missing from the catalog-seed template added by PR #1697. The chart is published at oci://ghcr.io/openova-io/bp-cnpg-pair, but operators had no way to see it in /api/v1/catalog on a fresh Sovereign — only the 13 entries from PR #1697 rendered. This PR seeds bp-cnpg-pair alongside its bp-cnpg companion in templates/catalog-seed/blueprints.yaml. Render goes from 13 -> 14 Blueprint CRs on a freshly-handed-over Sovereign. Also wires the canonical `database.mode` enum knob on bp-wordpress- tenant (singleton | active-hot-standby), aligning the operator-facing interface with the new bp-cnpg-pair Blueprint: - chart/values.yaml: new `database.mode` (empty default for back-compat). - chart/templates/_helpers.tpl: new `bp-wordpress-tenant.dbMode` helper with resolution precedence (enum wins; legacy `pg.activeHotStandby.enabled` boolean folds as alias for chart 0.3.x overlays). - chart/templates/cnpg-cluster.yaml: reads the resolved enum via the helper instead of the raw boolean. Output is bit-for-bit identical when overlays don't set the new knob (back-compat smoke verified: legacy boolean still renders 2 Cluster CRs). - blueprint.yaml: configSchema exposes `database.mode` so the marketplace voucher -> org wizard (D29) can present a "Postgres topology" picker instead of a boolean. - Chart.yaml: version bump 0.3.0 -> 0.3.1. Status: - chart render: helm lint clean on both charts; 4 invariants pass (singleton/mode=ahs/legacy-bool/mode-overrides-bool). - runtime D31: chart-rendered as of PR #1562; full prov-time runtime verification remains deferred (gated on next Sovereign fresh-prov per docs/SESSION-2026-05-17-CONVERGENCE.md). Refs TBD-E8b, TBD-B31. Co-authored-by: hatiyildiz <hatice.yildiz@openova.io> |
||
|---|---|---|
| .. | ||
| chart | ||
| blueprint.yaml | ||
| README.md | ||
platform/wordpress-tenant
Catalyst Blueprint that provisions a turnkey, SSO-pre-wired WordPress
instance per SME tenant inside the SME's vcluster. Part of the
#795 SME-tenant turnkey experience epic, ticket #800 (SME-5).
What's here
| Path | Contents |
|---|---|
blueprint.yaml |
Catalyst Blueprint metadata (configSchema, depends, placementSchema) |
chart/ |
Helm chart bp-wordpress-tenant v0.1.0 — see chart/README.md |
chart/templates/ |
Deployment, Service, Ingress, PVC, CNPG Cluster, NetworkPolicy, ServiceAccount + 3 post-install Jobs (db-secret-sync, oidc-config, admin-user) |
chart/tests/ |
observability-toggle.sh (per #182) |
Operator install
helm install acme-wordpress oci://ghcr.io/openova-io/bp-wordpress-tenant \
--version 0.1.0 \
--namespace sme-acme \
--set smeDomain=acme.otech31.omani.works \
--set keycloak.realmURL=https://auth.acme.otech31.omani.works/realms/sme \
--set keycloak.clientSecretName=wordpress-oidc \
--set adminUser.email=admin@acme.com
The Sovereign's tenant-provisioning pipeline (#804) wires this Helm
release into a Flux HelmRelease per SME, registers the OIDC client
in the SME realm, seals the client secret into
wordpress-oidc, and renders the per-SME values overlay.
See also
chart/README.md— full value reference + boot sequencedocs/BLUEPRINT-AUTHORING.md§11 (umbrella shape, hollow-chart guard, observability toggles)docs/INVIOLABLE-PRINCIPLES.md(no hardcoding, SHA-pinned images, target-state shape)- Issue #795 (epic), #800 (this Blueprint)