K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: K3S-HOME:085774cb1e12d389024c202c72fcf9c7a91bb260
Branches Tags
K3S-HOME:main
...
compare: K3S-HOME:main
Branches Tags
K3S-HOME:main

16 Commits
085774cb1e ... main

Author SHA1 Message Date
Mayne0213
6f8346ebdf PERF(applications): remove CPU limits for stability 
- Remove CPU limits from docusaurus, headlamp, homer, mas
- Prevents CPU throttling issues
 2026-01-12 02:27:19 +09:00
Mayne0213
9839875e2a PERF(umami,code-server): remove CPU limits for stability 
- umami: increase memory to 600Mi, remove CPU limit
- code-server: increase memory to 302Mi, remove CPU limit
 2026-01-12 02:00:42 +09:00
Mayne0213
0ae70de5bc PERF(umami): increase memory limit to upperBound 
- Memory limit 323Mi was causing OOMKilled
- Increase to 433Mi (VPA upperBound)
 2026-01-12 01:51:37 +09:00
Mayne0213
fcb0413aff PERF(applications): optimize resources via VPA 
- code-server: CPU 15m/15m, memory 225Mi/225Mi
- docusaurus: CPU 10m/16m, memory 50Mi/50Mi
- headlamp: CPU 15m/15m, memory 100Mi/100Mi
- homer: CPU 10m/12m, memory 50Mi/50Mi
- mas: CPU 15m/15m, memory 144Mi/203Mi
- umami: CPU 15m/15m, memory 271Mi/323Mi
 2026-01-12 01:08:46 +09:00
Mayne0213
f812dcc75f refactor: update Vault secret paths to new categorized structure 
- code-server: code-server → applications/code-server
- mas: mas → applications/mas, postgresql → storage/postgresql
- umami: umami → applications/umami
- headlamp: authelia → security/authelia

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 22:36:11 +09:00
Mayne0213
58455b689f migrate: change repoURLs from GitHub to Gitea 
Update all ArgoCD Application references to use Gitea (github0213.com)
instead of GitHub for K3S-HOME/applications repository.
Also update docusaurus to use gitea-creds for Image Updater write-back.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 20:43:26 +09:00
Mayne0213
4e83ee8242 REFACTOR(gitea): move to platform repo 
- Remove gitea Application manifests
- Update kustomization.yaml to exclude gitea
- Gitea now managed by platform repo
 2026-01-10 19:38:54 +09:00
Mayne0213
e5da6a1012 REFACTOR(umami): consolidate ingress into helm values 
- Remove separate ingress manifests
- Define ingress directly in helm-values.yaml
- Remove kustomization ingress reference
 2026-01-10 17:39:36 +09:00
Mayne0213
a2e882853e FIX(umami): remove SSO and use default login 
- Remove disableLogin setting from helm values
- Remove Authelia middleware from ingress
 2026-01-10 17:32:35 +09:00
Mayne0213
b4ae36ae61 FIX(umami): use chart-specific disableLogin setting 
- Use umami.disableLogin instead of env variable
- Set removeDisableLoginEnv to false to preserve env var
 2026-01-10 17:25:01 +09:00
Mayne0213
9c4a95a586 FIX(umami): fix DISABLE_LOGIN env variable syntax 
- Change env format from map to list style
- Use proper Kubernetes env var specification
 2026-01-10 17:15:26 +09:00
Mayne0213
84312ce9e4 PERF(applications): adjust resources based on VPA 
- Update homer cpu 15m→11m, memory 100Mi→50Mi
- Update code-server memory 512Mi→215Mi
- Update docusaurus cpu 10m→15m
- Update gitea cpu 15m→63m, memory 200Mi→237Mi
- Update umami memory 384Mi→283Mi
- Update mas memory 150Mi→175Mi
 2026-01-10 14:35:21 +09:00
Mayne0213
5890f09ada PERF(apps): reduce replicas to 1 
- Reduce docusaurus, headlamp, umami replicas to 1
 2026-01-10 13:31:34 +09:00
Mayne0213
93d629160d FIX(gitea): use Recreate strategy 
- SQLite and LevelDB require exclusive file access
- RollingUpdate causes lock conflicts with two pods
 2026-01-10 13:24:31 +09:00
Mayne0213
886e4e36c0 PERF(apps): reduce replicas to 1 
- Reduce Homer replicas from 2 to 1
- Reduce MAS replicas from 2 to 1
 2026-01-10 13:15:55 +09:00
Mayne0213
da0cdbecb2 PERF(gitea): force master placement, add priority 
- Add nodeSelector for control-plane node
- Keep tolerations for control-plane taint
- Add high-priority PriorityClass
 2026-01-10 13:14:07 +09:00
24 changed files with 61 additions and 397 deletions
Expand all files Collapse all files

2
application.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: default project: default
source: source:
repoURL: https://github.com/K3S-HOME/applications.git repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
path: . path: .

