K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: K3S-HOME:e92e05b98f72c390389e24c5e619e9933addcfa1
Branches Tags
K3S-HOME:main
...
compare: K3S-HOME:main
Branches Tags
K3S-HOME:main

16 Commits
e92e05b98f ... main

Author SHA1 Message Date
Mayne0213
17bffa5f04 FIX(velero): increase memory limit to fix plugin startup 
- Increase memory request from 50Mi to 128Mi
- Increase memory limit from 50Mi to 256Mi
- Fixes AWS plugin timeout/killed error loop
 2026-01-12 03:08:45 +09:00
Mayne0213
3088cde155 PERF(storage): remove CPU limits for stability 
- Remove CPU limits from storage components
- Prevents CPU throttling issues
 2026-01-12 02:17:00 +09:00
Mayne0213
46bb39ed9e PERF(storage): optimize resources via VPA 
- cnpg: CPU 15m/15m, memory 100Mi/100Mi
- minio: CPU 48m/104m, memory 126Mi/183Mi
- pgweb: CPU 15m/15m, memory 100Mi/100Mi
- velero: CPU 10m/14m, memory 50Mi/50Mi
- velero-node-agent: CPU 15m/15m, memory 100Mi/100Mi
- zot: CPU 15m/15m, memory 100Mi/248Mi
 2026-01-12 01:08:45 +09:00
Mayne0213
38cf6abc0b refactor: update Vault secret paths to new categorized structure 
- minio: minio → storage/minio, minio-s3-credentials → storage/minio-s3-credentials
- pgweb: pgweb → storage/pgweb
- postgresql: postgresql → storage/postgresql
- velero: minio → storage/minio, velero → storage/velero
- zot: zot → storage/zot

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 22:36:38 +09:00
Mayne0213
e9b509d15f PERF(zot): increase memory to 256Mi 
- Double memory request from 121Mi to 256Mi
- Double memory limit from 121Mi to 256Mi
- Fix OOM during image push operations
 2026-01-11 22:12:51 +09:00
Mayne0213
d38634bbb7 migrate: change repoURLs from GitHub to Gitea 
Update all ArgoCD Application references to use Gitea (github0213.com)
instead of GitHub for K3S-HOME/storage repository.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 20:43:32 +09:00
Mayne0213
70b3491072 FIX(velero): increase velero-ui memory limit 
- Increase memory from 128Mi to 256Mi
- Fix OOMKilled (exit code 137) issue
 2026-01-10 19:00:18 +09:00
Mayne0213
39ad7757f8 REFACTOR(repo): remove control-plane scheduling 
- Remove nodeSelector for control-plane node
- Remove tolerations for control-plane taint
- Allow pods to schedule on any available node
 2026-01-10 18:35:15 +09:00
Mayne0213
ffbe97815b FEAT(minio): enable ServiceMonitor for Prometheus 
- Add includeNode for per-node metrics
- Add release label for Prometheus discovery
- Set 30s interval and 10s timeout
 2026-01-10 17:12:53 +09:00
Mayne0213
e22f6211b0 FIX(minio): correct invalid SCANNER_SPEED value 
- Change MINIO_SCANNER_SPEED from 'off' to 'slowest'
- 'off' is not a valid value, causing config errors
 2026-01-10 17:08:21 +09:00
Mayne0213
40e02a4ac4 PERF(velero): disable backup-sync to reduce MinIO load 
- Set backupSyncPeriod to 0s
- User only uses manual backups
 2026-01-10 17:02:15 +09:00
Mayne0213
b4049151d6 PERF(minio): disable scanner to reduce CPU usage 
- Change MINIO_SCANNER_SPEED from slow to off
- Velero backups provide data redundancy instead
 2026-01-10 16:18:12 +09:00
Mayne0213
485b588a7e PERF(storage): adjust resources based on VPA 
- Update minio memory 263Mi→175Mi
- Update cnpg memory 128Mi→121Mi
- Update zot memory 128Mi→121Mi
- Update velero memory 128Mi→75Mi
- Update velero nodeAgent memory 256Mi→100Mi
 2026-01-10 14:34:29 +09:00
Mayne0213
f6a1b29425 PERF(cnpg): reduce operator replicas to 1 
- Reduce CNPG operator replicas to 1
- PostgreSQL cluster (3 instances) unchanged
 2026-01-10 13:31:58 +09:00
Mayne0213
6b626b099a PERF(storage): reduce replicas to 1 
- Reduce pgweb replicas from 2 to 1
- Reduce MinIO console replicas from 2 to 1
 2026-01-10 13:15:56 +09:00
Mayne0213
565b60a970 PERF(storage): add high-priority to MinIO and CNPG 
- Remove MinIO tolerations (PreferNoSchedule handles it)
- Add high-priority to MinIO (4 replicas for erasure coding)
- Add high-priority to CNPG operator
 2026-01-10 13:14:08 +09:00
19 changed files with 70 additions and 90 deletions
Expand all files Collapse all files

