k8s-manifests

Author SHA1 Message Date

Author	SHA1	Message	Date
chemavx	22ae5d7d4b	chore: pin all floating image tags to exact running versions - vaultwarden/server:latest → 1.35.4 - redis:alpine → 8.6.2-alpine (authentik) - homarr-labs/homarr:latest → 1.0.0 - gitea/gitea:latest → 1.25.5 - uptime-kuma:1 → 1.23.17 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 08:11:22 +00:00
chemavx	f42cdee585	security: remove all REDACTED secrets from repo, add pre-commit guard - Delete 26 secret manifests containing REDACTED placeholder values (15 cert-manager TLS + 11 app secrets across 8 namespaces) - REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD applying these manifests corrupts live secrets in the cluster - Add .githooks/pre-commit that rejects any .yaml with REDACTED - Add README.md documenting secret management policy and manual creation commands for each service - n8n secret manifests already fixed in previous commits (`618b1e8`, `db04fd2`)	2026-04-14 20:02:51 +00:00
chemavx	ff2e6cc985	feat: export all K8 Plus cluster manifests Namespaces: argocd, authentik, backup-system, cloudflare-ddns, gitea, homarr, monitoring, n8n, openclaw, polymarket-bot, vaultwarden Cluster-wide: clusterissuers, namespaces Secrets: redacted (structure only, data=REDACTED)	2026-04-10 08:57:02 +00:00

22ae5d7d4b

chore: pin all floating image tags to exact running versions

- vaultwarden/server:latest → 1.35.4
- redis:alpine → 8.6.2-alpine (authentik)
- homarr-labs/homarr:latest → 1.0.0
- gitea/gitea:latest → 1.25.5
- uptime-kuma:1 → 1.23.17

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-15 08:11:22 +00:00

chemavx

f42cdee585

security: remove all REDACTED secrets from repo, add pre-commit guard

- Delete 26 secret manifests containing REDACTED placeholder values
  (15 cert-manager TLS + 11 app secrets across 8 namespaces)
- REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD
  applying these manifests corrupts live secrets in the cluster
- Add .githooks/pre-commit that rejects any .yaml with REDACTED
- Add README.md documenting secret management policy and manual
  creation commands for each service
- n8n secret manifests already fixed in previous commits (618b1e8, db04fd2)

2026-04-14 20:02:51 +00:00

chemavx

ff2e6cc985

feat: export all K8 Plus cluster manifests

Namespaces: argocd, authentik, backup-system, cloudflare-ddns,
gitea, homarr, monitoring, n8n, openclaw, polymarket-bot, vaultwarden
Cluster-wide: clusterissuers, namespaces
Secrets: redacted (structure only, data=REDACTED)

2026-04-10 08:57:02 +00:00

3 Commits