6db7c6c20a
chore: Remove dependency
2026-02-26 19:59:19 +01:00
1d2c59d756
chore: Remove externalsecrets.external-secrets.io from health checks and move volsync deployment to storage-system namespace.
2026-02-26 19:53:24 +01:00
2f33e71298
feat: introduce Flux health checks for CRDs and storage components, and adjust Plex PVC storage request.
2026-02-26 19:42:23 +01:00
dc41e2d5ab
fix(volsync): use destinationPVC instead of dataSourceRef for better provisioner compatibility
2026-02-26 18:50:21 +01:00
00b50ec592
fix(volsync): add RESTIC_REGION for Garage
2026-02-26 17:26:22 +01:00
f90d381630
fix(volsync): remove incorrect /buckets/ prefix from S3 URL
2026-02-26 17:22:07 +01:00
8828aed442
fix(volsync): use correct S3 API port for Garage
2026-02-26 17:17:42 +01:00
359f878134
chore: fix for volsync
2026-02-26 17:00:30 +01:00
2a327d40f6
refactor: Default VolSync storage class and capacity parameters, removing explicit application overrides.
2026-02-26 16:52:39 +01:00
809df95f0e
chore: add default values for storage class and capacity to VolSync PVC.
2026-02-26 16:47:45 +01:00
659039b375
fix(volsync): use plain variables for reliable Flux substitution
2026-02-26 16:46:22 +01:00
50ba546736
fix(navidrome): use existing ceph-block storage class
2026-02-26 16:41:20 +01:00
4e3c17c7c9
fix(volsync): replace ExternalSecret with direct SOPS secret
2026-02-26 16:36:09 +01:00
cddd7e98ff
fix: Rename secret.sops.yaml to secrets.sops.yaml in VolSync kustomization.
2026-02-26 16:27:58 +01:00
d7eca9dd40
refactor: Rename VolSync replica-source and replica-destination files to replication-source and replication-destination.
2026-02-26 16:24:49 +01:00
d5d08a97c6
feat: add Plex media server to homelab Kubernetes cluster.
2026-02-26 16:20:39 +01:00
00fa9429e5
fix(navidrome):Update navidrome path.
2026-02-26 16:17:07 +01:00
c77768f3bc
fix(navidrome): Missing kustomixation.
2026-02-26 13:08:03 +01:00
d2890162a0
chore: Add missing namespace.
2026-02-26 13:01:47 +01:00
fdbcde49f6
feat: Add Navidrome application and VolSync components, migrating media apps from beta.
2026-02-26 13:00:52 +01:00
2be2941343
refactor: move infisical Kubernetes manifests from apps to beta directory
2026-02-26 11:30:24 +01:00
f49eafab4e
config: Set API server logging level to None to reduce CPU load.
2026-02-26 11:28:15 +01:00
aed9e8f8d0
fix(mysql-operator): correct kustomization path and namespace
2026-02-26 02:48:47 +01:00
b850960fb0
chore: Attempt to install mysql
2026-02-26 02:39:50 +01:00
fb213ed399
fix(infisical): use specific Bitnami tags for MongoDB and Redis
2026-02-26 02:14:21 +01:00
d09565bdaa
refactor: remove PostgreSQL database configuration from Infisical deployment.
2026-02-25 23:01:08 +01:00
a2f045b80c
Configure Postgres for Infisical
2026-02-25 22:47:51 +01:00
59895c0211
chore: readd security and infisical.
2026-02-25 21:50:42 +01:00
2d6fb4e201
fix(rook): Fixed port issue preventing the rook-ceph dashboard from showing.
2026-02-25 18:27:32 +01:00
17a18c335b
doc: Add FAQ on invalid internal config.
2026-02-25 18:20:59 +01:00
3f50782f58
chore: Add echo-internal.laurivan.com to make sure the internal sites are accessible.
2026-02-25 15:55:45 +01:00
fcc7397a2b
feat: Add rook-ceph
2026-02-25 13:36:52 +01:00
f7e635e3f1
talos: tune kube-apiserver audit policy to reduce CPU overhead
...
Add targeted audit policy rules that suppress high-frequency, low-value
requests which were generating ~570k audit events per 10 hours and
causing kube-apiserver to consume 260-316m CPU per node.
Suppressed categories (no security impact):
- coordination.k8s.io/leases: controller/node heartbeats (86k GET + 46k PUT/10h)
- /healthz*, /readyz*, /livez*, /openapi*, /version: probe & discovery endpoints
- system:nodes user group: kubelet node status updates
- endpoints + endpointslices GET/LIST/WATCH: Cilium/CoreDNS polling
All other requests continue to be logged at Metadata level.
Result: 76% of audit events suppressed, non-leader apiserver CPU dropped
~50-60% (316m -> 125m on standby nodes). Policy lives in the patch file
so it survives cluster resets via talhelper genconfig.
2026-02-25 11:56:36 +01:00
9b1b3e62a4
chore: removed some apps temporary
2026-02-25 01:12:28 +01:00
3402709523
fix(rook-ceph): reduce CPU requests for homelab 4-vCPU VMs
...
Default Rook requests (mon=1100m, mgr=700m, CSI sidecars=250-650m)
were consuming 17,860m across an 11,850m cluster, causing ESXi CPU
overcommit stalls that broke kube-apiserver connectivity and lost
leader elections in kube-controller-manager/cilium-operator/openebs.
New values target ~2,500m total Rook CPU requests:
- mon: 200m (was 1100m)
- mgr: 100m (was 700m)
- mds: 100m (was ~500m)
- osd: 200m (was no request, 8Gi memory limit)
- CSI sidecars: 10-50m each (was 100-250m each)
2026-02-24 23:55:44 +01:00
14ab7d1a26
fix(infisical): update chart to 0.4.2, migrate to MongoDB schema
2026-02-24 23:28:41 +01:00
e81b41c938
chore: Again, not using OCI.
2026-02-24 23:08:16 +01:00
f66d1dd54f
chore: Again
2026-02-24 22:46:06 +01:00
44887ef302
fix: oci dir
2026-02-24 20:49:56 +01:00
bed6ec3064
chore.: some aliases
2026-02-24 20:47:51 +01:00
77ce16909e
chore:: Initial commit for mysql.
2026-02-24 19:20:36 +01:00
e6aa0abcd9
fix: Fix deployment for infisical
2026-02-24 19:13:53 +01:00
9fe66a27eb
chore: Add infisical
2026-02-24 19:06:42 +01:00
8d1814b58b
fix: wrong namespace for dependency
2026-02-24 16:17:51 +01:00
4f90e1a09d
chore: Forgot helmrelease.
2026-02-24 14:56:46 +01:00
0e8a05c334
fix: No external secrets yet
2026-02-24 14:49:55 +01:00
b1d5500d77
feat: Add rook-ceph on the spare disks (VM only)
2026-02-24 14:47:26 +01:00
718b49f971
fix: Old file name
2026-02-24 14:17:14 +01:00
65d9b5ca2c
chore: Repurpose openebs to be local FS
2026-02-24 14:14:26 +01:00
aef3651518
chore: Add skeletons for future containers
...
fix: Corrected observability namespace
- Add atuin but not enabled yet.
2026-02-24 13:56:21 +01:00
