Migration to https://docusaurus.io/Refactor secrets to use OpenBao and external secretsFix services versions (Helm charts, etc.)Continuous Integration / Continuous Deployment (CI/CD)Keycloak for user management and authenticationMigrate internal services authentication to KeycloakMigrate harbor registry db to dedicated PostgreSQL role (as with forgejo and keycloak)Refactor docs to ensure services cnpg roles and dbs are created with the cnpg cluster and not each individuallyDocument Forgejo SSO with KeycloakAlert rules and notifications (Prometheus, Grafana, Alertmanager)DB services access behind a firewall (without kubectl port-forward)Forward AlertManager alerts to Grafana managed alerts- Add ansible playbook for k3s certificate renewal
- Network policies
- Add tutorials for configuring keycloak Nursery realm
- Full cluster disaster recovery (restoring to a new Hetzner project)
- Look for alternatives to MinIO for remote backups (going closed source)
- Bash/Python Jupyter notebook for deploying the cluster and workloads