22 Commits

Author	SHA1	Message	Date
micqdf	0625eee297	fix: uninstall failed observability upgrades	2026-04-26 18:46:07 +00:00
micqdf	499a3462e7	fix: seed observability dependencies	2026-04-26 10:32:25 +00:00
micqdf	a6071c504b	fix: point Promtail at Loki service	2026-04-25 03:43:23 +00:00
micqdf	757d88ed52	fix: use cached Promtail images when available	2026-04-25 03:25:44 +00:00
micqdf	15defc686f	fix: allow slow Promtail image pulls	2026-04-25 03:10:47 +00:00
micqdf	bc87a7ca43	fix: avoid immutable observability PVC changes	2026-04-25 02:25:40 +00:00
micqdf	bfcf57bcc5	fix: enforce post-deploy health checks	2026-04-25 02:22:16 +00:00
micqdf	9126de1423	fix: Align Prometheus external URL with Tailscale service port ... Prometheus is exposed on port 9090 through the Tailscale LoadBalancer service, so the configured external URL and repo docs should match the actual address users reach after rebuilds.	2026-04-18 17:11:16 +00:00
micqdf	68dbd2e5b7	fix: Reserve Tailscale service hostnames and tag exposed proxies ... Reserve grafana/prometheus/flux alongside rancher during rebuild cleanup so stale tailnet devices do not force -1 hostnames. Tag the exposed Tailscale services so operator-managed proxies are provisioned with explicit prod/service tags from the tailnet policy.	2026-04-18 05:48:26 +00:00
micqdf	ceefcc3b29	cleanup: Remove obsolete port-forwarding, deferred Traefik files, and CI workaround ... - Remove ansible/roles/private-access/ (replaced by Tailscale LB services) - Remove deferred observability ingress/traefik files (replaced by direct Tailscale LBs) - Remove orphaned kustomization-traefik-config.yaml (no backing directory) - Simplify CI: remove SA patch + job deletion workaround for rancher-backup (now handled by postRenderer in HelmRelease) - Update AGENTS.md to reflect current architecture	2026-04-02 01:21:23 +00:00
micqdf	ea2d534171	fix: Use admin.existingSecret for Grafana creds from Doppler ... Revert to idiomatic Grafana chart approach. ExternalSecret creates the secret with admin-user/admin-password keys before Grafana's first start on fresh cluster creation.	2026-04-01 01:41:49 +00:00
micqdf	a1b9fe6aa6	fix: Use Flux valuesFrom to inject Doppler Grafana creds as Helm values ... Switch from admin.existingSecret to valuesFrom so Flux reads the Doppler-managed secret and injects credentials as standard Helm values.	2026-03-31 23:40:54 +00:00
micqdf	33765657ec	fix: Correct pod selectors for Prometheus and Flux Tailscale services, use Doppler for Grafana creds ... Prometheus needs operator.prometheus.io/name label selector. Flux UI pods are labeled gitops-server not weave-gitops. Grafana now reads admin creds from Doppler via ExternalSecret instead of hardcoded values.	2026-03-31 22:54:57 +00:00
micqdf	b8f64fa952	feat: Expose Grafana, Prometheus, and Flux UI via Tailscale LoadBalancer services ... Replace Ansible port-forwarding + tailscale serve with direct Tailscale LB services matching the existing Rancher pattern. Each service gets its own tailnet hostname (grafana/prometheus/flux.silverside-gopher.ts.net).	2026-03-31 08:53:28 +00:00
micqdf	d446e86ece	fix: use static grafana password, remove externalsecret dependency	2026-03-22 00:43:21 +00:00
micqdf	90c7f565e0	fix: remove tailscale ingress dependencies from observability	2026-03-22 00:42:35 +00:00
micqdf	6f2e056b98	feat: sync runtime secrets from doppler	2026-03-09 00:25:41 +00:00
micqdf	e10a70475f	fix: right-size flux observability workloads	2026-03-08 05:17:22 +00:00
micqdf	7c15ac5846	feat: add flux ui on shared tailscale endpoint	2026-03-07 12:30:17 +00:00
micqdf	4c104f74e8	feat: route observability through one tailscale endpoint	2026-03-07 01:04:03 +00:00
micqdf	06c1356f1e	feat: expose flux observability services over tailscale	2026-03-05 00:43:29 +00:00
micqdf	8b403cd1d6	feat: migrate observability stack to flux gitops	2026-03-04 23:38:40 +00:00