K3S-HOME/platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
91 Commits 1 Branch 0 Tags
4ac6b297e55e8c672abc60a69cb584af1ee303c9
Commit Graph

21 Commits

Author SHA1 Message Date
Mayne0213
ad591293f1 CHORE(traefik): disable dashboard 
- Remove dashboard and api.dashboard settings
- Remove --api.insecure argument
- Keep core settings (DaemonSet, metrics, crossNamespace)
 2026-01-10 19:52:46 +09:00
Mayne0213
c31046a322 REFACTOR(traefik): remove control-plane scheduling 
- Remove tolerations for control-plane taint
- Remove svclb tolerations annotation
- Allow pods to schedule on any available node
 2026-01-10 18:35:15 +09:00
Mayne0213
9f186d6fa2 CHORE(traefik): change deployment to DaemonSet for HA 
- Change from Deployment with 3 replicas to DaemonSet
- Ensure Traefik runs on every node automatically
 2026-01-10 01:17:36 +09:00
Mayne0213
56af1a9a17 CHORE(resources): set memory limits equal to memory requests 
- Align memory limits with memory requests for guaranteed QoS class
- argocd: controller, server, repoServer, redis
- traefik: main container
- cert-manager: main, webhook, cainjector
- argocd-image-updater: main container
 2026-01-10 01:17:35 +09:00
Mayne0213
a2b13bb4f6 REFACTOR(repo): standardize taint to control-plane 
- Remove deprecated master taint from traefik
- Update svclb annotation to control-plane
- Remove master taint from argocd-image-updater
 2026-01-09 21:43:36 +09:00
Mayne0213
2e2f75dd6b PERF(resources): remove CPU limits - keep memory limits only 
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
 2026-01-07 23:48:39 +09:00
Mayne0213
cc8bd860fe REFACTOR(repo): platform repo structure 
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with platform components
- Add renovate.json for automated updates
- Update cert-manager/argocd.yaml repoURL to platform repo
- Update traefik/argocd.yaml repoURL to platform repo
 2026-01-04 23:28:29 +09:00
Mayne0213
a954e68790 REFACTOR(grafana): remove Falco and Traefik UI 
- Use Grafana dashboards instead
- Delete falco-ui-secret ExternalSecret
- Delete traefik dashboard IngressRoute
- Update traefik kustomization.yaml
 2026-01-04 23:28:29 +09:00
Mayne0213
a705994eac FEAT(prometheus): enable traefik prometheus 
- metrics and servicemonitor
- Add metrics.prometheus configuration
- Enable ServiceMonitor for Prometheus scraping
- Add release: prometheus label for discovery
- Enables Grafana dashboard 17346 to display data
 2026-01-04 23:28:29 +09:00
Mayne0213
7e687ef657 REFACTOR(repo): migrate repoURL to K3S-HOME 
- Update repository URL to K3S-HOME organization
- Change from personal to organization repo
 2026-01-04 23:28:29 +09:00
Mayne0213
7ca0f35d92 REFACTOR(traefik): change traefik anti-affinity 
- from hard to soft
- Use preferredDuringSchedulingIgnoredDuringExecution instead of
  required
- Allows pods to be scheduled on same node if necessary
- Still prefers distribution across nodes (weight: 100)
 2026-01-04 23:28:29 +09:00
Mayne0213
a1a04340a9 FEAT(traefik): enable cross-namespace middleware 
- for Traefik 37.x
Traefik 37.x disables cross-namespace middleware references by default.
Added --providers.kubernetescrd.allowCrossNamespace=true to fix 404
errors
when using authelia middleware from kube-system namespace.
 2026-01-04 23:28:29 +09:00
Mayne0213
276510f299 FIX(traefik): enable traefik dashboard API 
- insecure mode
Dashboard was returning 404 because api.insecure was set to false,
which disables the dashboard API on port 8080.
 2026-01-04 23:28:29 +09:00
Mayne0213
17b56a0368 CHORE(traefik): update dashboard port to 8080 
- Update port number for Traefik v3 compatibility
- Change dashboard port configuration
 2026-01-04 23:28:29 +09:00
Mayne0213
95ced702aa REVERT(traefik): revert Traefik node affinity 
- Revert node affinity changes due to CRD upgrade issues
- Fix scheduling problems
 2026-01-04 23:28:29 +09:00
Mayne0213
e9360cdc54 CHORE(traefik): exclude worker-1 from deploy 
- Add node anti-affinity for worker-1
- Fix API issues on worker-1
 2026-01-04 23:28:29 +09:00
Mayne0213
408f1cc16b FEAT(authelia): add SSO to Vault and ArgoCD 
- Add Authelia SSO to vault and argocd ingress
- Enable single sign-on authentication
 2026-01-04 23:28:29 +09:00
Mayne0213
fa5b6fd188 FEAT(traefik): add master node toleration 
- for svclb-traefik
- Enables traefik LoadBalancer on master node with NoExecute taint
- Uses K3s svccontroller annotation for svclb tolerations
 2026-01-04 23:28:29 +09:00
Mayne0213
f631b08375 REFACTOR(coredns): remove CoreDNS HelmChartConfig 
- Not managed by Helm in this repo
- CoreDNS managed by K3s
 2026-01-04 23:28:29 +09:00
Mayne0213
d8011a4039 PERF(authentik): increase replicas for HA 
- Traefik, CoreDNS, Authentik
- Traefik: 2 replicas
- CoreDNS: 2 replicas (new HelmChartConfig)
- Authentik: 2 replicas for server and worker
- Vault: Keep file storage (standalone)
 2026-01-04 23:28:29 +09:00
Mayne0213
eb76a4eb28 FEAT(traefik): add Traefik UI 
- Add Traefik dashboard configuration
- Enable web UI access
 2026-01-04 23:28:29 +09:00