Sten
69848e42f0
fix(infra): pin minio/mc tags + add postgres securityContext + harden bootstrap script
...
AI Code Review / ai-review (pull_request) Successful in 15s
Address ai-review feedback on PR #17 :
- Pin quay.io/minio/minio and mc to specific RELEASE tags (Renovate
will bump). 'latest' is unpredictable in GitOps.
- Bootstrap script: set -e -> set -euo pipefail.
- Postgres container: runAsNonRoot, uid/gid 999, drop ALL caps,
no privilege escalation. Matches PSS restricted profile.
2026-05-28 16:05:48 +02:00
Sten
416615a9e0
feat(infra): add forte-drop sealed secrets
...
AI Code Review / ai-review (pull_request) Successful in 5s
Pg and minio credentials sealed against upc-dev sealed-secrets-controller.
2026-05-28 15:56:24 +02:00
Sten
3ce93017f9
feat(infra): forte-drop postgres + minio for upc-dev
...
AI Code Review / ai-review (pull_request) Successful in 34s
Two new ArgoCD Applications:
- forte-drop-postgresql: in-cluster Postgres 16 StatefulSet, 5Gi PVC,
POSTGRES_DB=drops, creds from forte-drop-pg-creds SealedSecret.
- forte-drop-minio: in-cluster MinIO StatefulSet, 20Gi PVC, bootstrap
Job creates the 'drops' bucket post-sync, creds from
forte-drop-minio-creds SealedSecret.
Both live in namespace 'forte-drop'. Mirrors the Vaultwarden pattern.
Sealed secrets are added in a follow-up commit by the maintainer:
kubeseal --fetch-cert > pub.pem
kubeseal --cert pub.pem --format yaml < private/forte-drop-pg-creds.yaml > \
infra/overlays/upc-dev/forte-drop-postgresql/resources/forte-drop-pg-creds-sealed.yaml
kubeseal --cert pub.pem --format yaml < private/forte-drop-minio-creds.yaml > \
infra/overlays/upc-dev/forte-drop-minio/resources/forte-drop-minio-creds-sealed.yaml
2026-05-28 14:33:19 +02:00
c49d03d7f7
onlySSO
2026-05-16 23:04:11 +02:00
d47dba2ae5
signups
2026-05-16 22:12:04 +02:00
cf9eb47ecf
script fix
2026-05-16 22:08:56 +02:00
3eca723f05
diffs
2026-05-16 22:05:02 +02:00
f36996da11
script fix
2026-05-16 21:57:44 +02:00
6bf7db21d0
registrar error
2026-05-16 21:55:44 +02:00
2641d55784
scopes
2026-05-16 21:53:36 +02:00
117297effc
sso vw
2026-05-16 21:47:59 +02:00
fda90f9e01
adminToken enc
2026-05-16 21:34:34 +02:00
1124377d97
adminToken
2026-05-16 21:29:14 +02:00
c0710b89bb
no signup
2026-05-16 21:15:38 +02:00
d7bda18aea
domain
2026-05-16 21:11:17 +02:00
2796e1b9d3
name
2026-05-16 21:09:04 +02:00
d7a0c26117
icon
2026-05-16 21:08:36 +02:00
693f2f9168
homepage
2026-05-16 21:07:29 +02:00
2509ef062c
domain restriction
2026-05-16 20:58:00 +02:00
957757e557
host
2026-05-16 20:51:44 +02:00
070799da05
bitw
2026-05-16 20:49:25 +02:00
1a2817e537
domain fix
2026-05-16 20:42:17 +02:00
b47b0035f5
smtp auth
2026-05-16 20:38:21 +02:00
d3fac4d43e
smtp port
2026-05-16 20:34:22 +02:00
c37bd3ef04
from
2026-05-16 20:30:32 +02:00
ad661ba3dd
allow signup
2026-05-16 20:27:36 +02:00
a9625f96e6
db secrets
2026-05-16 20:23:58 +02:00
cb64edc927
cleanup
2026-05-16 20:18:48 +02:00
ac1c242fb9
kust
2026-05-16 20:17:14 +02:00
4b29c07fd6
secret
2026-05-16 20:15:37 +02:00
52732626e5
ignorediffs
2026-05-16 20:10:19 +02:00
8634436dd4
StatefulSet
2026-05-16 20:07:17 +02:00
a8baa169e9
secrets vw
2026-05-16 20:00:22 +02:00
73ef3a6e12
pg fix
2026-05-16 19:49:38 +02:00
302705d374
icon
2026-05-16 19:45:19 +02:00
f3286ef77e
homepage vw
2026-05-16 19:44:17 +02:00
74f4f86770
vw apps
2026-05-16 19:34:42 +02:00
f2c56156bf
vw postgres
2026-05-16 18:10:14 +02:00
21fb50ba00
vw fixes
2026-05-16 15:55:18 +02:00
b90b630b06
comment
2026-05-16 15:52:10 +02:00
66de9b8a0a
replicas
2026-05-16 15:48:13 +02:00
716c552be9
ns
2026-05-16 15:44:04 +02:00
f048b47a0f
vaultwarden
2026-05-16 15:39:55 +02:00
66f40427ee
mappings
2026-05-15 15:47:25 +02:00
332881cbd0
fix
2026-05-14 23:47:14 +02:00
f363afa087
browser flow override
2026-05-14 23:43:40 +02:00
bc42347cb6
gitea+ACCOUNT_LINKING
2026-05-14 21:30:53 +02:00
80d7bff4bc
groups
2026-05-14 21:18:17 +02:00
3644a3ec87
mappers
2026-05-14 21:14:57 +02:00
bd478478f1
fix attemt
2026-05-14 20:40:44 +02:00
