bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,324 Commits 14 Branches 0 Tags
Commit Graph

68 Commits

Author SHA1 Message Date
Brad Stein
f5231d282b vault: allow UI mount listing for admins 2026-01-16 02:06:31 -03:00
Brad Stein
bb1bf3c017 fix ingress tls routing 2026-01-16 01:40:50 -03:00
Brad Stein
5899c9acb3 vault: allow admin policy to update shared secrets 2026-01-15 04:17:14 -03:00
Brad Stein
c30f1fc587 vault: allow sso role to read portal admin secret 2026-01-15 03:46:58 -03:00
Brad Stein
feb9d6997c vault: prepopulate oidc job 2026-01-15 02:22:52 -03:00
Brad Stein
9e6673d02e vault: default oidc claims type 2026-01-15 02:20:53 -03:00
Brad Stein
d69545cdb5 vault: harden oidc claims type 2026-01-15 02:18:50 -03:00
Brad Stein
756a1af2e6 vault: allow oidc tuning 2026-01-15 02:16:55 -03:00
Brad Stein
74a2b3e28d vault: use static token reviewer 2026-01-15 02:14:08 -03:00
Brad Stein
e885c7d6ce vault: allow vault-admin token review 2026-01-15 02:09:34 -03:00
Brad Stein
86c9951cc4 vault: add admin role for config jobs 2026-01-15 02:06:28 -03:00
Brad Stein
85c3d9c2f7 vault: finalize sidecar migration 2026-01-15 01:52:24 -03:00
Brad Stein
82090c1953 vault: read oidc config from vault 2026-01-14 23:20:04 -03:00
Brad Stein
bb9a4e6d8b longhorn: read oauth2-proxy secrets from vault 2026-01-14 17:48:12 -03:00
Brad Stein
fb671865e5 vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00
Brad Stein
89f4b0dbdf vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00
Brad Stein
b1f9df4d83 vault: sync harbor pulls 2026-01-14 10:07:31 -03:00
Brad Stein
b8e50bb0a6 monitoring: move grafana smtp to vault 2026-01-14 06:41:34 -03:00
Brad Stein
37302664c2 vault: add remaining secret syncs 2026-01-14 06:16:42 -03:00
Brad Stein
de3db3133b vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00
Brad Stein
8d526e383f vault: send oidc role payload as json 2026-01-14 03:45:03 -03:00
Brad Stein
4111fb079f vault: write bound_claims as file 2026-01-14 02:56:29 -03:00
Brad Stein
fd2ae6bdd5 vault: wire more services to CSI 2026-01-14 02:54:59 -03:00
Brad Stein
8a358832f3 vault: fix oidc scopes parsing 2026-01-14 02:52:51 -03:00
Brad Stein
c3541b72c3 vault: run oidc config with sh 2026-01-14 02:28:38 -03:00
Brad Stein
55234f8536 vault: align oidc roles with keycloak 2026-01-14 02:24:32 -03:00
Brad Stein
50aec198a4 fix: detect vault initialized state correctly 2026-01-14 01:42:28 -03:00
Brad Stein
cb5796cb71 fix: make vault k8s auth script posix 2026-01-14 01:38:27 -03:00
Brad Stein
5a9ceeab24 fix: run vault k8s auth config with sh 2026-01-14 01:35:06 -03:00
Brad Stein
b82195f2d7 feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00
Brad Stein
4a1c4766b8 feat: add harbor/vault oidc automation 2026-01-14 01:07:47 -03:00
Brad Stein
77ecf3229e vault: use dedicated service account for k8s auth 2025-12-25 03:43:17 -03:00
Brad Stein
4d47e2c693 vault: revert ui default auth block (not supported) 2025-12-24 20:16:33 -03:00
Brad Stein
cf2e4c8bb2 jitsi: require auth to start rooms; vault ui default oidc 2025-12-24 20:11:29 -03:00
Brad Stein
dba8364c74 vault: probes use http VAULT_ADDR for http listener 2025-12-20 00:09:44 -03:00
Brad Stein
e354f8bc3f vault: keep probes HTTPS, drop ingress backend tweaks 2025-12-20 00:03:11 -03:00
Brad Stein
fa977a69f4 vault: run http inside cluster (tls terminated at ingress) 2025-12-19 23:54:28 -03:00
Brad Stein
d3ca57eabf vault: backend over https with serversTransport 2025-12-19 23:52:19 -03:00
Brad Stein
c2dfba67c2 vault: remove serversTransport, speak http to service 2025-12-19 23:51:32 -03:00
Brad Stein
f243be21e6 vault: drop unused redirect middleware 2025-12-19 23:50:44 -03:00
Brad Stein
75b62e5ae2 vault: add traefik redirect middleware 2025-12-19 23:49:34 -03:00
Brad Stein
af3d453e86 vault: let traefik speak http to service 2025-12-19 23:48:40 -03:00
Brad Stein
65f8b7c893 vault: correct serversTransport reference 2025-12-19 23:16:20 -03:00
Brad Stein
303e7e770f vault: traefik serversTransport must include namespace 2025-12-19 21:08:10 -03:00
Brad Stein
0071f13063 vault: pin to worker arm64 nodes 2025-12-19 21:02:49 -03:00
Brad Stein
3db523335d vault: fix traefik serversTransport name 2025-12-19 20:58:29 -03:00
Brad Stein
524868b05d vault: fix manifest and disable mlock 2025-12-19 20:32:10 -03:00
Brad Stein
7533cec0ee vault: drop helm, add raw statefulset 2025-12-19 19:30:09 -03:00
Brad Stein
38ab8e3364 standardize cert issuers to letsencrypt 2025-12-12 15:18:40 -03:00
Brad Stein
20cd185c0b vault: drop traefik basicauth 2025-12-11 17:09:05 -03:00