2026-02-28 13:42:27 +00:00
|
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
|
|
|
kind: Kustomization
|
|
|
|
|
|
|
|
|
|
namespace: data
|
|
|
|
|
|
|
|
|
|
resources:
|
|
|
|
|
- namespace.yaml
|
|
|
|
|
- postgres-cluster.yaml
|
|
|
|
|
- valkey-deployment.yaml
|
|
|
|
|
- valkey-service.yaml
|
|
|
|
|
- opensearch-deployment.yaml
|
|
|
|
|
- opensearch-service.yaml
|
feat(infra): data, storage, devtools, and ory layer updates
- data: CNPG cluster tuning, OpenBao values, OpenSearch deployment fixes,
OpenSearch PVC, barman vault secret for S3 backup credentials
- storage: SeaweedFS filer updates (s3.json via secret subPath), PVC for
filer persistent storage
- devtools: Gitea values (SSH service, custom theme), gitea-theme-cm ConfigMap
- ory: add kratos-selfservice-urls.yaml for self-service flow URLs
- media: LiveKit values updated (TURN config, STUN, resource limits)
- vso: kustomization cleanup
2026-03-06 12:07:28 +00:00
|
|
|
- opensearch-pvc.yaml
|
|
|
|
|
- barman-vault-secret.yaml
|
2026-03-25 17:53:59 +00:00
|
|
|
- opensearch-servicemonitor.yaml
|
sol v1.1.0: SearXNG web search, evaluator redesign, research agents
- SearXNG deployment in data namespace (free, no-tracking web search)
- sol-config: SearXNG URL, research config, identity agent, updated
system prompt (DM search rules, research mode, silence, hard rules)
- sol-deployment: debug logging (RUST_LOG=sol=debug), full image path
- opensearch: tolerate missing prometheus-exporter plugin on OS 3
2026-03-23 09:54:56 +00:00
|
|
|
- opensearch-alertrules.yaml
|
2026-03-25 17:53:59 +00:00
|
|
|
- cnpg-podmonitor.yaml
|
|
|
|
|
- openbao-servicemonitor.yaml
|
sol v1.1.0: SearXNG web search, evaluator redesign, research agents
- SearXNG deployment in data namespace (free, no-tracking web search)
- sol-config: SearXNG URL, research config, identity agent, updated
system prompt (DM search rules, research mode, silence, hard rules)
- sol-deployment: debug logging (RUST_LOG=sol=debug), full image path
- opensearch: tolerate missing prometheus-exporter plugin on OS 3
2026-03-23 09:54:56 +00:00
|
|
|
- postgres-alertrules.yaml
|
|
|
|
|
- openbao-alertrules.yaml
|
feat(monitoring): comprehensive alerting overhaul, 66 rules across 14 PrometheusRules
The Longhorn memory leak went undetected for 14 days because alerting
was broken (email receiver, missing label selector, no node alerts).
This overhaul brings alerting to production grade.
Fixes:
- Alloy Loki URL pointed to deleted loki-gateway, now loki:3100
- seaweedfs-bucket-init crash on unsupported `mc versioning` command
- All PrometheusRules now have `release: kube-prometheus-stack` label
- Removed broken email receiver, Matrix-only alerting
New alert coverage:
- Node: memory, CPU, swap, filesystem, inodes, network, clock skew, OOM
- Kubernetes: deployment down, CronJob failed, pod crash-looping, PVC full
- Backups: Postgres barman stale/failed, WAL archiving, SeaweedFS mirror
- Observability: Prometheus WAL/storage/rules, Loki/Tempo/AlertManager down
- Services: Stalwart, Bulwark, Tuwunel, Sol, Valkey, OpenSearch (smart)
- SLOs: auth stack 99.9% burn rate, Matrix 99.5%, latency p95 < 2s
- Recording rules for Linkerd RED metrics and node aggregates
- Watchdog heartbeat → Matrix every 12h (dead pipeline detection)
- Inhibition: critical suppresses warning for same alert+namespace
- OpenSearchClusterYellow only fires with >1 data node (single-node aware)
2026-04-06 15:52:06 +01:00
|
|
|
- valkey-alertrules.yaml
|
sol v1.1.0: SearXNG web search, evaluator redesign, research agents
- SearXNG deployment in data namespace (free, no-tracking web search)
- sol-config: SearXNG URL, research config, identity agent, updated
system prompt (DM search rules, research mode, silence, hard rules)
- sol-deployment: debug logging (RUST_LOG=sol=debug), full image path
- opensearch: tolerate missing prometheus-exporter plugin on OS 3
2026-03-23 09:54:56 +00:00
|
|
|
- searxng-deployment.yaml
|
2026-02-28 13:42:27 +00:00
|
|
|
|
|
|
|
|
helmCharts:
|
|
|
|
|
# helm repo add cnpg https://cloudnative-pg.github.io/charts
|
|
|
|
|
- name: cloudnative-pg
|
|
|
|
|
repo: https://cloudnative-pg.github.io/charts
|
|
|
|
|
version: "0.27.1"
|
2026-02-28 14:00:31 +00:00
|
|
|
releaseName: cloudnative-pg
|
2026-02-28 13:42:27 +00:00
|
|
|
namespace: data
|
feat: bring up local dev stack — all services running
- Ory Hydra + Kratos: fixed secret management, DSN config, DB migrations,
OAuth2Client CRD (helm template skips crds/ dir), login-ui env vars
- SeaweedFS: added s3.json credentials file via -s3.config CLI flag
- OpenBao: standalone mode with auto-unseal sidecar, keys in K8s secret
- OpenSearch: increased memory to 1.5Gi / JVM 1g heap
- Gitea: SSL_MODE disable, S3 bucket creation fixed
- Hive: automountServiceAccountToken: false (Lima virtiofs read-only rootfs quirk)
- LiveKit: API keys in values, hostPort conflict resolved
- Linkerd: native sidecar (proxy.nativeSidecar=true) to avoid blocking Jobs
- All placeholder images replaced: pingora→nginx:alpine, login-ui→oryd/kratos-selfservice-ui-node
Full stack running: postgres, valkey, openbao, opensearch, seaweedfs,
kratos, hydra, gitea, livekit, hive (placeholder), login-ui
2026-02-28 22:08:38 +00:00
|
|
|
|
|
|
|
|
# helm repo add openbao https://openbao.github.io/openbao-helm
|
|
|
|
|
- name: openbao
|
|
|
|
|
repo: https://openbao.github.io/openbao-helm
|
|
|
|
|
version: "0.25.6"
|
|
|
|
|
releaseName: openbao
|
|
|
|
|
namespace: data
|
|
|
|
|
valuesFile: openbao-values.yaml
|