- notifications: Not using alerts
- applicationset: Not using ApplicationSet templates
- dex: Using Authelia SSO instead
- Saves ~200-300 MiB memory and removes 3-minute reconciliation loop
- to 24h
- Reduce memory usage from frequent reconciliation (was 3min default)
- 53 applications checked every 3min caused ~1GiB memory fluctuation
- Manual Refresh/Sync still available when needed
- from hard to soft
- Use preferredDuringSchedulingIgnoredDuringExecution instead of
required
- Allows pods to be scheduled on same node if necessary
- Still prefers distribution across nodes (weight: 100)
- for Traefik 37.x
Traefik 37.x disables cross-namespace middleware references by default.
Added --providers.kubernetescrd.allowCrossNamespace=true to fix 404
errors
when using authelia middleware from kube-system namespace.
- and restore authelia
- Delete kanidm folder
- Remove oauth2-proxy from velero
- Restore velero ingress to use authelia middleware
- Update kustomization.yaml to use authelia instead of kanidm
- from argocd applications
- Fixes OutOfSync issues caused by operator-added default values
- ServerSideApply causes stricter field management that conflicts with
CRD defaults
- to Traefik ingress controller
- Update all ingress files to use ingressClassName: traefik
- Update cert-manager ClusterIssuer to use traefik class
- Remove haproxy.org annotations from ingress files
- Update vault helm-values to use traefik
- to use haproxy ingress class
Changed from nginx to haproxy to match the current ingress controller.
This resolves the ArgoCD sync loop in cluster-infrastructure.
- Moved ArgoCD ingress to argocd/ingress/
- Moved Velero ingress to velero/ingress/
- Removed centralized ingress/ingresses.yaml
- Each application now manages its own ingress independently
