K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
153 Commits 1 Branch 0 Tags
1fa6ff5eddc74fd2e5ef63d845ee1d668b48c960
Commit Graph

153 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mayne0213
1fa6ff5edd FIX: Use sessionKeysFile for Zot OIDC session encryption 
- Change from hashKeyFile/blockKeyFile inside sessionDriver to
  sessionKeysFile at auth config level
- Update ExternalSecret to generate session-keys.json with both
  hashKey and encryptKey in correct JSON format
- Fix securecookie validation error during OIDC callback
 2026-01-10 03:09:28 +09:00
Mayne0213
b7eb527782 FIX(zot): add session keys for consistent cookie handling 
- Add ExternalSecret for session hashKey and blockKey
- Mount session keys from Vault
- Configure sessionDriver with key files
- Fix securecookie validation error in multi-replica setup
 2026-01-10 03:00:53 +09:00
Mayne0213
e1850865fb FIX(minio): enable ServiceMonitor for Prometheus 
- Enable ServiceMonitor to allow Prometheus direct scraping
- Fix missing metrics in Grafana dashboard after OTel migration
 2026-01-10 02:53:15 +09:00
Mayne0213
f16a9e9c6c FIX(zot): use generic oidc provider name 
- Change provider key from 'authelia' to 'oidc'
- Zot only supports: github, google, gitlab, oidc
 2026-01-10 01:20:17 +09:00
Mayne0213
c6a51cfaf5 FEAT(zot): add Authelia OIDC authentication 
- Add OpenID provider configuration for Authelia
- Create ExternalSecret for OIDC credentials
- Mount credentials file at /etc/zot/oidc-credentials.json
 2026-01-10 01:20:17 +09:00
Mayne0213
9167b1a14d FIX(zot): correct sessionDriver config key name 
- Fix configuration key for Redis session driver
- Ensure proper session storage configuration
 2026-01-10 01:20:16 +09:00
Mayne0213
65002c29ef FEAT(zot): add Redis session store for multi-replica support 
- Use Authelia Redis for session storage
- Fixes login redirect loop with replicas > 1
 2026-01-10 01:20:09 +09:00
Mayne0213
f3240e72aa REVERT(zot): remove non-working rawResources middleware 
- Remove Traefik middleware configuration
- Restore default CSP headers
 2026-01-10 01:20:02 +09:00
Mayne0213
06c35588e3 FIX(zot): add Traefik middleware to fix CSP header for UI 
- Add blob: to script-src directive
- Add unsafe-eval for UI functionality
- Fix Content Security Policy for proper UI rendering
 2026-01-10 01:19:56 +09:00
Mayne0213
228b0c06c4 FIX(zot): add externalUrl for proper session cookie handling 
- Configure external URL for proper session management
- Fix cookie handling for proxy setup
 2026-01-10 01:19:49 +09:00
Mayne0213
ff5574c840 REVERT(zot): remove accessControl, restore original auth config 
- Revert accessControl configuration
- Restore original authentication setup
 2026-01-10 01:19:43 +09:00
Mayne0213
37bbfbb5d2 FIX(zot): revert invalid anonymousPolicy at root level 
- Remove invalid root-level anonymousPolicy
- Fix configuration validation error
 2026-01-10 01:19:37 +09:00
Mayne0213
32b0a11178 FIX(zot): add global anonymousPolicy for UI access 
- Add global anonymous read policy
- Allow UI to load without authentication
 2026-01-10 01:19:31 +09:00
Mayne0213
3587a8c826 FIX(zot): correct accessControl format with repositories wrapper 
- Add repositories wrapper around repo configurations
- Fix configuration schema validation error
 2026-01-10 01:19:24 +09:00
Mayne0213
72c1399f99 FEAT(zot): enable anonymous read access for UI 
- Add accessControl with anonymousPolicy for read operations
- Keep authentication required for push (create/update/delete)
- Fixes UI login redirect loop issue
 2026-01-10 01:19:18 +09:00
Mayne0213
ec8e881a37 PERF(minio): reduce CPU by disabling unused workers 
- Set replication workers to minimum (1)
- Set transition workers to minimum (1)
- Change scanner speed to slow
- Reduces CPU from ~400m to ~100m
 2026-01-09 21:46:58 +09:00
Mayne0213
c2165b8a8d FIX(velero): set velero-ui memory limits equal to requests 
- Align memory limits with requests for guaranteed QoS
 2026-01-09 21:46:58 +09:00
Mayne0213
6cc795c3ef CHORE(resources): set memory limits equal to memory requests 
Align memory limits with memory requests for guaranteed QoS class.
