diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 9974d163..b66b944a 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -198,14 +198,14 @@ jobs: --from-literal=CAMELEER_SERVER_SECURITY_JWTSECRET="${CAMELEER_JWT_SECRET}" \ --dry-run=client -o yaml | kubectl apply -f - - kubectl create secret generic postgres-credentials \ + kubectl create secret generic cameleer-postgres-credentials \ --namespace=cameleer \ --from-literal=POSTGRES_USER="$POSTGRES_USER" \ --from-literal=POSTGRES_PASSWORD="$POSTGRES_PASSWORD" \ --from-literal=POSTGRES_DB="${POSTGRES_DB:-cameleer}" \ --dry-run=client -o yaml | kubectl apply -f - - kubectl create secret generic logto-credentials \ + kubectl create secret generic cameleer-logto-credentials \ --namespace=cameleer \ --from-literal=PG_USER="${LOGTO_PG_USER:-logto}" \ --from-literal=PG_PASSWORD="${LOGTO_PG_PASSWORD}" \ @@ -213,20 +213,20 @@ jobs: --from-literal=ADMIN_ENDPOINT="${LOGTO_ADMIN_ENDPOINT}" \ --dry-run=client -o yaml | kubectl apply -f - - kubectl create secret generic clickhouse-credentials \ + kubectl create secret generic cameleer-clickhouse-credentials \ --namespace=cameleer \ --from-literal=CLICKHOUSE_USER="${CLICKHOUSE_USER:-default}" \ --from-literal=CLICKHOUSE_PASSWORD="$CLICKHOUSE_PASSWORD" \ --dry-run=client -o yaml | kubectl apply -f - - kubectl apply -f deploy/postgres.yaml - kubectl -n cameleer rollout status statefulset/postgres --timeout=120s + kubectl apply -f deploy/cameleer-postgres.yaml + kubectl -n cameleer rollout status statefulset/cameleer-postgres --timeout=120s - kubectl apply -f deploy/clickhouse.yaml - kubectl -n cameleer rollout status statefulset/clickhouse --timeout=180s + kubectl apply -f deploy/cameleer-clickhouse.yaml + kubectl -n cameleer rollout status statefulset/cameleer-clickhouse --timeout=180s - kubectl apply -f deploy/logto.yaml - kubectl -n cameleer rollout status deployment/logto --timeout=180s + kubectl apply -f deploy/cameleer-logto.yaml + kubectl -n cameleer rollout status deployment/cameleer-logto --timeout=180s kubectl apply -k deploy/overlays/main kubectl -n cameleer set image deployment/cameleer3-server \ @@ -283,7 +283,7 @@ jobs: run: kubectl create namespace "$BRANCH_NS" --dry-run=client -o yaml | kubectl apply -f - - name: Copy secrets from cameleer namespace run: | - for SECRET in gitea-registry postgres-credentials clickhouse-credentials cameleer-auth; do + for SECRET in gitea-registry cameleer-postgres-credentials cameleer-clickhouse-credentials cameleer-auth; do kubectl get secret "$SECRET" -n cameleer -o json \ | jq 'del(.metadata.namespace, .metadata.resourceVersion, .metadata.uid, .metadata.creationTimestamp, .metadata.managedFields)' \ | kubectl apply -n "$BRANCH_NS" -f - @@ -358,8 +358,8 @@ jobs: --namespace=cameleer \ --image=postgres:16 \ --restart=Never \ - --env="PGPASSWORD=$(kubectl get secret postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)" \ - --command -- sh -c "psql -h postgres -U $(kubectl get secret postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_USER}' | base64 -d) -d cameleer3 -c 'DROP SCHEMA IF EXISTS ${BRANCH_SCHEMA} CASCADE'" + --env="PGPASSWORD=$(kubectl get secret cameleer-postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)" \ + --command -- sh -c "psql -h cameleer-postgres -U $(kubectl get secret cameleer-postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_USER}' | base64 -d) -d cameleer3 -c 'DROP SCHEMA IF EXISTS ${BRANCH_SCHEMA} CASCADE'" kubectl wait --for=condition=Ready pod/cleanup-schema-${BRANCH_SLUG} -n cameleer --timeout=30s || true kubectl wait --for=jsonpath='{.status.phase}'=Succeeded pod/cleanup-schema-${BRANCH_SLUG} -n cameleer --timeout=60s || true kubectl delete pod cleanup-schema-${BRANCH_SLUG} -n cameleer --ignore-not-found diff --git a/CLAUDE.md b/CLAUDE.md index 8517c6da..23d2c58d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -192,7 +192,7 @@ ClickHouse: `cameleer3-server-app/src/main/resources/clickhouse/init.sql` (run i - K8s manifests in `deploy/` — Kustomize base + overlays (main/feature), shared infra (PostgreSQL, ClickHouse, Logto) as top-level manifests - Deployment target: k3s at 192.168.50.86, namespace `cameleer` (main), `cam-` (feature branches) - Feature branches: isolated namespace, PG schema; Traefik Ingress at `-api.cameleer.siegeln.net` -- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`): `cameleer-auth`, `postgres-credentials`, `clickhouse-credentials` +- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`): `cameleer-auth`, `cameleer-postgres-credentials`, `cameleer-clickhouse-credentials` - K8s probes: server uses `/api/v1/health`, PostgreSQL uses `pg_isready -U "$POSTGRES_USER"` (env var, not hardcoded) - K8s security: server and database pods run with `securityContext.runAsNonRoot`. UI (nginx) runs without securityContext (needs root for entrypoint setup). - Docker: server Dockerfile has no default credentials — all DB config comes from env vars at runtime @@ -381,7 +381,7 @@ Mean processing time = `camel.route.policy.total_time / camel.route.policy.count # GitNexus — Code Intelligence -This project is indexed by GitNexus as **cameleer3-server** (6031 symbols, 15304 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. +This project is indexed by GitNexus as **cameleer3-server** (6027 symbols, 15299 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first. diff --git a/HOWTO.md b/HOWTO.md index 9034ecb4..2a63a59b 100644 --- a/HOWTO.md +++ b/HOWTO.md @@ -146,7 +146,7 @@ curl -s -X PUT http://localhost:8081/api/v1/admin/oidc \ -H "Authorization: Bearer $TOKEN" \ -d '{ "enabled": true, - "issuerUri": "http://logto:3001/oidc", + "issuerUri": "http://cameleer-logto:3001/oidc", "clientId": "your-client-id", "clientSecret": "your-client-secret", "rolesClaim": "realm_access.roles", @@ -187,7 +187,7 @@ Logto is proxy-aware via `TRUST_PROXY_HEADER=1`. The `LOGTO_ENDPOINT` and `LOGTO 6. **Configure resource server** (for M2M token validation): ``` CAMELEER_SERVER_SECURITY_OIDCISSUERURI=/oidc - CAMELEER_SERVER_SECURITY_OIDCJWKSETURI=http://logto:3001/oidc/jwks + CAMELEER_SERVER_SECURITY_OIDCJWKSETURI=http://cameleer-logto:3001/oidc/jwks CAMELEER_SERVER_SECURITY_OIDCAUDIENCE= CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY=true # optional — skip cert verification for self-signed CAs ``` @@ -510,8 +510,8 @@ The full stack is deployed to k3s via CI/CD on push to `main`. K8s manifests are ``` cameleer namespace: - PostgreSQL (StatefulSet, 10Gi PVC) ← postgres:5432 (ClusterIP) - ClickHouse (StatefulSet, 10Gi PVC) ← clickhouse:8123 (ClusterIP) + PostgreSQL (StatefulSet, 10Gi PVC) ← cameleer-postgres:5432 (ClusterIP) + ClickHouse (StatefulSet, 10Gi PVC) ← cameleer-clickhouse:8123 (ClusterIP) cameleer3-server (Deployment) ← NodePort 30081 cameleer3-ui (Deployment, Nginx) ← NodePort 30090 cameleer-deploy-demo (Deployment) ← NodePort 30092 @@ -549,10 +549,10 @@ kubectl -n cameleer get pods kubectl -n cameleer logs -f deploy/cameleer3-server # View PostgreSQL logs -kubectl -n cameleer logs -f statefulset/postgres +kubectl -n cameleer logs -f statefulset/cameleer-postgres # View ClickHouse logs -kubectl -n cameleer logs -f statefulset/clickhouse +kubectl -n cameleer logs -f statefulset/cameleer-clickhouse # Restart server kubectl -n cameleer rollout restart deployment/cameleer3-server diff --git