K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: K3S-HOME:e92e05b98f72c390389e24c5e619e9933addcfa1
Branches Tags
K3S-HOME:main
..
compare: K3S-HOME:main
Branches Tags
K3S-HOME:main

16 Commits
e92e05b98f ... main

Author SHA1 Message Date
Mayne0213
17bffa5f04 FIX(velero): increase memory limit to fix plugin startup 
- Increase memory request from 50Mi to 128Mi
- Increase memory limit from 50Mi to 256Mi
- Fixes AWS plugin timeout/killed error loop
 2026-01-12 03:08:45 +09:00
Mayne0213
3088cde155 PERF(storage): remove CPU limits for stability 
- Remove CPU limits from storage components
- Prevents CPU throttling issues
 2026-01-12 02:17:00 +09:00
Mayne0213
46bb39ed9e PERF(storage): optimize resources via VPA 
- cnpg: CPU 15m/15m, memory 100Mi/100Mi
- minio: CPU 48m/104m, memory 126Mi/183Mi
- pgweb: CPU 15m/15m, memory 100Mi/100Mi
- velero: CPU 10m/14m, memory 50Mi/50Mi
- velero-node-agent: CPU 15m/15m, memory 100Mi/100Mi
- zot: CPU 15m/15m, memory 100Mi/248Mi
 2026-01-12 01:08:45 +09:00
Mayne0213
38cf6abc0b refactor: update Vault secret paths to new categorized structure 
- minio: minio → storage/minio, minio-s3-credentials → storage/minio-s3-credentials
- pgweb: pgweb → storage/pgweb
- postgresql: postgresql → storage/postgresql
- velero: minio → storage/minio, velero → storage/velero
- zot: zot → storage/zot

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 22:36:38 +09:00
Mayne0213
e9b509d15f PERF(zot): increase memory to 256Mi 
- Double memory request from 121Mi to 256Mi
- Double memory limit from 121Mi to 256Mi
- Fix OOM during image push operations
 2026-01-11 22:12:51 +09:00
Mayne0213
d38634bbb7 migrate: change repoURLs from GitHub to Gitea 
Update all ArgoCD Application references to use Gitea (github0213.com)
instead of GitHub for K3S-HOME/storage repository.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 20:43:32 +09:00
Mayne0213
70b3491072 FIX(velero): increase velero-ui memory limit 
- Increase memory from 128Mi to 256Mi
- Fix OOMKilled (exit code 137) issue
 2026-01-10 19:00:18 +09:00
Mayne0213
39ad7757f8 REFACTOR(repo): remove control-plane scheduling 
- Remove nodeSelector for control-plane node
- Remove tolerations for control-plane taint
- Allow pods to schedule on any available node
 2026-01-10 18:35:15 +09:00
Mayne0213
ffbe97815b FEAT(minio): enable ServiceMonitor for Prometheus 
- Add includeNode for per-node metrics
- Add release label for Prometheus discovery
- Set 30s interval and 10s timeout
 2026-01-10 17:12:53 +09:00
Mayne0213
e22f6211b0 FIX(minio): correct invalid SCANNER_SPEED value 
- Change MINIO_SCANNER_SPEED from 'off' to 'slowest'
- 'off' is not a valid value, causing config errors
 2026-01-10 17:08:21 +09:00
Mayne0213
40e02a4ac4 PERF(velero): disable backup-sync to reduce MinIO load 
- Set backupSyncPeriod to 0s
- User only uses manual backups
 2026-01-10 17:02:15 +09:00
Mayne0213
b4049151d6 PERF(minio): disable scanner to reduce CPU usage 
- Change MINIO_SCANNER_SPEED from slow to off
- Velero backups provide data redundancy instead
 2026-01-10 16:18:12 +09:00
Mayne0213
485b588a7e PERF(storage): adjust resources based on VPA 
- Update minio memory 263Mi→175Mi
- Update cnpg memory 128Mi→121Mi
- Update zot memory 128Mi→121Mi
- Update velero memory 128Mi→75Mi
- Update velero nodeAgent memory 256Mi→100Mi
 2026-01-10 14:34:29 +09:00
Mayne0213
f6a1b29425 PERF(cnpg): reduce operator replicas to 1 
- Reduce CNPG operator replicas to 1
- PostgreSQL cluster (3 instances) unchanged
 2026-01-10 13:31:58 +09:00
Mayne0213
6b626b099a PERF(storage): reduce replicas to 1 
- Reduce pgweb replicas from 2 to 1
- Reduce MinIO console replicas from 2 to 1
 2026-01-10 13:15:56 +09:00
Mayne0213
565b60a970 PERF(storage): add high-priority to MinIO and CNPG 
- Remove MinIO tolerations (PreferNoSchedule handles it)
- Add high-priority to MinIO (4 replicas for erasure coding)
- Add high-priority to CNPG operator
 2026-01-10 13:14:08 +09:00
19 changed files with 70 additions and 90 deletions
Expand all files Collapse all files

2
application.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: default
source:
repoURL: https://github.com/K3S-HOME/storage.git
repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
path: .

