Without a byte limit, the stream grows unbounded within its 24h
max_age window. At 101 devices polling every 60s, it hits 128MB
in ~10 hours and OOMs the NATS container.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mock RouterOS server and screenshot automation live here
but should not be in the public repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace all screenshots with Deep Space dark theme captures.
New tenants: Lebowski Lanes, MXC Studios, Irken Empire.
Login screenshot now shows Secret Key fields.
Remove old Stranger's Ranch screenshot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Third blog post covering current capabilities, limitations, and
design philosophy. Factual inventory of what works, what's rough,
and what's missing entirely.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Kubernetes/Helm deployment section to DEPLOYMENT.md, telemetry
environment variables to CONFIGURATION.md, telemetry privacy details
to SECURITY.md, telemetry bullet to README quick start, and fix Go
version from 1.24 to 1.25 in docs/README.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Secret resource now named with -secrets suffix to match all template refs
- Add CREDENTIAL_ENCRYPTION_KEY to migration init container (VPN migration needs it)
- Fix postgres secretKeyRef to use -secrets suffix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Local override values with pullPolicy: Never, dev environment,
disabled ingress/wireguard, and placeholder secrets. File is gitignored
since it contains dev credentials; exists only on local machines.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Post-install notes cover OpenBao initialization/unseal workflow,
ingress or port-forward access, admin credentials, and health check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Routes /api, /docs, /metrics to API service and / to frontend,
with optional TLS and annotation support.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Privileged deployment with NET_ADMIN, sysctl ip_forward, tun device
mount, and UDP LoadBalancer service on port 51820.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Go poller with NET_ADMIN capability, configmap envFrom, and secret
refs for DATABASE_URL (poller_user), OPENBAO_TOKEN, and encryption key.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simple nginx-based deployment serving the React SPA on port 80,
no runtime env or volumes required.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Includes two init containers (VPN route setup, Alembic migrations),
secret refs for JWT/encryption/OpenBao/SMTP, and PVC mounts for
git-store, firmware-cache, and wireguard config.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
File-backed storage, IPC_LOCK capability for mlock, startup/liveness/
readiness probes. Config mounted via subPath from ConfigMap.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Runs nats-server with --jetstream and monitoring on port 8222.
Headless service for StatefulSet DNS, ClusterIP service for app connections.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ephemeral cache with no PVC. Includes redis-cli ping probes for
liveness and readiness.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Includes ConfigMap for init.sql (TimescaleDB extension, app_user and
poller_user role creation), StatefulSet with liveness/readiness probes,
and headless Service for stable DNS.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three PVCs with configurable size and storageClass. Wireguard PVC is
conditional on wireguard.enabled.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Single Secret with all sensitive values (JWT, encryption keys, DB
passwords, SMTP credentials, poller DB URL). Single ConfigMap with
all non-sensitive config including URL helpers and optional value guards.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instruments setup.py to send per-step diagnostic events to the TOD
telemetry collector when the user opts in. Uses a shared static token
with no registration flow — fully anonymous.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace placeholder "coming soon" pages with functional implementations
that query the fleet APIs and display real-time wireless issues and
resource consumption data.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
