K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 99ab720835 FIX(falco): explicitly set cpu limit to null main Mayne0213 2026-01-12 02:42:36 +09:00
  • ac4cd12c73 PERF(security): remove CPU limits for stability Mayne0213 2026-01-12 02:13:42 +09:00
  • e5ca2a3f36 PERF(falco): remove CPU limit for stability Mayne0213 2026-01-12 02:01:14 +09:00
  • eba6d898ba PERF(falco): increase memory limit to upperBound Mayne0213 2026-01-12 01:51:49 +09:00
  • ec09ea403f PERF(security): optimize resources via VPA Mayne0213 2026-01-12 01:08:45 +09:00
  • 2cfcc586be refactor: update Vault secret paths to new categorized structure Mayne0213 2026-01-11 22:36:33 +09:00
  • 5e717ff9b1 migrate: change repoURLs from GitHub to Gitea Mayne0213 2026-01-10 20:43:23 +09:00
  • 96c3c92069 REFACTOR(cert-manager): move from platform repo Mayne0213 2026-01-10 19:57:58 +09:00
  • d29651af7a REFACTOR(repo): remove control-plane scheduling Mayne0213 2026-01-10 18:35:15 +09:00
  • 8194fc6707 PERF(external-secrets): use 20% memory increase instead of VPA Mayne0213 2026-01-10 14:37:21 +09:00
  • 5acc1c7f9e PERF(security): adjust resources based on VPA Mayne0213 2026-01-10 14:32:33 +09:00
  • c2d6958407 PERF(external-secrets): reduce replicas to 1 Mayne0213 2026-01-10 13:31:52 +09:00
  • 736205e464 PERF(falco): reduce sidekick replicas to 1 Mayne0213 2026-01-10 13:15:56 +09:00
  • 119e86d482 PERF(vault): add high-priority class Mayne0213 2026-01-10 13:14:08 +09:00
  • ac6eaef446 CHORE(external-secrets): increase certController memory Mayne0213 2026-01-10 02:09:28 +09:00
  • c78dec54d7 FEAT(authelia): add Zot OIDC client Mayne0213 2026-01-10 00:55:11 +09:00
  • 5f9573133e FIX(authelia): configure OIDC claims and scopes Mayne0213 2026-01-09 20:10:36 +09:00
  • fa4521e946 FIX(authelia): remove internal network bypass rule Mayne0213 2026-01-09 20:06:22 +09:00
  • 876708ccdf REFACTOR(authelia): simplify to single user Mayne0213 2026-01-09 20:01:46 +09:00
  • 8ccf5c5187 FIX(authelia): add users to OIDC ClusterRoleBinding Mayne0213 2026-01-09 19:57:44 +09:00
  • 507cb61ec4 FEAT(vault): add OIDC auth for Authelia SSO Mayne0213 2026-01-09 19:41:38 +09:00
  • bb4af2638e FIX(authelia): correct network definition schema Mayne0213 2026-01-09 15:59:18 +09:00
  • 16dd9d88aa FEAT(authelia): bypass auth for cluster internal traffic Mayne0213 2026-01-09 15:50:18 +09:00
  • c368d2e983 FIX(external-secrets): increase certController memory to 128Mi Mayne0213 2026-01-09 14:19:17 +09:00
  • 871882927b FIX(external-secrets): increase memory limits for webhook and certController Mayne0213 2026-01-09 14:18:11 +09:00
  • 74d29aabfc CHORE(resources): set memory limits equal to memory requests Mayne0213 2026-01-09 14:05:54 +09:00
  • 4dc04bd904 FEAT(repo): add App of Apps self-reference Mayne0213 2026-01-09 13:32:09 +09:00
  • 756ddade15 FEAT(authelia): enable HA with DaemonSet and Redis Mayne0213 2026-01-09 12:58:22 +09:00
  • 061489756a CHORE(authelia): update admin password hash Mayne0213 2026-01-09 03:21:22 +09:00
  • 5ea9ad9dc1 CHORE(repo): remove application.yaml reference Mayne0213 2026-01-09 02:26:17 +09:00
  • 130da5c76d CHORE(repo): remove self-referencing application.yaml Mayne0213 2026-01-09 02:20:13 +09:00
  • 369181717b REFACTOR(authelia): switch to Deployment mode Mayne0213 2026-01-09 02:05:46 +09:00
