Erich Blume
eaa899cfc6
- argocd: grant local break-glass admin the admin role (g, admin, role:admin); previously only the Authentik admins group had access, locking out admin once its token expired (policy.default is unset). - alloy-k8s: repoint the teslamate blackbox probe from the deleted minikube service to https://tesla.ops.eblu.me/ (Caddy over Tailscale), like immich. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
513 B
513 B
Fix three follow-ups from the wave-1 decommission: grant the local
break-glass admin account ArgoCD admin rights (g, admin, role:admin —
previously only the Authentik admins group had access, so admin was
locked out whenever its token expired), and repoint the alloy blackbox
probe for teslamate from the deleted minikube service to
https://tesla.ops.eblu.me/ (through Caddy over Tailscale). The orphaned
paperless/teslamate roles + ExternalSecrets left on the minikube
blumeops-pg are also cleaned up.