0dee133377
- Move Keycloak off Helm to plain Crossplane Object manifests (PostgreSQL + Keycloak deployment) - Add Vaultwarden SSO/OIDC config with Keycloak, fix Recreate deployment strategy for RWO volumes - Switch routing from Helm-based Pomerium to pomerium-allinone with all service routes - Deploy Argo Workflows (controller, server, CRDs, RBAC) with KEDA queue-depth autoscaling - Add Civo cluster autoscaler with pool-scaler for zero-to-one scale-up via Civo API - Add node-labeler to auto-tag nodes by pool membership for nodeSelector scheduling - Set up mTLS container registry at registry.nge6.com (Forgejo built-in, client cert required) - Add internal registry route (registry-internal.nge6.com) for in-cluster image pulls - Fix DNS records for new Emissary LB IP (212.2.241.28) - Fix CoreDNS crash from invalid custom config - Fix Emissary apiext expired webhook CA certificate Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
73 lines
2.3 KiB
YAML
73 lines
2.3 KiB
YAML
# Cluster autoscaler - Crossplane-managed to prevent marketplace overwriting config
|
|
# Main pool (fc94): fixed at 3 nodes
|
|
# High-compute pool (cc28): scales 0-5 based on demand
|
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
|
kind: Object
|
|
metadata:
|
|
name: cluster-autoscaler-deployment
|
|
namespace: crossplane-system
|
|
spec:
|
|
providerConfigRef:
|
|
name: kubernetes-provider
|
|
forProvider:
|
|
manifest:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cluster-autoscaler
|
|
namespace: kube-system
|
|
labels:
|
|
app: cluster-autoscaler
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: cluster-autoscaler
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cluster-autoscaler
|
|
spec:
|
|
serviceAccountName: cluster-autoscaler
|
|
containers:
|
|
- name: cluster-autoscaler
|
|
image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.1
|
|
command:
|
|
- ./cluster-autoscaler
|
|
- --v=4
|
|
- --stderrthreshold=info
|
|
- --cloud-provider=civo
|
|
- --nodes=3:3:1b886eac-942e-40bf-8f70-7a5496f2fd3b
|
|
- --nodes=0:1:high-compute
|
|
- --skip-nodes-with-local-storage=false
|
|
- --skip-nodes-with-system-pods=false
|
|
- --scale-down-unneeded-time=5m
|
|
- --scale-down-delay-after-add=5m
|
|
env:
|
|
- name: CIVO_API_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: api-url
|
|
name: civo-api-access
|
|
- name: CIVO_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: api-key
|
|
name: civo-api-access
|
|
- name: CIVO_CLUSTER_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: cluster-id
|
|
name: civo-api-access
|
|
- name: CIVO_REGION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: region
|
|
name: civo-api-access
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 300Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 300Mi
|