|
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Viktor asked to fix emo's permission so his Claude can upload to the Excalidraw service. emo's recent sessions show the documented upload recipe (kubectl port-forward svc/draw + X-Authentik-Username header, from his ~/.claude/CLAUDE.md) failing with: pods/portforward forbidden for system:serviceaccount:chrome-service:emo-browser in namespace excalidraw because his default kubeconfig is the read-only emo-browser SA (its port-forward grant covers only chrome-service) and his old admin kubeconfig at /home/emo/code/config expired and was removed. Add a namespace-scoped Role (pods/portforward create) + RoleBinding for that SA in the excalidraw namespace, mirroring the 2026-06-28 chrome-service grant. Trade-off (any-user drawings via the trusted username header) documented in the file and accepted. Also record the grant in docs/architecture/chrome-service.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| agent-task-tracking.md | ||
| authentication.md | ||
| automated-upgrades.md | ||
| backup-dr.md | ||
| chrome-service.md | ||
| ci-cd.md | ||
| compute.md | ||
| databases.md | ||
| dns.md | ||
| homepage.md | ||
| incident-response.md | ||
| llama-cpp.md | ||
| mailserver.md | ||
| monitoring.md | ||
| multi-tenancy.md | ||
| networking.md | ||
| overview.md | ||
| secrets.md | ||
| security.md | ||
| storage.md | ||
| vpn.md | ||
| wave1-egress-observation-2026-05-22.md | ||