unkinben
6b6aa5fd48
fix: correct external-dns target IP to 198.18.200.4
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
2026-05-23 00:20:42 +10:00
unkinben
d787ebd117
fix(paperclip): add traefik.io/instance label to Gateway
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
2026-05-23 00:19:08 +10:00
unkinben
43081f8e74
feat(paperclip): migrate Ingress to Gateway API
...
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal
GatewayClass. TLS is terminated at the Gateway listener via cert-manager.
2026-05-22 00:11:47 +10:00
unkinben
260b2d4364
chore: mount vault CA cert for Node.js TLS trust in paperclip ( #108 )
...
Mount the vault-ca-cert secret and set NODE_EXTRA_CA_CERTS so Node.js
trusts the internal CA chain when making outbound TLS connections.
Reviewed-on: #108
2026-05-03 00:10:08 +10:00
unkinben
156b545249
fix: set Host header on paperclip health probes to bypass hostname guard ( #107 )
...
The privateHostnameGuard middleware blocks requests where the Host header
is not in the allowlist. Kubelet httpGet probes use the pod IP as the
Host header, which is never in the allowlist. Setting Host: localhost
ensures probes are always permitted.
Reviewed-on: #107
2026-05-02 23:01:59 +10:00
unkinben
0883f327e9
chore: update trusted hostnames ( #106 )
...
- remove scheme from paperclip.k8s..
- add localhost (what probe is hitting)
Reviewed-on: #106
2026-05-02 22:40:21 +10:00
unkinben
04b7c04366
chore: fix livenessProbe for paperclip ( #105 )
...
Reviewed-on: #105
2026-05-02 22:28:52 +10:00
unkinben
9914186fd5
chore: additional papaerclip environemnt variables ( #104 )
...
https://github.com/paperclipai/paperclip/issues/3121
Reviewed-on: https://git.unkin.net/unkin/argocd-apps/pulls/104
2026-05-02 22:11:38 +10:00
unkinben
f55b7065f1
fix: rename pgpooler to include rw ( #103 )
...
- undo previous change (target pgcluster name)
- actually rename the pgpooler
Reviewed-on: #103
2026-05-02 21:39:51 +10:00
unkinben
87a5a271c3
fix: set pgpooler name to include -rw ( #102 )
...
- this matches the credentials set for paperclip
Reviewed-on: #102
2026-05-02 21:35:23 +10:00
unkinben
e156cd10bd
feat: deploy paperclip to au-syd1 via ArgoCD (aitooling project) ( #100 )
...
Adds base manifests and au-syd1 overlay for Paperclip (AI agent
orchestration platform), following the litellm deployment pattern.
Updates aitooling ApplicationSet to include the paperclip path.
Closes #99
Reviewed-on: #100
2026-05-02 21:27:51 +10:00