viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/authentik
History
Viktor Barzin e4c3fbbbbb feat(authentik): adopt admin-services-restriction policy; admit kubernetes-* groups to k8s dashboard 
Namespace-owners (e.g. gheorghe) were blocked at forward-auth — k8s.viktorbarzin.me
was Home-Server-Admins-only. Carve-out: the dashboard host now also admits
kubernetes-admins/power-users/namespace-owners so they can reach the login page;
per-namespace access is still enforced by the pasted SA token (dashboard-sa.tf).
All other admin-only hosts unchanged. Policy adopted from UI into TF via import.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 09:19:10 +00:00
..
modules/authentik keel+anubis: extend sweep to non-V2 raw deployments; fix anubis replicas validation 2026-05-29 06:02:24 +00:00
admin-services-restriction.tf feat(authentik): adopt admin-services-restriction policy; admit kubernetes-* groups to k8s dashboard 2026-06-05 09:19:10 +00:00
authentik_provider.tf authentik: codify proxy provider TTL + adopt embedded outpost 2026-05-10 16:18:42 +00:00
guest.tf infra: document auth = "app|none" tier on every legacy ingress 2026-05-11 19:25:48 +00:00
main.tf extract dbaas, authentik, crowdsec from platform into independent stacks [ci skip] 2026-03-17 18:11:53 +00:00
secrets extract dbaas, authentik, crowdsec from platform into independent stacks [ci skip] 2026-03-17 18:11:53 +00:00
terragrunt.hcl extract dbaas, authentik, crowdsec from platform into independent stacks [ci skip] 2026-03-17 18:11:53 +00:00