bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity
607 Commits 66 Branches 0 Tags
ee14d3a2d018ffaa859de81020abc4cbf18cfe33
Commit Graph

33 Commits

Author SHA1 Message Date
Andrew Stoltz
ee14d3a2d0 whc4: front bluejay tenant route with CRS WAF 2026-06-17 19:54:26 -05:00
Andrew Stoltz
193b167d10 whc4: quiet PHP WAF health probes 2026-06-17 19:27:02 -05:00
Andrew Stoltz
ef782ed56d whc4: front PHP route with CRS WAF 2026-06-17 19:24:36 -05:00
Andrew Stoltz
41fb117ff0 whc4: deploy PHP tenant edge controls 2026-06-17 18:51:38 -05:00
Andrew Stoltz
ca1b1e8a3a sec4: roll MySQL and PHP storage measurement images 2026-06-17 17:57:16 -05:00
Andrew Stoltz
51572de3b2 sec4: roll MySQL and PHP runtime-limit images 2026-06-17 15:45:24 -05:00
Andrew Stoltz
a07aae9487 sec4: bump MySQL and PHP web rate-limit images 2026-06-17 14:40:32 -05:00
Codex
cc6399c4f3 Bump GX10 DeviceManagement web image 2026-06-17 14:08:07 -05:00
Andrew Stoltz
a0d79eeb8c hm4: own hosting operator CRDs and RBAC 2026-06-17 13:47:40 -05:00
Andrew Stoltz
4f7a5f3d20 fix(openbao): use arm64-resolving :2.5.5 tag (GX10 aarch64; amd64 digest won't pull) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-17 13:42:17 -05:00
Andrew Stoltz
4aad74a8aa feat(openbao): GX10 prod OpenBao StatefulSet (ADR-206 Phase-1) 
Integrated-Raft single node, transit auto-unseal -> noc1 seal-bao
(10.0.56.10:8210, key gx10-unseal). Non-root (uid 100/gid 1000), internal
step-ca TLS listener. openbao-tls + openbao-seal secrets created out-of-band
(seal token + listener key never in git). local-path 2Gi Raft PVC.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-17 13:41:02 -05:00
Andrew Stoltz
44608acae2 hm1: add GX10 MCP gateway wiring 2026-06-17 13:15:36 -05:00
Andrew Stoltz
54179a6c4c fix(chat): roll fc-chat to chatfix-54fd549 (arm64) — /tickets redirect + send-button recovery 
Bump fc-chat image to localhost/fc-chat-web:v20260617-chatfix-54fd549, built
for arm64 on GX10 from Chat master 54fd549 + Common 0a4174d:
- OperatorRouteRedirect bounces ANY unauthorized path to sign-in (was: only
  operator/ops-chat prefixes, so /tickets sat on "Redirecting..." forever)
- FcAiChat send button stays clickable as Cancel while generating + closes
  the reconnect-recovery gap so it re-enables after a circuit drop

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-17 12:49:35 -05:00
Andrew Stoltz
dfaae3cbce deploy(segmentdisplay): roll non-root GX10 image 2026-06-17 10:52:19 -05:00
Andrew Stoltz
0020aa97ce Pin GX10 Network web SEC-5 image 2026-06-17 10:05:12 -05:00
Andrew Stoltz
b353058b47 gx10: deploy hardened MessageBoard web image 2026-06-17 09:41:56 -05:00
Andrew Stoltz
435e60a3f0 Deploy MenuBoard SEC-5 non-root image to GX10 2026-06-17 09:13:01 -05:00
Andrew Stoltz
ed32a65873 Deploy Media SEC-5 non-root image to GX10 2026-06-17 08:47:40 -05:00
Andrew Stoltz
18f4f657f8 Deploy Intranet SEC-5 non-root image to GX10 
Pin localhost/fc-intranet-web:v20260617-sec5-intranet-1abdf90 and apply restricted pod/container security contexts plus writable /data, /tmp, and /app/logs mounts.
 2026-06-17 08:18:31 -05:00
Andrew Stoltz
cf8cc4ba54 deploy(chat): roll non-root GX10 image 2026-06-17 07:46:28 -05:00
Andrew Stoltz
2cfd340833 deploy(dns): roll non-root GX10 images 2026-06-17 06:36:07 -05:00
Andrew Stoltz
983406b886 deploy(php): roll non-root GX10 web image 2026-06-17 05:59:36 -05:00
Andrew Stoltz
cebd934872 deploy(php): roll non-root GX10 operator image 2026-06-17 05:22:36 -05:00
Andrew Stoltz
8d55ca1566 deploy(mysql): roll non-root GX10 operator image 2026-06-17 04:34:28 -05:00
Andrew Stoltz
b11f26b963 deploy(mysql): roll non-root GX10 web image 2026-06-17 04:08:23 -05:00
Andrew Stoltz
aa0525331d deploy(updater): roll non-root GX10 image 2026-06-17 03:15:35 -05:00
Andrew Stoltz
9ce18e4acc fix(irc): inject GX10 cloak keys from Secret 2026-06-17 02:39:55 -05:00
Andrew Stoltz
11f32f1a6e deploy(dns): add GX10 fc-dns app 2026-06-17 02:12:40 -05:00
Andrew Stoltz
083e7f41cd fix(fc-php): restore missing IngressRoute + TLS cert (php-web 404 on GX10) 
php.iamworkin.lan returned 404 on every path: the GX10 GitOps capture grabbed
fc-php's deployment/service but NOT its IngressRoute (chicken-egg — php wasn't
routed at capture time), so Traefik matched no route. Pod is 1/1 Running 37h —
the 404 was pure missing-route, confirmed by diffing against the healthy sibling
mysql-web (which has its IngressRoute).

Mirrors the mysql-web / fc-network pattern: a cert-manager Certificate (step-ca-acme
ClusterIssuer) to mint php-web-tls + an IngressRoute Host(php.iamworkin.lan)->php-web:5400.
Additive only.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-17 01:57:47 -05:00
Andrew Stoltz
336c4a6ec0 deploy(signage): roll GX10 F2 image 2026-06-17 01:25:04 -05:00
Andrew Stoltz
415fec9e4d gx10-gitops: deploy-loop proof — mark knowledge svc managed-by gx10-argocd 2026-06-16 22:33:40 -05:00
Andrew Stoltz
6c0be8563d gx10-gitops: capture live manifests for 32 product namespaces (ArgoCD adoption source) 2026-06-16 22:24:23 -05:00
Andrew Stoltz
0218b1f8b6 gx10-gitops: pilot — capture live knowledge manifests (adoption source) 2026-06-16 22:18:20 -05:00