K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
142 Commits 1 Branch 0 Tags
37bbfbb5d2caf265726d6efdea970c499799e862
Commit Graph

12 Commits

Author SHA1 Message Date
Mayne0213
37bbfbb5d2 FIX(zot): revert invalid anonymousPolicy at root level 
- Remove invalid root-level anonymousPolicy
- Fix configuration validation error
 2026-01-10 01:19:37 +09:00
Mayne0213
32b0a11178 FIX(zot): add global anonymousPolicy for UI access 
- Add global anonymous read policy
- Allow UI to load without authentication
 2026-01-10 01:19:31 +09:00
Mayne0213
3587a8c826 FIX(zot): correct accessControl format with repositories wrapper 
- Add repositories wrapper around repo configurations
- Fix configuration schema validation error
 2026-01-10 01:19:24 +09:00
Mayne0213
72c1399f99 FEAT(zot): enable anonymous read access for UI 
- Add accessControl with anonymousPolicy for read operations
- Keep authentication required for push (create/update/delete)
- Fixes UI login redirect loop issue
 2026-01-10 01:19:18 +09:00
Mayne0213
6cc795c3ef CHORE(resources): set memory limits equal to memory requests 
Align memory limits with memory requests for guaranteed QoS class.
- velero: main, nodeAgent
- postgresql: cluster
- minio: console
- zot, cnpg, pgweb
 2026-01-09 21:46:58 +09:00
Mayne0213
669dfcfb67 REFACTOR(zot): remove control-plane toleration 
- Zot is a container registry, no need to run on master
- Already distributed across worker nodes via anti-affinity
 2026-01-09 21:46:40 +09:00
Mayne0213
613ef5984e REFACTOR(repo): standardize taint to control-plane 
- Change node-role.kubernetes.io/master to control-plane
- Update velero, zot, postgresql, minio tolerations
- Change effect from NoExecute to NoSchedule (K3s standard)
 2026-01-09 21:46:40 +09:00
Mayne0213
c0e4bfeb66 PERF(zot): add HA with 2 replicas 
- Increase replicas from 1 to 2 for high availability
- Add soft pod anti-affinity to distribute across nodes
 2026-01-08 17:46:44 +09:00
Mayne0213
381b7cda3f FEAT(minio): add ClusterExternalSecret for S3 credentials 
- Add minio-s3-credentials ClusterExternalSecret
- Auto-create secret in namespaces with minio-s3: enabled label
- Add minio-s3 label to zot namespace via managedNamespaceMetadata
- Credentials stored in Vault at secret/minio-s3-credentials
 2026-01-08 17:15:50 +09:00
Mayne0213
cbbd7fc20f FEAT(zot): migrate storage from local PVC to S3 (MinIO) 
- Change from StatefulSet to Deployment (no PVC needed)
- Add S3 storageDriver configuration for MinIO backend
- Use minio-s3-credentials secret for AWS credentials
- Remove 50Gi local-path PVC
- Increase memory limit to 256Mi
 2026-01-08 17:09:45 +09:00
Mayne0213
35df7aa64e PERF(resources): remove CPU limits - keep memory limits only 
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
 2026-01-07 23:48:47 +09:00
Mayne0213
03f17000e9 FEAT(zot): add Zot container registry 
- ARM64 image (ghcr.io/project-zot/zot-linux-arm64:v2.1.13)
- htpasswd authentication via Vault ExternalSecret
- Ingress at zot0213.kro.kr with Let's Encrypt TLS
- local-path storage (50Gi)
- Prometheus metrics enabled
 2026-01-07 14:31:04 +09:00