9f186d6fa2
CHORE(traefik): change deployment to DaemonSet for HA
...
- Change from Deployment with 3 replicas to DaemonSet
- Ensure Traefik runs on every node automatically
2026-01-10 01:17:36 +09:00
97fd010eb8
FIX(argocd): increase repo-server memory to 960Mi
...
- Repo-server was crashing under load with 640Mi limit
- Set both requests and limits to 960Mi
2026-01-10 01:17:36 +09:00
56af1a9a17
CHORE(resources): set memory limits equal to memory requests
...
- Align memory limits with memory requests for guaranteed QoS class
- argocd: controller, server, repoServer, redis
- traefik: main container
- cert-manager: main, webhook, cainjector
- argocd-image-updater: main container
2026-01-10 01:17:35 +09:00
2d5abed20a
CHORE(repo): disable prune for App of Apps safety
...
- Set prune: false to prevent cascade deletion
- Ensure child apps persist if parent is removed
2026-01-09 21:43:56 +09:00
34277fb7e8
FEAT(argocd): enable metrics service endpoints
...
- Add controller metrics on port 8082
- Add server metrics on port 8083
- Add repoServer metrics on port 8084
2026-01-09 21:43:56 +09:00
f80b1be770
CHORE(argocd): remove app-of-apps.yaml
...
- Remove manual deployment file
- Now managed via GitOps
2026-01-09 21:43:56 +09:00
424c296d05
REFACTOR(argocd): consolidate App of Apps into single file
...
- Merge multiple app-of-apps files
- Simplify repository structure
2026-01-09 21:43:56 +09:00
6c387a7f7e
FEAT(argocd): add web-apps Application to platform
...
- Register web-apps repository in App of Apps
2026-01-09 21:43:56 +09:00
4a4ccd0c44
FIX(argocd): use control-plane nodeSelector
...
- Change nodeSelector from master to control-plane
- K8s nodes have control-plane: "true" label
- Fix pod scheduling failure
FIX(argocd): use hostname instead of hosts for ingress
- Change from hosts array to hostname string
- Change tls from array to boolean
- Matches argo-cd Helm chart expected format
FIX(argocd): resolve SharedResourceWarning
- Change from including argocd/ folder to argocd/argocd.yaml only
- Namespace and webhook-ingress now managed by argocd app only
- Prevents duplicate resource management between platform and argocd
2026-01-09 21:43:36 +09:00
0d38963837
FEAT(argocd): enable GitOps self-management
...
- Add ArgoCD Application for Helm chart deployment
- Add helm-values.yaml with custom settings
- Configure GOMEMLIMIT=400MiB, GOGC=50
- Disable reconciliation (webhook only)
- Enable anonymous access (Authelia handles auth)
- Move main ingress to helm-values.yaml
- Add separate webhook-ingress.yaml
- Remove ConfigMap files (now in helm-values)
2026-01-09 21:43:36 +09:00
a2b13bb4f6
REFACTOR(repo): standardize taint to control-plane
...
- Remove deprecated master taint from traefik
- Update svclb annotation to control-plane
- Remove master taint from argocd-image-updater
2026-01-09 21:43:36 +09:00
561a07399a
FIX(cert-manager): merge duplicate webhook and cainjector sections
...
- Merge webhook.affinity into webhook section
- Merge cainjector.affinity into cainjector section
- Fix YAML structure to prevent configuration override
2026-01-09 21:43:36 +09:00
da93a2e346
FEAT(platform): enable HA with replica 2 and soft anti-affinity
...
- Add replicaCount: 2 to cert-manager components
- Add soft pod anti-affinity for node distribution
- Remove descheduler (moved to separate location)
2026-01-09 21:43:36 +09:00
bd1b3c9d85
FIX(argocd): disable app-resync to prevent periodic spikes
...
- Set controller.app.resync to 0 (default 180s)
- Rely on webhook + selfHeal only
- Fixes 3-minute periodic reconciliation causing CPU/memory spikes
2026-01-09 21:43:31 +09:00
2e2f75dd6b
PERF(resources): remove CPU limits - keep memory limits only
...
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
2026-01-07 23:48:39 +09:00
9f46c94dff
Disable ArgoCD polling - webhook only
...
- Set timeout.reconciliation to 0 (disabled)
- ArgoCD now relies solely on GitHub webhooks for refresh
- Reduces unnecessary reconciliation cycles
2026-01-07 18:54:15 +09:00
7bcab45089
CHORE: Remove Tekton CI/CD platform
...
