C0: wave-1 decommission follow-ups (argocd admin RBAC, teslamate probe)

- argocd: grant local break-glass admin the admin role (g, admin, role:admin); previously only the Authentik admins group had access, locking out admin once its token expired (policy.default is unset). - alloy-k8s: repoint the teslamate blackbox probe from the deleted minikube service to https://tesla.ops.eblu.me/ (Caddy over Tailscale), like immich. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-03 13:02:05 -07:00 · 2026-06-03 13:02:05 -07:00 · eaa899cfc6
commit eaa899cfc6
parent 46f0002178
3 changed files with 14 additions and 1 deletions
--- a/argocd/manifests/alloy-k8s/config.alloy
+++ b/argocd/manifests/alloy-k8s/config.alloy
@ -191,8 +191,9 @@ prometheus.exporter.blackbox "services" {
  }

  target {
+    // Migrated to ringtail (wave-1); probe through Caddy over Tailscale.
    name    = "teslamate"
-    address = "http://teslamate.teslamate.svc.cluster.local:4000/"
+    address = "https://tesla.ops.eblu.me/"
    module  = "http_2xx"
  }