roger/k3s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94 Commits 1 Branch 0 Tags
6e02d9a885c314525091a4acafeb7462c5d8c27a
Commit Graph

94 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Roger Oriol
6e02d9a885 new platform engineer agent 2026-06-27 00:09:39 +02:00
Roger Oriol
d8012dfb6c monitoring: add dashboard ideas doc 
Survey of dashboards that could be built from existing and not-yet-enabled
metrics across the cluster's services (traefik, coredns, metallb, cert-manager,
phoenix, litellm, gitea, postgres, etc.), with per-service enable steps and
a recommended priority order.
 2026-06-26 20:22:54 +02:00
Roger Oriol
bf1387dc3e monitoring: add Grafana dashboards + kube-state-metrics & node-exporter 
Dashboards (provisioned via ConfigMaps into Grafana pod, 'K3s Cluster' folder):
- Cluster Overview: per-namespace CPU/mem/net/fs, pod counts, pod health (KSM)
- Pods & Services: per-pod CPU/mem/net/fs, throttling, pod status, restarts, PVCs
- Nodes: per-node CPU%/mem%, load average, disk usage, network (node-exporter)
- Control Plane & API Server: request rate, latency p95, 5xx, kubelet/PLEG
- Prometheus Self-Monitoring: ingestion, series, scrape duration, memory

Exporters (auto-scraped via existing kubernetes-service-endpoints job):
- kube-state-metrics: pod/deployment/PVC/replica state (kube_pod_status_phase,
  kube_pod_container_status_restarts_total, kube_persistentvolumeclaim_*)
- node-exporter (DaemonSet, hostNetwork): node_cpu_seconds_total,
  node_memory_*, node_filesystem_*, node_load*, node_network_*
 2026-06-26 19:48:17 +02:00
Roger Oriol
2eab82b430 fix nas ingress 2026-06-26 19:01:08 +02:00
Roger Oriol
3cdd40153f fix nas ingress 2026-06-26 18:54:17 +02:00
Roger Oriol
9f74a88be7 fix nas ingress 2026-06-26 18:40:41 +02:00
Roger Oriol
586e95a57d fix nas ingress 2026-06-26 18:25:29 +02:00
Roger Oriol
9f7e34ef78 fix prometheus ingress 2026-06-26 18:06:01 +02:00
Roger Oriol
b43874bdcd Expose minecraft server over TCP via MetalLB 
Minecraft Java Edition uses raw TCP on port 25565, not HTTP. The previous
ClusterIP Service + HTTP Ingress (Traefik 80/443) could not carry TCP 25565
traffic, so minecraft.rogi.casa:25565 was unreachable.