- Delete tekton/ directory (pipeline, triggers, dashboard, ci-cd)
- Remove tekton references from kustomization.yaml
- Switching to GitHub Actions for CI/CD
2026-01-07 17:51:10 +09:00
3ff9df0e35
FIX(tekton): use ExternalSecret API v1 instead of v1beta1
2026-01-07 16:37:32 +09:00
a31b2b1a55
FEAT(tekton): add Tekton Triggers for GitHub webhooks
...
- Add EventListener for GitHub push events
- Add TriggerBinding for payload parsing
- Add TriggerTemplates for Next.js and FastAPI
- Add RBAC for trigger service account
- Add ExternalSecret for webhook secret from Vault
- Add Ingress at tekton0213.kro.kr/hooks
2026-01-07 16:30:22 +09:00
892b5dc815
FEAT(argocd): add webhook ingress without Authelia
...
- Add separate ingress for /api/webhook path
- Exclude Authelia middleware for GitHub webhook
- Enable automatic refresh on git push events
2026-01-07 16:11:59 +09:00
e1641cd3cf
FEAT(ci): add ArgoCD Image Updater and CI/CD pipelines
...
- ArgoCD Image Updater for Zot registry polling
- Tekton Tasks: git-clone, buildah-build-push
- Pipelines: nextjs, fastapi, python
- ExternalSecrets for Zot and GitHub credentials
2026-01-07 14:41:53 +09:00
34de9051c6
FEAT(tekton): add Tekton CI/CD platform
...
- Tekton Pipeline for container builds
- Tekton Triggers for webhook events
- Tekton Dashboard at tekton0213.kro.kr
- Namespace patched to privileged for buildah
2026-01-07 14:27:44 +09:00
045967b265
REFACTOR(argocd): move config files to manifests/
...
- Move namespace.yaml to manifests/
- Move argocd-cm.yaml to manifests/
- Move argocd-rbac-cm.yaml to manifests/
- Move argocd-cmd-params-cm.yaml to manifests/
- Move ingress.yaml to manifests/
2026-01-06 15:42:19 +09:00
82781cb4f1
REFACTOR(cert-manager): move issuer to manifests
...
- Move ClusterIssuer to manifests/ folder
- Separate from Helm chart configuration
2026-01-06 01:38:31 +09:00
cc8bd860fe
REFACTOR(repo): platform repo structure
...
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with platform components
- Add renovate.json for automated updates
- Update cert-manager/argocd.yaml repoURL to platform repo
- Update traefik/argocd.yaml repoURL to platform repo
2026-01-04 23:28:29 +09:00
a954e68790
REFACTOR(grafana): remove Falco and Traefik UI
...
- Use Grafana dashboards instead
- Delete falco-ui-secret ExternalSecret
- Delete traefik dashboard IngressRoute
- Update traefik kustomization.yaml
2026-01-04 23:28:29 +09:00
a705994eac
FEAT(prometheus): enable traefik prometheus
...
- metrics and servicemonitor
- Add metrics.prometheus configuration
- Enable ServiceMonitor for Prometheus scraping
- Add release: prometheus label for discovery
- Enables Grafana dashboard 17346 to display data
2026-01-04 23:28:29 +09:00
7e687ef657
REFACTOR(repo): migrate repoURL to K3S-HOME
...
- Update repository URL to K3S-HOME organization
- Change from personal to organization repo
2026-01-04 23:28:29 +09:00
f62c02a152
REVERT(repo): remove unused controllers yaml
...
- ArgoCD deployments are not managed by this repo
- Use 'kubectl scale' to disable unused controllers instead
2026-01-04 23:28:29 +09:00
00dcd5aeea
CHORE(argocd): disable unused ArgoCD controllers
...
- notifications: Not using alerts
- applicationset: Not using ApplicationSet templates
- dex: Using Authelia SSO instead
- Saves ~200-300 MiB memory and removes 3-minute reconciliation loop
2026-01-04 23:28:29 +09:00
bce82706d3
CHORE(argocd): set argocd reconciliation interval
...
- to 24h
- Reduce memory usage from frequent reconciliation (was 3min default)
- 53 applications checked every 3min caused ~1GiB memory fluctuation
- Manual Refresh/Sync still available when needed
2026-01-04 23:28:29 +09:00
7ca0f35d92
REFACTOR(traefik): change traefik anti-affinity
...
- from hard to soft
- Use preferredDuringSchedulingIgnoredDuringExecution instead of
required
- Allows pods to be scheduled on same node if necessary
- Still prefers distribution across nodes (weight: 100)
2026-01-04 23:28:29 +09:00
a1a04340a9
FEAT(traefik): enable cross-namespace middleware
...