2
application.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: default project: default
source: source:
repoURL: https://github.com/K3S-HOME/storage.git repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
path: . path: .

2
cnpg/argocd.yaml
View File

@@ -14,7 +14,7 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/cnpg/helm-values.yaml - $values/cnpg/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
ref: values ref: values
destination: destination:

11
cnpg/helm-values.yaml
View File

@@ -8,15 +8,15 @@ image:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Replica count for operator # Replica count for operator
replicaCount: 2 replicaCount: 1
# Resource requests for operator # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 128Mi memory: 100Mi
limits: limits:
memory: 128Mi memory: 100Mi
# RBAC # RBAC
rbac: rbac:
@@ -67,6 +67,9 @@ nodeSelector: {}
# Tolerations # Tolerations
tolerations: [] tolerations: []
# High priority for critical database operator
priorityClassName: high-priority
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:
podAntiAffinity: podAntiAffinity:

4
minio/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/minio/helm-values.yaml - $values/minio/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
path: minio path: minio
destination: destination:

24
minio/helm-values.yaml
View File

@@ -32,13 +32,13 @@ existingSecret: minio-root-password
rootUserSecretKey: root-user rootUserSecretKey: root-user
rootPasswordSecretKey: root-password rootPasswordSecretKey: root-password
# Resources # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
memory: 263Mi cpu: 48m
cpu: 15m memory: 126Mi
limits: limits:
memory: 263Mi memory: 183Mi
# Service # Service
service: service:
@@ -58,7 +58,7 @@ environment:
MINIO_API_REPLICATION_MAX_WORKERS: "1" MINIO_API_REPLICATION_MAX_WORKERS: "1"
MINIO_API_REPLICATION_MAX_LRG_WORKERS: "1" MINIO_API_REPLICATION_MAX_LRG_WORKERS: "1"
MINIO_API_TRANSITION_WORKERS: "1" MINIO_API_TRANSITION_WORKERS: "1"
MINIO_SCANNER_SPEED: "slow" MINIO_SCANNER_SPEED: "slowest"
# API Ingress (S3 endpoint) # API Ingress (S3 endpoint)
ingress: ingress:
@@ -101,16 +101,18 @@ affinity:
- minio - minio
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
# Tolerations for control-plane node (minio-0 runs on control-plane) # High priority for critical storage infrastructure
tolerations: priorityClassName: high-priority
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# Prometheus metrics # Prometheus metrics
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true # Enable ServiceMonitor for Prometheus scraping enabled: true
includeNode: true
additionalLabels:
release: prometheus
interval: 30s
scrapeTimeout: 10s
# Disable post-install job by setting all triggers to empty # Disable post-install job by setting all triggers to empty
# Job is created if any of: buckets, users, policies, customCommands, svcaccts exist # Job is created if any of: buckets, users, policies, customCommands, svcaccts exist

2
minio/manifests/console-deployment.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels: labels:
app: minio-console app: minio-console
spec: spec:
replicas: 2 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: minio-console app: minio-console

