duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35 Commits 1 Branch 0 Tags
dac76b9713917f96bad6b7ed6ca263b80ac13d2a
Commit Graph

32 Commits

Author SHA1 Message Date
duynguyen
dac76b9713 feat: enable metrics service for ArgoCD components 
Updated values.yaml to enable metrics service for the controller, server, repoServer, and applicationSet components, allowing for improved monitoring and observability through Prometheus ServiceMonitor.
 2026-05-03 14:03:16 +07:00
duynguyen
36112376cd feat: add sonarqube-token ExternalSecret and Jenkins credential 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-02 14:51:58 +07:00
duynguyen
1e6b9190f9 fix: update SonarQube monitoring passcode configuration 2026-04-27 22:10:29 +07:00
duynguyen
a1c47af353 feat: add ExternalSecret for SonarQube monitoring passcode 2026-04-27 22:08:48 +07:00
duynguyen
e42544c877 add sonarqube 2026-04-27 21:52:01 +07:00
duynguyen
142dd15922 feat: register homelab shared library in Jenkins JCasC 
Adds global pipeline library 'homelab' pointing to
gitea.fireflylab.cc/duynguyen/homelab-jenkins-shared-libs.git
on main branch. Uses gitea-credentials for auth.
 2026-04-26 13:57:56 +07:00
duynguyen
f230fd831e fix: move ExternalSecrets into Helm extraObjects 
ArgoCD treats manifest/jenkins as Helm app → ignores subdirectory
YAML files. Moving ExternalSecrets into values.extraObjects ensures
Helm renders + applies them. sync-wave -1 guarantees secrets exist
before Jenkins pod mounts them.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 16:25:17 +07:00
duynguyen
738688ab2c fix: add sync-wave -1 to Jenkins ExternalSecrets 
Secrets must exist before Jenkins pod mounts them.
Sync wave -1 ensures ESO creates secrets before Jenkins Helm resources.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 16:18:18 +07:00
duynguyen
afadbbbf7d feat: add harbor/gitea credentials via Vault ESO + JCasC 
- ExternalSecret manifests sync kv/jenkins/{harbor,gitea}-credentials
  from Vault → K8s secrets in jenkins namespace
- Jenkins values: additionalExistingSecrets mounts both secrets
- JCasC configScript creates harbor-credentials + gitea-credentials
  pipeline credentials from mounted secret env vars

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 16:01:22 +07:00
duynguyen
9419f7d4a3 security: switch ESO→Vault auth from token to k8s SA 
Remove static Vault token from Git (was exposed in vault-token-secret.yaml).
ESO now authenticates via Kubernetes service account JWT → short-lived tokens.
Add sync-hook Job to configure Vault k8s auth idempotently on ArgoCD sync.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 13:08:21 +07:00
duynguyen
11bb25d772 chore: increase storage allocations for Harbor components and enable Trivy scanner 2026-04-14 14:29:04 +07:00
duynguyen
15cff5b327 chore: reduce Harbor storage size and configure Longhorn HTTPRoute via Gateway API 2026-04-14 11:37:27 +07:00
duynguyen
7b5f57d24e chore: disable Trivy scanner in Harbor configuration 2026-04-13 19:21:56 +07:00
duynguyen
1cfda7da6b fix: update nginx TLS condition, set default commonName, and increase registry storage size 2026-04-13 19:12:49 +07:00
duynguyen
12ef1b9cb5 feat: initialize Harbor Helm chart with full component templates and configuration values 2026-04-13 18:19:27 +07:00
duynguyen
4d17b17d1c fix: update external-secrets API version and escape template syntax in grafana-admin-secret manifest 2026-04-13 11:42:37 +07:00
duynguyen
995d526bd1 feat: configure Grafana admin credentials via ExternalSecret in kube-prometheus-stack values 2026-04-13 00:04:50 +07:00
duynguyen
75420b461e feat: add full kube-prometheus-stack helm chart manifests and templates 2026-04-12 23:55:42 +07:00
duynguyen
5b57892a19 fix: enable secret creation for Jenkins admin user in values.yaml 2026-04-12 23:43:12 +07:00
duynguyen
741e3fb63b chore: update jenkins values to use existing-secret for admin credentials 2026-04-12 23:26:38 +07:00
duynguyen
eb00e23e48 chore: update ExternalSecret apiVersion to v1 2026-04-12 22:52:58 +07:00
duynguyen
6e27e6ec5f rename folder 2026-04-12 22:41:31 +07:00
duynguyen
7190c2befe feat: configure External Secrets with Vault backend and enable Jenkins secret synchronization 2026-04-12 22:37:56 +07:00
duynguyen
bf97781fbc Remove namespaceOverride value from External Secrets Helm chart configuration in values.yaml. 2026-04-12 21:41:30 +07:00
duynguyen
26f8dd6b11 Remove ArgoCD certificate and key files; add External Secrets Helm chart with Bitwarden SDK server integration, including configuration files, templates, and monitoring dashboard. 2026-04-12 21:11:11 +07:00
duynguyen
9545b79b7a Update Jenkins values.yaml to enable external secret integration and adjust existingSecret configuration for Vault compatibility. 2026-04-12 20:32:23 +07:00
duynguyen
e036624a64 Add external secret configuration for Jenkins admin credentials in values.yaml and create ExternalSecret template for Vault integration. 2026-04-12 18:01:32 +07:00
duynguyen
499c71b31c Remove deprecated httproute.yaml and implement server-httproute.yaml template for Vault HTTPRoute configuration in Helm chart. 2026-04-12 17:38:48 +07:00
duynguyen
bcfb683c10 Add Vault Helm Chart with initial configuration, README, LICENSE, and changelog; updated versions for Vault and related components, using previous values.yaml 2026-04-12 17:19:05 +07:00
duynguyen
48f18f4c8c Add Jenkins Helm Chart with initial configuration, README, and changelog, using previous values.yaml 2026-04-12 17:10:24 +07:00
duynguyen
886f56059f Update ArgoCD admin password in values.yaml and add Jenkins configuration values.yaml 2026-04-12 16:46:15 +07:00
duynguyen
6181d97d65 move to manifest 2026-04-12 16:16:19 +07:00