a65b356c9d
Durable image bump for FlowerCore.Updater main a6c3354 (PRs #63-#66): hosted-service + request-path SQLite DateTimeOffset fixes, StopHost restored + per-tick resilience, Shared.Settings 1.0.1. Image built + imported to rke2-server. Un-degrades the Phase-9 provenance verifier + settings poll (were stopped under the removed global Ignore mask). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
fc-updater — Update Center GitOps adoption
Status: adopted into bluejay-infra on 2026-05-06. The live ArgoCD
Application is infra-fc-updater, generated by the bluejay-infra
ApplicationSet with automated sync, prune: true, and selfHeal: true.
Managed manifest set
apps/fc-updater/fc-updater.yaml manages:
Namespace/fc-updaterPersistentVolumeClaim/updatecenter-dataDeployment/updatecenter-webService/updatecenter-webCertificate/updatecenter-web-tlsCertificate/updatecenter-web-internal-tlsIngressRoute/updatecenter-webIngressRoute/updatecenter-web-internalIngressRoute/updatecenter-web-public
The Deployment intentionally sets revisionHistoryLimit: 3 and
strategy.type: Recreate. The service is singleton + SQLite/local bundle
storage on PersistentVolumeClaim/updatecenter-data, pinned to
rke2-server.
Runtime dependencies intentionally not stored here
These live Secrets are pre-existing runtime material and are not committed to Git:
updater-bootstrap-authupdater-signingupdater-webhookscf-origin-flowercore-io
Rotate the Cloudflare Origin Certificate through
FlowerCore.Notes/docs/standards/code-signing-rotation-runbook.md; the
shared origin cert must exist in every namespace that serves a
*.flowercore.io public IngressRoute.
Verification
kubectl.exe --kubeconfig C:\Users\AndrewStoltz\.kube\rke2.yaml -n argocd get application infra-fc-updater
kubectl.exe --kubeconfig C:\Users\AndrewStoltz\.kube\rke2.yaml -n fc-updater get deploy,svc,ingressroute,certificate,pvc
curl.exe -sk https://update.flowercore.io/api/v1/manifests/_schema