bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity

feat(auth): adopt OIDC GitOps for DNS Distribution Media #36

Merged
bluejay merged 1 commits from codex/s58-oidc-proper into main 2026-06-04 05:52:57 +00:00
Conversation 0 Commits 1 Files Changed 7 +955 -10
bluejay commented 2026-06-04 05:50:48 +00:00
Owner
Copy Link

Summary

  • adopt fc-dns and fc-media into bluejay-infra GitOps with preserved live image/PVC shape
  • re-enable Distribution OIDC desired state with /healthz readiness kept anonymous
  • move blackbox probes for DNS/Distribution/Media to /healthz
  • add focused fleet lint coverage for the Sprint 58 OIDC flip

Tests

  • dotnet.exe test .\tests\bluejay-infra-lint\BluejayInfraLint.Tests.csproj -c Release --filter FullyQualifiedNameOidcFlipServices|FullyQualifiedNameDnsAndMediaGitOpsAdoption|FullyQualifiedNameMonitoringProbes_UseHealthzForOidcGatedHosts|FullyQualifiedNameDistributionPublicIngress_KeepsGetHeadMethodAllowlist|FullyQualifiedNameDnsAndMediaIngressRoutes_MatchLiveInternalHosts|FullyQualifiedNamePublicReadOnlyIngressRoutes_MustExplicitlyAllowOnlyGetAndHead

Live proof

  • DNS image localhost/fc-dns-web:v20260604-oidc-proper built/imported and dns-web rollout completed
  • Media image localhost/fc-media-web:v20260604-oidc-proper built/imported on pinned node and fc-media rollout completed
  • Distribution needs this branch as Argo desired state; main self-heal currently reverts Auth=false

Held WIP until browser proof is attached.

## Summary - adopt fc-dns and fc-media into bluejay-infra GitOps with preserved live image/PVC shape - re-enable Distribution OIDC desired state with /healthz readiness kept anonymous - move blackbox probes for DNS/Distribution/Media to /healthz - add focused fleet lint coverage for the Sprint 58 OIDC flip ## Tests - dotnet.exe test .\\tests\\bluejay-infra-lint\\BluejayInfraLint.Tests.csproj -c Release --filter FullyQualifiedName~OidcFlipServices|FullyQualifiedName~DnsAndMediaGitOpsAdoption|FullyQualifiedName~MonitoringProbes_UseHealthzForOidcGatedHosts|FullyQualifiedName~DistributionPublicIngress_KeepsGetHeadMethodAllowlist|FullyQualifiedName~DnsAndMediaIngressRoutes_MatchLiveInternalHosts|FullyQualifiedName~PublicReadOnlyIngressRoutes_MustExplicitlyAllowOnlyGetAndHead ## Live proof - DNS image localhost/fc-dns-web:v20260604-oidc-proper built/imported and dns-web rollout completed - Media image localhost/fc-media-web:v20260604-oidc-proper built/imported on pinned node and fc-media rollout completed - Distribution needs this branch as Argo desired state; main self-heal currently reverts Auth=false Held WIP until browser proof is attached.
bluejay added 1 commit 2026-06-04 05:50:48 +00:00
feat(auth): adopt oidc apps in gitops 933fea89d1
bluejay changed title from WIP: feat(auth): adopt OIDC GitOps for DNS Distribution Media to feat(auth): adopt OIDC GitOps for DNS Distribution Media 2026-06-04 05:52:56 +00:00
bluejay merged commit 2a66109f13 into main 2026-06-04 05:52:57 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
bluejay
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bluejay/bluejay-infra#36
Delete Branch "codex/s58-oidc-proper"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?