16
minio/manifests/secret.yaml
View File

@@ -14,19 +14,19 @@ spec:
data: data:
- secretKey: root-user - secretKey: root-user
remoteRef: remoteRef:
key: minio key: storage/minio
property: ROOT_USER property: ROOT_USER
- secretKey: root-password - secretKey: root-password
remoteRef: remoteRef:
key: minio key: storage/minio
property: ROOT_PASSWORD property: ROOT_PASSWORD
- secretKey: rootUser - secretKey: rootUser
remoteRef: remoteRef:
key: minio key: storage/minio
property: ROOT_USER property: ROOT_USER
- secretKey: rootPassword - secretKey: rootPassword
remoteRef: remoteRef:
key: minio key: storage/minio
property: ROOT_PASSWORD property: ROOT_PASSWORD
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -49,28 +49,28 @@ spec:
data: data:
- secretKey: AWS_ACCESS_KEY_ID - secretKey: AWS_ACCESS_KEY_ID
remoteRef: remoteRef:
key: minio-s3-credentials key: storage/minio-s3-credentials
property: AWS_ACCESS_KEY_ID property: AWS_ACCESS_KEY_ID
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
metadataPolicy: None metadataPolicy: None
- secretKey: AWS_SECRET_ACCESS_KEY - secretKey: AWS_SECRET_ACCESS_KEY
remoteRef: remoteRef:
key: minio-s3-credentials key: storage/minio-s3-credentials
property: AWS_SECRET_ACCESS_KEY property: AWS_SECRET_ACCESS_KEY
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
metadataPolicy: None metadataPolicy: None
- secretKey: AWS_REGION - secretKey: AWS_REGION
remoteRef: remoteRef:
key: minio-s3-credentials key: storage/minio-s3-credentials
property: AWS_REGION property: AWS_REGION
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
metadataPolicy: None metadataPolicy: None
- secretKey: AWS_S3_ENDPOINT - secretKey: AWS_S3_ENDPOINT
remoteRef: remoteRef:
key: minio-s3-credentials key: storage/minio-s3-credentials
property: AWS_S3_ENDPOINT property: AWS_S3_ENDPOINT
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None

4
pgweb/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/pgweb/helm-values.yaml - $values/pgweb/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
path: pgweb path: pgweb
destination: destination:

3
pgweb/helm-values.yaml
View File

@@ -3,7 +3,7 @@
controllers: controllers:
main: main:
replicas: 2 replicas: 1
annotations: annotations:
reloader.stakater.com/auto: "true" reloader.stakater.com/auto: "true"
containers: containers:
@@ -20,6 +20,7 @@ controllers:
secretKeyRef: secretKeyRef:
name: pgweb-password name: pgweb-password
key: database-url key: database-url
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m

6
pgweb/manifests/secret.yaml
View File

@@ -14,13 +14,13 @@ spec:
data: data:
- secretKey: database-url - secretKey: database-url
remoteRef: remoteRef:
key: pgweb key: storage/pgweb
property: DATABASE_URL property: DATABASE_URL
- secretKey: auth-user - secretKey: auth-user
remoteRef: remoteRef:
key: pgweb key: storage/pgweb
property: AUTH_USER property: AUTH_USER
- secretKey: auth-password - secretKey: auth-password
remoteRef: remoteRef:
key: pgweb key: storage/pgweb
property: AUTH_PASSWORD property: AUTH_PASSWORD

2
postgresql/argocd/postgresql.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: default project: default
source: source:
repoURL: https://github.com/K3S-HOME/storage.git repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
path: postgresql path: postgresql

4
postgresql/manifests/cluster.yaml
View File

@@ -67,10 +67,6 @@ spec:
# Affinity to spread replicas across nodes (soft - prefer different nodes) # Affinity to spread replicas across nodes (soft - prefer different nodes)
affinity: affinity:
podAntiAffinityType: preferred podAntiAffinityType: preferred
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# Enable superuser access # Enable superuser access
enableSuperuserAccess: true enableSuperuserAccess: true

4
postgresql/manifests/secret.yaml
View File

@@ -19,7 +19,7 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: postgresql key: storage/postgresql
property: PASSWORD property: PASSWORD
--- ---
@@ -44,5 +44,5 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: postgresql key: storage/postgresql
property: PASSWORD property: PASSWORD

17
velero/argocd.yaml
View File

@@ -20,10 +20,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/velero/helm-values.yaml - $values/velero/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
path: velero path: velero
kustomize: {} kustomize: {}
@@ -74,9 +74,9 @@ spec:
resources: resources:
requests: requests:
cpu: 15m # VPA recommendation cpu: 15m # VPA recommendation
memory: 128Mi memory: 256Mi
limits: limits:
memory: 128Mi memory: 256Mi
service: service:
type: ClusterIP type: ClusterIP
@@ -86,15 +86,6 @@ spec:
- name: BASIC_AUTH_ENABLED - name: BASIC_AUTH_ENABLED
value: "false" value: "false"
# Run on master node with velero controller
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
affinity: {} affinity: {}
envFrom: [] envFrom: []

