|
|
2fa92f8635
|
docs: comprehensive documentation + developer experience polish
New files:
CONTRIBUTING.md — dev setup, code style, PR process
CLAUDE.md — workspace context for Claude Code
Makefile — build, test, lint, fmt, docker, helm-lint, dev, ci
.editorconfig — consistent formatting
rustfmt.toml — Rust formatting config
docs/kubernetes.md — Helm install, values, architecture
docs/bascule-shell.md — client shell install, config, TPM
charts/bascule/README.md — Helm quick start
Updated:
README.md — accurate feature matrix, clear shipped vs planned
config/bascule.example.toml — full reference (72 lines, all fields)
All 15 README links verified valid.
Helm lint clean. Build passes. 0 substrate deps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
2026-04-05 10:53:08 -04:00 |
|
|
|
9dc5cb9eee
|
feat: Kubernetes native integration — Helm chart + K8s/SPIFFE config
Helm chart (charts/bascule/):
Deployment with shell sidecar container (shared jumphost model)
Service (LoadBalancer/NodePort/ClusterIP)
ConfigMap with auto-generated config.toml
RBAC (Role + RoleBinding for pods/exec)
NetworkPolicy (restrict shell egress, allow DNS + K8s API)
ServiceAccount with create flag
Configurable shell image (k8s-ops, net-ops, dev, minimal)
Helm lint passes clean
K8s backend config (bascule-core):
[k8s] section: enabled, namespace, pod_name, shell_container, shell
Auto-detection via POD_NAME/POD_NAMESPACE env vars (downward API)
Backend priority: K8s > proxy > container > local PTY
K8s exec implementation deferred to --features k8s (kube crate)
SPIFFE/SPIRE auth config:
[auth.spiffe] section: trust_domain, trust_bundle_path, workload_api_socket
JWT-SVID token-as-password authentication pattern
Implementation deferred to bascule-auth-spiffe crate
Zero substrate dependencies. Default build unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
2026-04-05 10:23:09 -04:00 |
|