a/deploy/base/server.yaml b/deploy/base/server.yaml index 5329325a..ab22820e 100644 --- a/deploy/base/server.yaml +++ b/deploy/base/server.yaml @@ -28,22 +28,22 @@ spec: - name: SPRING_DATASOURCE_USERNAME valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_USER - name: SPRING_DATASOURCE_PASSWORD valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_PASSWORD - name: SPRING_FLYWAY_USER valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_USER - name: SPRING_FLYWAY_PASSWORD valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_PASSWORD - name: CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN valueFrom: @@ -71,16 +71,16 @@ spec: key: CAMELEER_SERVER_SECURITY_JWTSECRET optional: true - name: CAMELEER_SERVER_CLICKHOUSE_URL - value: "jdbc:clickhouse://clickhouse.cameleer.svc.cluster.local:8123/cameleer" + value: "jdbc:clickhouse://cameleer-clickhouse.cameleer.svc.cluster.local:8123/cameleer" - name: CAMELEER_SERVER_CLICKHOUSE_USERNAME valueFrom: secretKeyRef: - name: clickhouse-credentials + name: cameleer-clickhouse-credentials key: CLICKHOUSE_USER - name: CAMELEER_SERVER_CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: clickhouse-credentials + name: cameleer-clickhouse-credentials key: CLICKHOUSE_PASSWORD resources: diff --git a/deploy/clickhouse.yaml b/deploy/cameleer-clickhouse.yaml similarity index 93% rename from deploy/clickhouse.yaml rename to deploy/cameleer-clickhouse.yaml index d8414bcb..23709083 100644 --- a/deploy/clickhouse.yaml +++ b/deploy/cameleer-clickhouse.yaml @@ -1,36 +1,36 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: clickhouse + name: cameleer-clickhouse namespace: cameleer spec: - serviceName: clickhouse + serviceName: cameleer-clickhouse replicas: 1 selector: matchLabels: - app: clickhouse + app: cameleer-clickhouse template: metadata: labels: - app: clickhouse + app: cameleer-clickhouse spec: securityContext: runAsNonRoot: true runAsUser: 101 fsGroup: 101 containers: - - name: clickhouse + - name: cameleer-clickhouse image: clickhouse/clickhouse-server:24.12 env: - name: CLICKHOUSE_USER valueFrom: secretKeyRef: - name: clickhouse-credentials + name: cameleer-clickhouse-credentials key: CLICKHOUSE_USER - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: clickhouse-credentials + name: cameleer-clickhouse-credentials key: CLICKHOUSE_PASSWORD - name: CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT value: "1" @@ -78,10 +78,10 @@ spec: volumes: - name: initdb configMap: - name: clickhouse-initdb + name: cameleer-clickhouse-initdb - name: config configMap: - name: clickhouse-config + name: cameleer-clickhouse-config volumeClaimTemplates: - metadata: name: data @@ -94,12 +94,12 @@ spec: apiVersion: v1 kind: Service metadata: - name: clickhouse + name: cameleer-clickhouse namespace: cameleer spec: clusterIP: None selector: - app: clickhouse + app: cameleer-clickhouse ports: - port: 8123 targetPort: 8123 @@ -111,7 +111,7 @@ spec: apiVersion: v1 kind: ConfigMap metadata: - name: clickhouse-config + name: cameleer-clickhouse-config namespace: cameleer data: # Server-level tuning for 4Gi container. @@ -199,7 +199,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: clickhouse-initdb + name: cameleer-clickhouse-initdb namespace: cameleer data: 01-create-database.sql: | diff --git a/deploy/logto.yaml b/deploy/cameleer-logto.yaml similarity index 82% rename from deploy/logto.yaml rename to deploy/cameleer-logto.yaml index 62cbee11..c36bda86 100644 --- a/deploy/logto.yaml +++ b/deploy/cameleer-logto.yaml @@ -1,7 +1,7 @@ # Logto OIDC Provider for Cameleer # Provides external identity management with OAuth2/OIDC. # -# Logto is proxy-aware: ENDPOINT