ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks
2026-05-10 18:53:49 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel+anubis: extend sweep to non-V2 raw deployments; fix anubis replicas validation
2026-05-29 06:02:24 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
broker-sync: unsuspend broker-sync-imap (IE structurally skipped at code level now)
2026-05-27 17:57:26 +00:00
security(wave1): W1.6 expand observation from recruiter-responder pilot → tier 3+4 (82 namespaces)
2026-05-19 22:14:16 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
claude-agent-service: wire parallel execution (git-crypt mount, memory, MAX_CONCURRENCY)
2026-06-03 10:24:24 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
cloudflared: fix tunnel origin .200 -> Traefik svc DNS (full-site 502 outage) [ci skip]
2026-06-01 21:22:05 +00:00
cnpg: bump webhook-cert renewal threshold 7d -> 30d
2026-05-22 15:00:41 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
crowdsec: pin image to v1.7.8 + remove ENROLL_KEY, CAPI restored
2026-05-24 11:11:29 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
tripit: deploy stack + DB provisioning + ongoing mail-ingest [ci skip]
2026-05-30 10:23:11 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
fire-planner: LLM_MODEL env var → qwen3vl-4b default (fits in current GPU headroom; immich-ml is holding ~10GB)
2026-06-01 19:50:41 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
hermes-agent: gate PVC on parked flag (clears PVCStuckPending)
2026-05-31 15:19:28 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
immich: fix slow context search — prewarm clip_index + latency alert/healthcheck
2026-06-05 09:19:07 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
[infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip]
2026-04-18 21:19:48 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
job-hunter: weekly above-target Slack alert CronJob
2026-06-02 20:49:42 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
fix(k8s-dashboard): use email_verified=true + groups scope mappings
2026-06-05 09:19:09 +00:00
Bucket A retrigger + Bucket D enrollment (5 module-nested stacks)
2026-05-16 23:10:38 +00:00
k8s-version-upgrade: ignore IngressTTFBCritical in halt-on-alert check
2026-05-24 01:10:44 +00:00
keel: re-enable with policy=patch (semver-bounded) + fix CI deny-privileged
2026-05-26 19:06:51 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
kured: fix sentinel-gate OOM — 256Mi limit + self-restart leak guard
2026-05-31 14:49:04 +00:00
kyverno: strip orphaned keel.sh/match-tag fleet-wide (image-swap fix)
2026-06-01 19:50:41 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
kms: revert files accidentally bundled into the docs commit
2026-06-01 10:36:49 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
keel+anubis: extend sweep to non-V2 raw deployments; fix anubis replicas validation
2026-05-29 06:02:24 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
immich: fix slow context search — prewarm clip_index + latency alert/healthcheck
2026-06-05 09:19:07 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
[dns] NodeLocal DNSCache — deploy DaemonSet to all nodes (WS C)
2026-04-19 15:46:41 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: belt-and-suspenders opt-out for mysql/redis/nvidia-exporter
2026-05-26 21:53:10 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
postiz: adopt drifted resources into TF state; exclude stuck Helm release
2026-05-30 14:36:07 +00:00
priority-pass: bump image_tag to 061a66ad [ci skip]
2026-06-05 09:19:09 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
cloud-init: hands-off k8s worker provisioning + 5 bug fixes
2026-05-26 11:52:00 +00:00
[infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip]
2026-04-18 21:15:27 +00:00
feat(rbac): apiserver multi-issuer OIDC via structured AuthenticationConfiguration
2026-06-05 09:19:09 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
redis: revert 3-node Sentinel HA to single standalone instance [ci skip]
2026-05-30 17:49:43 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
status-page: disable pusher CronJob to stop sdc write storm
2026-05-26 21:40:14 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
t3code: ingress -> devvm dispatch+autopair (retire in-cluster nginx)
2026-06-02 19:24:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
technitium: CoreDNS rewrite forgejo.viktorbarzin.me -> Traefik ClusterIP
2026-06-04 07:34:30 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
traefik: bot-block-proxy buffer 256k + document the real HTTP/2 limit
2026-06-01 15:15:27 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
feat(tripit): linked-email verification (SMTP + confirm carve-out) [ci skip]
2026-06-05 09:19:09 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
uptime-kuma: codify Traefik LB internal monitor at .203 (was stale .200)
2026-06-05 09:19:08 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads
2026-05-28 23:09:30 +00:00
keel: enroll 11 more namespaces (operators + critical infra)
2026-05-17 20:59:14 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
keel: enroll 15 critical-path namespaces for digest-only auto-update
2026-05-17 12:13:22 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
xray: drop dead vless ingress + pin Service target_port
2026-05-24 01:13:54 +00:00
infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP]
2026-06-03 10:52:46 +00:00
cb96d5d590