Erich Blume a8f4d00294 K8s Migration Phase 1: Infrastructure Setup (#29 )

## Summary
- Split k8s migration plan into phases folder for easier navigation
- Added `tag:k8s` to Pulumi ACLs for Kubernetes workloads
- Phase 1 work in progress

## Phase 1 Goals
- Tailscale Kubernetes Operator
- CloudNativePG Operator
- PostgreSQL cluster for future app migrations

## Deployment and Testing
- [ ] Review Phase 1 plan
- [ ] `mise run tailnet-preview` to verify ACL changes
- [ ] `mise run tailnet-up` to apply ACL changes
- [ ] Create Tailscale OAuth client (manual)
- [ ] Deploy operators and PostgreSQL cluster

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/29

2026-01-19 09:49:52 -08:00

749 B

Raw Blame History

Phase 7: Forgejo Migration (Highest Risk)

Goal: Migrate Forgejo to k8s

Status: Pending

Prerequisites: Phase 6 complete

Pre-Migration Checklist

Full borgmatic backup verified
Manual backup of /opt/homebrew/var/forgejo
Document SSH keys and webhooks

Steps

1. Deploy Forgejo via Helm

helm install forgejo forgejo/forgejo \
  --namespace forgejo --create-namespace

2. Migrate data

Stop brew forgejo
Copy data to PVC
Start k8s forgejo

3. Configure Tailscale services

HTTPS 443 via LoadBalancer
SSH port 22 (TCP proxy)

4. Verify all repositories accessible

Rollback

Restore brew forgejo and tailscale serve config

749 B Raw Blame History

Phase 7: Forgejo Migration (Highest Risk)

Pre-Migration Checklist

Steps

1. Deploy Forgejo via Helm

2. Migrate data

3. Configure Tailscale services

4. Verify all repositories accessible

Rollback

749 B

Raw Blame History