- velero: main, nodeAgent
- postgresql: cluster
- minio: console
- zot, cnpg, pgweb
 2026-01-09 21:46:58 +09:00
Mayne0213
382156fca3 FEAT(repo): add App of Apps self-reference 
- Add application.yaml for ArgoCD self-registration
- Update kustomization.yaml to include application.yaml
- Set prune: false to prevent cascade deletion
 2026-01-09 21:46:40 +09:00
Mayne0213
bf131982f0 FIX(pgweb): fix DATABASE_URL deprecation warning 
- Update environment variable format
- Address deprecation warning in logs
 2026-01-09 21:46:40 +09:00
Mayne0213
01dcf30877 CHORE(repo): remove application.yaml reference 
- Remove from kustomization.yaml
 2026-01-09 21:46:40 +09:00
Mayne0213
e0d92476b6 CHORE(repo): remove self-referencing application.yaml 
- Delete application.yaml (managed by platform)
 2026-01-09 21:46:40 +09:00
Mayne0213
88c334a7c3 FIX(velero): fix UI and backup visibility 
- Enable backup-sync to show backups in UI
- Disable prune to preserve dynamic resources
- Move velero-ui to master node with single replica
 2026-01-09 21:46:40 +09:00
Mayne0213
bf59b88f6d CHORE(storage): remove postgresql-dev 
- Delete postgresql-dev folder and all related files
- Remove from kustomization.yaml
- jaejadle-dev migrated to CNPG JaejadleDevDB
 2026-01-09 21:46:40 +09:00
Mayne0213
669dfcfb67 REFACTOR(zot): remove control-plane toleration 
- Zot is a container registry, no need to run on master
- Already distributed across worker nodes via anti-affinity
 2026-01-09 21:46:40 +09:00
Mayne0213
b1ddea2b26 FEAT(velero): add control-plane toleration to node-agent 
- Enable node-agent on all nodes including master
- Ensure backup coverage for all pods
 2026-01-09 21:46:40 +09:00
Mayne0213
2881589c45 FIX(cnpg): add ServerSideApply to prevent annotation size limit 
- Add ServerSideApply=true syncOption
- Prevents kubectl.kubernetes.io/last-applied-configuration
- CRD annotation was 255KB, near 256KB limit
 2026-01-09 21:46:40 +09:00
Mayne0213
613ef5984e REFACTOR(repo): standardize taint to control-plane 
- Change node-role.kubernetes.io/master to control-plane
- Update velero, zot, postgresql, minio tolerations
- Change effect from NoExecute to NoSchedule (K3s standard)
 2026-01-09 21:46:40 +09:00
Mayne0213
a30d9005d9 REFACTOR(velero): move to master node for stability 
- Set replicaCount to 1 (Velero doesn't support multiple replicas)
- Add nodeSelector for master node
- Add toleration for master NoExecute taint
- Remove podAntiAffinity (not needed with single replica)
- Ensures backup availability even if worker nodes fail
 2026-01-09 21:46:40 +09:00
Mayne0213
5753098d10 FIX(minio): correct ClusterExternalSecret defaults 
- Add default values (conversionStrategy, decodingStrategy, metadataPolicy)
- Match ClusterExternalSecret controller defaults
- Fix ArgoCD OutOfSync caused by controller defaults
 2026-01-09 21:46:39 +09:00
Mayne0213
60d81ac73b PERF(velero): reduce CPU requests based on VPA 
- velero: 50m → 11m
- node-agent: 30m → 15m
- velero-ui: 30m → 15m
 2026-01-08 17:50:56 +09:00
Mayne0213
c0e4bfeb66 PERF(zot): add HA with 2 replicas 
- Increase replicas from 1 to 2 for high availability
- Add soft pod anti-affinity to distribute across nodes
 2026-01-08 17:46:44 +09:00
Mayne0213
381b7cda3f FEAT(minio): add ClusterExternalSecret for S3 credentials 
- Add minio-s3-credentials ClusterExternalSecret
- Auto-create secret in namespaces with minio-s3: enabled label
- Add minio-s3 label to zot namespace via managedNamespaceMetadata
- Credentials stored in Vault at secret/minio-s3-credentials
 2026-01-08 17:15:50 +09:00
Mayne0213
cbbd7fc20f FEAT(zot): migrate storage from local PVC to S3 (MinIO) 
- Change from StatefulSet to Deployment (no PVC needed)
- Add S3 storageDriver configuration for MinIO backend
- Use minio-s3-credentials secret for AWS credentials
- Remove 50Gi local-path PVC
