77f2da9264
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
Bug #11 (NetworkPolicy): allow-required-egress 缺少 192.168.0.110:22 - K8s Pod 到 110 的 SSH port 22 被 default-deny-all 封鎖 - 自動修復的 SSH_COMMAND Playbook 必然 Connection refused - 修正: 加入 port 22 到 110 的 egress 白名單 Bug #12 (Deployment): repair-ssh-key Secret defaultMode=0400 (root-only) - Pod 以 appuser(UID 1000) 跑,無法讀取 root-owned 的 SSH key - ssh 報錯: "Load key: Permission denied" - 修正: 加入 securityContext.fsGroup=1000,讓 appuser 透過 group read 存取 - 已驗證: Pod 內 ssh → repair-bot-110 → REPAIR_OK:sentry ✅ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>