studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
88 Commits 1 Branch 0 Tags
fdcc15080f4364a1cc2e73a64d718b806a55164e
Commit Graph

4 Commits

Author SHA1 Message Date
Sienna Meridian Satterwhite
3fc54c8851 feat: add PrometheusRule alerts for all services 
28 alert rules across 9 PrometheusRule files covering infrastructure
(Longhorn, cert-manager), data (PostgreSQL, OpenBao, OpenSearch),
storage (SeaweedFS), devtools (Gitea), identity (Hydra, Kratos),
media (LiveKit), and mesh (Linkerd golden signals for all services).

Severity routing: critical alerts fire to Matrix + email, warnings
to Matrix only (AlertManager config updated in separate commit).
 2026-03-24 12:20:55 +00:00
Sienna Meridian Satterwhite
d32d1435f9 feat(infra): data, storage, devtools, and ory layer updates 
- data: CNPG cluster tuning, OpenBao values, OpenSearch deployment fixes,
  OpenSearch PVC, barman vault secret for S3 backup credentials
- storage: SeaweedFS filer updates (s3.json via secret subPath), PVC for
  filer persistent storage
- devtools: Gitea values (SSH service, custom theme), gitea-theme-cm ConfigMap
- ory: add kratos-selfservice-urls.yaml for self-service flow URLs
- media: LiveKit values updated (TURN config, STUN, resource limits)
- vso: kustomization cleanup
 2026-03-06 12:07:28 +00:00
Sienna Meridian Satterwhite
8cb705fecc feat(devtools): migrate Gitea to OpenBao DB static role; sync admin creds via VSO 
- gitea-db-credentials is now a VaultDynamicSecret reading from
  database/static-creds/gitea (OpenBao static role, 24h password rotation).
  Replaces the previous KV-based Secret that used a hardcoded localdev password.
- gitea-admin-credentials and gitea-s3-credentials remain VaultStaticSecrets
  synced from secret/gitea and secret/seaweedfs respectively.
- gitea-values.yaml adds gitea.admin.existingSecret so the chart reads the
  admin username/password from the VSO-managed Secret instead of values.
 2026-03-02 18:33:16 +00:00
Sienna Meridian Satterwhite
5d9bd7b067 chore: initial infrastructure scaffold 
Kustomize base + overlays for the full Sunbeam k3s stack:
- base/mesh      — Linkerd edge (crds + control-plane + viz)
- base/ingress   — custom Pingora edge proxy
- base/ory       — Kratos 0.60.1 + Hydra 0.60.1 + login-ui
- base/data      — CloudNativePG 0.27.1, Valkey 8, OpenSearch 2
- base/storage   — SeaweedFS master + volume + filer (S3 on :8333)
- base/lasuite   — Hive sync daemon + La Suite app placeholders
- base/media     — LiveKit livekit-server 1.9.0
- base/devtools  — Gitea 12.5.0 (external PG + Valkey)
overlays/local   — sslip.io domain, mkcert TLS, Lima hostPort
overlays/production — stub (TODOs for sunbeam.pt values)
scripts/         — local-up/down/certs/urls helpers
justfile         — up / down / certs / urls targets
 2026-02-28 13:42:27 +00:00