K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
124 Commits 1 Branch 0 Tags
5753098d107a0a06f7195d84e2aa683302c418c5
Commit Graph

124 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mayne0213
5753098d10 FIX(minio): correct ClusterExternalSecret defaults 
- Add default values (conversionStrategy, decodingStrategy, metadataPolicy)
- Match ClusterExternalSecret controller defaults
- Fix ArgoCD OutOfSync caused by controller defaults
 2026-01-09 21:46:39 +09:00
Mayne0213
60d81ac73b PERF(velero): reduce CPU requests based on VPA 
- velero: 50m → 11m
- node-agent: 30m → 15m
- velero-ui: 30m → 15m
 2026-01-08 17:50:56 +09:00
Mayne0213
c0e4bfeb66 PERF(zot): add HA with 2 replicas 
- Increase replicas from 1 to 2 for high availability
- Add soft pod anti-affinity to distribute across nodes
 2026-01-08 17:46:44 +09:00
Mayne0213
381b7cda3f FEAT(minio): add ClusterExternalSecret for S3 credentials 
- Add minio-s3-credentials ClusterExternalSecret
- Auto-create secret in namespaces with minio-s3: enabled label
- Add minio-s3 label to zot namespace via managedNamespaceMetadata
- Credentials stored in Vault at secret/minio-s3-credentials
 2026-01-08 17:15:50 +09:00
Mayne0213
cbbd7fc20f FEAT(zot): migrate storage from local PVC to S3 (MinIO) 
- Change from StatefulSet to Deployment (no PVC needed)
- Add S3 storageDriver configuration for MinIO backend
- Use minio-s3-credentials secret for AWS credentials
- Remove 50Gi local-path PVC
- Increase memory limit to 256Mi
 2026-01-08 17:09:45 +09:00
Mayne0213
df311073b3 FIX(cnpg): ignore CRD annotations to prevent size limit 
- Add ignoreDifferences for CustomResourceDefinition annotations
- Fix ArgoCD sync error due to annotations exceeding 262144 bytes
 2026-01-08 14:48:54 +09:00
Mayne0213
7c0db6b458 FEAT(velero): enable HA with replica 2 and soft anti-affinity 
- Add replicaCount: 2 to velero deployment
- Add soft pod anti-affinity for node distribution
- Configure affinity for velero controller
 2026-01-08 13:21:00 +09:00
Mayne0213
e0803d1597 FIX(pgweb): fix Helm chart schema validation 
- Change replicaCount to replicas
- Move affinity to pod.affinity
- Fix bjw-s/app-template chart schema compliance
 2026-01-08 13:18:14 +09:00
Mayne0213
7487b477a7 FEAT(storage): enable HA with replica 2 and soft anti-affinity 
- Add replicaCount: 2 to cnpg, pgweb, velero-ui, minio-console
- Add soft pod anti-affinity for node distribution
- Configure affinity for all storage components
 2026-01-08 13:16:43 +09:00
Mayne0213
93beb1c3b0 FIX(postgresql): remove CPU limit from CNPG cluster 2026-01-08 00:31:16 +09:00
Mayne0213
35df7aa64e PERF(resources): remove CPU limits - keep memory limits only 
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
 2026-01-07 23:48:47 +09:00
Mayne0213
6af1964495 CHORE(longhorn): remove unused storage provider 
- All PVCs migrated to local-path-retain
- Clean up cluster CRDs and namespace
 2026-01-07 14:31:09 +09:00
Mayne0213
03f17000e9 FEAT(zot): add Zot container registry 
- ARM64 image (ghcr.io/project-zot/zot-linux-arm64:v2.1.13)
- htpasswd authentication via Vault ExternalSecret
- Ingress at zot0213.kro.kr with Let's Encrypt TLS
- local-path storage (50Gi)
- Prometheus metrics enabled
 2026-01-07 14:31:04 +09:00
Mayne0213
9c0fddb0ef REFACTOR(secrets): flatten Vault paths 
- Change secret paths from <category>/<app> to <app>
- databases/postgresql → postgresql
- databases/minio → minio
- databases/pgweb → pgweb
- cluster-infrastructure/velero → velero
 2026-01-06 16:52:54 +09:00
Mayne0213
b5f93b3812 REFACTOR(repo): move vault/ to manifests/ 
- Move ExternalSecret files from vault/ to manifests/secret.yaml
- Merge multiple secrets with --- separator (postgresql)
- Update kustomization.yaml references
- Remove vault/ folders

Apps: postgresql, postgresql-dev, pgweb, minio, velero
 2026-01-06 16:42:24 +09:00
Mayne0213
927b15b631 FIX(pgweb): update app-template chart repo URL 
- Change repo URL from bjw-s to bjw-s-labs
- Fix Helm chart repository reference
 2026-01-06 15:44:18 +09:00
Mayne0213
