From c263426ea5032e9695bc677ed53ea1b456bf55dd Mon Sep 17 00:00:00 2001 From: Andrew Stoltz Date: Tue, 19 May 2026 10:11:09 -0500 Subject: [PATCH] fc-devicemgmt: operator image fix + Web scaled to 0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OPERATOR (PodCrashLoopBackOff cleared): - Bumped image to v20260519-sp34cl3-fix (built from astoltz/FlowerCore.DeviceManagement@d9a3685 after Sprint 34 Cl-3 stranded branch was merged via PR #19 squash). - The v20260512-cx5 image was the broken Sprint 8 scaffold: generic Host builder, no kubeops, no Kestrel on :8080, no AddController chain. Readiness probe dial-tcp 8080 failed every restart. - The new image ships the AddController chain for all 4 reconcilers (DeviceCrd / DeviceGroupCrd / DevicePolicyCrd / RemoteCommandCrd) plus Kestrel on :8080 and /healthz. - Image saved + scp'd + ctr-imported on rke2-server / rke2-agent1 / rke2-agent2 before this commit. SHA256: 2cc79ee0a2313c550268d1244f805ae41b396362148dd5603061cc15b6f7fa7e WEB (DeploymentReplicasMismatch cleared via scale-to-0): - Web pod cannot start. Two upstream gaps must close first: 1) MySQL DB instance + user `fc_devicemgmt` / database `flowercore_devicemgmt` are not provisioned in fc-mysql. Cluster has zero MySqlInstanceCrds and no `mysql.fc-mysql.svc:3306` Service. 2) 1Password vault item `IAmWorkin/FlowerCore DeviceManagement Runtime` is missing (5 fields: DB-Password + 4 mTLS PEMs). OnePasswordItem CRD has been stuck Ready=False since 2026-05-18T02:58. - Same pattern as the brochure-web scale-to-0 in 914fed0 — make the cluster clean and quiet, let operator restart deploy on a real schedule. Re-enable path is fully documented in the deployment-web.yaml header comment. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/fc-devicemgmt/deployment-operator.yaml | 2 +- apps/fc-devicemgmt/deployment-web.yaml | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/apps/fc-devicemgmt/deployment-operator.yaml b/apps/fc-devicemgmt/deployment-operator.yaml index a4ec080..56e594d 100644 --- a/apps/fc-devicemgmt/deployment-operator.yaml +++ b/apps/fc-devicemgmt/deployment-operator.yaml @@ -47,7 +47,7 @@ spec: fsGroupChangePolicy: OnRootMismatch containers: - name: operator - image: localhost/fc-devicemgmt-operator:v20260512-cx5 + image: localhost/fc-devicemgmt-operator:v20260519-sp34cl3-fix imagePullPolicy: Never ports: - name: metrics diff --git a/apps/fc-devicemgmt/deployment-web.yaml b/apps/fc-devicemgmt/deployment-web.yaml index 41651cb..a8caffd 100644 --- a/apps/fc-devicemgmt/deployment-web.yaml +++ b/apps/fc-devicemgmt/deployment-web.yaml @@ -4,6 +4,22 @@ # Sprint 9+ lane. This manifest is static-valid without requiring the image to # exist yet; import localhost/fc-devicemgmt-web: to all schedulable RKE2 # nodes before letting ArgoCD sync a live rollout. +# +# SCALED TO 0 — 2026-05-19 morning-routine cleanup. +# The Web pod cannot start until TWO upstream gaps close: +# 1. MySQL DB instance `flowercore_devicemgmt` (user `fc_devicemgmt`) is +# provisioned via fc-mysql Manager. The cluster currently has ZERO +# MySqlInstanceCrds and no `mysql.fc-mysql.svc:3306` Service, so the +# deployment-web container env `FlowerCore__Database__Host=mysql.fc-mysql.svc` +# points at nothing. Provision via the fc-mysql Manager UI/REST/MCP. +# 2. 1Password vault item `IAmWorkin/FlowerCore DeviceManagement Runtime` +# with 5 fields (DB-Password, mtls-ca.pem, mtls-client.crt, mtls-client.key, +# mtls-chain.pem) — see apps/fc-devicemgmt/1password-item.yaml. Mint mTLS +# from step-ca-agent ClusterIssuer per ADR-126; DB-Password must match the +# password configured for the MySQL user. +# Re-enable: change replicas back to 2 after both gaps close. The image tag +# in this file (v20260512-cx5) MAY also need a refresh — it predates the +# Sprint 34 Cl-3 operator fix; Web may have an analogous bug. apiVersion: apps/v1 kind: Deployment metadata: @@ -20,7 +36,7 @@ metadata: annotations: flowercore.io/traceability-standard: k8s-pod-ownership-and-traceability-standard spec: - replicas: 2 + replicas: 0 revisionHistoryLimit: 3 selector: matchLabels: