- Secret resource now named with -secrets suffix to match all template refs
- Add CREDENTIAL_ENCRYPTION_KEY to migration init container (VPN migration needs it)
- Fix postgres secretKeyRef to use -secrets suffix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Post-install notes cover OpenBao initialization/unseal workflow,
ingress or port-forward access, admin credentials, and health check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Routes /api, /docs, /metrics to API service and / to frontend,
with optional TLS and annotation support.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Privileged deployment with NET_ADMIN, sysctl ip_forward, tun device
mount, and UDP LoadBalancer service on port 51820.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Go poller with NET_ADMIN capability, configmap envFrom, and secret
refs for DATABASE_URL (poller_user), OPENBAO_TOKEN, and encryption key.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simple nginx-based deployment serving the React SPA on port 80,
no runtime env or volumes required.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Includes two init containers (VPN route setup, Alembic migrations),
secret refs for JWT/encryption/OpenBao/SMTP, and PVC mounts for
git-store, firmware-cache, and wireguard config.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
File-backed storage, IPC_LOCK capability for mlock, startup/liveness/
readiness probes. Config mounted via subPath from ConfigMap.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Runs nats-server with --jetstream and monitoring on port 8222.
Headless service for StatefulSet DNS, ClusterIP service for app connections.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ephemeral cache with no PVC. Includes redis-cli ping probes for
liveness and readiness.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Includes ConfigMap for init.sql (TimescaleDB extension, app_user and
poller_user role creation), StatefulSet with liveness/readiness probes,
and headless Service for stable DNS.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three PVCs with configurable size and storageClass. Wireguard PVC is
conditional on wireguard.enabled.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Single Secret with all sensitive values (JWT, encryption keys, DB
passwords, SMTP credentials, poller DB URL). Single ConfigMap with
all non-sensitive config including URL helpers and optional value guards.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
