Rename generic deployment/service/httproute to per-app suffixes (_fujarna,
_fuj-management) and add fuj-management deployment, service, httproute, and
bot-credentials secret. Namespace name corrected to fuj.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- docker-30/zot: add Zot OCI registry with on-demand sync to docker.io,
registry.k8s.io, ghcr.io, quay.io
- kubernetes-kvm-terraform: wire Kanidm OIDC via structured
AuthenticationConfiguration; add reference apiserver manifest and
join-node-02 helper
- servers: reorganize shadow/ under servers/, add saint vhost config and
utility-101 VM definition, add shadow hrajfrisbee.cz vhost and
storage-23 notes
- experiments: add notes and configs for e2b dev VM, kata + firecracker
on kube, microsandbox, orb-stack k3s (terraform + cloud-init), rke2
- vms/docker: document tailscale + node-exporter setup
- blog: stub post on Gateway API
- chore: gitignore tmp/, smtp_password, and the two local-only
credential caches; add per-project .claude/settings.json
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Upgrade Cilium helm release from 1.18.5 to 1.19.1 with gatewayClass creation enabled
- Escalate gitea CI service account to cluster-admin, add OIDC cluster-admin binding
- Deploy fujarna app with full manifest set (deployment, service, PVC, httproutes, external secret)
- Add Flux web UI via flux-operator OCI repository and helm release
- Add experiments kustomization with test resources for gateway API and certificates
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
vault:
- Add JWT auth backend bound to Gitea (jwks_url from gitea OIDC keys)
- Add gitea-ci-read policy scoped to secret/data/gitea/*
- Add JWT role gitea-ci (sub claim, bound to Gitea audience, 10m TTL)
- Add AppRole gitea-ci as alternative auth method for the same policy
- Add gitea-access-into-vault.md documenting the setup end-to-end
- Update terraform.tfstate (OpenTofu 1.11.5, new gitea-ci resources)
kanidm:
- Add run.sh with docker run command (pinned to v1.9.1)
- Add gitea-action-kubernetes-access.md documenting how to set up
a Kanidm service account and OAuth2 client for Gitea CI k8s access
- readme: add upgrade procedure, recover-account command, and
service account + API token setup for gitea-ci-token
maru-hleda-byt:
- Add --restart=always to docker run command
fuj-management:
- Add run.sh (new service config)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