ef8bef964b REFACTOR(pgweb): migrate to bjw-s/app-template 
- Replace deployment.yaml with helm-values.yaml
- ArgoCD uses app-template chart v3.6.1
- Ingress now defined in helm-values.yaml
 2026-01-06 15:41:55 +09:00
Mayne0213
c46de7c16e REFACTOR(minio): integrate API ingress 
- Add API ingress (s3.minio0213.kro.kr) to helm-values.yaml
- Move storage-class.yaml, persistent-volumes.yaml to manifests/
- Move console-deployment.yaml to manifests/
- Create console-ingress.yaml in manifests/ for custom console
 2026-01-06 15:12:52 +09:00
Mayne0213
6a13a52924 REFACTOR(storage): integrate ingress in values 
- longhorn: move ingress to helm-values, nodes to manifests
- velero: move ingress to velero-ui inline values
 2026-01-06 01:56:50 +09:00
Mayne0213
f2812a7528 REFACTOR(longhorn): remove from kustomization 
- No longer used
- Clean up unused references
 2026-01-05 00:39:12 +09:00
Mayne0213
44f773b827 REFACTOR(storage): storage repo structure 
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with storage components
- Add renovate.json for automated updates
- Update all component argocd.yaml repoURLs to storage repo

Components: longhorn, minio, postgresql, postgresql-dev, pgweb, cnpg,
velero
 2026-01-05 00:39:12 +09:00
Mayne0213
e1a10ff954 PERF(postgresql): reduce postgresql memory usage 
- shared_buffers: 512MB -> 128MB
- effective_cache_size: 1536MB -> 384MB
- memory requests: 512Mi -> 256Mi
- memory limits: 2Gi -> 512Mi

Database size is only 7.5MB, previous settings were excessive.
 2026-01-05 00:39:12 +09:00
Mayne0213
3607f521e0 CHORE(postgresql): reset PostgreSQL cluster 
- Reset cluster with local-path-retain storageClass
- Reconfigure database storage
 2026-01-05 00:39:12 +09:00
Mayne0213
0935908d0f REFACTOR(postgresql): migrate PostgreSQL storage 
- Migrate to local-path-retain storageClass
- Update storage configuration
 2026-01-05 00:39:12 +09:00
Mayne0213
c2cda8ee36 REFACTOR(repo): migrate repoURL to K3S-HOME 
- Update repository URL to K3S-HOME organization
- Change from personal to organization repo
 2026-01-05 00:39:12 +09:00
renovate[bot]
039dfa9c73 CHORE(minio): update Helm release minio to v5.4.0 
- Upgrade MinIO chart version
- Apply dependency updates
 2026-01-05 00:39:12 +09:00
renovate[bot]
537d668415 CHORE(longhorn): update longhorn to v1.10.1 
- Upgrade Longhorn chart version
- Apply dependency updates
 2026-01-05 00:39:12 +09:00
Mayne0213
ad0be20dd9 CHORE(velero): disable BSL validation 
- Set storeValidationFrequency to 0 (disabled)
- Prevents ArgoCD refresh every 24 seconds
- Manual backups still work normally
 2026-01-05 00:39:12 +09:00
Mayne0213
bc8d0dd521 REFACTOR(postgresql): change pg anti-affinity 
- from hard to soft
- Use podAntiAffinityType: preferred instead of required
- Allows pods to be scheduled on same node if necessary
 2026-01-05 00:39:12 +09:00
Mayne0213
505d8bc4c9 FIX(minio): minio post-job by setting trigger 
- values to empty arrays
- buckets, users, policies, customCommands, svcaccts must be empty
- Previous makeBucketJob.enabled etc. did not prevent Job creation
 2026-01-05 00:39:12 +09:00
Mayne0213
427b45ddc6 REFACTOR(minio): rename custom console Service 
- to minio-console-ui
- Avoids conflict with Helm chart's consoleService (minio-console)
- Update ingress to reference minio-console-ui
 2026-01-05 00:39:12 +09:00
Mayne0213
1ce9b8ab85 CHORE(argocd): disable minio post-install jobs 
- to fix argocd sync hang
 2026-01-05 00:39:12 +09:00
Mayne0213
f4ba1ef156 REFACTOR(argocd): remove cpu: null 
- to fix ArgoCD drift detection
- Remove explicit cpu: null from limits (chart default is empty anyway)
- Remove ignoreDifferences workaround (no longer needed)
 2026-01-05 00:39:12 +09:00
Mayne0213
b1d195958a FIX(postgresql): minio and pg-dev sync issues 
- MinIO: Disable consoleService (duplicate with console-deployment.yaml)
- postgresql-dev: Add ignoreDifferences for CPU limits to prevent
  OutOfSync
 2026-01-05 00:39:12 +09:00
Mayne0213
d2660e6b42 FIX(postgresql): pg-dev CPU throttling by moving 
- resources to...
