K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
170 Commits 1 Branch 0 Tags
main
Commit Graph

170 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mayne0213
17bffa5f04 FIX(velero): increase memory limit to fix plugin startup 
- Increase memory request from 50Mi to 128Mi
- Increase memory limit from 50Mi to 256Mi
- Fixes AWS plugin timeout/killed error loop
 2026-01-12 03:08:45 +09:00
Mayne0213
3088cde155 PERF(storage): remove CPU limits for stability 
- Remove CPU limits from storage components
- Prevents CPU throttling issues
 2026-01-12 02:17:00 +09:00
Mayne0213
46bb39ed9e PERF(storage): optimize resources via VPA 
- cnpg: CPU 15m/15m, memory 100Mi/100Mi
- minio: CPU 48m/104m, memory 126Mi/183Mi
- pgweb: CPU 15m/15m, memory 100Mi/100Mi
- velero: CPU 10m/14m, memory 50Mi/50Mi
- velero-node-agent: CPU 15m/15m, memory 100Mi/100Mi
- zot: CPU 15m/15m, memory 100Mi/248Mi
 2026-01-12 01:08:45 +09:00
Mayne0213
38cf6abc0b refactor: update Vault secret paths to new categorized structure 
- minio: minio → storage/minio, minio-s3-credentials → storage/minio-s3-credentials
- pgweb: pgweb → storage/pgweb
- postgresql: postgresql → storage/postgresql
- velero: minio → storage/minio, velero → storage/velero
- zot: zot → storage/zot

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 22:36:38 +09:00
Mayne0213
e9b509d15f PERF(zot): increase memory to 256Mi 
- Double memory request from 121Mi to 256Mi
- Double memory limit from 121Mi to 256Mi
- Fix OOM during image push operations
 2026-01-11 22:12:51 +09:00
Mayne0213
d38634bbb7 migrate: change repoURLs from GitHub to Gitea 
Update all ArgoCD Application references to use Gitea (github0213.com)
instead of GitHub for K3S-HOME/storage repository.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 20:43:32 +09:00
Mayne0213
70b3491072 FIX(velero): increase velero-ui memory limit 
- Increase memory from 128Mi to 256Mi
- Fix OOMKilled (exit code 137) issue
 2026-01-10 19:00:18 +09:00
Mayne0213
39ad7757f8 REFACTOR(repo): remove control-plane scheduling 
- Remove nodeSelector for control-plane node
- Remove tolerations for control-plane taint
- Allow pods to schedule on any available node
 2026-01-10 18:35:15 +09:00
Mayne0213
ffbe97815b FEAT(minio): enable ServiceMonitor for Prometheus 
- Add includeNode for per-node metrics
- Add release label for Prometheus discovery
- Set 30s interval and 10s timeout
 2026-01-10 17:12:53 +09:00
Mayne0213
e22f6211b0 FIX(minio): correct invalid SCANNER_SPEED value 
- Change MINIO_SCANNER_SPEED from 'off' to 'slowest'
- 'off' is not a valid value, causing config errors
 2026-01-10 17:08:21 +09:00
Mayne0213
40e02a4ac4 PERF(velero): disable backup-sync to reduce MinIO load 
- Set backupSyncPeriod to 0s
- User only uses manual backups
 2026-01-10 17:02:15 +09:00
Mayne0213
b4049151d6 PERF(minio): disable scanner to reduce CPU usage 
- Change MINIO_SCANNER_SPEED from slow to off
- Velero backups provide data redundancy instead
 2026-01-10 16:18:12 +09:00
Mayne0213
485b588a7e PERF(storage): adjust resources based on VPA 
- Update minio memory 263Mi→175Mi
- Update cnpg memory 128Mi→121Mi
- Update zot memory 128Mi→121Mi
- Update velero memory 128Mi→75Mi
- Update velero nodeAgent memory 256Mi→100Mi
 2026-01-10 14:34:29 +09:00
Mayne0213
f6a1b29425 PERF(cnpg): reduce operator replicas to 1 
- Reduce CNPG operator replicas to 1
- PostgreSQL cluster (3 instances) unchanged
 2026-01-10 13:31:58 +09:00
Mayne0213
6b626b099a PERF(storage): reduce replicas to 1 
- Reduce pgweb replicas from 2 to 1
- Reduce MinIO console replicas from 2 to 1
 2026-01-10 13:15:56 +09:00
Mayne0213
565b60a970 PERF(storage): add high-priority to MinIO and CNPG 
- Remove MinIO tolerations (PreferNoSchedule handles it)
- Add high-priority to MinIO (4 replicas for erasure coding)
- Add high-priority to CNPG operator
 2026-01-10 13:14:08 +09:00
Mayne0213
e92e05b98f PERF(zot): scale down to single replica 
- Reduce replicas from 2 to 1
- Remove Redis session driver (no longer needed)
