6 Commits

Author	SHA1	Message	Date
chemavx	00c5bc2d37	fix: DinD memory request 1Gi→2Gi, limit 2Gi→4Gi	2026-05-05 09:15:14 +00:00
ChemaVX	5f3e1d5584	fix: dind stability — memory request 1Gi, liveness probe, emptyDir sizeLimit 10Gi	2026-05-04 11:09:31 +00:00
chemavx	0bf2e746dd	feat(registry-cache): add Docker Hub pull-through cache + dind mirror config ... Deploy registry:2 as Docker Hub pull-through cache on chemavx-k8 (hostPort 5000, ClusterIP 10.43.163.56:5000). Configures dind runner to use local mirror via daemon.json to eliminate Docker Hub rate limit failures in CI/CD. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-22 11:35:43 +00:00
chemavx	22ae5d7d4b	chore: pin all floating image tags to exact running versions ... - vaultwarden/server:latest → 1.35.4 - redis:alpine → 8.6.2-alpine (authentik) - homarr-labs/homarr:latest → 1.0.0 - gitea/gitea:latest → 1.25.5 - uptime-kuma:1 → 1.23.17 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 08:11:22 +00:00
chemavx	f42cdee585	security: remove all REDACTED secrets from repo, add pre-commit guard ... - Delete 26 secret manifests containing REDACTED placeholder values (15 cert-manager TLS + 11 app secrets across 8 namespaces) - REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD applying these manifests corrupts live secrets in the cluster - Add .githooks/pre-commit that rejects any .yaml with REDACTED - Add README.md documenting secret management policy and manual creation commands for each service - n8n secret manifests already fixed in previous commits (618b1e8, db04fd2)	2026-04-14 20:02:51 +00:00
chemavx	ff2e6cc985	feat: export all K8 Plus cluster manifests ... Namespaces: argocd, authentik, backup-system, cloudflare-ddns, gitea, homarr, monitoring, n8n, openclaw, polymarket-bot, vaultwarden Cluster-wide: clusterissuers, namespaces Secrets: redacted (structure only, data=REDACTED)	2026-04-10 08:57:02 +00:00