K3S-HOME/platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76 Commits 1 Branch 0 Tags
121d5eb19842ad5a6e85d9d1c12c1d9105dd5d44
Commit Graph

26 Commits

Author SHA1 Message Date
Mayne0213
737873066d feat: increase argocd application-controller CPU request to 250m 2026-01-10 18:02:48 +09:00
Mayne0213
c38b944a96 REVERT(argocd): restore original resource values 
- Keep argocd controller at 126m/1700Mi
- Keep argocd server at 15m/138Mi
- Keep argocd repo-server at 15m/1536Mi
 2026-01-10 14:44:44 +09:00
Mayne0213
d079b8582a PERF(platform): use 20% memory increase instead of VPA 
- Update argocd controller memory 1700Mi→2040Mi (+20%)
- Update argocd server memory 138Mi→166Mi (+20%)
- Update argocd repo-server memory 1536Mi→1843Mi (+20%)
- Update cert-manager memory 96Mi→115Mi (+20%)
- Update cert-manager webhook memory 96Mi→115Mi (+20%)
- Update cert-manager cainjector memory 192Mi→230Mi (+20%)
 2026-01-10 14:37:21 +09:00
Mayne0213
26ca07623e PERF(platform): adjust resources based on VPA 
- Update argocd controller cpu 126m→350m, memory 1700Mi→640Mi
- Update argocd server memory 138Mi→121Mi
- Update argocd repo-server cpu 15m→49m, memory 1536Mi→933Mi
- Update argocd-image-updater cpu 10m→15m, memory 64Mi→100Mi
- Update cert-manager cpu 23m→15m, memory 96Mi→100Mi
- Update cert-manager webhook cpu 23m→15m, memory 96Mi→100Mi
- Update cert-manager cainjector cpu 23m→15m, memory 192Mi→237Mi
 2026-01-10 14:31:28 +09:00
Mayne0213
187d6aa668 PERF(argocd): increase repo-server memory 
- Increase memory from 960Mi to 1536Mi
- Prevent OOM during manifest generation
 2026-01-10 13:26:40 +09:00
Mayne0213
52c66f51ae PERF(argocd): move to workers, add high priority 
- Remove nodeSelector forcing control-plane placement
- Remove tolerations from ArgoCD and image-updater
- Add high-priority PriorityClass
 2026-01-10 13:14:07 +09:00
Mayne0213
03ca19b771 feat(argocd): enable ServiceMonitor for metrics collection 
- Add serviceMonitor.enabled: true to controller, server, repoServer
- Allows Prometheus to scrape ArgoCD metrics

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 03:36:29 +09:00
Mayne0213
97fd010eb8 FIX(argocd): increase repo-server memory to 960Mi 
- Repo-server was crashing under load with 640Mi limit
- Set both requests and limits to 960Mi
 2026-01-10 01:17:36 +09:00
Mayne0213
56af1a9a17 CHORE(resources): set memory limits equal to memory requests 
- Align memory limits with memory requests for guaranteed QoS class
- argocd: controller, server, repoServer, redis
- traefik: main container
- cert-manager: main, webhook, cainjector
- argocd-image-updater: main container
 2026-01-10 01:17:35 +09:00
Mayne0213
34277fb7e8 FEAT(argocd): enable metrics service endpoints 
- Add controller metrics on port 8082
- Add server metrics on port 8083
- Add repoServer metrics on port 8084
 2026-01-09 21:43:56 +09:00
Mayne0213
4a4ccd0c44 FIX(argocd): use control-plane nodeSelector 
- Change nodeSelector from master to control-plane
- K8s nodes have control-plane: "true" label
- Fix pod scheduling failure

FIX(argocd): use hostname instead of hosts for ingress

- Change from hosts array to hostname string
- Change tls from array to boolean
- Matches argo-cd Helm chart expected format