- Remove podAntiAffinity configuration
 2026-01-10 03:21:16 +09:00
Mayne0213
1fa6ff5edd FIX: Use sessionKeysFile for Zot OIDC session encryption 
- Change from hashKeyFile/blockKeyFile inside sessionDriver to
  sessionKeysFile at auth config level
- Update ExternalSecret to generate session-keys.json with both
  hashKey and encryptKey in correct JSON format
- Fix securecookie validation error during OIDC callback
 2026-01-10 03:09:28 +09:00
Mayne0213
b7eb527782 FIX(zot): add session keys for consistent cookie handling 
- Add ExternalSecret for session hashKey and blockKey
- Mount session keys from Vault
- Configure sessionDriver with key files
- Fix securecookie validation error in multi-replica setup
 2026-01-10 03:00:53 +09:00
Mayne0213
e1850865fb FIX(minio): enable ServiceMonitor for Prometheus 
- Enable ServiceMonitor to allow Prometheus direct scraping
- Fix missing metrics in Grafana dashboard after OTel migration
 2026-01-10 02:53:15 +09:00
Mayne0213
f16a9e9c6c FIX(zot): use generic oidc provider name 
- Change provider key from 'authelia' to 'oidc'
- Zot only supports: github, google, gitlab, oidc
 2026-01-10 01:20:17 +09:00
Mayne0213
c6a51cfaf5 FEAT(zot): add Authelia OIDC authentication 
- Add OpenID provider configuration for Authelia
- Create ExternalSecret for OIDC credentials
- Mount credentials file at /etc/zot/oidc-credentials.json
 2026-01-10 01:20:17 +09:00
Mayne0213
9167b1a14d FIX(zot): correct sessionDriver config key name 
- Fix configuration key for Redis session driver
- Ensure proper session storage configuration
 2026-01-10 01:20:16 +09:00
Mayne0213
65002c29ef FEAT(zot): add Redis session store for multi-replica support 
- Use Authelia Redis for session storage
- Fixes login redirect loop with replicas > 1
 2026-01-10 01:20:09 +09:00
Mayne0213
f3240e72aa REVERT(zot): remove non-working rawResources middleware 
- Remove Traefik middleware configuration
- Restore default CSP headers
 2026-01-10 01:20:02 +09:00
Mayne0213
06c35588e3 FIX(zot): add Traefik middleware to fix CSP header for UI 
- Add blob: to script-src directive
- Add unsafe-eval for UI functionality
- Fix Content Security Policy for proper UI rendering
 2026-01-10 01:19:56 +09:00
Mayne0213
228b0c06c4 FIX(zot): add externalUrl for proper session cookie handling 
- Configure external URL for proper session management
- Fix cookie handling for proxy setup
 2026-01-10 01:19:49 +09:00
Mayne0213
ff5574c840 REVERT(zot): remove accessControl, restore original auth config 
- Revert accessControl configuration
- Restore original authentication setup
 2026-01-10 01:19:43 +09:00
Mayne0213
37bbfbb5d2 FIX(zot): revert invalid anonymousPolicy at root level 
- Remove invalid root-level anonymousPolicy
- Fix configuration validation error
 2026-01-10 01:19:37 +09:00
Mayne0213
32b0a11178 FIX(zot): add global anonymousPolicy for UI access 
- Add global anonymous read policy
- Allow UI to load without authentication
 2026-01-10 01:19:31 +09:00
Mayne0213
3587a8c826 FIX(zot): correct accessControl format with repositories wrapper 
- Add repositories wrapper around repo configurations
- Fix configuration schema validation error
 2026-01-10 01:19:24 +09:00
Mayne0213
72c1399f99 FEAT(zot): enable anonymous read access for UI 
- Add accessControl with anonymousPolicy for read operations
- Keep authentication required for push (create/update/delete)
- Fixes UI login redirect loop issue
 2026-01-10 01:19:18 +09:00
Mayne0213
ec8e881a37 PERF(minio): reduce CPU by disabling unused workers 
- Set replication workers to minimum (1)
- Set transition workers to minimum (1)
- Change scanner speed to slow
- Reduces CPU from ~400m to ~100m
 2026-01-09 21:46:58 +09:00
Mayne0213
c2165b8a8d FIX(velero): set velero-ui memory limits equal to requests 
- Align memory limits with requests for guaranteed QoS
 2026-01-09 21:46:58 +09:00
Mayne0213
6cc795c3ef CHORE(resources): set memory limits equal to memory requests 
Align memory limits with memory requests for guaranteed QoS class.
