OPP Wiki

Lab Infrastructure

Project Memory

Durable handoff context for continuing work from a new laptop.

Project Memory

Last updated: 2026-05-07

This file is the durable handoff memory for the project. It should contain the context needed to continue work from a new laptop after cloning the repository.

Do not store secret values here. Store only references, names, URLs, commands, and decisions that are safe to keep in git.

Repository

ItemValue
GitHub repositoryhttps://github.com/zeshaq/opp-test-app
Default branchmain
Cloudflare Pages sitehttps://opp-test-app-wiki.pages.dev
Cloudflare Pages projectopp-test-app-wiki
Local project path when created/Users/ze/Documents/opp-test-app

Purpose

This repository is a lightweight infrastructure wiki for the OPP test environment. It tracks safe operational knowledge, decision records, deployment automation, and agent working rules.

Durable Source Of Truth

FileWhat to update
INFRASTRUCTURE.mdCluster access details, verification dates, API endpoints, and safe command examples.
CHANGELOG.mdEvery meaningful tracked-file change, newest first.
ADR.mdDecisions that should survive context loss or laptop changes.
AGENTS.mdRules for future automation and agent behavior.
MEMORY.mdDurable project context and handoff notes.
README.mdPublic entrypoint, local build instructions, and deployment link.

Infrastructure Access Memory

Cluster access goes through dl385. Treat dl385 as the required jump host for OpenShift and RKE2 operations.

Cluster access was verified from ze@dl385 on 2026-05-07.

OpenShift clusters use oc with ocpctx <cluster> on dl385:

hub-dc hub-dr spoke-dc spoke-dr

RKE2 clusters use kubectl with kubeconfigs on dl385:

rke2 rke2-dr

Kubeconfig files live on dl385 under:

~/.kube/configs/<cluster>.kubeconfig

Never copy kubeconfig contents into git. See INFRASTRUCTURE.md for the full safe access matrix.

Vault Replication Memory

RKE2 DC Vault replication export now uses Vault Kubernetes auth instead of a static Vault token.

Current shape:

Argo CD app: argocd/vault-replication
GitOps repo: http://30.30.30.5/infra/gitops-rke2.git
GitOps path: clusters/dc/manifests/vault-replication
GitOps commit: 15a6d90
Vault auth path: kubernetes/
Vault role: vault-replicator-export
Kubernetes ServiceAccount: vault/vault-replicator

The live vault/vault-replicator Secret no longer stores VAULT_TOKEN. It now keeps only:

VAULT_ADDR
MINIO_URL
MINIO_AK
MINIO_SK

Vault-side auth configuration still exists as live Vault state, not as full GitOps-managed manifests.

Deployment Memory

The wiki is generated from Markdown by:

npm run build

The build writes static files to dist/.

Pushes to main run:

.github/workflows/deploy-pages.yml

That workflow deploys dist/ to Cloudflare Pages project opp-test-app-wiki.

GitHub Actions secrets required for deployment:

CLOUDFLARE_API_TOKEN
CLOUDFLARE_ACCOUNT_ID

Do not store these values in git.

Local Secrets Memory

During setup, local secret files existed at:

secrets/github_token
secrets/cloudflare-token-for-pages

The secrets/ directory is intentionally ignored. If changing laptops, recreate local secrets from the password manager, GitHub, or Cloudflare, not from this repo.

Git Ignore Memory

The following local paths are intentionally ignored:

secrets/
node_modules/
dist/
.wrangler/
.DS_Store
*.log

Change Discipline

Every meaningful tracked-file change should update:

CHANGELOG.md

If the change alters durable operating context, also update:

MEMORY.md

If the change alters a long-lived decision, also update:

ADR.md

New Laptop Bootstrap

Use this sequence after moving to a new machine:

git clone git@github.com:zeshaq/opp-test-app.git
cd opp-test-app
npm run build

Then recreate local secrets if operational work requires GitHub or Cloudflare CLI access:

secrets/github_token
secrets/cloudflare-token-for-pages

For cluster access, SSH to dl385; do not expect kubeconfigs or direct cluster network access to be present on a replacement laptop.