blumeops

History

Erich Blume 0e2c10176d Harden zot registry, pt 1 (#231 ) ## Summary - Enable OIDC + API key authentication on zot with anonymous pull preserved - Enforce tag immutability for version tags - Adopt commit-SHA-based container image tagging Details in the [[harden-zot-registry]] Mikado chain (`mise run docs-mikado harden-zot-registry`). ## Test plan - [ ] Anonymous pull still works - [ ] Unauthenticated push fails (401) - [ ] CI container builds pass with new auth and tagging - [ ] `mise run services-check` passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/231		2026-02-20 22:50:01 -08:00
..
authentik	Harden zot registry, pt 1 (#231 )	2026-02-20 22:50:01 -08:00
configuration	Review: update-documentation doc (#220 )	2026-02-19 17:40:05 -08:00
deployment	Harden zot registry, pt 1 (#231 )	2026-02-20 22:50:01 -08:00
knowledgebase	Replace Homepage Helm chart with kustomize manifests and custom Dockerfile (#221 )	2026-02-19 18:29:19 -08:00
operations	Review gandi-operations doc and reorganize how-to guides (#200 )	2026-02-17 07:29:33 -08:00
plans	Create C2 Mikado cards for harden-zot-registry (#229 )	2026-02-20 17:56:25 -08:00
zot	Harden zot registry, pt 1 (#231 )	2026-02-20 22:50:01 -08:00
agent-change-process.md	Deploy Authentik identity provider (C2 Mikado) (#227 )	2026-02-20 12:55:59 -08:00
how-to.md	Harden zot registry, pt 1 (#231 )	2026-02-20 22:50:01 -08:00