K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
106 Commits 1 Branch 0 Tags
6a13a5292439a50fc10a13c18016ed0875063277
Commit Graph

106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mayne0213
6a13a52924 REFACTOR(storage): integrate ingress in values 
- longhorn: move ingress to helm-values, nodes to manifests
- velero: move ingress to velero-ui inline values
 2026-01-06 01:56:50 +09:00
Mayne0213
f2812a7528 REFACTOR(longhorn): remove from kustomization 
- No longer used
- Clean up unused references
 2026-01-05 00:39:12 +09:00
Mayne0213
44f773b827 REFACTOR(storage): storage repo structure 
- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with storage components
- Add renovate.json for automated updates
- Update all component argocd.yaml repoURLs to storage repo

Components: longhorn, minio, postgresql, postgresql-dev, pgweb, cnpg,
velero
 2026-01-05 00:39:12 +09:00
Mayne0213
e1a10ff954 PERF(postgresql): reduce postgresql memory usage 
- shared_buffers: 512MB -> 128MB
- effective_cache_size: 1536MB -> 384MB
- memory requests: 512Mi -> 256Mi
- memory limits: 2Gi -> 512Mi

Database size is only 7.5MB, previous settings were excessive.
 2026-01-05 00:39:12 +09:00
Mayne0213
3607f521e0 CHORE(postgresql): reset PostgreSQL cluster 
- Reset cluster with local-path-retain storageClass
- Reconfigure database storage
 2026-01-05 00:39:12 +09:00
Mayne0213
0935908d0f REFACTOR(postgresql): migrate PostgreSQL storage 
- Migrate to local-path-retain storageClass
- Update storage configuration
 2026-01-05 00:39:12 +09:00
Mayne0213
c2cda8ee36 REFACTOR(repo): migrate repoURL to K3S-HOME 
- Update repository URL to K3S-HOME organization
- Change from personal to organization repo
 2026-01-05 00:39:12 +09:00
renovate[bot]
039dfa9c73 CHORE(minio): update Helm release minio to v5.4.0 
- Upgrade MinIO chart version
- Apply dependency updates
 2026-01-05 00:39:12 +09:00
renovate[bot]
537d668415 CHORE(longhorn): update longhorn to v1.10.1 
- Upgrade Longhorn chart version
- Apply dependency updates
 2026-01-05 00:39:12 +09:00
Mayne0213
ad0be20dd9 CHORE(velero): disable BSL validation 
- Set storeValidationFrequency to 0 (disabled)
- Prevents ArgoCD refresh every 24 seconds
- Manual backups still work normally
 2026-01-05 00:39:12 +09:00
Mayne0213
bc8d0dd521 REFACTOR(postgresql): change pg anti-affinity 
- from hard to soft
- Use podAntiAffinityType: preferred instead of required
- Allows pods to be scheduled on same node if necessary
 2026-01-05 00:39:12 +09:00
Mayne0213
505d8bc4c9 FIX(minio): minio post-job by setting trigger 
- values to empty arrays
- buckets, users, policies, customCommands, svcaccts must be empty
- Previous makeBucketJob.enabled etc. did not prevent Job creation
 2026-01-05 00:39:12 +09:00
Mayne0213
427b45ddc6 REFACTOR(minio): rename custom console Service 
- to minio-console-ui
- Avoids conflict with Helm chart's consoleService (minio-console)
- Update ingress to reference minio-console-ui
 2026-01-05 00:39:12 +09:00
Mayne0213
1ce9b8ab85 CHORE(argocd): disable minio post-install jobs 
- to fix argocd sync hang
 2026-01-05 00:39:12 +09:00
Mayne0213
f4ba1ef156 REFACTOR(argocd): remove cpu: null 
- to fix ArgoCD drift detection
- Remove explicit cpu: null from limits (chart default is empty anyway)
- Remove ignoreDifferences workaround (no longer needed)
 2026-01-05 00:39:12 +09:00
Mayne0213
b1d195958a FIX(postgresql): minio and pg-dev sync issues 
- MinIO: Disable consoleService (duplicate with console-deployment.yaml)
- postgresql-dev: Add ignoreDifferences for CPU limits to prevent
  OutOfSync
 2026-01-05 00:39:12 +09:00
Mayne0213
d2660e6b42 FIX(postgresql): pg-dev CPU throttling by moving 
- resources to...
