2 docs tagged with "cloudflare-tunnel"

Lock the Azure compute landing zone for sv0-platform: westeurope, IaaS primitives only, Cloudflare Tunnel ingress (no public IPs / no Azure LB), HA prod fleet across two zones, ephemeral per-PR VMs, OIDC-federated TF auth, and a cloud-portability rule set that keeps the design migratable to AWS/GCP.

Implementation plan for ADR-022: current Hetzner inventory, target Azure topology, five-phase migration sequencing, secrets delivery via Key Vault + Managed Identity, and the executable break-glass procedure for the case where TFC is unreachable.