K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: K3S-HOME:085774cb1e12d389024c202c72fcf9c7a91bb260
Branches Tags
K3S-HOME:main
..
compare: K3S-HOME:4e83ee8242a327b86f0913bd3c8dc2bff2aadfea
Branches Tags
K3S-HOME:main

10 Commits
085774cb1e ... 4e83ee8242

Author SHA1 Message Date
Mayne0213
4e83ee8242 REFACTOR(gitea): move to platform repo 
- Remove gitea Application manifests
- Update kustomization.yaml to exclude gitea
- Gitea now managed by platform repo
 2026-01-10 19:38:54 +09:00
Mayne0213
e5da6a1012 REFACTOR(umami): consolidate ingress into helm values 
- Remove separate ingress manifests
- Define ingress directly in helm-values.yaml
- Remove kustomization ingress reference
 2026-01-10 17:39:36 +09:00
Mayne0213
a2e882853e FIX(umami): remove SSO and use default login 
- Remove disableLogin setting from helm values
- Remove Authelia middleware from ingress
 2026-01-10 17:32:35 +09:00
Mayne0213
b4ae36ae61 FIX(umami): use chart-specific disableLogin setting 
- Use umami.disableLogin instead of env variable
- Set removeDisableLoginEnv to false to preserve env var
 2026-01-10 17:25:01 +09:00
Mayne0213
9c4a95a586 FIX(umami): fix DISABLE_LOGIN env variable syntax 
- Change env format from map to list style
- Use proper Kubernetes env var specification
 2026-01-10 17:15:26 +09:00
Mayne0213
84312ce9e4 PERF(applications): adjust resources based on VPA 
- Update homer cpu 15m→11m, memory 100Mi→50Mi
- Update code-server memory 512Mi→215Mi
- Update docusaurus cpu 10m→15m
- Update gitea cpu 15m→63m, memory 200Mi→237Mi
- Update umami memory 384Mi→283Mi
- Update mas memory 150Mi→175Mi
 2026-01-10 14:35:21 +09:00
Mayne0213
5890f09ada PERF(apps): reduce replicas to 1 
- Reduce docusaurus, headlamp, umami replicas to 1
 2026-01-10 13:31:34 +09:00
Mayne0213
93d629160d FIX(gitea): use Recreate strategy 
- SQLite and LevelDB require exclusive file access
- RollingUpdate causes lock conflicts with two pods
 2026-01-10 13:24:31 +09:00
Mayne0213
886e4e36c0 PERF(apps): reduce replicas to 1 
- Reduce Homer replicas from 2 to 1
- Reduce MAS replicas from 2 to 1
 2026-01-10 13:15:55 +09:00
Mayne0213
da0cdbecb2 PERF(gitea): force master placement, add priority 
- Add nodeSelector for control-plane node
- Keep tolerations for control-plane taint
- Add high-priority PriorityClass
 2026-01-10 13:14:07 +09:00
13 changed files with 33 additions and 374 deletions
Expand all files Collapse all files

4
code-server/helm-values.yaml
View File

@@ -44,9 +44,9 @@ service:
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 512Mi memory: 215Mi
limits: limits:
memory: 512Mi memory: 215Mi
# Security context # Security context
securityContext: securityContext:

4
docusaurus/helm-values.yaml
View File

@@ -11,7 +11,7 @@ image:
imagePullSecrets: imagePullSecrets:
- name: zot-secret - name: zot-secret
replicaCount: 2 replicaCount: 1
containerPort: 80 # nginx containerPort: 80 # nginx
service: service:
@@ -37,7 +37,7 @@ ingress:
resources: resources:
requests: requests:
memory: 100Mi memory: 100Mi
cpu: 10m cpu: 15m
limits: limits:
memory: 100Mi memory: 100Mi

41
gitea/argocd.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://dl.gitea.com/charts/
chart: gitea
targetRevision: 12.4.0
helm:
valueFiles:
- $values/gitea/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/applications.git
targetRevision: main
ref: values
- repoURL: https://github.com/K3S-HOME/applications.git
targetRevision: main
path: gitea
destination:
server: https://kubernetes.default.svc
namespace: gitea
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

125
gitea/helm-values.yaml
View File

@@ -1,125 +0,0 @@
# Gitea Helm Chart Values
# Self-contained deployment with SQLite and local-path storage
# =============================================================================
# DISABLE ALL EXTERNAL DEPENDENCIES
# =============================================================================
postgresql-ha:
enabled: false
postgresql:
enabled: false
valkey-cluster:
enabled: false
valkey:
enabled: false
# =============================================================================
# PERSISTENCE - local-path StorageClass
# =============================================================================
persistence:
enabled: true
create: true
mount: true
size: 10Gi
accessModes:
- ReadWriteOnce
storageClass: local-path-retain
annotations:
helm.sh/resource-policy: keep
# =============================================================================
# ADMIN USER
# =============================================================================
gitea:
admin:
existingSecret: gitea-admin-secret
username: Mayne0213
email: bluemayne0213@icloud.com
passwordMode: keepUpdated
# Gitea configuration (app.ini)
config:
APP_NAME: Gitea - K3S-HOME
server:
DOMAIN: github0213.com
ROOT_URL: https://github0213.com
HTTP_PORT: 3000
SSH_DOMAIN: github0213.com
SSH_PORT: 22
SSH_LISTEN_PORT: 2222
LFS_START_SERVER: true
database:
DB_TYPE: sqlite3
PATH: /data/gitea/gitea.db
SQLITE_TIMEOUT: 500
SQLITE_JOURNAL_MODE: WAL
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level
security:
INSTALL_LOCK: true
service:
DISABLE_REGISTRATION: false
REQUIRE_SIGNIN_VIEW: false
DEFAULT_KEEP_EMAIL_PRIVATE: true
log:
MODE: console
LEVEL: info
# =============================================================================
# INGRESS
# =============================================================================
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: github0213.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: github-tls
hosts:
- github0213.com
# =============================================================================
# RESOURCES
# =============================================================================
resources:
requests:
cpu: 15m
memory: 200Mi
limits:
memory: 200Mi
# =============================================================================
# POD CONFIGURATION
# =============================================================================
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
# =============================================================================
# SSH SERVICE
# =============================================================================
service:
ssh:
type: ClusterIP
port: 22

