48 lines
1.6 KiB
Markdown
48 lines
1.6 KiB
Markdown
# fc-updater — Update Center GitOps adoption
|
|
|
|
**Status:** adopted into `bluejay-infra` on 2026-05-06. The live ArgoCD
|
|
Application is `infra-fc-updater`, generated by the `bluejay-infra`
|
|
ApplicationSet with automated sync, `prune: true`, and `selfHeal: true`.
|
|
|
|
## Managed manifest set
|
|
|
|
`apps/fc-updater/fc-updater.yaml` manages:
|
|
|
|
- `Namespace/fc-updater`
|
|
- `PersistentVolumeClaim/updatecenter-data`
|
|
- `Deployment/updatecenter-web`
|
|
- `Service/updatecenter-web`
|
|
- `Certificate/updatecenter-web-tls`
|
|
- `Certificate/updatecenter-web-internal-tls`
|
|
- `IngressRoute/updatecenter-web`
|
|
- `IngressRoute/updatecenter-web-internal`
|
|
- `IngressRoute/updatecenter-web-public`
|
|
|
|
The Deployment intentionally sets `revisionHistoryLimit: 3` and
|
|
`strategy.type: Recreate`. The service is singleton + SQLite/local bundle
|
|
storage on `PersistentVolumeClaim/updatecenter-data`, pinned to
|
|
`rke2-server`.
|
|
|
|
## Runtime dependencies intentionally not stored here
|
|
|
|
These live Secrets are pre-existing runtime material and are not committed to
|
|
Git:
|
|
|
|
- `updater-bootstrap-auth`
|
|
- `updater-signing`
|
|
- `updater-webhooks`
|
|
- `cf-origin-flowercore-io`
|
|
|
|
Rotate the Cloudflare Origin Certificate through
|
|
`FlowerCore.Notes/docs/standards/code-signing-rotation-runbook.md`; the
|
|
shared origin cert must exist in every namespace that serves a
|
|
`*.flowercore.io` public IngressRoute.
|
|
|
|
## Verification
|
|
|
|
```powershell
|
|
kubectl.exe --kubeconfig C:\Users\AndrewStoltz\.kube\rke2.yaml -n argocd get application infra-fc-updater
|
|
kubectl.exe --kubeconfig C:\Users\AndrewStoltz\.kube\rke2.yaml -n fc-updater get deploy,svc,ingressroute,certificate,pvc
|
|
curl.exe -sk https://update.flowercore.io/api/v1/manifests/_schema
|
|
```
|