net-kingdom

coulomb/net-kingdom

Fork 0

generated from coulomb/repo-seed

Commit Graph

Author	SHA1	Message	Date
Bernd Worsch	a375b3814d	fix(sso-mfa): use ipWhiteList for Traefik v2 in LLDAP and privacyIDEA middleware Traefik 2.10 (K3s 1.30 bundle) requires ipWhiteList, not ipAllowList. Updated both middleware files and clarified comments to match cluster version. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-20 07:28:06 +00:00
Bernd Worsch	1d94652ba1	feat(sso-mfa): T04 privacyIDEA manifests (NK-WP-0001-T04) Deploy privacyIDEA (MFA core) in the mfa namespace: - pvc.yaml: privacyidea-data (5Gi) and privacyidea-logs (2Gi) - configmap.yaml: pi.cfg reading secrets from env vars - deployment.yaml: Deployment + ClusterIP Service (port 8080) - middleware.yaml: Traefik RateLimit + admin IP AllowList - ingress.yaml: pink.coulomb.social (portal + admin), pink-account.coulomb.social (self-service) - create-secrets.sh: creates privacyidea-config Secret - enckey-bootstrap.sh: post-deploy key extraction + DR Secrets - bootstrap-admin.sh: pi-admin, trigger-admin, privacyidea-trigger-admin Secret - verify-t04.sh: 8-section done-criteria checker Config points CP-NK-002 (pink.coulomb.social) and CP-NK-003 (pink-account.coulomb.social) registered in CONFIG.md. pink = PrivacyIDEA Net Knights (project mnemonic). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-19 01:22:41 +00:00

Author

SHA1

Message

Date

Bernd Worsch

a375b3814d

fix(sso-mfa): use ipWhiteList for Traefik v2 in LLDAP and privacyIDEA middleware

Traefik 2.10 (K3s 1.30 bundle) requires ipWhiteList, not ipAllowList.
Updated both middleware files and clarified comments to match cluster version.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-20 07:28:06 +00:00

Bernd Worsch

1d94652ba1

feat(sso-mfa): T04 privacyIDEA manifests (NK-WP-0001-T04)

Deploy privacyIDEA (MFA core) in the mfa namespace:
- pvc.yaml: privacyidea-data (5Gi) and privacyidea-logs (2Gi)
- configmap.yaml: pi.cfg reading secrets from env vars
- deployment.yaml: Deployment + ClusterIP Service (port 8080)
- middleware.yaml: Traefik RateLimit + admin IP AllowList
- ingress.yaml: pink.coulomb.social (portal + admin), pink-account.coulomb.social (self-service)
- create-secrets.sh: creates privacyidea-config Secret
- enckey-bootstrap.sh: post-deploy key extraction + DR Secrets
- bootstrap-admin.sh: pi-admin, trigger-admin, privacyidea-trigger-admin Secret
- verify-t04.sh: 8-section done-criteria checker

Config points CP-NK-002 (pink.coulomb.social) and CP-NK-003
(pink-account.coulomb.social) registered in CONFIG.md.

pink = PrivacyIDEA Net Knights (project mnemonic).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-19 01:22:41 +00:00

2 Commits