- Manifiestos limpios: namespace, rbac, pvc (5Gi local-path), deployment, service, ingress
- nodeSelector chemavx-k8 en deployment para fijar PVC en el nodo correcto
- Imagen fijada a ghcr.io/openclaw/openclaw:2026.4.12
- Sin initContainers ni secrets en el deployment (config post-arranque via exec)
- Elimina artefactos: configmap-kube-root-ca.crt.yaml, serviceaccount-default.yaml, pvc-openclaw-pvc.yaml, rbac-openclaw-agent.yaml
- Añade argocd/application-openclaw.yaml para gestión GitOps
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Deploy registry:2 as Docker Hub pull-through cache on chemavx-k8 (hostPort 5000,
ClusterIP 10.43.163.56:5000). Configures dind runner to use local mirror via
daemon.json to eliminate Docker Hub rate limit failures in CI/CD.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Delete 26 secret manifests containing REDACTED placeholder values
(15 cert-manager TLS + 11 app secrets across 8 namespaces)
- REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD
applying these manifests corrupts live secrets in the cluster
- Add .githooks/pre-commit that rejects any .yaml with REDACTED
- Add README.md documenting secret management policy and manual
creation commands for each service
- n8n secret manifests already fixed in previous commits (618b1e8, db04fd2)
chemavx