96ba77a606
vault: - Add JWT auth backend bound to Gitea (jwks_url from gitea OIDC keys) - Add gitea-ci-read policy scoped to secret/data/gitea/* - Add JWT role gitea-ci (sub claim, bound to Gitea audience, 10m TTL) - Add AppRole gitea-ci as alternative auth method for the same policy - Add gitea-access-into-vault.md documenting the setup end-to-end - Update terraform.tfstate (OpenTofu 1.11.5, new gitea-ci resources) kanidm: - Add run.sh with docker run command (pinned to v1.9.1) - Add gitea-action-kubernetes-access.md documenting how to set up a Kanidm service account and OAuth2 client for Gitea CI k8s access - readme: add upgrade procedure, recover-account command, and service account + API token setup for gitea-ci-token maru-hleda-byt: - Add --restart=always to docker run command fuj-management: - Add run.sh (new service config) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Home Kubernetes
Home kubernetes lab IAC and documentation
helper commands & notes
export KUBECONFIG=/etc/kubernetes/admin.conf
alias k=kubectl
# install helm
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm
# cilium installation
helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium --version 1.15.5 --namespace kube-system --values cilium-values.yaml