- velero: main, nodeAgent
- postgresql: cluster
- minio: console
- zot, cnpg, pgweb
 2026-01-09 21:46:58 +09:00
Mayne0213
382156fca3 FEAT(repo): add App of Apps self-reference 
- Add application.yaml for ArgoCD self-registration
- Update kustomization.yaml to include application.yaml
- Set prune: false to prevent cascade deletion
 2026-01-09 21:46:40 +09:00
Mayne0213
bf131982f0 FIX(pgweb): fix DATABASE_URL deprecation warning 
- Update environment variable format
- Address deprecation warning in logs
 2026-01-09 21:46:40 +09:00
Mayne0213
01dcf30877 CHORE(repo): remove application.yaml reference 
- Remove from kustomization.yaml
 2026-01-09 21:46:40 +09:00
Mayne0213
e0d92476b6 CHORE(repo): remove self-referencing application.yaml 
- Delete application.yaml (managed by platform)
 2026-01-09 21:46:40 +09:00
Mayne0213
88c334a7c3 FIX(velero): fix UI and backup visibility 
- Enable backup-sync to show backups in UI
- Disable prune to preserve dynamic resources
- Move velero-ui to master node with single replica
 2026-01-09 21:46:40 +09:00
Mayne0213
bf59b88f6d CHORE(storage): remove postgresql-dev 
- Delete postgresql-dev folder and all related files
- Remove from kustomization.yaml
- jaejadle-dev migrated to CNPG JaejadleDevDB
 2026-01-09 21:46:40 +09:00
Mayne0213
669dfcfb67 REFACTOR(zot): remove control-plane toleration 
- Zot is a container registry, no need to run on master
- Already distributed across worker nodes via anti-affinity
 2026-01-09 21:46:40 +09:00
Mayne0213
b1ddea2b26 FEAT(velero): add control-plane toleration to node-agent 
- Enable node-agent on all nodes including master
- Ensure backup coverage for all pods
 2026-01-09 21:46:40 +09:00
Mayne0213
2881589c45 FIX(cnpg): add ServerSideApply to prevent annotation size limit 
- Add ServerSideApply=true syncOption
- Prevents kubectl.kubernetes.io/last-applied-configuration
- CRD annotation was 255KB, near 256KB limit
 2026-01-09 21:46:40 +09:00
Mayne0213
613ef5984e REFACTOR(repo): standardize taint to control-plane 
- Change node-role.kubernetes.io/master to control-plane
- Update velero, zot, postgresql, minio tolerations
- Change effect from NoExecute to NoSchedule (K3s standard)
 2026-01-09 21:46:40 +09:00
Mayne0213
a30d9005d9 REFACTOR(velero): move to master node for stability 
- Set replicaCount to 1 (Velero doesn't support multiple replicas)
- Add nodeSelector for master node
- Add toleration for master NoExecute taint
- Remove podAntiAffinity (not needed with single replica)
- Ensures backup availability even if worker nodes fail
 2026-01-09 21:46:40 +09:00
Mayne0213
5753098d10 FIX(minio): correct ClusterExternalSecret defaults 
- Add default values (conversionStrategy, decodingStrategy, metadataPolicy)
- Match ClusterExternalSecret controller defaults
- Fix ArgoCD OutOfSync caused by controller defaults
 2026-01-09 21:46:39 +09:00
Mayne0213
60d81ac73b PERF(velero): reduce CPU requests based on VPA 
- velero: 50m → 11m
- node-agent: 30m → 15m
- velero-ui: 30m → 15m
 2026-01-08 17:50:56 +09:00
Mayne0213
c0e4bfeb66 PERF(zot): add HA with 2 replicas 
- Increase replicas from 1 to 2 for high availability
- Add soft pod anti-affinity to distribute across nodes
 2026-01-08 17:46:44 +09:00
Mayne0213
381b7cda3f FEAT(minio): add ClusterExternalSecret for S3 credentials 
- Add minio-s3-credentials ClusterExternalSecret
- Auto-create secret in namespaces with minio-s3: enabled label
- Add minio-s3 label to zot namespace via managedNamespaceMetadata
- Credentials stored in Vault at secret/minio-s3-credentials
 2026-01-08 17:15:50 +09:00