vikingowl/marktvogt.de
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
197 Commits 5 Branches 0 Tags
94aa261c9033aaa140ea1862d6e8cfc569def415
Commit Graph

12 Commits

Author SHA1 Message Date
vikingowl f9b77f362f chore(helm): right-size resource requests/limits per cluster telemetry 
Drop requests to match observed peak usage and widen CPU limits for
burst headroom (Burstable QoS). Backend, web, Postgres, and Dragonfly
all had requests == limits pinned at defaults well above measured
7-day peaks.

- backend: req 100m/128Mi -> 50m/64Mi, lim 100m/128Mi -> 200m/128Mi
- web:     req 100m/128Mi -> 50m/96Mi, lim 100m/128Mi -> 200m/128Mi
- postgres (CNPG): req 50m/256Mi -> 15m/128Mi, lim 200m/512Mi -> 100m/256Mi
- dragonfly: req 100m/128Mi -> 100m/72Mi, lim 100m/128Mi -> 150m/128Mi

RAM limits unchanged where reasonable to preserve OOM protection;
Dragonfly CPU request kept at 100m (peak 74m) but limit raised to
avoid throttling under brief bursts.
 2026-04-18 04:36:12 +02:00
vikingowl 01881e56bc fix(helm): update imagePullSecret to itsh-registry 2026-04-06 20:01:32 +02:00
vikingowl cb996f46bb fix(ci): switch container registry to registry.itsh.dev 2026-04-06 19:48:56 +02:00
vikingowl 553ceb5d85 fix(helm): Helm 4 CI, startup probe, guaranteed QoS, config checksum 
- Upgrade CI deploy to Helm 4.1 with --rollback-on-failure --wait=watcher
- Replace initialDelaySeconds with startup probe (15x2s=30s window)
- Set resources req=limit (100m/128Mi) for Guaranteed QoS class
- Add ConfigMap checksum annotation to trigger rollouts on config changes
 2026-04-01 23:47:20 +02:00
vikingowl 8f306059d8 fix(helm): lower resource limits to fit within tenant-quota (1 CPU) 
Set web limits to 200m/256Mi to stay within the tenant-1
ResourceQuota of 1 CPU total.
 2026-03-08 19:29:51 +01:00
vikingowl 62a9f682a0 feat(helm): add HTTPRoute sectionName and HTTP→HTTPS redirect, update resources 
Add sectionName to HTTPRoute for HTTPS listener pinning and a separate
HTTP→HTTPS 301 redirect route. Update resources from req=limit to
request/limit separation for pay-as-you-go billing.
 2026-03-08 19:04:30 +01:00
vikingowl 612231d977 chore: normalize resources to 100m/100Mi and enable zero-downtime deploys 
Set CPU and memory requests equal to limits (100m/100Mi). Switch rolling
update strategy to maxSurge=1, maxUnavailable=0 so new pods start
before old ones terminate.
 2026-03-05 18:25:47 +01:00
vikingowl dd4e6184ac feat: add user dropdown menu, password management, fix Turnstile keys 
- Replace inline nav items with UserMenu dropdown (display name trigger,
  Profil/Sicherheit/Admin/Abmelden, click-outside/Escape to close)
- Add password set/change form to profile security section
- Fix Turnstile site key (extra A, swapped l/1)
 2026-02-27 14:39:01 +01:00
vikingowl bb6912d94d fix: add Turnstile site key to runtime ConfigMap 
The page uses $env/dynamic/public which reads env vars at runtime,
not build time. The Docker build ARG/ENV only exists in the builder
stage and doesn't propagate to the Node.js runtime container.

Add PUBLIC_TURNSTILE_SITE_KEY to the Helm ConfigMap so it's
available as a process.env var when the SSR server runs.
 2026-02-27 14:21:02 +01:00
vikingowl bf1ba11de2 fix(deploy): add seccompProfile RuntimeDefault to satisfy PodSecurity restricted policy 2026-02-22 10:03:33 +01:00
vikingowl 2f9f4c4b49 fix(ci): correct registry to somegit.dev 2026-02-22 09:50:49 +01:00
vikingowl 2718321201 feat(deploy): add container build and Helm chart for k8s deployment 
- Switch adapter-auto to adapter-node (SSR) for container deployment
- Add multi-stage Dockerfile: Bun build, Node.js 22 runtime, UID 65534
- Add Helm chart (deploy/helm/) with Deployment, Service, HTTPRoute, HPA, PDB, ServiceAccount
- Use HTTPRoute (Gateway API) targeting nginx-gateway, TLS via cert-manager
- Enforce readOnlyRootFilesystem with emptyDir for /tmp
- Set ORIGIN env var for adapter-node CSRF protection
- Add Woodpecker CI: typecheck, docker push (SHA tag), helm upgrade --atomic
 2026-02-22 09:32:13 +01:00