- Change nodeSelector from master to control-plane
- K8s nodes have control-plane: "true" label
- Fix pod scheduling failure
FIX(argocd): use hostname instead of hosts for ingress
- Change from hosts array to hostname string
- Change tls from array to boolean
- Matches argo-cd Helm chart expected format
FIX(argocd): resolve SharedResourceWarning
- Change from including argocd/ folder to argocd/argocd.yaml only
- Namespace and webhook-ingress now managed by argocd app only
- Prevents duplicate resource management between platform and argocd
- Add EventListener for GitHub push events
- Add TriggerBinding for payload parsing
- Add TriggerTemplates for Next.js and FastAPI
- Add RBAC for trigger service account
- Add ExternalSecret for webhook secret from Vault
- Add Ingress at tekton0213.kro.kr/hooks
- ArgoCD Image Updater for Zot registry polling
- Tekton Tasks: git-clone, buildah-build-push
- Pipelines: nextjs, fastapi, python
- ExternalSecrets for Zot and GitHub credentials
- Tekton Pipeline for container builds
- Tekton Triggers for webhook events
- Tekton Dashboard at tekton0213.kro.kr
- Namespace patched to privileged for buildah
- Move namespace.yaml to manifests/
- Move argocd-cm.yaml to manifests/
- Move argocd-rbac-cm.yaml to manifests/
- Move argocd-cmd-params-cm.yaml to manifests/
- Move ingress.yaml to manifests/
- notifications: Not using alerts
- applicationset: Not using ApplicationSet templates
- dex: Using Authelia SSO instead
- Saves ~200-300 MiB memory and removes 3-minute reconciliation loop
- to 24h
- Reduce memory usage from frequent reconciliation (was 3min default)
- 53 applications checked every 3min caused ~1GiB memory fluctuation
- Manual Refresh/Sync still available when needed
- from hard to soft
- Use preferredDuringSchedulingIgnoredDuringExecution instead of
required
- Allows pods to be scheduled on same node if necessary
- Still prefers distribution across nodes (weight: 100)
- for Traefik 37.x
Traefik 37.x disables cross-namespace middleware references by default.
Added --providers.kubernetescrd.allowCrossNamespace=true to fix 404
errors
when using authelia middleware from kube-system namespace.
- and restore authelia
- Delete kanidm folder
- Remove oauth2-proxy from velero
- Restore velero ingress to use authelia middleware
- Update kustomization.yaml to use authelia instead of kanidm
- from argocd applications
- Fixes OutOfSync issues caused by operator-added default values
- ServerSideApply causes stricter field management that conflicts with
CRD defaults
- to Traefik ingress controller
- Update all ingress files to use ingressClassName: traefik
- Update cert-manager ClusterIssuer to use traefik class
- Remove haproxy.org annotations from ingress files
- Update vault helm-values to use traefik
- to use haproxy ingress class
Changed from nginx to haproxy to match the current ingress controller.
This resolves the ArgoCD sync loop in cluster-infrastructure.
- Moved ArgoCD ingress to argocd/ingress/
- Moved Velero ingress to velero/ingress/
- Removed centralized ingress/ingresses.yaml
- Each application now manages its own ingress independently
