K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
148 Commits 1 Branch 0 Tags
871882927b2732dd20682adf6455ad1a9ea8791f
Commit Graph

6 Commits

Author SHA1 Message Date
Mayne0213
871882927b FIX(external-secrets): increase memory limits for webhook and certController 
- Increase memory from 32Mi to 64Mi to prevent OOMKilled
- Remove duplicate webhook/certController sections (keep ones with affinity)
 2026-01-10 01:16:57 +09:00
Mayne0213
74d29aabfc CHORE(resources): set memory limits equal to memory requests 
- Align memory limits with memory requests for guaranteed QoS class
- falco: falcosidekick
- external-secrets: main, webhook, certController
- authelia: main, redis
 2026-01-10 01:16:56 +09:00
Mayne0213
66d845140e FIX(authelia): move affinity to top level 
- Move affinity from pod.affinity to top-level affinity
- Fix Helm chart schema validation error
- Maintain soft anti-affinity configuration

FIX(security): remove unsupported affinity from authelia

- Remove affinity from authelia (chart schema limitation)
- Fix external-secrets duplicate webhook/certController sections
- Merge affinity into respective component sections
- Authelia chart does not support affinity in values.yaml
 2026-01-09 21:45:16 +09:00
Mayne0213
cbf00275e8 FEAT(security): enable HA with replica 2 and soft anti-affinity 
- Add replicaCount: 2 to authelia, external-secrets, falco
- Add soft pod anti-affinity for node distribution
- Configure affinity for all security components
 2026-01-08 13:07:56 +09:00
Mayne0213
7cdc4f1e9e FIX(external-secrets): disable CRD installation via Helm 
- Set installCRDs: false to avoid annotation size limit
- CRDs already installed, manual upgrade when needed
 2026-01-07 01:24:07 +09:00
Mayne0213
34a1c9f783 REFACTOR(repo): restructure infra folder structure 
- Remove argocd/, helm-values/, ingress/ subdirectories
- Move files to parent directory with standardized names
- Add namespace.yaml to all apps with Goldilocks labels
- Preserve vault/ subdirectories (falco, velero)
- Update main kustomization.yaml to reference argocd.yaml files directly
- Comment out argocd.yaml in each app's kustomization.yaml to prevent
  circular reference

Applications restructured:
- cert-manager (2 ArgoCD apps)
- external-secrets
- reloader
- vault (2 ArgoCD apps)
- velero (2 ArgoCD apps)
- falco
- cnpg
- haproxy
- metallb
- vpa
- argocd
 2026-01-04 23:41:39 +09:00