4
code-server/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/code-server/helm-values.yaml - $values/code-server/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
path: code-server path: code-server
destination: destination:

6
code-server/helm-values.yaml
View File

@@ -40,13 +40,13 @@ service:
type: ClusterIP type: ClusterIP
port: 8080 port: 8080
# Resource limits # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 512Mi memory: 225Mi
limits: limits:
memory: 512Mi memory: 302Mi
# Security context # Security context
securityContext: securityContext:

2
code-server/manifests/secret.yaml
View File

@@ -14,5 +14,5 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: code-server key: applications/code-server
property: PASSWORD property: PASSWORD

6
docusaurus/argocd.yaml
View File

@@ -9,19 +9,19 @@ metadata:
argocd-image-updater.argoproj.io/image-list: docusaurus=zot0213.kro.kr/docusaurus:latest argocd-image-updater.argoproj.io/image-list: docusaurus=zot0213.kro.kr/docusaurus:latest
argocd-image-updater.argoproj.io/docusaurus.update-strategy: digest argocd-image-updater.argoproj.io/docusaurus.update-strategy: digest
argocd-image-updater.argoproj.io/docusaurus.pull-secret: pullsecret:argocd/zot-creds argocd-image-updater.argoproj.io/docusaurus.pull-secret: pullsecret:argocd/zot-creds
argocd-image-updater.argoproj.io/write-back-method: git:secret:argocd/github-creds argocd-image-updater.argoproj.io/write-back-method: git:secret:argocd/gitea-creds
argocd-image-updater.argoproj.io/git-branch: main argocd-image-updater.argoproj.io/git-branch: main
argocd-image-updater.argoproj.io/docusaurus.helm.image-tag: image.tag argocd-image-updater.argoproj.io/docusaurus.helm.image-tag: image.tag
spec: spec:
project: default project: default
sources: sources:
- repoURL: https://github.com/K3S-HOME/web-apps.git - repoURL: https://github0213.com/K3S-HOME/web-apps.git
targetRevision: main targetRevision: main
path: charts/web-app path: charts/web-app
helm: helm:
valueFiles: valueFiles:
- $values/docusaurus/helm-values.yaml - $values/docusaurus/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
ref: values ref: values
destination: destination:

7
docusaurus/helm-values.yaml
View File

@@ -11,7 +11,7 @@ image:
imagePullSecrets: imagePullSecrets:
- name: zot-secret - name: zot-secret
replicaCount: 2 replicaCount: 1
containerPort: 80 # nginx containerPort: 80 # nginx
service: service:
@@ -34,12 +34,13 @@ ingress:
hosts: hosts:
- docusaurus0213.kro.kr - docusaurus0213.kro.kr
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
memory: 100Mi
cpu: 10m cpu: 10m
memory: 50Mi
limits: limits:
memory: 100Mi memory: 50Mi
healthCheck: healthCheck:
enabled: true enabled: true

41
gitea/argocd.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://dl.gitea.com/charts/
chart: gitea
targetRevision: 12.4.0
helm:
valueFiles:
- $values/gitea/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git
targetRevision: main
ref: values
- repoURL: https://github.com/K3S-HOME/applications.git
targetRevision: main
path: gitea
destination:
server: https://kubernetes.default.svc
namespace: gitea
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