  • 45ab6592d6 FIX(authelia): disable Redis authentication Mayne0213 2026-01-09 02:04:25 +09:00
  • e6f496c439 FEAT(authelia): add Redis for session storage Mayne0213 2026-01-09 02:03:04 +09:00
  • 739ac544c7 REFACTOR(repo): standardize taint to control-plane Mayne0213 2026-01-08 19:18:03 +09:00
  • 8f449666b5 CHORE(authelia): Remove immich OIDC client Mayne0213 2026-01-08 18:09:55 +09:00
  • 870eea8664 CHORE(authelia): remove replica setting for DaemonSet Mayne0213 2026-01-08 13:33:22 +09:00
  • 66d845140e FIX(authelia): move affinity to top level Mayne0213 2026-01-08 13:09:02 +09:00
  • cbf00275e8 FEAT(security): enable HA with replica 2 and soft anti-affinity Mayne0213 2026-01-08 13:07:56 +09:00
  • 56c7c0d29d CHORE(trivy): remove Trivy vulnerability scanner Mayne0213 2026-01-08 01:28:01 +09:00
  • c24313154d FIX(security): remove CPU limits from falco and trivy Mayne0213 2026-01-08 00:33:13 +09:00
  • 31007c5586 PERF(resources): remove CPU limits - keep memory limits only Mayne0213 2026-01-07 23:48:43 +09:00
  • 5e161fca8a FEAT(external-secrets): add ClusterExternalSecret for Zot Mayne0213 2026-01-07 14:28:58 +09:00
  • 41e8771889 FIX(authelia): fix Headlamp OIDC token auth Mayne0213 2026-01-07 01:39:31 +09:00
  • 7cdc4f1e9e FIX(external-secrets): disable CRD installation via Helm Mayne0213 2026-01-07 01:24:07 +09:00
  • 661659acdb FIX(external-secrets): ignore CRD status in diff Mayne0213 2026-01-07 01:20:02 +09:00
  • 3ea8b0d7c9 REVERT(external-secrets): remove ServerSideApply Mayne0213 2026-01-07 01:18:44 +09:00
  • 835395f7ec FIX(external-secrets): add ServerSideApply for CRD sync Mayne0213 2026-01-07 01:15:03 +09:00
  • 384d73d1fa REFACTOR(secrets): flatten Vault paths Mayne0213 2026-01-06 16:53:10 +09:00
  • 677214b848 REFACTOR(repo): move vault/ to manifests/ Mayne0213 2026-01-06 16:43:38 +09:00
  • 3c51bb3b5e FIX(authelia): keep ingress in manifests Mayne0213 2026-01-06 15:27:17 +09:00
  • 52bc1b9d57 FIX(authelia): use rulesOverride for config Mayne0213 2026-01-06 15:26:24 +09:00
  • 875dbbc42c REFACTOR(authelia): integrate ingress in values Mayne0213 2026-01-06 15:12:22 +09:00
  • 6fbf2b16c2 REFACTOR(vault): move resources to manifests Mayne0213 2026-01-06 01:38:33 +09:00
  • 321685822f REFACTOR(repo): security repo structure Mayne0213 2026-01-04 19:57:03 +09:00
  • 27ba06b750 REFACTOR(grafana): remove Falco and Traefik UI Mayne0213 2026-01-04 17:52:19 +09:00
  • c90574aee2 REFACTOR(grafana): remove Trivy UI Mayne0213 2026-01-04 17:52:15 +09:00
  • c51cca27d8 CHORE(falco): disable sidekick-ui and Redis Mayne0213 2026-01-04 13:31:30 +09:00
  • c66801a166 FEAT(falco): add loki output to falcosidekick Mayne0213 2026-01-04 13:06:23 +09:00
  • 76c5fd8343 FIX(falco): use SM create instead of enabled Mayne0213 2026-01-04 12:37:47 +09:00
  • d4b84305a2 FIX(redis): use customConfig for maxmemory Mayne0213 2026-01-04 02:04:46 +09:00
  • 94dcb7d585 FEAT(falco): add 6h TTL to sidekick-ui Mayne0213 2026-01-04 02:03:06 +09:00
  • 9822441e38 REFACTOR(repo): migrate repoURL to K3S-HOME Mayne0213 2026-01-03 21:08:42 +09:00
  • 4e4be3109a FIX(external-secrets): fix ESO CRD OutOfSync Mayne0213 2026-01-03 20:18:17 +09:00
  • 168193845b FIX(authelia): fix TOTP config for chart 0.10.x Mayne0213 2026-01-03 20:13:19 +09:00
  • a6342a2fdd CHORE(authelia): update authelia to 0.10.x renovate[bot] 2026-01-03 11:05:41 +00:00
