Erich Blume
0e2c10176d
## Summary - Enable OIDC + API key authentication on zot with anonymous pull preserved - Enforce tag immutability for version tags - Adopt commit-SHA-based container image tagging Details in the [[harden-zot-registry]] Mikado chain (`mise run docs-mikado harden-zot-registry`). ## Test plan - [ ] Anonymous pull still works - [ ] Unauthenticated push fails (401) - [ ] CI container builds pass with new auth and tagging - [ ] `mise run services-check` passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/231 |
||
|---|---|---|
| .. | ||
| build-authentik-container.md | ||
| create-authentik-secrets.md | ||
| deploy-authentik.md | ||
| migrate-grafana-to-authentik.md | ||
| provision-authentik-database.md | ||