- Move resources config under primary.resources (Bitnami chart
  structure)
- Set CPU limit to null to prevent throttling (was 39% throttled)
- CPU request: 30m, Memory limit: 256Mi
 2026-01-05 00:39:12 +09:00
Mayne0213
758149fb99 FEAT(authelia): add oidc config 
- for authelia sso (secrets from...
 2026-01-05 00:39:12 +09:00
Mayne0213
11adb91e19 CHORE(authelia): disable velero-ui basic auth 
- use Authelia SSO
 2026-01-05 00:39:12 +09:00
Mayne0213
684bf03e3e REFACTOR(authelia): remove pgweb basic auth 
- use Authelia SSO
 2026-01-05 00:39:12 +09:00
Mayne0213
804207b02b FEAT(authelia): add authelia sso 
- to minio console and pgweb
- minio: Add Authelia middleware to console ingress (API excluded for S3
  access)
- pgweb: Add Authelia middleware to ingress
 2026-01-05 00:39:12 +09:00
Mayne0213
4c8b55cc9e CHORE(authelia): disable velero-ui Basic Auth 
- use Authelia SSO only
 2026-01-05 00:39:12 +09:00
Mayne0213
d60617f00c REFACTOR(minio): move minio disk from worker-1 
- to master
- Change minio-pv-worker1-data2 to minio-pv-mayne-vcn-data2
- Master now has 2 disks, worker-1 has 1 disk
- Better distribution: master(2), worker-1(1), worker-2(1)
 2026-01-05 00:39:12 +09:00
Mayne0213
9eabc6ac17 REFACTOR(postgresql): migrate pg-dev storage 
- from Longhorn to...
 2026-01-05 00:39:12 +09:00
Mayne0213
f34b2e4c3c REFACTOR(longhorn): remove Longhorn node manifests 
- Use kubectl patch instead
- Node manifests conflict with Longhorn's auto-management
 2026-01-05 00:39:12 +09:00
Mayne0213
43648eb772 REFACTOR(longhorn): swap longhorn storage 
- from master to worker-1
- mayne-vcn: disable scheduling, request eviction
- mayne-worker-1: enable scheduling
- Moves replicas from master to worker nodes
 2026-01-05 00:39:12 +09:00
Mayne0213
7fd4b377c1 FEAT(repo): add systemManagedComponentsNodeSele... 
- instance-manager and engine-image now also respect longhorn:enabled
  label
- Completes worker-1 exclusion from all Longhorn components
 2026-01-05 00:39:12 +09:00
Mayne0213
be796fff12 CHORE(longhorn): exclude worker-1 
- from Longhorn DaemonSets
- Add nodeSelector longhorn=enabled to longhornManager and
  longhornDriver
- Only mayne-vcn and mayne-worker-2 have this label
- Saves ~400Mi memory on worker-1
 2026-01-05 00:39:12 +09:00
Mayne0213
bc3b9cb628 FEAT(vault): integrate Vault secrets 
- Add ExternalSecret configuration
- Enable Vault integration for secrets
 2026-01-05 00:39:12 +09:00
Mayne0213
196c941db9 REVERT(storage): revert storageClass to local-path 
- Will patch existing PVs manually
- Revert storage configuration
 2026-01-05 00:39:12 +09:00
Mayne0213
2b315deac5 FEAT(cnpg): add local-path-retain StorageClass 
- for CNPG data protection
 2026-01-05 00:39:12 +09:00
Mayne0213
781977b659 FEAT(longhorn): add serversideapply 
- to longhorn to prevent crd patch ...
- Fixes resourceVersion mismatch during 3-way merge patch
- Prevents ServiceAccount recreation caused by sync retries
 2026-01-05 00:39:12 +09:00
Mayne0213
be82f0d39d FEAT(repo): add ignoreDiff for ServiceAccount 
- to prevent sync ...
