plexsphere

Appearance

Seed tenancy Domains

plexsphere-bootstrap is the one-shot binary that seeds the initial Domain aggregates and, optionally, their IdPBinding aggregates from an operator-supplied manifest. It is not a plexctl command — it runs as a Kubernetes Job (or a local binary) ahead of first use.

Prerequisites

  • A reachable Postgres, with the migrate Job already applied.
  • The plexsphere-bootstrap:dev image (side-loaded by the kind dev stack) or a local build: go build -o ./bin/plexsphere-bootstrap ./cmd/plexsphere-bootstrap.

Steps

Author the manifest

yaml
domains:
  - slug: acme-corp
    display_name: Acme Corp
    mesh_cidr: 10.64.0.0/12

idp_bindings:
  - domain_slug: acme-corp
    issuer: https://dex.example.com
    client_id: plexsphere
    client_secret_ref: secret://dev/plexsphere-dex-public

IdP bindings (idp_bindings:)

The optional top-level idp_bindings: block binds each seeded Domain to an OIDC IdP at seed time. On the dev overlay the dev-only secret reference is the sentinel secret://dev/plexsphere-dex-public.

IdPBinding seeding (post-manifest). Bindings not in the manifest are created afterwards via plexctl domain-idp create — see Manage IdP bindings.

Run the binary

shell
plexsphere-bootstrap --manifest ./bootstrap.yaml --database-url "${DATABASE_URL}"

In-cluster this is the bootstrap Job; it is idempotent and safe to re-run.

Publishing the runtime-config artefact in the dev overlay

The dev overlay no longer publishes a runtime-config artefact. The in-tree dashboard that consumed it — and the publish step that wrote the resolved Domain/binding UUIDs into a ConfigMap for it — have been removed. The seeded Domain and IdP-binding UUIDs now live solely in Postgres; read them directly when you need them, for example to drive plexctl login:

shell
kubectl exec statefulset/postgres -- \
  env PGPASSWORD=plexsphere psql -U plexsphere -d plexsphere -tAc \
  "SELECT d.slug, d.id, b.id
     FROM plexsphere.domains d
     JOIN plexsphere.idp_bindings b
       ON b.domain_id = d.id AND b.status = 'active'
    ORDER BY d.slug"

Verification

shell
psql "${DATABASE_URL}" -c "SELECT slug FROM domains ORDER BY slug;"

See also