viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/docs/post-mortems
History
Viktor Barzin f807050eb5 cloudflared: fix tunnel origin .200 -> Traefik svc DNS (full-site 502 outage) [ci skip] 
The Cloudflare tunnel routed *.viktorbarzin.me and the apex to
https://10.0.20.200:443, but Traefik moved off the shared MetalLB .200
onto its dedicated 10.0.20.203 on 2026-05-30 (commit 0c01adac). Nothing
serves HTTPS on .200:443 anymore, so cloudflared could not reach its
origin (no route to host / i/o timeout) and Cloudflare returned 502 for
every externally-proxied service. Internal/LAN access (split-horizon ->
.203) was unaffected, which masked the outage.

Repoint both ingress rules at the in-cluster Traefik Service DNS
(https://traefik.traefik.svc.cluster.local:443) -- the design the docs
already described but the code never implemented -- so the tunnel is
decoupled from the Traefik LB IP and this cannot recur on a future move.

Applied live via targeted apply on the tunnel config resource only;
[ci skip] because live already matches and a full stack apply would
churn unrelated pre-existing drift (Keel annotations, DKIM re-chunk).

Post-mortem: docs/post-mortems/2026-06-01-cloudflared-stale-traefik-origin.md

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 21:22:05 +00:00
..
2026-03-16-kured-containerd-cascade-outage.html docs: consolidate all post-mortems under docs/post-mortems/ 2026-04-14 08:24:36 +00:00
2026-03-16-nfs-csi-cascade-failure.md docs: move post-mortems to docs/post-mortems/ 2026-04-14 08:20:09 +00:00
2026-04-14-nfs-fsid0-dns-vault-outage.md docs: update post-mortem follow-up implementation [PM-2026-04-14] [ci skip] 2026-04-14 18:09:11 +00:00
2026-04-14-postmortem-pipeline-test.md fix: use full path to claude CLI for non-interactive SSH 2026-04-14 17:44:50 +00:00
2026-04-18-authentik-outpost-shm-full.md docs/authentik: document postgres session backend + close out 2026-04-18 post-mortem items 2026-05-10 16:28:11 +00:00
2026-04-19-registry-orphan-index.md [registry] bulk-clean 34 orphan manifests + beads-server image bump 2026-04-19 23:16:34 +00:00
2026-04-22-vault-raft-leader-deadlock.md vault: complete Phase 2 NFS-hostile migration; remove nfs-proxmox SC 2026-04-25 17:10:00 +00:00
2026-05-09-io-pressure-stale-nfs.md mysql: bump to 4Gi limit / 3Gi request; grow /srv/nfs LV to 3 TiB 2026-05-09 17:01:57 +00:00
2026-05-16-kured-stalled-and-anubis-ha.md docs/pm: kured silently stalled 6 days + Anubis HA lift (2026-05-16) 2026-05-16 12:17:26 +00:00
2026-05-17-gpu-driver-ubuntu2604-mismatch.md nvidia: fix driver install deadlock + extend startup probe 2026-05-25 11:53:44 +00:00
2026-05-17-nfs-csi-keel-upgrade-master-port-conflict.md nfs-csi: pin chart v4.13.1 + controller affinity (post-mortem) 2026-05-17 09:11:09 +00:00
2026-05-25-immich-anca-elements-io-storm.md docs(immich): cap server-side job concurrency to protect sdc + log recurrence 2026-06-01 15:15:26 +00:00
2026-05-30-redis-split-brain.md redis: revert 3-node Sentinel HA to single standalone instance [ci skip] 2026-05-30 17:49:43 +00:00
2026-05-31-kured-sentinel-gate-oom.md kured: fix sentinel-gate OOM — 256Mi limit + self-restart leak guard 2026-05-31 14:49:04 +00:00
2026-06-01-cloudflared-stale-traefik-origin.md cloudflared: fix tunnel origin .200 -> Traefik svc DNS (full-site 502 outage) [ci skip] 2026-06-01 21:22:05 +00:00
2026-06-01-keel-match-tag-image-swap.md kyverno: strip orphaned keel.sh/match-tag fleet-wide (image-swap fix) 2026-06-01 19:50:41 +00:00
index.html docs: consolidate all post-mortems under docs/post-mortems/ 2026-04-14 08:24:36 +00:00