viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin 98f29edf34 technitium: CoreDNS rewrite forgejo.viktorbarzin.me -> Traefik ClusterIP 
In-cluster pods resolved forgejo.viktorbarzin.me to the public IP
(176.12.22.76) and hairpinned out through the WAN gateway, intermittently
timing out buildkit pushes from Woodpecker build pods (which, unlike
kubelet, don't use the per-node containerd Forgejo mirror). This silently
failed CI build-and-push for Forgejo-hosted repos (recruiter-responder
pipelines #15-#18 at the push step).

Add a CoreDNS `rewrite name exact forgejo.viktorbarzin.me
traefik.traefik.svc.cluster.local` so pods resolve to the Traefik ClusterIP
(reachable in-cluster, unlike the ETP=Local LB .203; the Service-name target
auto-tracks the ClusterIP so it can't rot on a Traefik renumber). Traefik's
*.viktorbarzin.me wildcard keeps SNI/TLS valid. Makes the per-pod
woodpecker-server hostAlias belt-and-suspenders.

Applied via targeted apply (coredns ConfigMap only, to avoid reconciling 7
unrelated pre-existing drifts in the stack) + verified:
- pod resolves forgejo.viktorbarzin.me -> 10.111.111.95 (Traefik ClusterIP)
- recruiter-responder pipeline #20 build-and-push succeeds via ClusterIP

Docs: networking.md (K8s cluster DNS path) + .claude/CLAUDE.md (forgejo
registry quick-ref). Advances beads code-yh33.

[ci skip]

