mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-22 16:34:32 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,660 Commits 6 Branches 8 Tags 12 MiB
master
Commit Graph

1660 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Khue Doan
86221b920c feat(dex): add Gitea SSO client 2024-01-17 00:15:59 +07:00
Khue Doan
6ebedfbe8c refactor(hacks): use wrapper function to load kube config 2024-01-16 14:15:39 +07:00
Khue Doan
23f695b8fb feat(k3s): install kube-vip for HA control plane 2024-01-16 12:34:22 +07:00
Khue Doan
b98060294d refactor!: remove Tekton 
Replaced by Woodpecker CI. It turns out I don't need that much power
from Tekton's flexibility, so it's not worth the maintenance overhead
for my specific use case at home.
 2024-01-15 10:55:29 +07:00
Khue Doan
69345a87c3 ci: add Helm diff step 2024-01-09 23:50:33 +07:00
Khue Doan
dcf7f5b810 fix(gitea): define scopes when creating access tokens 
Required in newer versions.
 2024-01-09 00:28:48 +07:00
Khue Doan
7f933a0355 refactor(gitea): disable unused features 
Keep Gitea minimal.
 2024-01-08 21:16:29 +07:00
Khue Doan
172c7c7c2b chore(gitea)!: ugrade Helm chart to v10 
This is a breaking change, see https://gitea.com/gitea/helm-chart#upgrading
before upgrading to avoid losing data. Personally I have my repos saved
in many Git hosting providers so I just nuke it and reinstall.

Fixes changed files detection in pull_request event in Woodpecker.
 2024-01-08 21:16:29 +07:00
Khue Doan
ab06f7be56 ci: migrate to Woodpecker 2024-01-08 21:11:11 +07:00
Khue Doan
77c5fe2113 refactor: remove descheduler 
It's kinda... unnecessary for a home cluster?
 2024-01-06 22:35:30 +07:00
Khue Doan
5bf9c03cf8 feat: install Woodpecker CI 2024-01-06 03:03:35 +07:00
Khue Doan
4673f91558 refactor(dex): remove Gitea connector 
Use Kanidm instead.
 2024-01-06 03:03:29 +07:00
Khue Doan
09ce3e64fc docs: update user onboarding guide 2024-01-06 02:11:20 +07:00
Khue Doan
a5c8f1e9c5 feat(kanidm): add script for user onboarding 2024-01-06 02:07:58 +07:00
Khue Doan
f48debbce3 chore: update dependencies 2024-01-06 01:56:35 +07:00
Khue Doan
9ff1077470 feat: automate Kanidm configuration 
Just a hack for now.
 2024-01-06 01:25:55 +07:00
Khue Doan
50220aaf6a feat(dex): add Kanidm connector 2024-01-06 00:44:45 +07:00
Khue Doan
03be0e28a4 fix(blog): use correct port 2024-01-05 12:01:23 +07:00
Khue Doan
24bea7f89d refactor(excalidraw): switch to app-template 2024-01-04 20:35:37 +07:00
Khue Doan
6fcc8d578f refactor(excalidraw): use app-template 2024-01-04 20:29:37 +07:00
Khue Doan
1d1ebb9fc2 feat: install Kanidm for identity management 2024-01-04 10:40:43 +07:00
Khue Doan
22f07807d4 refactor(blog): use app-template chart 2024-01-04 09:30:52 +07:00
Khue Doan
d2dd44920f refactor(cilium): disable Cilium Ingress 
Missing some L7 features compare to NGINX.
 2024-01-04 09:30:52 +07:00
Khue Doan
66a7ea04ce fix(cilium): upgrade to v1.15 pre-release 
For L2 Announcements bug fix, older version stops working after a
while.
 2024-01-04 09:30:52 +07:00
Khue Doan
88eab4ace1 refactor(external): remove IP whitelist for Cloudflare tokens 
For home networks without static IP, external-dns and cert-manager might
fail after some time if this module is not applied.
 2023-12-22 12:58:42 +07:00
Khue Doan
65af4ff8e6 refactor!: remove MetalLB 
Replaced by Cilium L2 Aware LB.

