|
|
bb9a4e6d8b
|
longhorn: read oauth2-proxy secrets from vault
|
2026-01-14 17:48:12 -03:00 |
|
|
|
fb671865e5
|
vault: inject remaining services with wrappers
|
2026-01-14 17:29:09 -03:00 |
|
|
|
89f4b0dbdf
|
vault: stabilize injector templates and add health apps
|
2026-01-14 13:40:29 -03:00 |
|
|
|
b1f9df4d83
|
vault: sync harbor pulls
|
2026-01-14 10:07:31 -03:00 |
|
|
|
b8e50bb0a6
|
monitoring: move grafana smtp to vault
|
2026-01-14 06:41:34 -03:00 |
|
|
|
37302664c2
|
vault: add remaining secret syncs
|
2026-01-14 06:16:42 -03:00 |
|
|
|
de3db3133b
|
vault(consumption): sync secrets via CSI
|
2026-01-14 05:07:23 -03:00 |
|
|
|
8d526e383f
|
vault: send oidc role payload as json
|
2026-01-14 03:45:03 -03:00 |
|
|
|
4111fb079f
|
vault: write bound_claims as file
|
2026-01-14 02:56:29 -03:00 |
|
|
|
fd2ae6bdd5
|
vault: wire more services to CSI
|
2026-01-14 02:54:59 -03:00 |
|
|
|
8a358832f3
|
vault: fix oidc scopes parsing
|
2026-01-14 02:52:51 -03:00 |
|
|
|
c3541b72c3
|
vault: run oidc config with sh
|
2026-01-14 02:28:38 -03:00 |
|
|
|
55234f8536
|
vault: align oidc roles with keycloak
|
2026-01-14 02:24:32 -03:00 |
|
|
|
50aec198a4
|
fix: detect vault initialized state correctly
|
2026-01-14 01:42:28 -03:00 |
|
|
|
cb5796cb71
|
fix: make vault k8s auth script posix
|
2026-01-14 01:38:27 -03:00 |
|
|
|
5a9ceeab24
|
fix: run vault k8s auth config with sh
|
2026-01-14 01:35:06 -03:00 |
|
|
|
b82195f2d7
|
feat: start vault consumption for outline and planka
|
2026-01-14 01:30:41 -03:00 |
|
|
|
4a1c4766b8
|
feat: add harbor/vault oidc automation
|
2026-01-14 01:07:47 -03:00 |
|
|
|
77ecf3229e
|
vault: use dedicated service account for k8s auth
|
2025-12-25 03:43:17 -03:00 |
|
|
|
4d47e2c693
|
vault: revert ui default auth block (not supported)
|
2025-12-24 20:16:33 -03:00 |
|
|
|
cf2e4c8bb2
|
jitsi: require auth to start rooms; vault ui default oidc
|
2025-12-24 20:11:29 -03:00 |
|
|
|
dba8364c74
|
vault: probes use http VAULT_ADDR for http listener
|
2025-12-20 00:09:44 -03:00 |
|
|
|
e354f8bc3f
|
vault: keep probes HTTPS, drop ingress backend tweaks
|
2025-12-20 00:03:11 -03:00 |
|
|
|
fa977a69f4
|
vault: run http inside cluster (tls terminated at ingress)
|
2025-12-19 23:54:28 -03:00 |
|
|
|
d3ca57eabf
|
vault: backend over https with serversTransport
|
2025-12-19 23:52:19 -03:00 |
|
|
|
c2dfba67c2
|
vault: remove serversTransport, speak http to service
|
2025-12-19 23:51:32 -03:00 |
|
|
|
f243be21e6
|
vault: drop unused redirect middleware
|
2025-12-19 23:50:44 -03:00 |
|
|
|
75b62e5ae2
|
vault: add traefik redirect middleware
|
2025-12-19 23:49:34 -03:00 |
|
|
|
af3d453e86
|
vault: let traefik speak http to service
|
2025-12-19 23:48:40 -03:00 |
|
|
|
65f8b7c893
|
vault: correct serversTransport reference
|
2025-12-19 23:16:20 -03:00 |
|
|
|
303e7e770f
|
vault: traefik serversTransport must include namespace
|
2025-12-19 21:08:10 -03:00 |
|
|
|
0071f13063
|
vault: pin to worker arm64 nodes
|
2025-12-19 21:02:49 -03:00 |
|
|
|
3db523335d
|
vault: fix traefik serversTransport name
|
2025-12-19 20:58:29 -03:00 |
|
|
|
524868b05d
|
vault: fix manifest and disable mlock
|
2025-12-19 20:32:10 -03:00 |
|
|
|
7533cec0ee
|
vault: drop helm, add raw statefulset
|
2025-12-19 19:30:09 -03:00 |
|
|
|
38ab8e3364
|
standardize cert issuers to letsencrypt
|
2025-12-12 15:18:40 -03:00 |
|
|
|
20cd185c0b
|
vault: drop traefik basicauth
|
2025-12-11 17:09:05 -03:00 |
|
|
|
2f368f6975
|
zot,vault: remove oauth2-proxy sso
|
2025-12-11 17:04:19 -03:00 |
|
|
|
6c62d42f7a
|
longhorn/vault: gate via oauth2-proxy
|
2025-12-07 19:44:02 -03:00 |
|
|
|
a7e9f1f7d8
|
auth: remove error middleware to allow redirect
|
2025-12-07 13:19:45 -03:00 |
|
|
|
24fbaad040
|
auth: forward-auth via external auth host (svc traffic flaky)
|
2025-12-07 13:03:29 -03:00 |
|
|
|
4a089876ba
|
auth: use internal oauth2-proxy svc for forward-auth
|
2025-12-07 11:25:29 -03:00 |
|
|
|
20bb776625
|
auth: add 401 redirect middleware to oauth2-proxy
|
2025-12-07 11:14:25 -03:00 |
|
|
|
5e59f20bc3
|
auth: point forward-auth to external auth host
|
2025-12-07 11:09:09 -03:00 |
|
|
|
27e5c9391c
|
auth: add namespace-local forward-auth middlewares
|
2025-12-07 10:25:44 -03:00 |
|
|
|
8d5e6c267c
|
auth: wire oauth2-proxy and enable grafana oidc
|
2025-12-07 02:01:21 -03:00 |
|
|
|
7107558e41
|
restore external longhorn-ui
|
2025-09-05 02:12:45 -05:00 |
|
|
|
0268cc1377
|
added vault auth
|
2025-08-21 08:02:43 -05:00 |
|
|
|
9070c2653f
|
added vault auth
|
2025-08-21 07:41:55 -05:00 |
|
|
|
24542a6092
|
need certs
|
2025-08-19 22:15:57 -05:00 |
|