FIX(argocd): resolve SharedResourceWarning

- Change from including argocd/ folder to argocd/argocd.yaml only
- Namespace and webhook-ingress now managed by argocd app only
- Prevents duplicate resource management between platform and argocd
 2026-01-09 21:43:36 +09:00
Mayne0213
0d38963837 FEAT(argocd): enable GitOps self-management 
- Add ArgoCD Application for Helm chart deployment
- Add helm-values.yaml with custom settings
- Configure GOMEMLIMIT=400MiB, GOGC=50
- Disable reconciliation (webhook only)
- Enable anonymous access (Authelia handles auth)
- Move main ingress to helm-values.yaml
- Add separate webhook-ingress.yaml
- Remove ConfigMap files (now in helm-values)
 2026-01-09 21:43:36 +09:00
Mayne0213
bd1b3c9d85 FIX(argocd): disable app-resync to prevent periodic spikes 
- Set controller.app.resync to 0 (default 180s)
- Rely on webhook + selfHeal only
- Fixes 3-minute periodic reconciliation causing CPU/memory spikes
 2026-01-09 21:43:31 +09:00
Mayne0213
9f46c94dff Disable ArgoCD polling - webhook only 
- Set timeout.reconciliation to 0 (disabled)
- ArgoCD now relies solely on GitHub webhooks for refresh
- Reduces unnecessary reconciliation cycles
 2026-01-07 18:54:15 +09:00
Mayne0213
892b5dc815 FEAT(argocd): add webhook ingress without Authelia 
- Add separate ingress for /api/webhook path
- Exclude Authelia middleware for GitHub webhook
- Enable automatic refresh on git push events
 2026-01-07 16:11:59 +09:00
Mayne0213
045967b265 REFACTOR(argocd): move config files to manifests/ 
- Move namespace.yaml to manifests/
- Move argocd-cm.yaml to manifests/
- Move argocd-rbac-cm.yaml to manifests/
- Move argocd-cmd-params-cm.yaml to manifests/
- Move ingress.yaml to manifests/
 2026-01-06 15:42:19 +09:00
Mayne0213
f62c02a152 REVERT(repo): remove unused controllers yaml 
- ArgoCD deployments are not managed by this repo
- Use 'kubectl scale' to disable unused controllers instead
 2026-01-04 23:28:29 +09:00
Mayne0213
00dcd5aeea CHORE(argocd): disable unused ArgoCD controllers 
- notifications: Not using alerts
- applicationset: Not using ApplicationSet templates
- dex: Using Authelia SSO instead
- Saves ~200-300 MiB memory and removes 3-minute reconciliation loop
 2026-01-04 23:28:29 +09:00
Mayne0213
bce82706d3 CHORE(argocd): set argocd reconciliation interval 
- to 24h
- Reduce memory usage from frequent reconciliation (was 3min default)
- 53 applications checked every 3min caused ~1GiB memory fluctuation
- Manual Refresh/Sync still available when needed
 2026-01-04 23:28:29 +09:00
Mayne0213
408f1cc16b FEAT(authelia): add SSO to Vault and ArgoCD 
- Add Authelia SSO to vault and argocd ingress
- Enable single sign-on authentication
 2026-01-04 23:28:29 +09:00
Mayne0213
d80a212e6e REFACTOR(traefik): switch from HAProxy 
- to Traefik ingress controller
- Update all ingress files to use ingressClassName: traefik
- Update cert-manager ClusterIssuer to use traefik class
- Remove haproxy.org annotations from ingress files
- Update vault helm-values to use traefik
 2026-01-04 23:28:29 +09:00
Mayne0213
a3f5f038b2 FIX(argocd): restore namespace.yaml for ArgoCD 
- Restore namespace configuration for ArgoCD
- Special case for ArgoCD namespace
 2026-01-04 23:28:29 +09:00
Mayne0213
1d7970a42f REFACTOR(goldilocks): use managedNS for labels 
- Remove namespace.yaml files
- Add managedNamespaceMetadata with Goldilocks label
- Set CreateNamespace=true in syncOptions
- Update kustomization.yaml to remove namespace.yaml references
 2026-01-04 23:28:29 +09:00
Mayne0213
ce2ee8d39e REFACTOR(repo): restructure infra folder structure 
- Remove argocd/, helm-values/, ingress/ subdirectories
- Move files to parent directory with standardized names
- Add namespace.yaml to all apps with Goldilocks labels
- Preserve vault/ subdirectories (falco, velero)
- Update main kustomization.yaml to reference argocd.yaml files directly
- Comment out argocd.yaml in each app's kustomization.yaml to prevent
  circular reference

Applications restructured:
- cert-manager (2 ArgoCD apps)
- external-secrets
- reloader
- vault (2 ArgoCD apps)
- velero (2 ArgoCD apps)
- falco
- cnpg
- haproxy
- metallb
- vpa
- argocd
 2025-12-29 02:21:00 +09:00
Mayne0213
157e69d9cb CHORE(traefik): split centralized ingress to per-application 
- Moved ArgoCD ingress to argocd/ingress/
- Moved Velero ingress to velero/ingress/
- Removed centralized ingress/ingresses.yaml
- Each application now manages its own ingress independently
 2025-12-25 20:20:35 +09:00
Mayne0213
bdf974ac3e FEAT(argocd): add argocd insecure mode config 
- Created argocd-cmd-params-cm ConfigMap
- Set server.insecure: true to fix redirect loop
- ArgoCD will run in insecure mode (ingress handles TLS)
 2025-12-25 20:01:19 +09:00