- Change Service to LoadBalancer with fixed IP 10.88.20.103 (dmz-pool),
  matching the pihole-dns pattern, so port 25565 is exposed directly.
- Remove the dead HTTP ingress (it routed HTTP to a TCP game port).
 2026-06-26 13:38:43 +02:00
Roger Oriol
da2bae6fa5 Merge branch 'main' of https://git.rogi.casa/roger/k3s-cluster 2026-06-26 12:01:29 +02:00
Roger Oriol
e77e170421 fix(homeassistant): trust k3s pod/service CIDRs as X-Forwarded-For proxies 
HA runs with hostNetwork on roger-nucbox-evo-x2 while Traefik runs on the
raspberrypi node, so requests arrive at HA from 10.88.20.11. The previous
trusted_proxies entry (10.88.88.0/24) did not include this address, causing
HA to reject X-Forwarded-For and return 400 on every ingress request.
 2026-06-26 11:58:46 +02:00
Gitea Actions
ec947bd58a Update gym-tracker image to 945910a 2026-06-25 19:03:07 +00:00
Gitea Actions
3e57da467d Update myorg-assistant image to fcf79bf 2026-06-25 11:15:19 +00:00
Gitea Actions
9eecedc396 Update gym-tracker image to 0411783 2026-06-25 10:13:21 +00:00
Roger Oriol
ab6b5dc407 fix container registry url 2026-06-25 11:55:35 +02:00
Roger Oriol
723693eb07 take out gitea runner secret 2026-06-24 22:30:44 +02:00
Roger Oriol
3ed4acd7ec change gitea runner token 2026-06-24 22:20:53 +02:00
Roger Oriol
1bcfc13047 fix gitea config 2026-06-24 20:38:28 +02:00
Roger Oriol
b49918ed67 fix(phoenix): remove ServiceMonitor (no Prometheus Operator in cluster) 
The ServiceMonitor CRD (monitoring.coreos.com) is not installed because this
cluster runs a standalone Prometheus deployment, not the Prometheus Operator.
The manifest itself noted 'only apply if Prometheus Operator is installed'.
Removing it unblocks the phoenix app sync.
 2026-06-23 12:04:12 +02:00
Roger Oriol
66433ff0b1 fix tls: use letsencrypt-prod cluster-issuer for jellyfin/n8n/qbittorrent/myorg/phoenix/fava 
The ingresses referenced a Cloudflare OriginIssuer 'prod-issuer' whose CRD
and controller are not installed in the cluster, so cert-manager could not
issue certs and Traefik served a default cert (invalid SSL). Switch to the
existing letsencrypt-prod ClusterIssuer with specific hostnames + per-app
secrets, matching the working ingresses (http-01 cannot issue wildcards).
 2026-06-23 11:46:38 +02:00
Roger Oriol
872d2d0622 fix nas nfs server: use LAN IP 10.88.30.10 (pv nfs source is immutable + nodes dont use pihole) 2026-06-23 11:12:00 +02:00
Roger Oriol
67732d0898 fix contabilitat git url 2026-06-23 10:47:10 +02:00
Roger Oriol
47ab20dd55 fix qbittorrent nas url 2026-06-23 10:37:12 +02:00
Roger Oriol
c5e2a06c54 fix git url in fava 2026-06-23 10:34:36 +02:00
Roger Oriol
a6ac71c6b5 fix nas ip 2026-06-23 10:31:02 +02:00
Roger Oriol
139bb366bb gitea subdomain 2026-06-23 01:22:46 +02:00
Roger Oriol
f6562df066 create argocd apps declaratively 2026-06-23 01:03:06 +02:00
Roger Oriol
01321bf50c nas ingress 2026-06-23 00:31:04 +02:00
Roger Oriol
153cf16194 refactor ingresses 2026-06-23 00:26:29 +02:00
Roger Oriol
ce178d06c0 pihole namespace 2026-06-22 23:54:47 +02:00
Roger Oriol
e359984c73 pihole ingress 2026-06-22 23:51:35 +02:00
Roger Oriol
fe2f1b85f8 argocd and cert-manager 2026-06-22 23:40:37 +02:00
Roger Oriol
12c2832ec0 change traefik file size limit to 5gb for nas.rogi.casa 2026-03-10 19:59:54 +01:00
Roger Oriol
3ff8312e35 fix liveness proba for myorg-assistant app 2026-02-14 12:04:37 +01:00
Roger Oriol
4fa91f8724 git init script 2026-02-10 23:49:54 +01:00
Roger Oriol
a0976f4731 myorg ingress 2026-02-10 23:40:42 +01:00
Gitea Actions
83d4d68719 Update myorg-assistant image to 5215cd9 2026-02-08 14:25:46 +00:00
Gitea Actions
44234982b7 Update myorg-assistant image to 0060430 2026-02-08 11:14:55 +00:00
Roger Oriol
4007b102e8 upgrade myorg-assitant image to latest 2026-02-07 18:54:32 +01:00
Roger Oriol
6f00fd1e51 use gitea imatge pull secret for myorg assistant 2026-02-07 18:03:19 +01:00
Roger Oriol
51c8daeb0c use gitea imatge pull secret for myorg assistant 2026-02-07 17:56:57 +01:00
Gitea Actions
7205f57028 Update myorg-assistant image to 518b350 2026-02-07 16:21:06 +00:00
Roger Oriol
83b2dbda38 myorg-assitant image 2026-02-07 17:18:00 +01:00
Roger Oriol
a895d4cf33 myorg assistant 2026-02-03 23:56:31 +01:00
Roger Oriol
aa4793dd51 memory fixes 2026-02-02 20:47:09 +01:00
Roger Oriol
b6284bec1f fava service 2026-01-31 12:12:31 +01:00
Roger Oriol
5f1dc8bd2c fava service 2026-01-31 12:06:27 +01:00
Roger Oriol
6ff7ee5511 fava service 2026-01-31 12:05:51 +01:00
Roger Oriol
7124b6aa95 fava service 2026-01-31 11:39:30 +01:00
Roger Oriol
01c07d50c3 fava service 2026-01-31 11:06:54 +01:00