Additionally, the default Zerotier route was changed to match the
LB IP pool rather than the entire home subnet. This makes it easier
to manage in the configure script and can be updated to any value
later if needed.
 2023-12-22 00:34:23 +07:00
Khue Doan
9f0d389abc feat!: install Cilium 
Installed using Ansible instead of ArgoCD because Cilium replaces
the default CNI, so ArgoCD pod cannot be scheduled before Cilium
is installed.
 2023-12-22 00:31:16 +07:00
Khue Doan
7c0a784501 fix(k3s): move stargz config to all nodes 
Instead of just master nodes.
 2023-12-21 12:14:23 +07:00
Khue Doan
de22314b0a perf(external-dns): trigger DNS update based on k8s events 
- Reduce polling from 1m (default) to 5m
- More responsive updates
 2023-12-21 12:11:42 +07:00
Khue Doan
faf4e2504d test: add more ingress checks 2023-11-27 18:53:19 +07:00
Khue Doan
bb27f0a607 perf(gitea): only run config job when config files changed 2023-11-27 00:41:38 +07:00
Khue Doan
002e725e6b perf(secret-generator): only run job when config changed 2023-11-27 00:36:03 +07:00
Khue Doan
5e76122a04 refactor(global-secrets): move secret store to the same namespace 
Otherwise RBAC will be much more complicated.
 2023-11-26 17:39:49 +07:00
Khue Doan
dc16d94071 fix(external-secrets): fix incorrect service account name 2023-11-26 17:26:22 +07:00
Khue Doan
fc2d0d48a5 docs: update decision record for Vault removal 2023-11-26 16:43:39 +07:00
Khue Doan
093cc0d713 chore: remove reference to Vault in docs and scripts 2023-11-26 16:27:11 +07:00
Khue Doan
ca6a82737c refactor!: update post install script to write to k8s secret instead of Vault 2023-11-26 16:12:25 +07:00
Khue Doan
97d3fbc0eb refactor!: make secret generator write to k8s Secrets instead of Vault 2023-11-26 16:11:50 +07:00
Khue Doan
37a324f71a refactor!: replace Vault with in-cluster global secrets 2023-11-26 03:11:08 +07:00
Khue Doan
54e071e0f2 refactor(k3s): remove system upgrade controller 
More trouble than it's worth.
Update Ansible to upgrade k3s instead.
 2023-11-19 12:50:36 +07:00
Khue Doan
774e6086b4 perf(k3s): enable image lazy pulling with eStargz 
Note that this is experimental.

https://docs.k3s.io/advanced#enabling-lazy-pulling-of-estargz-experimental
 2023-11-19 12:11:13 +07:00
Khue Doan
e28bada08e refactor: remove explicit StorageClass selection 
Previously PVCs need to define storage class explicitly because if
a PVC was created before Longhorn is ready, it will stay pending forever
until we delete and recreate it (ArgoCD didn't have sync wave for
ApplicationSet back then).

Kubernetes 1.28 has retroactive assignment of a default StorageClass for
existing unbound persistent volume claims without any storage class assigned.

https://kubernetes.io/blog/2023/08/15/kubernetes-v1-28-release/#automatic-retroactive-assignment-of-a-default-storageclass-graduates-to-stable
 2023-11-19 12:04:10 +07:00
Khue Doan
f4ee4be035 chore(k3s): upgrade to Kubernetes 1.28 2023-11-19 12:00:52 +07:00
Khue Doan
a361fe3b57 chore(metal): update OS image to Fedora 39 2023-11-19 11:00:58 +07:00
Khue Doan
674e7e6505 fix(speedtest): increase ingress body size 
Otherwise it will return unrealisticly high upload measurements.
See https://openspeedtest.com/selfhosted-speedtest#Source-Code-Docker
 2023-11-05 20:42:43 +07:00
Khue Doan
db4c2f8ca1 feat: install OpenSpeedTest 2023-11-05 19:24:34 +07:00
Khue Doan
d0d64baa73 docs: update logo links 2023-10-27 20:25:48 +07:00
Khue Doan
9df8fea615 chore: upgrade all test packages to latest 2023-10-27 19:25:42 +07:00
Khue Doan
60fd8b9e9a build!: switch to Nix flake 2023-10-27 16:37:53 +07:00
Khue Doan
da9afc6de0 docs: add project logo favicon 2023-06-18 22:35:47 +07:00