and ADMIN_ENDPOINT (from logto-credentials secret) +# Logto is proxy-aware: ENDPOINT and ADMIN_ENDPOINT (from cameleer-logto-credentials secret) # set the public-facing URLs that Logto advertises in OIDC discovery, redirects, etc. # When behind a reverse proxy (e.g., Traefik), set these to the external URLs. # @@ -16,21 +16,21 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: logto-postgresql + name: cameleer-logto-postgresql namespace: cameleer spec: - serviceName: logto-postgresql + serviceName: cameleer-logto-postgresql replicas: 1 selector: matchLabels: - app: logto-postgresql + app: cameleer-logto-postgresql template: metadata: labels: - app: logto-postgresql + app: cameleer-logto-postgresql spec: containers: - - name: postgresql + - name: cameleer-logto-postgresql image: postgres:16-alpine ports: - containerPort: 5432 @@ -40,12 +40,12 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - name: logto-credentials + name: cameleer-logto-credentials key: PG_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: logto-credentials + name: cameleer-logto-credentials key: PG_PASSWORD volumeMounts: - name: data @@ -80,12 +80,12 @@ spec: apiVersion: v1 kind: Service metadata: - name: logto-postgresql + name: cameleer-logto-postgresql namespace: cameleer spec: clusterIP: None selector: - app: logto-postgresql + app: cameleer-logto-postgresql ports: - port: 5432 targetPort: 5432 @@ -95,20 +95,20 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: logto + name: cameleer-logto namespace: cameleer spec: replicas: 1 selector: matchLabels: - app: logto + app: cameleer-logto template: metadata: labels: - app: logto + app: cameleer-logto spec: containers: - - name: logto + - name: cameleer-logto image: ghcr.io/logto-io/logto:latest command: ["sh", "-c", "npm run cli db seed -- --swe && npm start"] ports: @@ -122,24 +122,24 @@ spec: - name: PG_USER valueFrom: secretKeyRef: - name: logto-credentials + name: cameleer-logto-credentials key: PG_USER - name: PG_PASSWORD valueFrom: secretKeyRef: - name: logto-credentials + name: cameleer-logto-credentials key: PG_PASSWORD - name: DB_URL - value: "postgresql://$(PG_USER):$(PG_PASSWORD)@logto-postgresql:5432/logto" + value: "postgresql://$(PG_USER):$(PG_PASSWORD)@cameleer-logto-postgresql:5432/logto" - name: ENDPOINT valueFrom: secretKeyRef: - name: logto-credentials + name: cameleer-logto-credentials key: ENDPOINT - name: ADMIN_ENDPOINT valueFrom: secretKeyRef: - name: logto-credentials + name: cameleer-logto-credentials key: ADMIN_ENDPOINT resources: requests: @@ -168,12 +168,12 @@ spec: apiVersion: v1 kind: Service metadata: - name: logto + name: cameleer-logto namespace: cameleer spec: type: NodePort selector: - app: logto + app: cameleer-logto ports: - port: 3001 targetPort: 3001 diff --git a/deploy/postgres.yaml b/deploy/cameleer-postgres.yaml similarity index 82% rename from deploy/postgres.yaml rename to deploy/cameleer-postgres.yaml index 7cf8b983..c65135e4 100644 --- a/deploy/postgres.yaml +++ b/deploy/cameleer-postgres.yaml @@ -1,41 +1,41 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: postgres + name: cameleer-postgres namespace: cameleer spec: - serviceName: postgres + serviceName: cameleer-postgres replicas: 1 selector: matchLabels: - app: postgres + app: cameleer-postgres template: metadata: labels: - app: postgres + app: cameleer-postgres spec: securityContext: runAsNonRoot: true runAsUser: 999 fsGroup: 999 containers: - - name: postgres + - name: cameleer-postgres image: postgres:16 ports: - containerPort: 5432 - name: postgres + name: cameleer-pg env: - name: POSTGRES_DB value: cameleer3 - name: POSTGRES_USER valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_PASSWORD volumeMounts: - name: data @@ -79,26 +79,26 @@ spec: apiVersion: v1 kind: Service metadata: - name: postgres + name: cameleer-postgres namespace: cameleer spec: clusterIP: None selector: - app: postgres + app: cameleer-postgres ports: - port: 5432 targetPort: 5432 - name: postgres + name: cameleer-pg --- apiVersion: v1 kind: Service metadata: - name: postgres-external + name: cameleer-postgres-external namespace: cameleer spec: type: NodePort selector: - app: postgres + app: cameleer-postgres ports: - port: 5432 targetPort: 5432 diff --git a/deploy/overlays/feature/init-job.yaml b/deploy/overlays/feature/init-job.yaml index 803aa317..0222321d 100644 --- a/deploy/overlays/feature/init-job.yaml +++ b/deploy/overlays/feature/init-job.yaml @@ -13,18 +13,18 @@ spec: args: - | PGPASSWORD=$POSTGRES_PASSWORD psql \ - -h postgres.cameleer.svc.cluster.local \ + -h cameleer-postgres.cameleer.svc.cluster.local \ -U $POSTGRES_USER -d cameleer3 \ -c "CREATE SCHEMA IF NOT EXISTS BRANCH_SCHEMA" env: - name: POSTGRES_USER valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-credentials + name: cameleer-postgres-credentials key: POSTGRES_PASSWORD backoffLimit: 3 diff --git a/deploy/overlays/feature/kustomization.yaml b/deploy/overlays/feature/kustomization.yaml index e1887e78..8ecf91cc 100644 --- a/deploy/overlays/feature/kustomization.yaml +++ b/deploy/overlays/feature/kustomization.yaml @@ -24,7 +24,7 @@ patches: - name: server env: - name: SPRING_DATASOURCE_URL - value: "jdbc:postgresql://postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=BRANCH_SCHEMA" + value: "jdbc:postgresql://cameleer-postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=BRANCH_SCHEMA" - name: CAMELEER_SERVER_SECURITY_UIORIGIN value: "http://BRANCH_SLUG.cameleer.siegeln.net" # UI ConfigMap: branch-specific API URL diff --git a/deploy/overlays/main/kustomization.yaml b/deploy/overlays/main/kustomization.yaml index fec4eb76..1c0e9898 100644 --- a/deploy/overlays/main/kustomization.yaml +++ b/deploy/overlays/main/kustomization.yaml @@ -41,7 +41,7 @@ patches: - name: CAMELEER_SERVER_SECURITY_UIORIGIN value: "http://192.168.50.86:30090" - name: SPRING_DATASOURCE_URL - value: "jdbc:postgresql://postgres:5432/cameleer3?currentSchema=public" + value: "jdbc:postgresql://cameleer-postgres:5432/cameleer3?currentSchema=public" # UI ConfigMap: production API URL - target: kind: ConfigMap diff --git a/docker-compose.yml b/docker-compose.yml index 360f0d00..ff35acff 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,5 @@ services: - postgres: + cameleer-postgres: image: postgres:16 ports: - "5432:5432" @@ -8,7 +8,7 @@ services: POSTGRES_USER: cameleer POSTGRES_PASSWORD: cameleer_dev volumes: - - pgdata:/home/postgres/pgdata/data + - cameleer-pgdata:/home/postgres/pgdata/data volumes: - pgdata: + cameleer-pgdata: diff --git a/docs/SERVER-CAPABILITIES.md b/docs/SERVER-CAPABILITIES.md index 53f501f4..18acf41b 100644 --- a/docs/SERVER-CAPABILITIES.md +++ b/docs/SERVER-CAPABILITIES.md @@ -293,7 +293,7 @@ This applies to both M2M tokens (`scope` claim) and OIDC user login (configurabl | Variable | Purpose | |----------|---------| | `CAMELEER_SERVER_SECURITY_OIDCISSUERURI` | OIDC issuer URI for token validation (e.g., `https://auth.example.com/oidc`) | -| `CAMELEER_SERVER_SECURITY_OIDCJWKSETURI` | Direct JWKS URL (e.g., `http://logto:3001/oidc/jwks`) — use when public issuer isn't reachable from inside containers | +| `CAMELEER_SERVER_SECURITY_OIDCJWKSETURI` | Direct JWKS URL (e.g., `http://cameleer-logto:3001/oidc/jwks`) — use when public issuer isn't reachable from inside containers | | `CAMELEER_SERVER_SECURITY_OIDCAUDIENCE` | Expected audience (API resource indicator) | | `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY` | Skip TLS certificate verification for OIDC calls (default `false`) — use when provider has a self-signed CA | diff --git a/docs/superpowers/plans/2026-04-05-logto-oidc-resource-server.md b/docs/superpowers/plans/2026-04-05-logto-oidc-resource-server.md index 0236744c..dd6916d3 100644 --- a/docs/superpowers/plans/2026-04-05-logto-oidc-resource-server.md +++ b/docs/superpowers/plans/2026-04-05-logto-oidc-resource-server.md @@ -926,13 +926,13 @@ Logto is deployed alongside the Cameleer stack. After first deployment: 5. **Configure Cameleer**: Use the admin API (`PUT /api/v1/admin/oidc`) or set env vars for initial seeding: ``` CAMELEER_OIDC_ENABLED=true - CAMELEER_OIDC_ISSUER=http://logto:3001/oidc + CAMELEER_OIDC_ISSUER=http://cameleer-logto:3001/oidc CAMELEER_OIDC_CLIENT_ID= CAMELEER_OIDC_CLIENT_SECRET= ``` 6. **Configure resource server** (for M2M token validation): ``` - CAMELEER_OIDC_ISSUER_URI=http://logto:3001/oidc + CAMELEER_OIDC_ISSUER_URI=http://cameleer-logto:3001/oidc CAMELEER_OIDC_AUDIENCE=https://cameleer.siegeln.net/api ``` ``` @@ -948,7 +948,7 @@ Replace: With: ```json - "issuerUri": "http://logto:3001/oidc", + "issuerUri": "http://cameleer-logto:3001/oidc", ``` - [ ] **Step 3: Update HOWTO.md — replace infrastructure diagram** diff --git a/docs/superpowers/specs/2026-03-16-storage-layer-design.md b/docs/superpowers/specs/2026-03-16-storage-layer-design.md index 46014b73..5f9114c6 100644 --- a/docs/superpowers/specs/2026-03-16-storage-layer-design.md +++ b/docs/superpowers/specs/2026-03-16-storage-layer-design.md @@ -568,7 +568,7 @@ MetricsFlushScheduler (@Scheduled) ### Configuration Environment variables (existing pattern): -- `SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/cameleer3` +- `SPRING_DATASOURCE_URL=jdbc:postgresql://cameleer-postgres:5432/cameleer3` - `SPRING_DATASOURCE_USERNAME`, `SPRING_DATASOURCE_PASSWORD` - `OPENSEARCH_URL=http://opensearch:9200` - `CAMELEER_RETENTION_DAYS=30` (applies to both PostgreSQL and OpenSearch) diff --git a/docs/superpowers/specs/2026-03-31-clickhouse-migration-design.md b/docs/superpowers/specs/2026-03-31-clickhouse-migration-design.md index 6fb29e8d..2e7ad45e 100644 --- a/docs/superpowers/specs/2026-03-31-clickhouse-migration-design.md +++ b/docs/superpowers/specs/2026-03-31-clickhouse-migration-design.md @@ -746,7 +746,7 @@ public void enforceRetention() { ```yaml clickhouse: - url: jdbc:clickhouse://clickhouse:8123/cameleer?async_insert=1&wait_for_async_insert=0 + url: jdbc:clickhouse://cameleer-clickhouse:8123/cameleer?async_insert=1&wait_for_async_insert=0 username: cameleer_app password: ${CLICKHOUSE_PASSWORD} ``` diff --git a/docs/superpowers/specs/2026-04-05-logto-oidc-resource-server-design.md b/docs/superpowers/specs/2026-04-05-logto-oidc-resource-server-design.md index 353d8f4d..c77c646c 100644 --- a/docs/superpowers/specs/2026-04-05-logto-oidc-resource-server-design.md +++ b/docs/superpowers/specs/2026-04-05-logto-oidc-resource-server-design.md @@ -186,7 +186,7 @@ Update PUT handler default: `rolesClaim` from `realm_access.roles` to `roles`. | Variable | Purpose | Required | |----------|---------|----------| -| `CAMELEER_OIDC_ISSUER_URI` | Logto issuer URI (e.g., `http://logto:3001/oidc`) | No — when blank, no OIDC resource server | +| `CAMELEER_OIDC_ISSUER_URI` | Logto issuer URI (e.g., `http://cameleer-logto:3001/oidc`) | No — when blank, no OIDC resource server | | `CAMELEER_OIDC_AUDIENCE` | Expected audience / API resource indicator | No — when blank, audience not validated | ## Files Changed