K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
123 Commits 1 Branch 0 Tags
60d81ac73be39553a50be741e4b387b118d2b721
Commit Graph

29 Commits

Author SHA1 Message Date
Mayne0213
381b7cda3f FEAT(minio): add ClusterExternalSecret for S3 credentials 
- Add minio-s3-credentials ClusterExternalSecret
- Auto-create secret in namespaces with minio-s3: enabled label
- Add minio-s3 label to zot namespace via managedNamespaceMetadata
- Credentials stored in Vault at secret/minio-s3-credentials
 2026-01-08 17:15:50 +09:00
Mayne0213
7487b477a7 FEAT(storage): enable HA with replica 2 and soft anti-affinity 
- Add replicaCount: 2 to cnpg, pgweb, velero-ui, minio-console
- Add soft pod anti-affinity for node distribution
- Configure affinity for all storage components
 2026-01-08 13:16:43 +09:00
Mayne0213
35df7aa64e PERF(resources): remove CPU limits - keep memory limits only 
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
 2026-01-07 23:48:47 +09:00
Mayne0213
9c0fddb0ef REFACTOR(secrets): flatten Vault paths 
- Change secret paths from <category>/<app> to <app>
- databases/postgresql → postgresql
- databases/minio → minio
- databases/pgweb → pgweb
- cluster-infrastructure/velero → velero
 2026-01-06 16:52:54 +09:00
Mayne0213
b5f93b3812 REFACTOR(repo): move vault/ to manifests/ 
- Move ExternalSecret files from vault/ to manifests/secret.yaml
- Merge multiple secrets with --- separator (postgresql)
- Update kustomization.yaml references
- Remove vault/ folders

Apps: postgresql, postgresql-dev, pgweb, minio, velero
 2026-01-06 16:42:24 +09:00
Mayne0213
c46de7c16e REFACTOR(minio): integrate API ingress 
- Add API ingress (s3.minio0213.kro.kr) to helm-values.yaml
- Move storage-class.yaml, persistent-volumes.yaml to manifests/
- Move console-deployment.yaml to manifests/
- Create console-ingress.yaml in manifests/ for custom console
 2026-01-06 15:12:52 +09:00
Mayne0213
44f773b827 REFACTOR(storage): storage repo structure 
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with storage components
- Add renovate.json for automated updates
- Update all component argocd.yaml repoURLs to storage repo

