ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks
2026-05-10 18:53:49 +00:00
recruiter-responder: bump image_tag to 189ef901
2026-05-16 12:41:05 +00:00
recruiter-responder: bump image_tag to 189ef901
2026-05-16 12:41:05 +00:00
authentik: worker replicas 3 -> 2
2026-05-21 09:14:35 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
nfs-mirror: append transferred files to offsite-sync manifest
2026-05-24 15:32:22 +00:00
broker-sync: skip InvestEngine in IMAP CronJob
2026-05-26 21:19:31 +00:00
security(wave1): W1.6 expand observation from recruiter-responder pilot → tier 3+4 (82 namespaces)
2026-05-19 22:14:16 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
recruiter-responder: bump image_tag to 189ef901
2026-05-16 12:41:05 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
claude-agent-service: cut memory request 2Gi → 1Gi (limit 4Gi → 2Gi)
2026-05-23 10:03:42 +00:00
recruiter-responder: bump image_tag to 189ef901
2026-05-16 12:41:05 +00:00
mailserver: decommission SendGrid
2026-05-22 20:08:38 +00:00
cnpg: bump webhook-cert renewal threshold 7d -> 30d
2026-05-22 15:00:41 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
crowdsec: pin image to v1.7.8 + remove ENROLL_KEY, CAPI restored
2026-05-24 11:11:29 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
dbaas: require pod anti-affinity on pg-cluster (one PG per node)
2026-05-26 09:00:37 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
enrolled-patch stacks: ignore image drift from Keel auto-update
2026-05-16 13:24:16 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
recruiter-responder: bump image_tag to 189ef901
2026-05-16 12:41:05 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
fire-planner: COL refresh CronJob + Grafana Cost-of-Living dashboard
2026-05-22 14:15:38 +00:00
recruiter-responder: bump image_tag to 189ef901
2026-05-16 12:41:05 +00:00
Woodpecker CI deploy [CI SKIP]
2026-05-24 22:07:58 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
infra: add kubectl + authentik providers across 6 stacks
2026-05-21 08:07:22 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
cloud-init: hands-off k8s worker provisioning + 5 bug fixes
2026-05-26 11:52:00 +00:00
[infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip]
2026-04-18 21:19:48 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
Bucket A retrigger + Bucket D enrollment (5 module-nested stacks)
2026-05-16 23:10:38 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
Bucket A retrigger + Bucket D enrollment (5 module-nested stacks)
2026-05-16 23:10:38 +00:00
k8s-version-upgrade: ignore IngressTTFBCritical in halt-on-alert check
2026-05-24 01:10:44 +00:00
keel: re-enable with policy=patch (semver-bounded) + fix CI deny-privileged
2026-05-26 19:06:51 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
keel: re-enable with policy=patch (semver-bounded) + fix CI deny-privileged
2026-05-26 19:06:51 +00:00
infra: add kubectl + authentik providers across 6 stacks
2026-05-21 08:07:22 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
mailserver: decommission SendGrid
2026-05-22 20:08:38 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
infra: add kubectl + authentik providers across 6 stacks
2026-05-21 08:07:22 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
nextcloud(external_storage): add per-mount enableSharing option
2026-05-24 11:39:16 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
[dns] NodeLocal DNSCache — deploy DaemonSet to all nodes (WS C)
2026-04-19 15:46:41 +00:00
Woodpecker CI deploy [CI SKIP]
2026-05-16 23:17:44 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
nvidia: fix driver install deadlock + extend startup probe
2026-05-25 11:53:44 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
nfs-mirror: append transferred files to offsite-sync manifest
2026-05-24 15:32:22 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
paperless-mcp: deploy MCP for AI document search
2026-05-17 11:14:35 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
[infra] Add Cloudflare provider to all stack lock files and generated providers
2026-04-16 16:31:36 +00:00
Woodpecker CI deploy [CI SKIP]
2026-05-16 23:17:44 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
postiz: bump memory request 512Mi → 2Gi, limit 4Gi → 3Gi (right-size for next deploy)
2026-05-24 01:11:25 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
cloud-init: hands-off k8s worker provisioning + 5 bug fixes
2026-05-26 11:52:00 +00:00
[infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip]
2026-04-18 21:15:27 +00:00
[infra] Migrate Terraform state from local SOPS to PostgreSQL backend
2026-04-16 19:33:12 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
nfs-mirror: append transferred files to offsite-sync manifest
2026-05-24 15:32:22 +00:00
redis: tolerate up to 1KB of AOF tail corruption on load
2026-05-26 18:48:58 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
ci: retrigger v2 — apply pending Keel-enrolled stacks ( #697 was cancelled by #698 )
2026-05-16 13:47:13 +00:00
status-page: disable pusher CronJob to stop sdc write storm
2026-05-26 21:40:14 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
infra: add kubectl + authentik providers across 6 stacks
2026-05-21 08:07:22 +00:00
technitium: cut memory — primary 2Gi → 1Gi, secondary+tertiary 2Gi → 512Mi
2026-05-23 10:03:51 +00:00
terminal: probe + alerts after Traefik replica routing-table skew
2026-05-17 10:04:26 +00:00
ci: retrigger v3 — apply remaining 22 Keel-enrolled stacks
2026-05-16 14:06:39 +00:00
Woodpecker CI deploy [CI SKIP]
2026-05-26 21:09:48 +00:00
traefik: bump auth-proxy nginx header buffers to handle Authentik cookie pile
2026-05-23 08:34:33 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
ci: retrigger v3 — apply remaining 22 Keel-enrolled stacks
2026-05-16 14:06:39 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
Woodpecker CI deploy [CI SKIP]
2026-05-26 08:29:09 +00:00
trading-bot: revive K8s stack + add meet-kevin-watcher
2026-05-22 11:23:30 +00:00
vaultwarden: track :latest tag for Keel auto-upgrade (was 1.35.7)
2026-05-26 13:26:36 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
cluster-health: emergency-stop Keel + roll back image downgrades + quota raises
2026-05-26 18:48:50 +00:00
final wave: enroll immich + status-page, retrigger 17 pending Bucket A
2026-05-16 23:19:20 +00:00
state(dbaas): update encrypted state
2026-05-26 08:59:40 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
ci: retrigger v3 — apply remaining 22 Keel-enrolled stacks
2026-05-16 14:06:39 +00:00
xray: drop dead vless ingress + pin Service target_port
2026-05-24 01:13:54 +00:00
ci: retrigger v3 — apply remaining 22 Keel-enrolled stacks
2026-05-16 14:06:39 +00:00
498b01396c