Status

Recorded current state

GitOps
spoke-dc-cluster-config recorded Synced/Healthy from local spoke Argo CD status.
Storage
ODF remains on intended localblock topology.
OADP
lab-dpa reconciled, BSL available, latest daily backup completed in the recorded run.
Identity
WSO2 IS was removed. OAuth IDP is Google only.
Local app middleware
Demo middleware was retired from spoke desired state. Non-core app middleware is not tracked as part of the OpenShift core operations scope.
User workload metrics
Enabled; user workload Prometheus, Thanos ruler, and the Prometheus operator should run here.
Vault / ESO
SecretStore/rke2-vault is Ready=True and ExternalSecret/eso-vault-smoke is synced through the kubernetes-spoke-dc Vault auth mount. Existing Argo drift is non-ESO drift in monitoring/Velero resources.

Service mesh

OSSM 3 state

App readiness

What is needed next

Workload base

Create a Java/JBoss app base in lab-workloads with deployment, service, config, health checks, and overlay placement.

External dependency policy

Document external app dependencies only when they affect OpenShift routing, egress, secrets, monitoring, or backup policy.

Secret dependency

Use the validated Vault/ESO pattern, but create app-specific Vault policy, role, and ExternalSecret resources before storing app credentials.

Mesh onboarding

Opt the app namespace into ambient only after the workload manifests and routing intent are defined.

DR choice

Decide whether the app also lands in spoke-dr as hot standby or remains active-only during initial validation.