infra/k8s/base/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: workclub-config
  labels:
    app: workclub
data:
  log-level: "Information"
  cors-origins: "http://localhost:3000,http://192.168.240.200:30080"
  api-base-url: "http://192.168.240.200:30081"
  keycloak-url: "http://192.168.240.200:30082"
  keycloak-authority: "http://192.168.240.200:30082/realms/workclub"
  keycloak-audience: "workclub-api"
  keycloak-realm: "workclub"
  
  # Database configuration
  database-host: "workclub-postgres"
  database-port: "5432"
  database-name: "workclub"

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: postgres-init
  labels:
    app: workclub-postgres
data:
  init.sql: |
    -- Create keycloak database and user
    CREATE DATABASE keycloak;
    CREATE USER keycloak WITH PASSWORD 'keycloakpass';
    GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
    
    -- Keycloak database permissions
    \c keycloak
    GRANT ALL PRIVILEGES ON SCHEMA public TO keycloak;
    ALTER SCHEMA public OWNER TO keycloak;
    
    -- Application database permissions
    \c workclub
    GRANT ALL PRIVILEGES ON SCHEMA public TO app;
    ALTER SCHEMA public OWNER TO app;

    -- App admin role for RLS bypass policies used by API startup seed
    DO $$
    BEGIN
      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
        CREATE ROLE app_admin;
      END IF;
    END
    $$;
    GRANT app_admin TO app WITH INHERIT FALSE, SET TRUE;
    GRANT USAGE ON SCHEMA public TO app_admin;
    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
    ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON TABLES TO app_admin;
    ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;
feat(domain): add core entities — Club, Member, WorkItem, Shift with state machine - Create domain entities in WorkClub.Domain/Entities: Club, Member, WorkItem, Shift, ShiftSignup - Implement enums: SportType, ClubRole, WorkItemStatus - Add ITenantEntity interface for multi-tenancy support - Implement state machine validation on WorkItem with C# 14 switch expressions - Valid transitions: Open→Assigned→InProgress→Review→Done, Review→InProgress (rework) - All invalid transitions throw InvalidOperationException - TDD approach: Write tests first, 12/12 passing - Use required properties with explicit Guid/Guid? for foreign keys - DateTimeOffset for timestamps (timezone-aware, multi-tenant friendly) - RowVersion byte[] for optimistic concurrency control - No navigation properties yet (deferred to EF Core task) - No domain events or validation attributes (YAGNI for MVP) 2026-03-03 14:09:25 +01:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: workclub-config`
			`labels:`
			`app: workclub`
			`data:`
			`log-level: "Information"`
feat(k8s): expose workclub services via LAN NodePorts Expose frontend, API, and Keycloak on stable NodePorts and align app/keycloak external URLs for local-network browser access. 2026-03-13 06:33:50 +01:00			`cors-origins: "http://localhost:3000,http://192.168.240.200:30080"`
			`api-base-url: "http://192.168.240.200:30081"`
			`keycloak-url: "http://192.168.240.200:30082"`
			`keycloak-authority: "http://192.168.240.200:30082/realms/workclub"`
fix(k8s): stabilize keycloak rollout and align CD deploy manifests Update Keycloak probe/realm import behavior and authority config so auth services start reliably on the dev cluster, while keeping CD deployment steps aligned with the actual Kubernetes overlay behavior. 2026-03-13 06:25:07 +01:00			`keycloak-audience: "workclub-api"`
feat(domain): add core entities — Club, Member, WorkItem, Shift with state machine - Create domain entities in WorkClub.Domain/Entities: Club, Member, WorkItem, Shift, ShiftSignup - Implement enums: SportType, ClubRole, WorkItemStatus - Add ITenantEntity interface for multi-tenancy support - Implement state machine validation on WorkItem with C# 14 switch expressions - Valid transitions: Open→Assigned→InProgress→Review→Done, Review→InProgress (rework) - All invalid transitions throw InvalidOperationException - TDD approach: Write tests first, 12/12 passing - Use required properties with explicit Guid/Guid? for foreign keys - DateTimeOffset for timestamps (timezone-aware, multi-tenant friendly) - RowVersion byte[] for optimistic concurrency control - No navigation properties yet (deferred to EF Core task) - No domain events or validation attributes (YAGNI for MVP) 2026-03-03 14:09:25 +01:00			`keycloak-realm: "workclub"`

			`# Database configuration`
			`database-host: "workclub-postgres"`
			`database-port: "5432"`
			`database-name: "workclub"`

			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: postgres-init`
			`labels:`
			`app: workclub-postgres`
			`data:`
			`init.sql: \|`
			`-- Create keycloak database and user`
			`CREATE DATABASE keycloak;`
			`CREATE USER keycloak WITH PASSWORD 'keycloakpass';`
			`GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;`

			`-- Keycloak database permissions`
			`\c keycloak`
			`GRANT ALL PRIVILEGES ON SCHEMA public TO keycloak;`
			`ALTER SCHEMA public OWNER TO keycloak;`

			`-- Application database permissions`
			`\c workclub`
			`GRANT ALL PRIVILEGES ON SCHEMA public TO app;`
			`ALTER SCHEMA public OWNER TO app;`
fix(k8s): stabilize keycloak rollout and align CD deploy manifests Update Keycloak probe/realm import behavior and authority config so auth services start reliably on the dev cluster, while keeping CD deployment steps aligned with the actual Kubernetes overlay behavior. 2026-03-13 06:25:07 +01:00
			`-- App admin role for RLS bypass policies used by API startup seed`
			`DO $$`
			`BEGIN`
			`IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN`
			`CREATE ROLE app_admin;`
			`END IF;`
			`END`
			`$$;`
			`GRANT app_admin TO app WITH INHERIT FALSE, SET TRUE;`
			`GRANT USAGE ON SCHEMA public TO app_admin;`
			`GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;`
			`GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;`
			`ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON TABLES TO app_admin;`
			`ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;`