ae0d7984c4
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Records the design reached in a /grill-with-docs session: how to track which Service talks to which as more Services are added, using k8s-native options. Decision: service identity = the workload's namespace (primary) plus a `service-identity` label only in the few multi-Service namespaces; east-west observability = Calico 3.30 Goldmane/Whisker (already in our Calico v3.30.7, currently disabled) emitting to Loki for a durable trail; enforcement reuses the existing Wave 1 egress track. Dedicated per-Service ServiceAccounts deferred and a service mesh / mTLS / SPIFFE rejected — the trust model needs attribution-grade forensics on a trusted, etcd-constrained cluster, not cryptographic non-repudiation. This is the service-mesh evaluation the 2026-04-20 infra audit flagged as missing; rejected alternatives (Retina, Hubble, Kiali, a custom Alloy enricher) are recorded with rationale. Adds glossary terms (Service identity, Goldmane / Whisker) to CONTEXT.md. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| 0001-android-emulator-in-cluster.md | ||
| 0002-all-image-builds-off-infra-gha-ghcr.md | ||
| 0003-keep-forgejo-canonical-complete-mirror.md | ||
| 0004-homelab-unified-cli.md | ||
| 0005-homelab-v01-scope.md | ||
| 0006-homelab-work-and-tf.md | ||
| 0007-homelab-k8s-verbs.md | ||
| 0008-homelab-memory-verbs.md | ||
| 0009-homelab-ci-deploy-verbs.md | ||
| 0010-homelab-net-obs-verbs.md | ||
| 0011-homelab-usage-telemetry.md | ||
| 0012-homelab-ha-verbs.md | ||
| 0013-homelab-browser-verbs.md | ||
| 0014-service-identity-and-east-west-observability.md | ||