|
|
d957e7e7f7
|
vault: read oidc config from vault
|
2026-01-14 23:20:04 -03:00 |
|
|
|
fb05c442f5
|
longhorn: read oauth2-proxy secrets from vault
|
2026-01-14 17:48:12 -03:00 |
|
|
|
4f99000aab
|
vault: inject remaining services with wrappers
|
2026-01-14 17:29:09 -03:00 |
|
|
|
4279db1619
|
vault: stabilize injector templates and add health apps
|
2026-01-14 13:40:29 -03:00 |
|
|
|
c9483b2d80
|
vault: sync harbor pulls
|
2026-01-14 10:07:31 -03:00 |
|
|
|
e897858d97
|
monitoring: move grafana smtp to vault
|
2026-01-14 06:41:34 -03:00 |
|
|
|
c24c7284e5
|
vault: add remaining secret syncs
|
2026-01-14 06:16:42 -03:00 |
|
|
|
bdc32b7a36
|
vault(consumption): sync secrets via CSI
|
2026-01-14 05:07:23 -03:00 |
|
|
|
58a9eb8a35
|
vault: send oidc role payload as json
|
2026-01-14 03:45:03 -03:00 |
|
|
|
3bcf04f754
|
vault: write bound_claims as file
|
2026-01-14 02:56:29 -03:00 |
|
|
|
3c65695dfc
|
vault: wire more services to CSI
|
2026-01-14 02:54:59 -03:00 |
|
|
|
7d884b2bc8
|
vault: fix oidc scopes parsing
|
2026-01-14 02:52:51 -03:00 |
|
|
|
ca0c618f82
|
vault: run oidc config with sh
|
2026-01-14 02:28:38 -03:00 |
|
|
|
0d9291da7e
|
vault: align oidc roles with keycloak
|
2026-01-14 02:24:32 -03:00 |
|
|
|
8567cfbee2
|
fix: detect vault initialized state correctly
|
2026-01-14 01:42:28 -03:00 |
|
|
|
ed7ff3b810
|
fix: make vault k8s auth script posix
|
2026-01-14 01:38:27 -03:00 |
|
|
|
c096b35078
|
fix: run vault k8s auth config with sh
|
2026-01-14 01:35:06 -03:00 |
|
|
|
5d53d900aa
|
feat: start vault consumption for outline and planka
|
2026-01-14 01:30:41 -03:00 |
|
|
|
ac1389b75b
|
feat: add harbor/vault oidc automation
|
2026-01-14 01:07:47 -03:00 |
|
|
|
5bc84c9b3e
|
vault: use dedicated service account for k8s auth
|
2025-12-25 03:43:17 -03:00 |
|
|
|
1ca0201ec1
|
vault: revert ui default auth block (not supported)
|
2025-12-24 20:16:33 -03:00 |
|
|
|
2c6d2a9ebd
|
jitsi: require auth to start rooms; vault ui default oidc
|
2025-12-24 20:11:29 -03:00 |
|
|
|
3b7c7da9df
|
vault: probes use http VAULT_ADDR for http listener
|
2025-12-20 00:09:44 -03:00 |
|
|
|
b0b8f5c093
|
vault: keep probes HTTPS, drop ingress backend tweaks
|
2025-12-20 00:03:11 -03:00 |
|
|
|
acbdc76a31
|
vault: run http inside cluster (tls terminated at ingress)
|
2025-12-19 23:54:28 -03:00 |
|
|
|
6d8c47183f
|
vault: backend over https with serversTransport
|
2025-12-19 23:52:19 -03:00 |
|
|
|
c04c72023f
|
vault: remove serversTransport, speak http to service
|
2025-12-19 23:51:32 -03:00 |
|
|
|
2b827de291
|
vault: drop unused redirect middleware
|
2025-12-19 23:50:44 -03:00 |
|
|
|
c393d8775d
|
vault: add traefik redirect middleware
|
2025-12-19 23:49:34 -03:00 |
|
|
|
e7fdc23164
|
vault: let traefik speak http to service
|
2025-12-19 23:48:40 -03:00 |
|
|
|
c39d9000e4
|
vault: correct serversTransport reference
|
2025-12-19 23:16:20 -03:00 |
|
|
|
f79ccf54db
|
vault: traefik serversTransport must include namespace
|
2025-12-19 21:08:10 -03:00 |
|
|
|
ada2fadafa
|
vault: pin to worker arm64 nodes
|
2025-12-19 21:02:49 -03:00 |
|
|
|
89bd03679c
|
vault: fix traefik serversTransport name
|
2025-12-19 20:58:29 -03:00 |
|
|
|
5da0e57aa2
|
vault: fix manifest and disable mlock
|
2025-12-19 20:32:10 -03:00 |
|
|
|
f6b5edd590
|
vault: drop helm, add raw statefulset
|
2025-12-19 19:30:09 -03:00 |
|
|
|
78a542b81a
|
standardize cert issuers to letsencrypt
|
2025-12-12 15:18:40 -03:00 |
|
|
|
efd258fc71
|
vault: drop traefik basicauth
|
2025-12-11 17:09:05 -03:00 |
|
|
|
3852ebc0f1
|
zot,vault: remove oauth2-proxy sso
|
2025-12-11 17:04:19 -03:00 |
|
|
|
88db462f8f
|
longhorn/vault: gate via oauth2-proxy
|
2025-12-07 19:44:02 -03:00 |
|
|
|
e44def25f8
|
auth: remove error middleware to allow redirect
|
2025-12-07 13:19:45 -03:00 |
|
|
|
088fed6720
|
auth: forward-auth via external auth host (svc traffic flaky)
|
2025-12-07 13:03:29 -03:00 |
|
|
|
84aa870cda
|
auth: use internal oauth2-proxy svc for forward-auth
|
2025-12-07 11:25:29 -03:00 |
|
|
|
876ec19543
|
auth: add 401 redirect middleware to oauth2-proxy
|
2025-12-07 11:14:25 -03:00 |
|
|
|
ec1d33f1ca
|
auth: point forward-auth to external auth host
|
2025-12-07 11:09:09 -03:00 |
|
|
|
571bf759a2
|
auth: add namespace-local forward-auth middlewares
|
2025-12-07 10:25:44 -03:00 |
|
|
|
7525289a0c
|
auth: wire oauth2-proxy and enable grafana oidc
|
2025-12-07 02:01:21 -03:00 |
|
|
|
7107558e41
|
restore external longhorn-ui
|
2025-09-05 02:12:45 -05:00 |
|
|
|
0268cc1377
|
added vault auth
|
2025-08-21 08:02:43 -05:00 |
|
|
|
9070c2653f
|
added vault auth
|
2025-08-21 07:41:55 -05:00 |
|