- for Traefik 37.x
Traefik 37.x disables cross-namespace middleware references by default.
Added --providers.kubernetescrd.allowCrossNamespace=true to fix 404
errors
when using authelia middleware from kube-system namespace.
2026-01-04 23:28:29 +09:00
276510f299
FIX(traefik): enable traefik dashboard API
...
- insecure mode
Dashboard was returning 404 because api.insecure was set to false,
which disables the dashboard API on port 8080.
2026-01-04 23:28:29 +09:00
17b56a0368
CHORE(traefik): update dashboard port to 8080
...
- Update port number for Traefik v3 compatibility
- Change dashboard port configuration
2026-01-04 23:28:29 +09:00
95ced702aa
REVERT(traefik): revert Traefik node affinity
...
- Revert node affinity changes due to CRD upgrade issues
- Fix scheduling problems
2026-01-04 23:28:29 +09:00
e9360cdc54
CHORE(traefik): exclude worker-1 from deploy
...
- Add node anti-affinity for worker-1
- Fix API issues on worker-1
2026-01-04 23:28:29 +09:00
408f1cc16b
FEAT(authelia): add SSO to Vault and ArgoCD
...
- Add Authelia SSO to vault and argocd ingress
- Enable single sign-on authentication
2026-01-04 23:28:29 +09:00
fa5b6fd188
FEAT(traefik): add master node toleration
...
- for svclb-traefik
- Enables traefik LoadBalancer on master node with NoExecute taint
- Uses K3s svccontroller annotation for svclb tolerations
2026-01-04 23:28:29 +09:00
7772f6547f
REFACTOR(authelia): remove kanidm
...
- and restore authelia
- Delete kanidm folder
- Remove oauth2-proxy from velero
- Restore velero ingress to use authelia middleware
- Update kustomization.yaml to use authelia instead of kanidm
2026-01-04 23:28:29 +09:00
f631b08375
REFACTOR(coredns): remove CoreDNS HelmChartConfig
...
- Not managed by Helm in this repo
- CoreDNS managed by K3s
2026-01-04 23:28:29 +09:00
d8011a4039
PERF(authentik): increase replicas for HA
...
- Traefik, CoreDNS, Authentik
- Traefik: 2 replicas
- CoreDNS: 2 replicas (new HelmChartConfig)
- Authentik: 2 replicas for server and worker
- Vault: Keep file storage (standalone)
2026-01-04 23:28:29 +09:00
eb76a4eb28
FEAT(traefik): add Traefik UI
...
- Add Traefik dashboard configuration
- Enable web UI access
2026-01-04 23:28:29 +09:00
59ae6fb777
REFACTOR(argocd): remove serversideapply
...
- from argocd applications
- Fixes OutOfSync issues caused by operator-added default values
- ServerSideApply causes stricter field management that conflicts with
CRD defaults
2026-01-04 23:28:29 +09:00
d80a212e6e
REFACTOR(traefik): switch from HAProxy
...
- to Traefik ingress controller
- Update all ingress files to use ingressClassName: traefik
- Update cert-manager ClusterIssuer to use traefik class
- Remove haproxy.org annotations from ingress files
- Update vault helm-values to use traefik
2026-01-04 23:28:29 +09:00
f2325ffcc9
REFACTOR(gitea): migrate repoURL to GitHub
...
- Update repository URL to GitHub
- Change source control provider
2026-01-04 23:28:29 +09:00
a3f5f038b2
FIX(argocd): restore namespace.yaml for ArgoCD
...
- Restore namespace configuration for ArgoCD
- Special case for ArgoCD namespace
2026-01-04 23:28:29 +09:00
1d7970a42f
REFACTOR(goldilocks): use managedNS for labels
...
- Remove namespace.yaml files
- Add managedNamespaceMetadata with Goldilocks label
- Set CreateNamespace=true in syncOptions
- Update kustomization.yaml to remove namespace.yaml references
2026-01-04 23:28:29 +09:00
521d5491ff
FEAT(cert-manager): integrate cert-manager
...
- Add cert-manager configuration
- Enable TLS certificate management
2026-01-04 23:28:29 +09:00
7955466676
FIX(argocd): helm valueFiles paths in ArgoCD
...
- Applications
- Update valueFiles paths from helm-values/<app>.yaml to helm-
values.yaml
- Fixes ComparisonError after folder restructuring
Applications fixed:
- cert-manager
- cnpg
- external-secrets
- vault
- vpa
- velero
2025-12-29 02:29:50 +09:00