32
velero/helm-values.yaml
View File

@@ -13,13 +13,13 @@ image:
# Replica count (Velero does not support multiple replicas) # Replica count (Velero does not support multiple replicas)
replicaCount: 1 replicaCount: 1
# Resource requests (VPA recommendation: 11m CPU) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 11m cpu: 10m
memory: 128Mi memory: 128Mi
limits: limits:
memory: 128Mi memory: 256Mi
# Init containers for plugins # Init containers for plugins
initContainers: initContainers:
@@ -37,18 +37,13 @@ deployNodeAgent: true
nodeAgent: nodeAgent:
podVolumePath: /var/lib/kubelet/pods podVolumePath: /var/lib/kubelet/pods
privileged: false privileged: false
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m # VPA recommendation: 15m cpu: 15m
memory: 256Mi memory: 100Mi
limits: limits:
memory: 256Mi memory: 100Mi
# Run on all nodes including control-plane for full backup coverage
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# Configuration for backup storage # Configuration for backup storage
configuration: configuration:
# Use existing BackupStorageLocation and VolumeSnapshotLocation # Use existing BackupStorageLocation and VolumeSnapshotLocation
@@ -81,7 +76,8 @@ configuration:
# This prevents status updates that trigger ArgoCD refreshes # This prevents status updates that trigger ArgoCD refreshes
storeValidationFrequency: 0s storeValidationFrequency: 0s
# Note: backup-sync is enabled to show backups in velero-ui # Disable backup-sync (user only uses manual backups)
backupSyncPeriod: 0s
# Credentials for S3 access (from Vault via External Secrets) # Credentials for S3 access (from Vault via External Secrets)
credentials: credentials:
@@ -106,15 +102,5 @@ serviceAccount:
rbac: rbac:
create: true create: true
# Node selector - Run on control-plane node for stability
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
# Tolerations - Allow scheduling on control-plane node
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# Affinity (disabled - single replica on master) # Affinity (disabled - single replica on master)
affinity: {} affinity: {}

8
velero/manifests/secret.yaml
View File

@@ -21,11 +21,11 @@ spec:
data: data:
- secretKey: minioAccessKey - secretKey: minioAccessKey
remoteRef: remoteRef:
key: minio key: storage/minio
property: ROOT_USER property: ROOT_USER
- secretKey: minioSecretKey - secretKey: minioSecretKey
remoteRef: remoteRef:
key: minio key: storage/minio
property: ROOT_PASSWORD property: ROOT_PASSWORD
--- ---
@@ -45,9 +45,9 @@ spec:
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:
key: velero key: storage/velero
property: UI_USERNAME property: UI_USERNAME
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: velero key: storage/velero
property: UI_PASSWORD property: UI_PASSWORD

4
zot/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/zot/helm-values.yaml - $values/zot/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
ref: values ref: values
- repoURL: https://github.com/K3S-HOME/storage.git - repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main targetRevision: main
path: zot path: zot
destination: destination:

5
zot/helm-values.yaml
View File

@@ -32,12 +32,13 @@ controllers:
port: 5000 port: 5000
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
# Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 128Mi memory: 100Mi
limits: limits:
memory: 128Mi memory: 248Mi
service: service:
zot: zot:
controller: zot controller: zot

10
zot/manifests/secret.yaml
View File

@@ -14,7 +14,7 @@ spec:
data: data:
- secretKey: htpasswd - secretKey: htpasswd
remoteRef: remoteRef:
key: zot key: storage/zot
property: HTPASSWD property: HTPASSWD
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -41,11 +41,11 @@ spec:
data: data:
- secretKey: client_id - secretKey: client_id
remoteRef: remoteRef:
key: zot key: storage/zot
property: OIDC_CLIENT_ID property: OIDC_CLIENT_ID
- secretKey: client_secret - secretKey: client_secret
remoteRef: remoteRef:
key: zot key: storage/zot
property: OIDC_CLIENT_SECRET property: OIDC_CLIENT_SECRET
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -72,9 +72,9 @@ spec:
data: data:
- secretKey: hashKey - secretKey: hashKey
remoteRef: remoteRef:
key: zot key: storage/zot
property: SESSION_HASH_KEY property: SESSION_HASH_KEY
- secretKey: encryptKey - secretKey: encryptKey
remoteRef: remoteRef:
key: zot key: storage/zot
property: SESSION_BLOCK_KEY property: SESSION_BLOCK_KEY