Components: longhorn, minio, postgresql, postgresql-dev, pgweb, cnpg,
velero
 2026-01-05 00:39:12 +09:00
Mayne0213
c2cda8ee36 REFACTOR(repo): migrate repoURL to K3S-HOME 
- Update repository URL to K3S-HOME organization
- Change from personal to organization repo
 2026-01-05 00:39:12 +09:00
renovate[bot]
039dfa9c73 CHORE(minio): update Helm release minio to v5.4.0 
- Upgrade MinIO chart version
- Apply dependency updates
 2026-01-05 00:39:12 +09:00
Mayne0213
505d8bc4c9 FIX(minio): minio post-job by setting trigger 
- values to empty arrays
- buckets, users, policies, customCommands, svcaccts must be empty
- Previous makeBucketJob.enabled etc. did not prevent Job creation
 2026-01-05 00:39:12 +09:00
Mayne0213
427b45ddc6 REFACTOR(minio): rename custom console Service 
- to minio-console-ui
- Avoids conflict with Helm chart's consoleService (minio-console)
- Update ingress to reference minio-console-ui
 2026-01-05 00:39:12 +09:00
Mayne0213
1ce9b8ab85 CHORE(argocd): disable minio post-install jobs 
- to fix argocd sync hang
 2026-01-05 00:39:12 +09:00
Mayne0213
b1d195958a FIX(postgresql): minio and pg-dev sync issues 
- MinIO: Disable consoleService (duplicate with console-deployment.yaml)
- postgresql-dev: Add ignoreDifferences for CPU limits to prevent
  OutOfSync
 2026-01-05 00:39:12 +09:00
Mayne0213
758149fb99 FEAT(authelia): add oidc config 
- for authelia sso (secrets from...
 2026-01-05 00:39:12 +09:00
Mayne0213
804207b02b FEAT(authelia): add authelia sso 
- to minio console and pgweb
- minio: Add Authelia middleware to console ingress (API excluded for S3
  access)
- pgweb: Add Authelia middleware to ingress
 2026-01-05 00:39:12 +09:00
Mayne0213
d60617f00c REFACTOR(minio): move minio disk from worker-1 
- to master
- Change minio-pv-worker1-data2 to minio-pv-mayne-vcn-data2
- Master now has 2 disks, worker-1 has 1 disk
- Better distribution: master(2), worker-1(1), worker-2(1)
 2026-01-05 00:39:12 +09:00
Mayne0213
8698780758 FEAT(minio): add master node toleration to MinIO 
- minio-0 disk is on master node, requires toleration for NoExecute
  taint
- Allows minio-0 to schedule on master with taint
 2026-01-05 00:39:12 +09:00
Mayne0213
57524aaa93 REFACTOR(traefik): switch ingress to Traefik 
- Update ingressClassName from haproxy to traefik
- Remove nginx annotations from minio ingress
 2026-01-05 00:39:12 +09:00
Mayne0213
a41dce6acb FIX(minio): fix MinIO ingress service names 
- Correct service name references
- Fix ingress routing
 2026-01-05 00:39:12 +09:00
Mayne0213
ab80e14e0a CHORE(external-secrets): update ESO API version from v1beta1 to v1 
- Update ExternalSecret API version
- Migrate to stable API
 2026-01-05 00:39:12 +09:00
Mayne0213
a586febc4c REFACTOR(gitea): migrate repoURL from Gitea to GitHub 
- Update repository URL to GitHub
- Change source control provider
 2026-01-05 00:39:12 +09:00
Mayne0213
0f9f427e44 FEAT(minio): add minio storageclass 
- and persistentvolumes for local d...
 2026-01-05 00:39:12 +09:00
Mayne0213
9abcdfa98d REFACTOR(goldilocks): use managedNamespaceMetadata for namespace labels 
- Remove namespace.yaml files
- Add managedNamespaceMetadata with Goldilocks label
- Set CreateNamespace=true in syncOptions
- Update kustomization.yaml to remove namespace.yaml references
 2026-01-05 00:39:12 +09:00
Mayne0213
50c3ad5e9e REFACTOR(minio): arrange folder structure for Longhorn and MinIO 
- Reorganize folder structure
- Clean up configuration files
 2026-01-04 23:47:13 +09:00
Mayne0213
a15cb1510f PERF(grafana): optimize cpu requests based on 
- actual usage from grafa...
- external-secrets: 20m → 5m (actual: 1m)
- external-secrets-webhook: 10m → 2m (actual: 1m)
- external-secrets-cert: 10m → 2m (actual: 1m)
- cnpg: 100m → 5m (actual: 2m)
- haproxy-ingress: 100m → 15m (actual: 9-10m)
 2026-01-04 23:47:13 +09:00
Mayne0213
ecb04fc14a FEAT(velero): configure minio 
- for selective velero backup
Added pod annotation to exclude PVC data from Velero backups while
preserving MinIO resource definitions:
- backup.velero.io/backup-volumes-excludes: export

This prevents circular backup of the velero-backups bucket while
still backing up MinIO StatefulSet, Services, and configuration.

Note: MinIO bucket data (bucket, bucket-dev, velero-backups) will
NOT be backed up. Consider separate backup strategy for critical
bucket data if needed.
 2026-01-04 23:47:13 +09:00
Mayne0213
f1b99f0bdf FEAT(traefik): add per-application ingress 
- management
- Added ingress files for MinIO (API and Console) and pgweb
- Updated kustomization files to include ingress resources
- Migrated from centralized ingress management to per-app architecture
 2026-01-04 23:47:13 +09:00
Mayne0213
b6802a45e6 REFACTOR(vault): update Vault secret paths 
- Update secret paths for databases/*
- Reorganize secret structure
 2025-12-17 21:32:31 +09:00
Mayne0213
26378b9143 FEAT(minio): add minio and pgweb 
- move from applications to databases
 2025-12-17 15:17:45 +09:00