viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
infra/docs/adr
History
Viktor Barzin 6c5288998f
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Details
goldmane-trail: polish follow-ups #57/#59/#61/#62/#63 + digest→#alerts 
Completes the Goldmane who-talks-to-whom trail (ADR-0014), implemented by a
subagent workflow (distinct stacks in parallel, docs last):

- #57 Whisker gated ingress: ingress_factory (whisker.viktorbarzin.me,
  auth=required, Authentik-gated) + a NetworkPolicy allowing traefik->whisker:8081
  (the operator's whisker NP default-denies ingress). calico stack.
- #61 pipeline health: AggregatorDown + DigestFailing Prometheus alerts
  (prometheus_chart_values.tpl) + cluster-health check #48.
- #59 service-identity labels on the multi-Service namespaces (monitoring's 5
  TF-managed deployments + dbaas), with the KYVERNO_LIFECYCLE_V1 marker so they
  update in-place.
- #62/#63 docs: docs/runbooks/goldmane-flow-trail.md (new), service-catalog,
  security.md + monitoring.md east-west sections, ADR-0014 as-built, CONTEXT.md.
  #62 = the SQL to derive the Wave-1 per-namespace egress allowlist from the
  edge table (feeds code-8ywc; enforce-flips out of scope).

Also fixes the digest's Slack target: #security override 404s channel_not_found
because the shared alertmanager_slack_api_url webhook's app isn't a member of
#security (this likely also breaks alertmanager's slack-security receiver — flagged
in the runbook). Routed to #alerts (the webhook's working channel) until the app
is invited; verified a real digest run posts cleanly (360 edges).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-25 17:49:25 +00:00
..
0001-android-emulator-in-cluster.md android-emulator: new stack — shared in-cluster Android 16 testing instance 2026-06-11 19:51:57 +00:00
0002-all-image-builds-off-infra-gha-ghcr.md docs: ADR-0002 — all owned image builds move off-infra to GHA + ghcr [ci skip] 2026-06-12 19:55:47 +00:00
0003-keep-forgejo-canonical-complete-mirror.md docs(adr-0003): keep Forgejo canonical, complete the GitHub mirror (reject swap) 2026-06-15 21:32:28 +00:00
0004-homelab-unified-cli.md homelab: v0.1 docs, distribution wiring, and version 2026-06-18 19:25:51 +00:00
0005-homelab-v01-scope.md homelab: v0.1 docs, distribution wiring, and version 2026-06-18 19:25:51 +00:00
0006-homelab-work-and-tf.md homelab: v0.1 docs, distribution wiring, and version 2026-06-18 19:25:51 +00:00
0007-homelab-k8s-verbs.md homelab: v0.2.0 — docs + version for the k8s verb-group 2026-06-18 22:30:41 +00:00
0008-homelab-memory-verbs.md homelab: add memory verb-group (v0.3.0) — direct claude-memory HTTP client 2026-06-19 05:56:25 +00:00
0009-homelab-ci-deploy-verbs.md homelab: v0.4.0 — ci/deploy verbs (watch what you trigger) 2026-06-19 10:59:14 +00:00
0010-homelab-net-obs-verbs.md homelab: v0.5.0 — net/dns/metrics/logs probes (endpoint resolution) 2026-06-19 11:27:31 +00:00
0011-homelab-usage-telemetry.md homelab: v0.6.0 — usage telemetry (usage top), evidence-driven verb prioritization 2026-06-19 22:29:01 +00:00
0012-homelab-ha-verbs.md homelab ha token: dedicated openclaw/ha-tokens secret + least-priv RBAC for emo 2026-06-21 10:45:32 +00:00
0013-homelab-browser-verbs.md homelab v0.8.0: browser verbs for headful anti-bot web automation 2026-06-22 12:22:22 +00:00
0014-service-identity-and-east-west-observability.md goldmane-trail: polish follow-ups #57/#59/#61/#62/#63 + digest→#alerts 2026-06-25 17:49:25 +00:00