- Ignore resourceVersion, uid, and secrets for longhorn-service-account
- Prevents ArgoCD from recreating ServiceAccount during selfHeal
- Fixes instance-manager token mount failures on master node
 2026-01-05 00:39:12 +09:00
Mayne0213
5c0e67713c FIX(longhorn): longhorn node scheduling 
- enable master and worker-2
- Add allowScheduling: true to mayne-vcn (master)
- Add allowScheduling: true to mayne-worker-2
- Add allowScheduling: false to mayne-worker-1 (excluded)
- Fixes degraded volumes with only 1 replica
 2026-01-05 00:39:12 +09:00
Mayne0213
5461c606b4 FEAT(longhorn): add toleration to Longhorn 
- Add tolerations for node scheduling
- Enable Longhorn on all nodes
 2026-01-05 00:39:12 +09:00
Mayne0213
a8e2034766 PERF(postgresql): reduce PostgreSQL CPU request from 150m to 30m 
- Reduce based on actual usage
- Optimize resource allocation
 2026-01-05 00:39:12 +09:00
Mayne0213
2a864417a5 FEAT(longhorn): add master node tolerations 
- to Longhorn components
 2026-01-05 00:39:12 +09:00
Mayne0213
e0143b153f FEAT(postgresql): add master node toleration 
- to PostgreSQL
- Allows postgresql pods to run on master with NoExecute taint
- Required because PV is on master node
 2026-01-05 00:39:12 +09:00
Mayne0213
8698780758 FEAT(minio): add master node toleration to MinIO 
- minio-0 disk is on master node, requires toleration for NoExecute
  taint
- Allows minio-0 to schedule on master with taint
 2026-01-05 00:39:12 +09:00
Mayne0213
e1d4b1f717 FIX(postgresql): use primary.persistence 
- for pg-dev storage
 2026-01-05 00:39:12 +09:00
Mayne0213
f038c62b2f PERF(postgresql): reduce pg-dev storage 
- from 10Gi to 1Gi with...
 2026-01-05 00:39:12 +09:00
Mayne0213
00f8b62dd9 REFACTOR(authelia): remove kanidm 
- and restore authelia
- Delete kanidm folder
- Remove oauth2-proxy from velero
- Restore velero ingress to use authelia middleware
- Update kustomization.yaml to use authelia instead of kanidm
 2026-01-05 00:39:12 +09:00
Mayne0213
8545e1984b FEAT(velero): add oauth2-proxy 
- for velero with Kanidm OIDC
- Replace authelia middleware with oauth2-proxy
- Configure OIDC authentication via Kanidm
- Update ingress to route through oauth2-proxy
 2026-01-05 00:39:12 +09:00
Mayne0213
efa56d156e FEAT(authelia): add authelia sso to velero ingress 2026-01-05 00:39:12 +09:00
Mayne0213
09e841d025 FEAT(authelia): add authelia 
- to manually created databases list
 2026-01-05 00:39:12 +09:00
Mayne0213
962767dfb2 REFACTOR(authentik): remove authentik 
- migrating to kanidm
 2026-01-05 00:39:12 +09:00
Mayne0213
a466073a6f REFACTOR(velero): remove velero weekly backup 
- schedule (manual daily ...
 2026-01-05 00:39:12 +09:00
Mayne0213
bc3445e170 REFACTOR(cnpg): remove managed databases section 
- (not supported by CN...
- CNPG operator version doesn't support spec.managed.databases
- authentik database created manually via psql
 2026-01-05 00:39:12 +09:00
Mayne0213
72f1ae1e11 FEAT(postgresql): add authentik database 
- to main pg cluster
- Add managed database 'authentik' owned by 'app' user
- Consolidate from separate authentik-postgres CNPG cluster
 2026-01-05 00:39:12 +09:00
Mayne0213
a978a4a10e FEAT(authentik): add authentik sso 
- with traefik forwardauth
- Add Authentik helm chart and ArgoCD application
- Configure Traefik ForwardAuth middleware for SSO
- Add External Secrets for Vault integration
- Apply SSO middleware to Velero UI as test
 2026-01-05 00:39:12 +09:00