FIX(gitea): add robots.txt via ConfigMap mount

- Remove invalid ROBOTS_TXT inline config - Add robots-configmap.yaml with ClaudeBot block - Mount robots.txt to /data/gitea/public/
CHORE(gitea): add robots.txt to block ClaudeBot
2026-01-12 16:05:30 +09:00 · 2026-01-12 16:03:28 +09:00 · 2026-01-12 15:52:49 +09:00 · 2026-01-12 02:51:10 +09:00 · 2026-01-12 02:45:02 +09:00 · 2026-01-12 02:22:10 +09:00
6 changed files with 80 additions and 22 deletions
--- a/argocd/helm-values.yaml
+++ b/argocd/helm-values.yaml
@@ -61,22 +61,13 @@ controller:
  args:
    appResyncPeriod: "0"

-  # Resource settings
+  # Resource settings (no CPU limit for stability)
  resources:
    requests:
-      cpu: 476m
-      memory: 1324Mi
+      cpu: 22m
+      memory: 1388Mi
    limits:
-      memory: 1324Mi
-
-  # Schedule on master node
-  nodeSelector:
-    node-role.kubernetes.io/control-plane: "true"
-
-  tolerations:
-    - key: node-role.kubernetes.io/control-plane
-      operator: Exists
-      effect: NoSchedule
+      memory: 1861Mi

 # =============================================================================
 # API SERVER (Deployment)
@@ -101,13 +92,13 @@ server:
      traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
    tls: true

-  # Resource settings
+  # Resource settings (no CPU limit for stability)
  resources:
    requests:
      cpu: 15m
-      memory: 138Mi
+      memory: 163Mi
    limits:
-      memory: 138Mi
+      memory: 218Mi

 # =============================================================================
 # REPO SERVER (Deployment)
@@ -122,17 +113,27 @@ repoServer:
    serviceMonitor:
      enabled: true

+  # Resource settings (no CPU limit for stability)
  resources:
    requests:
      cpu: 15m
-      memory: 1200Mi
+      memory: 225Mi
    limits:
-      memory: 1200Mi
+      memory: 1310Mi
+
+  # Probe settings (increase timeout for stability under load)
+  livenessProbe:
+    enabled: true
+    timeoutSeconds: 5
+  readinessProbe:
+    enabled: true
+    timeoutSeconds: 5

 # =============================================================================
 # REDIS (Deployment)
 # =============================================================================
 redis:
+  # Resource settings (no CPU limit for stability)
  resources:
    requests:
      cpu: 15m
--- a/gitea/helm-values.yaml
+++ b/gitea/helm-values.yaml
@@ -103,14 +103,14 @@ ingress:
    - github0213.com

 # =============================================================================
-# RESOURCES
+# RESOURCES (no CPU limit for stability)
 # =============================================================================
 resources:
  requests:
-    cpu: 63m
-    memory: 237Mi
+    cpu: 15m
+    memory: 247Mi
  limits:
-    memory: 237Mi
+    memory: 333Mi

 # =============================================================================
 # POD CONFIGURATION
@@ -135,3 +135,17 @@ service:
  ssh:
    type: ClusterIP
    port: 22
+
+# =============================================================================
+# CUSTOM FILES (robots.txt)
+# =============================================================================
+extraVolumes:
+- name: robots
+  configMap:
+    name: gitea-robots
+
+extraVolumeMounts:
+- name: robots
+  mountPath: /data/gitea/public/robots.txt
+  subPath: robots.txt
+  readOnly: true
--- a/gitea/kustomization.yaml
+++ b/gitea/kustomization.yaml
@@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - redirect.yaml
+- robots-configmap.yaml
 namespace: gitea
--- a/gitea/robots-configmap.yaml
+++ b/gitea/robots-configmap.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-robots
+  namespace: gitea
+data:
+  robots.txt: |
+    User-agent: ClaudeBot
+    Disallow: /
+
+    User-agent: *
+    Allow: /
--- a/tekton/pipeline/kustomization.yaml
+++ b/tekton/pipeline/kustomization.yaml
@@ -24,3 +24,20 @@ patches:
    - op: add
      path: /metadata/labels/pod-security.kubernetes.io~1warn
      value: privileged
+# Remove CPU limits for stability
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: tekton-pipelines-webhook
+  patch: |-
+    - op: remove
+      path: /spec/template/spec/containers/0/resources/limits/cpu
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: tekton-pipelines-remote-resolvers
+  patch: |-
+    - op: remove
+      path: /spec/template/spec/containers/0/resources/limits/cpu
--- a/traefik/helm-values.yaml
+++ b/traefik/helm-values.yaml
@@ -39,6 +39,19 @@ spec:
        expose:
          default: true

