57ef8ebca1
PERF(cert-manager): reduce replicas to 1
...
- Reduce cert-manager replicas to 1
- Reduce cainjector replicas to 1
- Reduce webhook replicas to 1
2026-01-10 13:31:46 +09:00
03ca19b771
feat(argocd): enable ServiceMonitor for metrics collection
...
- Add serviceMonitor.enabled: true to controller, server, repoServer
- Allows Prometheus to scrape ArgoCD metrics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-10 03:36:29 +09:00
249e451990
FIX(cert-manager): enable ServiceMonitor for Prometheus
...
- Enable ServiceMonitor to allow Prometheus direct scraping
- Fix missing metrics in Grafana dashboard after OTel migration
- Cert-manager uses exported_namespace label which requires ServiceMonitor
2026-01-10 02:56:02 +09:00
f5ea1b9fc6
CHORE(cert-manager): increase cainjector memory
...
- Increase cainjector memory request and limit from 96Mi to 192Mi
- Maintain CPU request at 23m
2026-01-10 02:09:27 +09:00
a422382bc2
FIX(cert-manager): increase memory to prevent OOM
...
- Increase controller memory from 64Mi to 96Mi
- Increase webhook memory from 64Mi to 96Mi
- Increase cainjector memory from 64Mi to 96Mi
- Increase CPU requests from 15m to 23m (1.5x)
2026-01-10 01:17:36 +09:00
56af1a9a17
CHORE(resources): set memory limits equal to memory requests
...
- Align memory limits with memory requests for guaranteed QoS class
- argocd: controller, server, repoServer, redis
- traefik: main container
- cert-manager: main, webhook, cainjector
- argocd-image-updater: main container
2026-01-10 01:17:35 +09:00
561a07399a
FIX(cert-manager): merge duplicate webhook and cainjector sections
...
- Merge webhook.affinity into webhook section
- Merge cainjector.affinity into cainjector section
- Fix YAML structure to prevent configuration override
2026-01-09 21:43:36 +09:00
da93a2e346
FEAT(platform): enable HA with replica 2 and soft anti-affinity
...
- Add replicaCount: 2 to cert-manager components
- Add soft pod anti-affinity for node distribution
- Remove descheduler (moved to separate location)
2026-01-09 21:43:36 +09:00
2e2f75dd6b
PERF(resources): remove CPU limits - keep memory limits only
...
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
2026-01-07 23:48:39 +09:00
82781cb4f1
REFACTOR(cert-manager): move issuer to manifests
...
- Move ClusterIssuer to manifests/ folder
- Separate from Helm chart configuration
2026-01-06 01:38:31 +09:00
cc8bd860fe
REFACTOR(repo): platform repo structure
...
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with platform components
- Add renovate.json for automated updates
- Update cert-manager/argocd.yaml repoURL to platform repo
- Update traefik/argocd.yaml repoURL to platform repo
2026-01-04 23:28:29 +09:00
7e687ef657
REFACTOR(repo): migrate repoURL to K3S-HOME
...
- Update repository URL to K3S-HOME organization
- Change from personal to organization repo
2026-01-04 23:28:29 +09:00
7772f6547f
REFACTOR(authelia): remove kanidm
...
- and restore authelia
- Delete kanidm folder
- Remove oauth2-proxy from velero
- Restore velero ingress to use authelia middleware
- Update kustomization.yaml to use authelia instead of kanidm
2026-01-04 23:28:29 +09:00
59ae6fb777
REFACTOR(argocd): remove serversideapply
...
- from argocd applications
- Fixes OutOfSync issues caused by operator-added default values
- ServerSideApply causes stricter field management that conflicts with
CRD defaults
2026-01-04 23:28:29 +09:00
d80a212e6e
REFACTOR(traefik): switch from HAProxy
...
- to Traefik ingress controller
- Update all ingress files to use ingressClassName: traefik
- Update cert-manager ClusterIssuer to use traefik class
- Remove haproxy.org annotations from ingress files
- Update vault helm-values to use traefik
2026-01-04 23:28:29 +09:00
f2325ffcc9
REFACTOR(gitea): migrate repoURL to GitHub
...
- Update repository URL to GitHub
- Change source control provider
2026-01-04 23:28:29 +09:00
1d7970a42f
REFACTOR(goldilocks): use managedNS for labels
...
- Remove namespace.yaml files
- Add managedNamespaceMetadata with Goldilocks label
- Set CreateNamespace=true in syncOptions
- Update kustomization.yaml to remove namespace.yaml references
2026-01-04 23:28:29 +09:00
521d5491ff
FEAT(cert-manager): integrate cert-manager
...
- Add cert-manager configuration
- Enable TLS certificate management
2026-01-04 23:28:29 +09:00
7955466676
FIX(argocd): helm valueFiles paths in ArgoCD
...
- Applications
- Update valueFiles paths from helm-values/<app>.yaml to helm-
values.yaml
- Fixes ComparisonError after folder restructuring
Applications fixed:
- cert-manager
- cnpg
- external-secrets
- vault
- vpa
- velero
2025-12-29 02:29:50 +09:00
ce2ee8d39e
REFACTOR(repo): restructure infra folder structure
...
- Remove argocd/, helm-values/, ingress/ subdirectories
- Move files to parent directory with standardized names
- Add namespace.yaml to all apps with Goldilocks labels
- Preserve vault/ subdirectories (falco, velero)
- Update main kustomization.yaml to reference argocd.yaml files directly
- Comment out argocd.yaml in each app's kustomization.yaml to prevent
circular reference
Applications restructured:
- cert-manager (2 ArgoCD apps)
- external-secrets
- reloader
- vault (2 ArgoCD apps)
- velero (2 ArgoCD apps)
- falco
- cnpg
- haproxy
- metallb
- vpa
- argocd
2025-12-29 02:21:00 +09:00
0c79aea82f
FIX(cert-manager): cert-manager
...
- to use haproxy ingress class
Changed from nginx to haproxy to match the current ingress controller.
This resolves the ArgoCD sync loop in cluster-infrastructure.
2025-12-28 16:46:43 +09:00
ed6410ee90
CHORE(argocd): update ArgoCD applications to point to cluster-infrastructure
...
- Update repoURL to cluster-infrastructure repo
- Change source repository reference
2025-12-17 15:12:46 +09:00
8c43c992f0
INIT(repo): cluster infrastructure setup
2025-12-17 15:04:56 +09:00
