20 Commits

Author	SHA1	Message	Date
MichaelFisher1997	afb1782d38	fix: Separate Backup CRs into their own kustomization ... The Backup and Restore CRs need the rancher-backup CRDs to exist first. Moved them to a separate kustomization that depends on the operator being ready.	2026-03-29 22:22:29 +00:00
MichaelFisher1997	48870433bf	fix: Remove tls:external from Rancher HelmRelease ... With Tailscale LoadBalancer, TLS is not actually terminated at the edge. The Tailscale proxy does TCP passthrough, so Rancher must serve its own TLS certs. Setting tls: external caused Rancher to listen HTTP-only, which broke HTTPS access through Tailscale.	2026-03-29 22:19:23 +00:00
MichaelFisher1997	f2c506b350	refactor: Replace CNPG external DB with rancher-backup operator ... Rancher 2.x uses embedded etcd, not an external PostgreSQL database. The CATTLE_DB_CATTLE_* env vars are Rancher v1 only and were ignored. - Remove all CNPG (CloudNativePG) cluster, operator, and related configs - Remove external DB env vars from Rancher HelmRelease - Remove rancher-db-password ExternalSecret - Add rancher-backup operator HelmRelease (v106.0.2+up8.1.0) - Add B2 credentials ExternalSecret for backup storage - Add recurring Backup CR (daily at 03:00, 7 day retention) - Add commented-out Restore CR for rebuild recovery - Update Flux dependency graph accordingly	2026-03-29 21:53:16 +00:00
MichaelFisher1997	936f54a1b5	fix: Restore canonical Rancher tailnet hostname	2026-03-29 00:00:39 +00:00
MichaelFisher1997	c9df11e65f	fix: Align Rancher tailnet hostname with live proxy	2026-03-28 23:47:09 +00:00
MichaelFisher1997	a15fa50302	fix: Use Doppler-backed Rancher bootstrap password	2026-03-28 22:51:38 +00:00
MichaelFisher1997	0f4f0b09fb	fix: Add Rancher DB password ExternalSecret	2026-03-28 22:42:05 +00:00
MichaelFisher1997	4c002a870c	fix: Remove invalid Rancher server-url manifest	2026-03-28 22:39:31 +00:00
MichaelFisher1997	8c5edcf0a1	fix: Set Rancher server URL to tailnet hostname	2026-03-28 04:07:44 +00:00
MichaelFisher1997	a81da0d178	feat: Expose Rancher via Tailscale hostname	2026-03-28 03:59:02 +00:00
MichaelFisher1997	9d601dc77c	feat: Add CloudNativePG with B2 backups for persistent Rancher database ... - Add Local Path Provisioner for storage - Add CloudNativePG operator (v1.27.0) via Flux - Create PostgreSQL cluster with B2 (Backblaze) auto-backup/restore - Update Rancher to use external PostgreSQL via CATTLE_DB_CATTLE_* env vars - Add weekly pg_dump CronJob to B2 (Sundays 2AM) - Add pre-destroy backup hook to destroy workflow - Add B2 credentials to Doppler (B2_ACCOUNT_ID, B2_APPLICATION_KEY) - Generate RANCHER_DB_PASSWORD in Doppler Backup location: HetznerTerra/rancher-backups/ Retention: 14 backups	2026-03-25 23:06:45 +00:00
MichaelFisher1997	89c2c99963	Fix Rancher: remove conflicting LoadBalancer, add HTTPS port-forward, use tailscale serve only	2026-03-25 00:59:16 +00:00
MichaelFisher1997	4a35cfb549	Fix Rancher: use correct targetPort 444 for HTTPS	2026-03-24 23:30:58 +00:00
MichaelFisher1997	3d50bfc534	Fix Rancher service selector: use cattle-system-rancher label	2026-03-24 23:25:36 +00:00
MichaelFisher1997	dcb2675b67	Upgrade Rancher to 2.13.3 for K8s 1.34 compatibility	2026-03-24 21:42:51 +00:00
MichaelFisher1997	b40bec7e0e	Fix Rancher: use Doppler secret instead of hardcoded password	2026-03-24 21:13:23 +00:00
MichaelFisher1997	efe0c0cfd5	Fix Rancher: upgrade to 2.10.3 for K8s 1.34 compatibility	2026-03-24 20:29:38 +00:00
MichaelFisher1997	60ceac4624	Fix Rancher access: add kubectl port-forward + tailscale serve setup	2026-03-24 20:01:57 +00:00
MichaelFisher1997	ecf17113fb	Fix Rancher deployment: add cattle-system namespace, fix Traefik config with port 9442	2026-03-24 19:09:28 +00:00
MichaelFisher1997	4ffbcfa312	Add Rancher management UI	2026-03-24 01:53:04 +00:00