net-kingdom

Files

Bernd Worsch 23e0b43318 fix(netpol): allow Traefik→ACME solver pods; mark T02–T07 done on RAILIANCE01

Added allow-traefik-to-acme-solver NetworkPolicy to sso and mfa namespaces.
The default-deny-all policy was blocking HTTP-01 challenge traffic from Traefik
to the cert-manager solver pods, causing all TLS certs to stay pending (502).

Workplan NK-WP-0003 updated: T02, T03, T04, T05, T06, T07, T08a all done on
RAILIANCE01 as of 2026-03-25. T08 (e2e auth test) is now unblocked.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-25 11:49:26 +00:00

NK-WP-0001-sso-mfa-platform.md

chore(workplans): revise workplans post NK-WP-0005

2026-03-21 08:47:44 +00:00

NK-WP-0002-local-identity.md

feat(sso-mfa): T03 PostgreSQL manifests (NK-WP-0001-T03)

2026-03-05 09:22:13 +01:00

NK-WP-0003-keycape-privacyidea-cluster-deployment.md

fix(netpol): allow Traefik→ACME solver pods; mark T02–T07 done on RAILIANCE01

2026-03-25 11:49:26 +00:00

NK-WP-0004-credential-management-foundation.md

chore(consistency): NK-WP-0004 complete — correct regressed task statuses

2026-03-21 09:19:37 +01:00

NK-WP-0005-agent-driven-credential-bootstrap.md

chore(workplans): revise workplans post NK-WP-0005

2026-03-21 08:47:44 +00:00