2
cnpg/argocd.yaml
View File

@@ -14,7 +14,7 @@ spec:
helm:
valueFiles:
- $values/cnpg/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
ref: values
destination:

11
cnpg/helm-values.yaml
View File

@@ -8,15 +8,15 @@ image:
pullPolicy: IfNotPresent
# Replica count for operator
replicaCount: 2
replicaCount: 1
# Resource requests for operator
# Resource settings (no CPU limit for stability)
resources:
requests:
cpu: 15m
memory: 128Mi
memory: 100Mi
limits:
memory: 128Mi
memory: 100Mi
# RBAC
rbac:
@@ -67,6 +67,9 @@ nodeSelector: {}
# Tolerations
tolerations: []
# High priority for critical database operator
priorityClassName: high-priority
# Affinity - Soft Anti-Affinity to spread pods across nodes
affinity:
podAntiAffinity:

4
minio/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm:
valueFiles:
- $values/minio/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
ref: values
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
path: minio
destination:

24
minio/helm-values.yaml
View File

@@ -32,13 +32,13 @@ existingSecret: minio-root-password
rootUserSecretKey: root-user
rootPasswordSecretKey: root-password
# Resources
# Resource settings (no CPU limit for stability)
resources:
requests:
memory: 263Mi
cpu: 15m
cpu: 48m
memory: 126Mi
limits:
memory: 263Mi
memory: 183Mi
# Service
service:
@@ -58,7 +58,7 @@ environment:
MINIO_API_REPLICATION_MAX_WORKERS: "1"
MINIO_API_REPLICATION_MAX_LRG_WORKERS: "1"
MINIO_API_TRANSITION_WORKERS: "1"
MINIO_SCANNER_SPEED: "slow"
MINIO_SCANNER_SPEED: "slowest"
# API Ingress (S3 endpoint)
ingress:
@@ -101,16 +101,18 @@ affinity:
- minio
topologyKey: kubernetes.io/hostname
# Tolerations for control-plane node (minio-0 runs on control-plane)
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# High priority for critical storage infrastructure
priorityClassName: high-priority
# Prometheus metrics
metrics:
serviceMonitor:
enabled: true # Enable ServiceMonitor for Prometheus scraping
enabled: true
includeNode: true
additionalLabels:
release: prometheus
interval: 30s
scrapeTimeout: 10s
# Disable post-install job by setting all triggers to empty
# Job is created if any of: buckets, users, policies, customCommands, svcaccts exist

2
minio/manifests/console-deployment.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app: minio-console
spec:
replicas: 2
replicas: 1
selector:
matchLabels:
app: minio-console

16
minio/manifests/secret.yaml
View File

@@ -14,19 +14,19 @@ spec:
data:
- secretKey: root-user
remoteRef:
key: minio
key: storage/minio
property: ROOT_USER
- secretKey: root-password
remoteRef:
key: minio
key: storage/minio
property: ROOT_PASSWORD
- secretKey: rootUser
remoteRef:
key: minio
key: storage/minio
property: ROOT_USER
- secretKey: rootPassword
remoteRef:
key: minio
key: storage/minio
property: ROOT_PASSWORD
---
apiVersion: external-secrets.io/v1
@@ -49,28 +49,28 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
key: minio-s3-credentials
key: storage/minio-s3-credentials
property: AWS_ACCESS_KEY_ID
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
key: minio-s3-credentials
key: storage/minio-s3-credentials
property: AWS_SECRET_ACCESS_KEY
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
- secretKey: AWS_REGION
remoteRef:
key: minio-s3-credentials
key: storage/minio-s3-credentials
property: AWS_REGION
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
- secretKey: AWS_S3_ENDPOINT
remoteRef:
key: minio-s3-credentials
key: storage/minio-s3-credentials
property: AWS_S3_ENDPOINT
conversionStrategy: Default
decodingStrategy: None

4
pgweb/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm:
valueFiles:
- $values/pgweb/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
ref: values
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
path: pgweb
destination:

3
pgweb/helm-values.yaml
View File

@@ -3,7 +3,7 @@
controllers:
main:
replicas: 2
replicas: 1
annotations:
reloader.stakater.com/auto: "true"
containers:
@@ -20,6 +20,7 @@ controllers:
secretKeyRef:
name: pgweb-password
key: database-url
# Resource settings (no CPU limit for stability)
resources:
requests:
cpu: 15m

6
pgweb/manifests/secret.yaml
View File

@@ -14,13 +14,13 @@ spec:
data:
- secretKey: database-url
remoteRef:
key: pgweb
key: storage/pgweb
property: DATABASE_URL
- secretKey: auth-user
remoteRef:
key: pgweb
key: storage/pgweb
property: AUTH_USER
- secretKey: auth-password
remoteRef:
key: pgweb
key: storage/pgweb
property: AUTH_PASSWORD

2
postgresql/argocd/postgresql.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: default
source:
repoURL: https://github.com/K3S-HOME/storage.git
repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
path: postgresql