- Move resources config under primary.resources (Bitnami chart
  structure)
- Set CPU limit to null to prevent throttling (was 39% throttled)
- CPU request: 30m, Memory limit: 256Mi
 2026-01-05 00:39:12 +09:00
Mayne0213
758149fb99 FEAT(authelia): add oidc config 
- for authelia sso (secrets from...
 2026-01-05 00:39:12 +09:00
Mayne0213
11adb91e19 CHORE(authelia): disable velero-ui basic auth 
- use Authelia SSO
 2026-01-05 00:39:12 +09:00
Mayne0213
684bf03e3e REFACTOR(authelia): remove pgweb basic auth 
- use Authelia SSO
 2026-01-05 00:39:12 +09:00
Mayne0213
804207b02b FEAT(authelia): add authelia sso 
- to minio console and pgweb
- minio: Add Authelia middleware to console ingress (API excluded for S3
  access)
- pgweb: Add Authelia middleware to ingress
 2026-01-05 00:39:12 +09:00
Mayne0213
4c8b55cc9e CHORE(authelia): disable velero-ui Basic Auth 
- use Authelia SSO only
 2026-01-05 00:39:12 +09:00
Mayne0213
d60617f00c REFACTOR(minio): move minio disk from worker-1 
- to master
- Change minio-pv-worker1-data2 to minio-pv-mayne-vcn-data2
- Master now has 2 disks, worker-1 has 1 disk
- Better distribution: master(2), worker-1(1), worker-2(1)
 2026-01-05 00:39:12 +09:00
Mayne0213
9eabc6ac17 REFACTOR(postgresql): migrate pg-dev storage 
- from Longhorn to...
 2026-01-05 00:39:12 +09:00
Mayne0213
f34b2e4c3c REFACTOR(longhorn): remove Longhorn node manifests 
- Use kubectl patch instead
- Node manifests conflict with Longhorn's auto-management
 2026-01-05 00:39:12 +09:00
Mayne0213
43648eb772 REFACTOR(longhorn): swap longhorn storage 
- from master to worker-1
- mayne-vcn: disable scheduling, request eviction
- mayne-worker-1: enable scheduling
- Moves replicas from master to worker nodes
 2026-01-05 00:39:12 +09:00
Mayne0213
7fd4b377c1 FEAT(repo): add systemManagedComponentsNodeSele... 
- instance-manager and engine-image now also respect longhorn:enabled
  label
- Completes worker-1 exclusion from all Longhorn components
 2026-01-05 00:39:12 +09:00
Mayne0213
be796fff12 CHORE(longhorn): exclude worker-1 
- from Longhorn DaemonSets
- Add nodeSelector longhorn=enabled to longhornManager and
  longhornDriver
- Only mayne-vcn and mayne-worker-2 have this label
- Saves ~400Mi memory on worker-1
 2026-01-05 00:39:12 +09:00
Mayne0213
bc3b9cb628 FEAT(vault): integrate Vault secrets 
- Add ExternalSecret configuration
- Enable Vault integration for secrets
 2026-01-05 00:39:12 +09:00
Mayne0213
196c941db9 REVERT(storage): revert storageClass to local-path 
- Will patch existing PVs manually
- Revert storage configuration
 2026-01-05 00:39:12 +09:00
Mayne0213
2b315deac5 FEAT(cnpg): add local-path-retain StorageClass 
- for CNPG data protection
 2026-01-05 00:39:12 +09:00
Mayne0213
781977b659 FEAT(longhorn): add serversideapply 
- to longhorn to prevent crd patch ...
- Fixes resourceVersion mismatch during 3-way merge patch
- Prevents ServiceAccount recreation caused by sync retries
 2026-01-05 00:39:12 +09:00