  • 8fd3daa65f CHORE(external-secrets): update ESO to v1.2.1 renovate[bot] 2026-01-03 11:05:38 +00:00
  • fd31dc3c65 REFACTOR(authelia): remove redirect to Vault Mayne0213 2026-01-03 15:21:25 +09:00
  • 1cd89f6bae REFACTOR(falco): remove CPU limit Mayne0213 2026-01-03 11:13:51 +09:00
  • bce1bdf12b FIX(trivy): fix Trivy resource limits Mayne0213 2026-01-03 11:05:48 +09:00
  • c67b720ee4 FIX(falco): falco oom issues Mayne0213 2026-01-03 11:05:48 +09:00
  • a9a4ed1bf3 FIX(authelia): increase Authelia memory limit Mayne0213 2026-01-03 02:29:42 +09:00
  • 589b98a875 REFACTOR(trivy): remove Trivy scan job CPU limit Mayne0213 2026-01-03 00:08:44 +09:00
  • ede767498d PERF(redis): increase Redis memory limit to 512Mi Mayne0213 2026-01-02 23:37:45 +09:00
  • a0e483a8c4 FEAT(trivy): add ignoreDiff for trivy-ui CPU limit Mayne0213 2026-01-02 23:17:10 +09:00
  • 59b834c250 REFACTOR(resources): use tilde for null CPU Mayne0213 2026-01-02 23:16:10 +09:00
  • e1ecf43096 REFACTOR(trivy): remove trivy-ui CPU limit Mayne0213 2026-01-02 23:15:18 +09:00
  • 1a551b47ca PERF(falco): optimize falco rules Mayne0213 2026-01-02 23:00:23 +09:00
  • 8d46ae9e49 FEAT(immich): add email to admin user for OAuth Mayne0213 2026-01-02 21:27:53 +09:00
  • 04bc972466 FEAT(authelia): add Immich as OIDC client in Authelia Mayne0213 2026-01-02 21:09:34 +09:00
  • ddc733d2d2 FEAT(authelia): add Vault as OIDC client in Authelia Mayne0213 2026-01-02 20:46:51 +09:00
  • 159e135ee8 FEAT(authelia): add OIDC admin ClusterRoleBinding Mayne0213 2026-01-02 20:00:49 +09:00
  • 0be0f4cb5a FEAT(authelia): add jwks config for authelia oidc Mayne0213 2026-01-02 19:40:37 +09:00
  • ef31735060 FIX(vault): fix OIDC HMAC secret key name Mayne0213 2026-01-02 19:35:00 +09:00
  • e4fb804b3d FEAT(headlamp): enable authelia oidc provider Mayne0213 2026-01-02 19:30:02 +09:00
  • 4d4ecb13d6 FIX(falco): add NoExecute tolerations Mayne0213 2026-01-02 19:17:53 +09:00
  • d88cf75b95 FIX(authelia): fix Authelia secret key names Mayne0213 2026-01-02 00:13:28 +09:00
  • de5183469e FEAT(authelia): add JWT_HMAC_KEY to ExternalSecret Mayne0213 2026-01-02 00:09:44 +09:00
  • a4d9adc273 FIX(authelia): fix OIDC client_secret with plaintext prefix Mayne0213 2026-01-02 00:04:27 +09:00
  • 520261d36e FEAT(authelia): enable Authelia OIDC provider with MinIO client Mayne0213 2026-01-02 00:00:39 +09:00
  • 7de57fc936 CHORE(authelia): disable falco-ui basic auth Mayne0213 2026-01-01 23:29:55 +09:00
  • 7abf679d5e FEAT(goldilocks): add Authelia SSO Mayne0213 2026-01-01 23:27:17 +09:00
  • 2a4d84a0bc CHORE(deps): upgrade Falco to 0.40.0 Mayne0213 2026-01-01 23:22:38 +09:00
  • 5f197a607b FIX(falco): falco config errors Mayne0213 2026-01-01 23:20:39 +09:00
  • 765104bb4e REFACTOR(authelia): remove falco-ui-secret Mayne0213 2026-01-01 23:15:51 +09:00
  • b523935f3b FIX(argocd): falco ArgoCD Mayne0213 2026-01-01 23:05:38 +09:00
  • 2ce3a296ae REFACTOR(authelia): remove OIDC config files Mayne0213 2026-01-01 22:34:55 +09:00
  • cb4492f277 FEAT(authelia): add Authelia SSO to Vault and ArgoCD Mayne0213 2026-01-01 20:44:06 +09:00
  • fe357836c3 FEAT(authelia): integrate Authelia secrets Mayne0213 2026-01-01 00:25:06 +09:00
  • 95c756bc7f FEAT(trivy): add trivy-ui Application with ingress Mayne0213 2025-12-31 23:11:54 +09:00