4
postgresql/manifests/cluster.yaml
View File

@@ -67,10 +67,6 @@ spec:
# Affinity to spread replicas across nodes (soft - prefer different nodes)
affinity:
podAntiAffinityType: preferred
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# Enable superuser access
enableSuperuserAccess: true

4
postgresql/manifests/secret.yaml
View File

@@ -19,7 +19,7 @@ spec:
data:
- secretKey: password
remoteRef:
key: postgresql
key: storage/postgresql
property: PASSWORD
---
@@ -44,5 +44,5 @@ spec:
data:
- secretKey: password
remoteRef:
key: postgresql
key: storage/postgresql
property: PASSWORD

17
velero/argocd.yaml
View File

@@ -20,10 +20,10 @@ spec:
helm:
valueFiles:
- $values/velero/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
ref: values
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
path: velero
kustomize: {}
@@ -74,9 +74,9 @@ spec:
resources:
requests:
cpu: 15m # VPA recommendation
memory: 128Mi
memory: 256Mi
limits:
memory: 128Mi
memory: 256Mi
service:
type: ClusterIP
@@ -86,15 +86,6 @@ spec:
- name: BASIC_AUTH_ENABLED
value: "false"
# Run on master node with velero controller
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
affinity: {}
envFrom: []

32
velero/helm-values.yaml
View File

@@ -13,13 +13,13 @@ image:
# Replica count (Velero does not support multiple replicas)
replicaCount: 1
# Resource requests (VPA recommendation: 11m CPU)
# Resource settings (no CPU limit for stability)
resources:
requests:
cpu: 11m
cpu: 10m
memory: 128Mi
limits:
memory: 128Mi
memory: 256Mi
# Init containers for plugins
initContainers:
@@ -37,18 +37,13 @@ deployNodeAgent: true
nodeAgent:
podVolumePath: /var/lib/kubelet/pods
privileged: false
# Resource settings (no CPU limit for stability)
resources:
requests:
cpu: 15m # VPA recommendation: 15m
memory: 256Mi
cpu: 15m
memory: 100Mi
limits:
memory: 256Mi
# Run on all nodes including control-plane for full backup coverage
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
memory: 100Mi
# Configuration for backup storage
configuration:
# Use existing BackupStorageLocation and VolumeSnapshotLocation
@@ -81,7 +76,8 @@ configuration:
# This prevents status updates that trigger ArgoCD refreshes
storeValidationFrequency: 0s
# Note: backup-sync is enabled to show backups in velero-ui
# Disable backup-sync (user only uses manual backups)
backupSyncPeriod: 0s
# Credentials for S3 access (from Vault via External Secrets)
credentials:
@@ -106,15 +102,5 @@ serviceAccount:
rbac:
create: true
# Node selector - Run on control-plane node for stability
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
# Tolerations - Allow scheduling on control-plane node
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
# Affinity (disabled - single replica on master)
affinity: {}

8
velero/manifests/secret.yaml
View File

@@ -21,11 +21,11 @@ spec:
data:
- secretKey: minioAccessKey
remoteRef:
key: minio
key: storage/minio
property: ROOT_USER
- secretKey: minioSecretKey
remoteRef:
key: minio
key: storage/minio
property: ROOT_PASSWORD
---
@@ -45,9 +45,9 @@ spec:
data:
- secretKey: username
remoteRef:
key: velero
key: storage/velero
property: UI_USERNAME
- secretKey: password
remoteRef:
key: velero
key: storage/velero
property: UI_PASSWORD

4
zot/argocd.yaml
View File

@@ -14,10 +14,10 @@ spec:
helm:
valueFiles:
- $values/zot/helm-values.yaml
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
ref: values
- repoURL: https://github.com/K3S-HOME/storage.git
- repoURL: https://github0213.com/K3S-HOME/storage.git
targetRevision: main
path: zot
destination:

5
zot/helm-values.yaml
View File

@@ -32,12 +32,13 @@ controllers:
port: 5000
initialDelaySeconds: 5
periodSeconds: 10
# Resource settings (no CPU limit for stability)
resources:
requests:
cpu: 15m
memory: 128Mi
memory: 100Mi
limits:
memory: 128Mi
memory: 248Mi
service:
zot:
controller: zot

10
zot/manifests/secret.yaml
View File

@@ -14,7 +14,7 @@ spec:
data:
- secretKey: htpasswd
remoteRef:
key: zot
key: storage/zot
property: HTPASSWD
---
apiVersion: external-secrets.io/v1
@@ -41,11 +41,11 @@ spec:
data:
- secretKey: client_id
remoteRef:
key: zot
key: storage/zot
property: OIDC_CLIENT_ID
- secretKey: client_secret
remoteRef:
key: zot
key: storage/zot
property: OIDC_CLIENT_SECRET
---
apiVersion: external-secrets.io/v1
@@ -72,9 +72,9 @@ spec:
data:
- secretKey: hashKey
remoteRef:
key: zot
key: storage/zot
property: SESSION_HASH_KEY
- secretKey: encryptKey
remoteRef:
key: zot
key: storage/zot
property: SESSION_BLOCK_KEY