titan-iac

Author	SHA1	Message	Date
Brad Stein	78a542b81a	standardize cert issuers to letsencrypt	2025-12-12 15:18:40 -03:00
Brad Stein	3fbcc435f0	mailu: fix unbound sidecar mounts	2025-12-12 01:19:27 -03:00
Brad Stein	cf06e4b92a	mailu: use mvance unbound sidecar and current redis image	2025-12-12 01:12:48 -03:00
Brad Stein	842b1c2fb4	mailu: remove force upgrade to avoid pvc replace	2025-12-12 01:09:25 -03:00
Brad Stein	a8c7525fc2	mailu: add validating dns sidecar and disable vip hostports	2025-12-12 01:06:38 -03:00
Brad Stein	a7704beda6	restore docs after gitignore change	2025-12-12 00:50:02 -03:00
Brad Stein	27deb933bc	mailu: fix admin dns and tame vip	2025-12-12 00:49:45 -03:00
Brad Stein	0771bc954d	mailu: capture helm release and cert	2025-12-11 23:54:43 -03:00
Brad Stein	55fa2cbce4	zot: restore main branch config	2025-12-11 17:26:15 -03:00
Brad Stein	d5a526c5fa	zot: revert to unauthenticated registry	2025-12-11 17:22:16 -03:00
Brad Stein	efd258fc71	vault: drop traefik basicauth	2025-12-11 17:09:05 -03:00
Brad Stein	3852ebc0f1	zot,vault: remove oauth2-proxy sso	2025-12-11 17:04:19 -03:00
Brad Stein	88db462f8f	longhorn/vault: gate via oauth2-proxy	2025-12-07 19:44:02 -03:00
Brad Stein	e44def25f8	auth: remove error middleware to allow redirect	2025-12-07 13:19:45 -03:00
Brad Stein	7ae8bf9705	oauth2-proxy: drop groups scope to avoid invalid_scope	2025-12-07 13:09:29 -03:00
Brad Stein	088fed6720	auth: forward-auth via external auth host (svc traffic flaky)	2025-12-07 13:03:29 -03:00
Brad Stein	84e4dc0616	oauth2-proxy: schedule on worker rpis	2025-12-07 12:49:38 -03:00
Brad Stein	96a8d271a9	oauth2-proxy: ensure error middleware on auth ingress	2025-12-07 12:03:14 -03:00
Brad Stein	84aa870cda	auth: use internal oauth2-proxy svc for forward-auth	2025-12-07 11:25:29 -03:00
Brad Stein	876ec19543	auth: add 401 redirect middleware to oauth2-proxy	2025-12-07 11:14:25 -03:00
Brad Stein	ec1d33f1ca	auth: point forward-auth to external auth host	2025-12-07 11:09:09 -03:00
Brad Stein	1de9d94138	oauth2-proxy: temporarily drop group restriction	2025-12-07 10:42:13 -03:00
Brad Stein	571bf759a2	auth: add namespace-local forward-auth middlewares	2025-12-07 10:25:44 -03:00
Brad Stein	7525289a0c	auth: wire oauth2-proxy and enable grafana oidc	2025-12-07 02:01:21 -03:00
Brad Stein	c7b73555c4	add oauth2-proxy for SSO forward-auth	2025-12-06 14:42:24 -03:00
Brad Stein	de727eee07	keycloak: restrict to worker rpis with titan-24 fallback	2025-12-06 01:44:23 -03:00
Brad Stein	2122ce3e31	keycloak: require rpi nodes with titan-24 fallback	2025-12-06 01:40:24 -03:00
Brad Stein	f2d496c6c0	keycloak: prefer rpi nodes, avoid titan-24	2025-12-06 01:36:33 -03:00
Brad Stein	127d09755e	keycloak: honor xforwarded headers and hostname url	2025-12-06 01:23:07 -03:00
Brad Stein	9f5e61ebed	keycloak: enable health/metrics management port	2025-12-06 00:51:47 -03:00
Brad Stein	b1b39c4dcd	keycloak: set fsGroup for data volume	2025-12-06 00:49:17 -03:00
Brad Stein	65d8986279	keycloak: remove optimized flag for first start	2025-12-06 00:43:24 -03:00
Brad Stein	2906e3e5d9	monitoring: show GPU share over dashboard range	2025-12-02 20:28:35 -03:00
Brad Stein	7e46ffc075	keycloak: add raw manifests backed by shared postgres	2025-12-02 17:58:19 -03:00
Brad Stein	42b3ac0139	monitoring: show top12 root disks	2025-12-02 15:21:02 -03:00
Brad Stein	e53ca4dd91	monitoring: expand worker/control/root rows	2025-12-02 15:15:21 -03:00
Brad Stein	134e39d9a4	monitoring: shrink hottest node row height	2025-12-02 15:12:16 -03:00
Brad Stein	12fd5229dc	monitoring: fix gpu share query and root bar labels	2025-12-02 14:56:36 -03:00
Brad Stein	1963fadec1	monitoring: polish dashboards and folders	2025-12-02 14:41:39 -03:00
Brad Stein	d23e2fe78c	monitoring: regen dashboards with gpu details	2025-12-02 13:16:00 -03:00
Brad Stein	e7d521f203	monitoring: mirror dcgm-exporter as multi-arch	2025-12-02 12:36:24 -03:00
Brad Stein	54e4a1ed93	monitoring: run dcgm-exporter with nvidia runtime	2025-12-02 12:25:30 -03:00
Brad Stein	9895695b36	monitoring: always pull dcgm-exporter tag	2025-12-02 12:19:16 -03:00
Brad Stein	2fc73097ba	monitoring: add registry pull secret for dcgm-exporter	2025-12-02 12:07:11 -03:00
Brad Stein	7b1cc7061a	monitoring: allow dcgm rollout with unavailable node	2025-12-02 11:59:55 -03:00
Brad Stein	f44370c41f	monitoring: use mirrored dcgm-exporter tag	2025-12-02 11:54:53 -03:00
Brad Stein	3fbaa54f4f	monitoring: reenable dcgm exporter	2025-11-20 13:11:13 -03:00
Brad Stein	f7f124ad71	monitoring: control-plane stat and namespace share tweaks	2025-11-18 17:09:13 -03:00
Brad Stein	d062c10675	monitoring: refine network metrics and control-plane allowance	2025-11-18 16:18:52 -03:00
Brad Stein	97b7b479bc	monitoring: adjust overview spacing and net panels	2025-11-18 15:55:24 -03:00

1 2 3 4 5

237 Commits