Skip to content

feat: add prod apps for waves 6-9 (keycloak, auth, services, kong)#43

Merged
acascais merged 2 commits into
mainfrom
feat/prod-waves-8-9
Apr 13, 2026
Merged

feat: add prod apps for waves 6-9 (keycloak, auth, services, kong)#43
acascais merged 2 commits into
mainfrom
feat/prod-waves-8-9

Conversation

@acascais
Copy link
Copy Markdown
Contributor

@acascais acascais commented Apr 13, 2026

Summary

  • Waves 6-7: keycloak (prod hostnames, INFO log level) + auth (prod hostnames, env=prod)
  • Waves 8-9: 20 service apps — metadata, project, dataset, dataops, notification, approval, kong-postgresql, kong, queue-{consumer,producer,socketio}, pipelinewatch, upload-{core,greenroom}, download-{core,greenroom}, search, xwiki, metadata-event-handler, kg-integration
  • Cleans up stale TODOs in dev (bff-cli values, kong-postgresql application.yaml)
  • Updates docs/vault-secrets.md with new secret paths (kong, xwiki)

Vault secrets needed before/after merge

Before merge (waves 6-7):

  • secret/keycloakgithub-token ✅ done

After KC healthy (waves 6-7):

  • KC realm + kong client setup (manual)
  • secret/authkeycloak-client-secret, freeipa-password

Before merge (waves 8-9):

  • secret/kongpostgres-user, postgres-password
  • secret/approvaldb-uri (references approval-user-password from secret/postgresql)
  • secret/kg-integrationaccount-secret
  • secret/xwikipostgresql-password, xwiki-cfg, xwiki-properties

Known placeholders

  • notification: SMTP relay set to TODO-PROD-SMTP-RELAY (blocked on ctask #86)
  • Hard-coded image tags: queue-consumer/producer/socketio, kg-integration (no CI auto-bump)

Test plan

  • make test ENV=prod — all checks pass
  • make test ENV=dev — unchanged, all checks pass
  • Zero dev.hdc / clusters/dev references in prod apps (grep verified)

acascais added 2 commits April 11, 2026 13:14
@acascais
feat: add prod apps for waves 6-7 (keycloak, auth)
413ffdc 
Keycloak (wave 6): prod hostnames, log level INFO, theme + plugins.
Auth (wave 7): prod hostnames, env=prod.
Docs: added missing github-token and freeipa-password to vault-secrets.md.
@acascais
feat: add prod apps for waves 8-9 (services, kong)
5e6c1ca 
20 prod apps: metadata, project, dataset, dataops, notification,
approval, kong-postgresql, kong, queue-{consumer,producer,socketio},
pipelinewatch, upload-{core,greenroom}, download-{core,greenroom},
search, xwiki, metadata-event-handler, kg-integration.

Also cleans up stale TODOs in dev (bff-cli, kong-postgresql).

SMTP relay still TBD (notification uses TODO-PROD-SMTP-RELAY placeholder).
Vault secrets needed before merge: kong, xwiki, approval, kg-integration.
@acascais acascais merged commit f13d9da into main Apr 13, 2026
4 checks passed
@acascais acascais deleted the feat/prod-waves-8-9 branch April 13, 2026 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@acascais