+    # Access logs for debugging
+    logs:
+      access:
+        enabled: true
+        format: json
+        fields:
+          headers:
+            defaultMode: keep
+            names:
+              X-Forwarded-For: keep
+              X-Real-IP: keep
+              User-Agent: keep
+
    # Prometheus metrics
    metrics:
      prometheus:
Author	SHA1	Message	Date
Mayne0213	74ead10fd9	FIX(gitea): add robots.txt via ConfigMap mount - Remove invalid ROBOTS_TXT inline config - Add robots-configmap.yaml with ClaudeBot block - Mount robots.txt to /data/gitea/public/	2026-01-12 16:05:30 +09:00
Mayne0213	31b9de86f5	CHORE(gitea): add robots.txt to block ClaudeBot - Block ClaudeBot crawler from indexing - Allow other crawlers by default - Reduce unnecessary CPU load from AI training crawlers	2026-01-12 16:03:28 +09:00
Mayne0213	3df8a62c8a	FEAT(traefik): enable access logs for debugging - Enable JSON format access logs - Keep X-Forwarded-For, X-Real-IP headers - Keep User-Agent for client identification	2026-01-12 15:52:49 +09:00
Mayne0213	6fbd92bae5	PERF(tekton): remove CPU limits for stability - Remove CPU limit from tekton-pipelines-webhook - Remove CPU limit from tekton-pipelines-remote-resolvers	2026-01-12 02:51:10 +09:00
Mayne0213	a097eb560e	REFACTOR(argocd): remove nodeSelector for controller - Allow controller to be scheduled on any node - Removes master node constraint	2026-01-12 02:45:02 +09:00
Mayne0213	4bdceb7d17	PERF(argocd): increase repo-server probe timeout to 5s - Increase liveness/readiness probe timeout from 1s to 5s - Prevents false probe failures under high manifest generation load	2026-01-12 02:22:10 +09:00
Mayne0213	6431c855ef	PERF(argocd,gitea): remove CPU limits for stability - Remove CPU limits from all ArgoCD components - Remove CPU limits from Gitea - Prevents CPU throttling issues	2026-01-12 02:05:25 +09:00
Mayne0213	59a0ed6327	PERF(argocd): increase repo-server CPU limit to 1000m - 500m still caused liveness probe failures under load - Increase to 1000m for stable manifest generation	2026-01-12 01:40:49 +09:00
Mayne0213	1bc778bb11	PERF(argocd): increase repo-server CPU limit to 500m - Previous 168m limit caused liveness probe failures due to throttling - Increase to 500m to ensure stable operation during manifest generation	2026-01-12 01:33:52 +09:00
Mayne0213	be072c84d6	PERF(argocd): increase repo-server CPU limit - Double CPU limit from 84m to 168m to reduce throttling	2026-01-12 01:25:39 +09:00
Mayne0213	11a945011f	PERF(gitea): optimize resources via VPA - Set CPU request to 15m, limit to 46m - Set memory request to 247Mi, limit to 333Mi	2026-01-12 01:07:42 +09:00
Mayne0213	a91fe6ab2f	PERF(argocd): optimize resources via VPA - Set controller CPU to 22m/839m, memory to 1388Mi/1861Mi - Set server CPU to 15m/15m, memory to 163Mi/218Mi - Set repoServer CPU to 15m/84m, memory to 225Mi/1310Mi - Set redis CPU to 15m/15m, memory to 100Mi/100Mi	2026-01-12 01:07:37 +09:00