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 07:34:30 +00:00
..
_template ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
actualbudget infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
affine infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
authentik keel+anubis: extend sweep to non-V2 raw deployments; fix anubis replicas validation 2026-05-29 06:02:24 +00:00
beads-server keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
blog infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
broker-sync broker-sync: unsuspend broker-sync-imap (IE structurally skipped at code level now) 2026-05-27 17:57:26 +00:00
calico security(wave1): W1.6 expand observation from recruiter-responder pilot → tier 3+4 (82 namespaces) 2026-05-19 22:14:16 +00:00
changedetection infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
chrome-service keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
city-guesser infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
claude-agent-service claude-agent-service: wire parallel execution (git-crypt mount, memory, MAX_CONCURRENCY) 2026-06-03 10:24:24 +00:00
claude-memory infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
cloudflared cloudflared: fix tunnel origin .200 -> Traefik svc DNS (full-site 502 outage) [ci skip] 2026-06-01 21:22:05 +00:00
cnpg cnpg: bump webhook-cert renewal threshold 7d -> 30d 2026-05-22 15:00:41 +00:00
coturn infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
crowdsec crowdsec: pin image to v1.7.8 + remove ENROLL_KEY, CAPI restored 2026-05-24 11:11:29 +00:00
cyberchef infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
dashy infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
dawarich infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
dbaas tripit: deploy stack + DB provisioning + ongoing mail-ingest [ci skip] 2026-05-30 10:23:11 +00:00
descheduler infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
diun infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
ebook2audiobook infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
ebooks keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
echo infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
excalidraw infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
external-secrets infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
f1-stream infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
fire-planner fire-planner: LLM_MODEL env var → qwen3vl-4b default (fits in current GPU headroom; immich-ml is holding ~10GB) 2026-06-01 19:50:41 +00:00
forgejo infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
freedify infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
freshrss infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
frigate infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
grampsweb infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
hackmd infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
headscale keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
health infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
hermes-agent hermes-agent: gate PVC on parked flag (clears PVCStuckPending) 2026-05-31 15:19:28 +00:00
homepage infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
immich infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
infra infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
infra-maintenance [infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip] 2026-04-18 21:19:48 +00:00
insta2spotify keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
instagram-poster keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
isponsorblocktv infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
job-hunter job-hunter: weekly above-target Slack alert CronJob 2026-06-02 20:49:42 +00:00
jsoncrack infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
k8s-dashboard infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
k8s-portal Bucket A retrigger + Bucket D enrollment (5 module-nested stacks) 2026-05-16 23:10:38 +00:00
k8s-version-upgrade k8s-version-upgrade: ignore IngressTTFBCritical in halt-on-alert check 2026-05-24 01:10:44 +00:00
keel keel: re-enable with policy=patch (semver-bounded) + fix CI deny-privileged 2026-05-26 19:06:51 +00:00
kms infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
kured kured: fix sentinel-gate OOM — 256Mi limit + self-restart leak guard 2026-05-31 14:49:04 +00:00
kyverno kyverno: strip orphaned keel.sh/match-tag fleet-wide (image-swap fix) 2026-06-01 19:50:41 +00:00
linkwarden infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
llama-cpp kms: revert files accidentally bundled into the docs commit 2026-06-01 10:36:49 +00:00
local-path keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
mailserver keel+anubis: extend sweep to non-V2 raw deployments; fix anubis replicas validation 2026-05-29 06:02:24 +00:00
matrix infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
meshcentral infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
metallb keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
metrics-server keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
monitoring infra: fix stale Traefik LB-IP refs + accurate LB-IP registry 2026-06-03 10:24:25 +00:00
n8n infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
navidrome infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
netbox infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
networking-toolbox infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
nextcloud infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
nfs-csi keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
nodelocal-dns [dns] NodeLocal DNSCache — deploy DaemonSet to all nodes (WS C) 2026-04-19 15:46:41 +00:00
novelapp infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
ntfy infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
nvidia keel: belt-and-suspenders opt-out for mysql/redis/nvidia-exporter 2026-05-26 21:53:10 +00:00
onlyoffice infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
openclaw infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
osm_routing infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
owntracks infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
paperless-mcp keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
paperless-ngx infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
payslip-ingest keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
phpipam keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
platform infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
plotting-book infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
poison-fountain infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
postiz postiz: adopt drifted resources into TF state; exclude stuck Helm release 2026-05-30 14:36:07 +00:00
priority-pass keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
privatebin infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
proxmox-csi cloud-init: hands-off k8s worker provisioning + 5 bug fixes 2026-05-26 11:52:00 +00:00
pvc-autoresizer [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
rbac [infra] Migrate Terraform state from local SOPS to PostgreSQL backend 2026-04-16 19:33:12 +00:00
real-estate-crawler infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
recruiter-responder keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
redis redis: revert 3-node Sentinel HA to single standalone instance [ci skip] 2026-05-30 17:49:43 +00:00
reloader infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
resume infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
reverse-proxy keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
rybbit infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
sealed-secrets keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
send infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
servarr infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
shadowsocks infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
speedtest infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
status-page status-page: disable pusher CronJob to stop sdc write storm 2026-05-26 21:40:14 +00:00
stirling-pdf infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
t3code t3code: ingress -> devvm dispatch+autopair (retire in-cluster nginx) 2026-06-02 19:24:30 +00:00
tandoor infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
technitium technitium: CoreDNS rewrite forgejo.viktorbarzin.me -> Traefik ClusterIP 2026-06-04 07:34:30 +00:00
terminal infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
tor-proxy infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
trading-bot infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
traefik traefik: bot-block-proxy buffer 256k + document the real HTTP/2 limit 2026-06-01 15:15:27 +00:00
travel-agent travel-agent: switch from Slack webhook to bot token (chat.postMessage) 2026-05-30 22:44:11 +00:00
travel_blog infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
tripit Reapply "tripit: Gmail ingest (12-month) + vbarzin owner + plans@ forward-to-parse" 2026-06-03 10:24:25 +00:00
tuya-bridge infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
uptime-kuma uptime-kuma: public status pages + push monitors bypass Authentik 2026-06-03 10:24:24 +00:00
url infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
vault infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
vaultwarden keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
vpa keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
wealthfolio infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
webhook_handler infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
whisper infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
wireguard keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
woodpecker infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
xray xray: drop dead vless ingress + pin Service target_port 2026-05-24 01:13:54 +00:00
ytdlp infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00