5
gitea/kustomization.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- redirect.yaml
namespace: gitea

70
gitea/redirect.yaml
View File

@@ -1,70 +0,0 @@
# Traefik Middleware for GitHub redirect
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-github
namespace: gitea
spec:
redirectRegex:
regex: ".*"
replacement: "https://github.com/mayne0213"
permanent: true
---
# IngressRoute for HTTPS
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-redirect-https
namespace: gitea
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
kind: Rule
middlewares:
- name: redirect-to-github
services:
- name: noop@internal
kind: TraefikService
tls:
secretName: gitea-tls
domains:
- main: gitea0213.kro.kr
sans:
- www.gitea0213.kro.kr
---
# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub)
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-redirect-http
namespace: gitea
spec:
entryPoints:
- web
routes:
- match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
kind: Rule
middlewares:
- name: redirect-to-github
services:
- name: noop@internal
kind: TraefikService
---
# Certificate for TLS
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-certificate
namespace: gitea
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- gitea0213.kro.kr
- www.gitea0213.kro.kr

2
headlamp/helm-values.yaml
View File

@@ -1,6 +1,6 @@
# Headlamp Helm Values # Headlamp Helm Values
replicaCount: 2 replicaCount: 1
image: image:
registry: ghcr.io registry: ghcr.io

8
homer/helm-values.yaml
View File

@@ -3,7 +3,7 @@
controllers: controllers:
main: main:
replicas: 2 replicas: 1
initContainers: initContainers:
copy-homer-files: copy-homer-files:
image: image:
@@ -36,10 +36,10 @@ controllers:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:
cpu: 15m cpu: 11m
memory: 100Mi memory: 50Mi
limits: limits:
memory: 100Mi memory: 50Mi
pod: pod:
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:

1
kustomization.yaml
View File

@@ -5,7 +5,6 @@ resources:
# Self-reference for App of Apps pattern # Self-reference for App of Apps pattern
- application.yaml - application.yaml
- gitea/argocd.yaml
- homer/argocd.yaml - homer/argocd.yaml
- docusaurus/argocd.yaml - docusaurus/argocd.yaml
- code-server/argocd.yaml - code-server/argocd.yaml

6
mas/helm-values.yaml
View File

@@ -12,7 +12,7 @@ serviceAccount:
controllers: controllers:
main: main:
replicas: 2 replicas: 1
strategy: RollingUpdate strategy: RollingUpdate
rollingUpdate: rollingUpdate:
unavailable: 0 unavailable: 0
@@ -46,9 +46,9 @@ controllers:
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 150Mi memory: 175Mi
limits: limits:
memory: 150Mi memory: 175Mi
probes: probes:
startup: startup:
enabled: true enabled: true

29
umami/helm-values.yaml
View File

@@ -26,12 +26,25 @@ envFrom:
- secretRef: - secretRef:
name: umami-password name: umami-password
# Disable login (using Authelia for authentication)
env:
DISABLE_LOGIN: "1"
ingress: ingress:
enabled: false # Will use our main ingress enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: umami0213.kro.kr
paths:
- path: /
pathType: Prefix
- host: www.umami0213.kro.kr
paths:
- path: /
pathType: Prefix
tls:
- secretName: umami-tls
hosts:
- umami0213.kro.kr
- www.umami0213.kro.kr
service: service:
type: ClusterIP type: ClusterIP
@@ -40,11 +53,11 @@ service:
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 384Mi memory: 283Mi
limits: limits:
memory: 384Mi memory: 283Mi
replicaCount: 2 replicaCount: 1
# Autoscaling # Autoscaling
autoscaling: autoscaling:

1
umami/kustomization.yaml
View File

@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- manifests/secret.yaml - manifests/secret.yaml
- manifests/ingress.yaml

111
umami/manifests/ingress.yaml
View File

@@ -1,111 +0,0 @@
# Public Ingress - Share URLs and required resources (no auth required)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: umami-share
namespace: umami
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: traefik
tls:
- hosts:
- umami0213.kro.kr
secretName: umami-tls
rules:
- host: umami0213.kro.kr
http:
paths:
# Share page
- path: /share
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Share API
- path: /api/share
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Websites API (used by share page)
- path: /api/websites
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Next.js static files
- path: /_next
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Internationalization (language files)
- path: /intl
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
# Tracking script (also public)
- path: /script.js
pathType: Exact
backend:
service:
name: umami
port:
number: 3000
# Tracking API (required for script.js to send data)
- path: /api/send
pathType: Exact
backend:
service:
name: umami
port:
number: 3000
---
# Protected Ingress - Dashboard (Authelia SSO required)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: umami-ingress
namespace: umami
annotations:
traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
spec:
ingressClassName: traefik
tls:
- hosts:
- umami0213.kro.kr
- www.umami0213.kro.kr
secretName: umami-tls
rules:
- host: umami0213.kro.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000
- host: www.umami0213.kro.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: umami
port:
number: 3000