125
gitea/helm-values.yaml
View File

@@ -1,125 +0,0 @@
# Gitea Helm Chart Values
# Self-contained deployment with SQLite and local-path storage
# =============================================================================
# DISABLE ALL EXTERNAL DEPENDENCIES
# =============================================================================
postgresql-ha:
enabled: false
postgresql:
enabled: false
valkey-cluster:
enabled: false
valkey:
enabled: false
# =============================================================================
# PERSISTENCE - local-path StorageClass
# =============================================================================
persistence:
enabled: true
create: true
mount: true
size: 10Gi
accessModes:
- ReadWriteOnce
storageClass: local-path-retain
annotations:
helm.sh/resource-policy: keep
# =============================================================================
# ADMIN USER
# =============================================================================
gitea:
admin:
existingSecret: gitea-admin-secret
username: Mayne0213
email: bluemayne0213@icloud.com
passwordMode: keepUpdated
# Gitea configuration (app.ini)
config:
APP_NAME: Gitea - K3S-HOME
server:
DOMAIN: github0213.com
ROOT_URL: https://github0213.com
HTTP_PORT: 3000
SSH_DOMAIN: github0213.com
SSH_PORT: 22
SSH_LISTEN_PORT: 2222
LFS_START_SERVER: true
database:
DB_TYPE: sqlite3
PATH: /data/gitea/gitea.db
SQLITE_TIMEOUT: 500
SQLITE_JOURNAL_MODE: WAL
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level
security:
INSTALL_LOCK: true
service:
DISABLE_REGISTRATION: false
REQUIRE_SIGNIN_VIEW: false
DEFAULT_KEEP_EMAIL_PRIVATE: true
log:
MODE: console
LEVEL: info
# =============================================================================
# INGRESS
# =============================================================================
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: github0213.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: github-tls
hosts:
- github0213.com
# =============================================================================
# RESOURCES
# =============================================================================
resources:
requests:
cpu: 15m
memory: 200Mi
limits:
memory: 200Mi
# =============================================================================
# POD CONFIGURATION
# =============================================================================
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
# =============================================================================
# SSH SERVICE
# =============================================================================
service:
ssh:
type: ClusterIP
port: 22

5
gitea/kustomization.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- redirect.yaml
namespace: gitea

70
gitea/redirect.yaml
View File

@@ -1,70 +0,0 @@
# Traefik Middleware for GitHub redirect
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-github
namespace: gitea
spec:
redirectRegex:
regex: ".*"
replacement: "https://github.com/mayne0213"
permanent: true
---
# IngressRoute for HTTPS
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-redirect-https
namespace: gitea
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
kind: Rule
middlewares:
- name: redirect-to-github
services:
- name: noop@internal
kind: TraefikService
tls:
secretName: gitea-tls
domains:
- main: gitea0213.kro.kr
sans:
- www.gitea0213.kro.kr
---
# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub)
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-redirect-http
namespace: gitea
spec:
entryPoints:
- web
routes:
- match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
kind: Rule
middlewares:
- name: redirect-to-github
services:
- name: noop@internal
kind: TraefikService
---
# Certificate for TLS
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-certificate
namespace: gitea
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- gitea0213.kro.kr
- www.gitea0213.kro.kr

4
headlamp/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/headlamp/helm-values.yaml - $values/headlamp/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
path: headlamp path: headlamp
destination: destination:

3
headlamp/helm-values.yaml
View File

@@ -1,6 +1,6 @@
# Headlamp Helm Values # Headlamp Helm Values
replicaCount: 2 replicaCount: 1
image: image:
registry: ghcr.io registry: ghcr.io
@@ -19,6 +19,7 @@ service:
type: ClusterIP type: ClusterIP
port: 80 port: 80
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m

2
headlamp/manifests/external-secret.yaml
View File

@@ -23,5 +23,5 @@ spec:
data: data:
- secretKey: clientSecret - secretKey: clientSecret
remoteRef: remoteRef:
key: authelia key: security/authelia
property: HEADLAMP_CLIENT_SECRET property: HEADLAMP_CLIENT_SECRET

4
homer/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/homer/helm-values.yaml - $values/homer/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
path: homer path: homer
destination: destination:

11
homer/helm-values.yaml
View File

@@ -3,7 +3,7 @@
controllers: controllers:
main: main:
replicas: 2 replicas: 1
initContainers: initContainers:
copy-homer-files: copy-homer-files:
image: image:
@@ -22,7 +22,7 @@ controllers:
- sh - sh
- -c - -c
- | - |
git clone --depth 1 --branch main https://github.com/K3S-HOME/applications.git /tmp/repo git clone --depth 1 --branch main https://github0213.com/K3S-HOME/applications.git /tmp/repo
rm -rf /www/assets rm -rf /www/assets
cp -r /tmp/repo/homer/assets /www/assets cp -r /tmp/repo/homer/assets /www/assets
cp /config/config.yml /www/assets/config.yml cp /config/config.yml /www/assets/config.yml
@@ -34,12 +34,13 @@ controllers:
repository: b4bz/homer repository: b4bz/homer
tag: latest tag: latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 10m
memory: 100Mi memory: 50Mi
limits: limits:
memory: 100Mi memory: 50Mi
pod: pod:
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:

1
kustomization.yaml
View File

@@ -5,7 +5,6 @@ resources:
# Self-reference for App of Apps pattern # Self-reference for App of Apps pattern
- application.yaml - application.yaml
- gitea/argocd.yaml
- homer/argocd.yaml - homer/argocd.yaml
- docusaurus/argocd.yaml - docusaurus/argocd.yaml
- code-server/argocd.yaml - code-server/argocd.yaml

4
mas/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/mas/helm-values.yaml - $values/mas/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
path: mas path: mas
destination: destination:

7
mas/helm-values.yaml
View File

@@ -12,7 +12,7 @@ serviceAccount:
controllers: controllers:
main: main:
replicas: 2 replicas: 1
strategy: RollingUpdate strategy: RollingUpdate
rollingUpdate: rollingUpdate:
unavailable: 0 unavailable: 0
@@ -43,12 +43,13 @@ controllers:
POSTGRES_PORT: "5432" POSTGRES_PORT: "5432"
POSTGRES_USER: "bluemayne" POSTGRES_USER: "bluemayne"
REDIS_URL: "redis://redis:6379/0" REDIS_URL: "redis://redis:6379/0"
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 150Mi memory: 144Mi
limits: limits:
memory: 150Mi memory: 203Mi
probes: probes:
startup: startup:
enabled: true enabled: true

4
mas/manifests/external-secret.yaml
View File

@@ -13,7 +13,7 @@ spec:
data: data:
- secretKey: anthropic-api-key - secretKey: anthropic-api-key
remoteRef: remoteRef:
key: mas key: applications/mas
property: ANTHROPIC_API_KEY property: ANTHROPIC_API_KEY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -31,5 +31,5 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: postgresql key: storage/postgresql
property: PASSWORD property: PASSWORD

4
umami/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/umami/helm-values.yaml - $values/umami/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/applications.git - repoURL: https://github0213.com/K3S-HOME/applications.git
targetRevision: main targetRevision: main
path: umami path: umami
destination: destination:

30
umami/helm-values.yaml
View File

@@ -26,25 +26,39 @@ envFrom:
- secretRef: - secretRef:
name: umami-password name: umami-password
# Disable login (using Authelia for authentication)
env:
DISABLE_LOGIN: "1"
ingress: ingress:
enabled: false # Will use our main ingress enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: umami0213.kro.kr
paths:
- path: /
pathType: Prefix
- host: www.umami0213.kro.kr
paths:
- path: /
pathType: Prefix
tls:
- secretName: umami-tls
hosts:
- umami0213.kro.kr
- www.umami0213.kro.kr
service: service:
type: ClusterIP type: ClusterIP
port: 3000 port: 3000
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 384Mi memory: 271Mi
limits: limits:
memory: 384Mi memory: 600Mi
replicaCount: 2 replicaCount: 1
# Autoscaling # Autoscaling
autoscaling: autoscaling:

1
umami/kustomization.yaml
View File

@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- manifests/secret.yaml - manifests/secret.yaml
- manifests/ingress.yaml

111
umami/manifests/ingress.yaml
View File

@@ -1,111 +0,0 @@
# Public Ingress - Share URLs and required resources (no auth required)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: umami-share
namespace: umami
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: traefik
tls:
- hosts:
- umami0213.kro.kr
secretName: umami-tls
rules:
- host: umami0213.kro.kr
http:
paths:
# Share page
- path: /share
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Share API
- path: /api/share
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Websites API (used by share page)
- path: /api/websites
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Next.js static files
- path: /_next
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Internationalization (language files)
- path: /intl
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Tracking script (also public)
- path: /script.js
pathType: Exact
backend:
service:
name: umami
port:
number: 3000
# Tracking API (required for script.js to send data)
- path: /api/send
pathType: Exact
backend:
service:
name: umami
port:
number: 3000
---
# Protected Ingress - Dashboard (Authelia SSO required)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: umami-ingress
namespace: umami
annotations:
traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
spec:
ingressClassName: traefik
tls:
- hosts:
- umami0213.kro.kr
- www.umami0213.kro.kr
secretName: umami-tls
rules:
- host: umami0213.kro.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
- host: www.umami0213.kro.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000

4
umami/manifests/secret.yaml
View File

@@ -14,9 +14,9 @@ spec:
data: data:
- secretKey: database-url - secretKey: database-url
remoteRef: remoteRef:
key: umami key: applications/umami
property: DATABASE_URL property: DATABASE_URL
- secretKey: hash-salt - secretKey: hash-salt
remoteRef: remoteRef:
key: umami key: applications/umami
property: HASH_SALT property: HASH_SALT