- Increase memory limit to 256Mi
 2026-01-08 17:09:45 +09:00
Mayne0213
df311073b3 FIX(cnpg): ignore CRD annotations to prevent size limit 
- Add ignoreDifferences for CustomResourceDefinition annotations
- Fix ArgoCD sync error due to annotations exceeding 262144 bytes
 2026-01-08 14:48:54 +09:00
Mayne0213
7c0db6b458 FEAT(velero): enable HA with replica 2 and soft anti-affinity 
- Add replicaCount: 2 to velero deployment
- Add soft pod anti-affinity for node distribution
- Configure affinity for velero controller
 2026-01-08 13:21:00 +09:00
Mayne0213
e0803d1597 FIX(pgweb): fix Helm chart schema validation 
- Change replicaCount to replicas
- Move affinity to pod.affinity
- Fix bjw-s/app-template chart schema compliance
 2026-01-08 13:18:14 +09:00
Mayne0213
7487b477a7 FEAT(storage): enable HA with replica 2 and soft anti-affinity 
- Add replicaCount: 2 to cnpg, pgweb, velero-ui, minio-console
- Add soft pod anti-affinity for node distribution
- Configure affinity for all storage components
 2026-01-08 13:16:43 +09:00
Mayne0213
93beb1c3b0 FIX(postgresql): remove CPU limit from CNPG cluster 2026-01-08 00:31:16 +09:00
Mayne0213
35df7aa64e PERF(resources): remove CPU limits - keep memory limits only 
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
 2026-01-07 23:48:47 +09:00
Mayne0213
6af1964495 CHORE(longhorn): remove unused storage provider 
- All PVCs migrated to local-path-retain
- Clean up cluster CRDs and namespace
 2026-01-07 14:31:09 +09:00
Mayne0213
03f17000e9 FEAT(zot): add Zot container registry 
- ARM64 image (ghcr.io/project-zot/zot-linux-arm64:v2.1.13)
- htpasswd authentication via Vault ExternalSecret
- Ingress at zot0213.kro.kr with Let's Encrypt TLS
- local-path storage (50Gi)
- Prometheus metrics enabled
 2026-01-07 14:31:04 +09:00
Mayne0213
9c0fddb0ef REFACTOR(secrets): flatten Vault paths 
- Change secret paths from <category>/<app> to <app>
- databases/postgresql → postgresql
- databases/minio → minio
- databases/pgweb → pgweb
- cluster-infrastructure/velero → velero
 2026-01-06 16:52:54 +09:00
Mayne0213
b5f93b3812 REFACTOR(repo): move vault/ to manifests/ 
- Move ExternalSecret files from vault/ to manifests/secret.yaml
- Merge multiple secrets with --- separator (postgresql)
- Update kustomization.yaml references
- Remove vault/ folders

Apps: postgresql, postgresql-dev, pgweb, minio, velero
 2026-01-06 16:42:24 +09:00
Mayne0213
927b15b631 FIX(pgweb): update app-template chart repo URL 
- Change repo URL from bjw-s to bjw-s-labs
- Fix Helm chart repository reference
 2026-01-06 15:44:18 +09:00
Mayne0213
ef8bef964b REFACTOR(pgweb): migrate to bjw-s/app-template 
- Replace deployment.yaml with helm-values.yaml
- ArgoCD uses app-template chart v3.6.1
- Ingress now defined in helm-values.yaml
 2026-01-06 15:41:55 +09:00
Mayne0213
c46de7c16e REFACTOR(minio): integrate API ingress 
- Add API ingress (s3.minio0213.kro.kr) to helm-values.yaml
- Move storage-class.yaml, persistent-volumes.yaml to manifests/
- Move console-deployment.yaml to manifests/
- Create console-ingress.yaml in manifests/ for custom console
 2026-01-06 15:12:52 +09:00
Mayne0213
6a13a52924 REFACTOR(storage): integrate ingress in values 
- longhorn: move ingress to helm-values, nodes to manifests
- velero: move ingress to velero-ui inline values
 2026-01-06 01:56:50 +09:00
Mayne0213
f2812a7528 REFACTOR(longhorn): remove from kustomization 
- No longer used
- Clean up unused references
 2026-01-05 00:39:12 +09:00
Mayne0213
44f773b827 REFACTOR(storage): storage repo structure 
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with storage components
- Add renovate.json for automated updates
- Update all component argocd.yaml repoURLs to storage repo

Components: longhorn, minio, postgresql, postgresql-dev, pgweb, cnpg,
velero
 2026-01-05 00:39:12 +09:00