ryan/lunarfront-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75 Commits 1 Branch 0 Tags
d0cb06c9dfce7206d8a44175406f0139d4aedeef
Commit Graph

75 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Moon
d0cb06c9df feat: add ClusterRole for customer provisioning, register DOCR helm repo, remove stale test customer 2026-04-03 18:53:11 -05:00
Ryan Moon
ea926e1972 feat: add App of Apps to auto-deploy customers from customers/ dir 2026-04-03 18:41:28 -05:00
lunarfront-manager
655146d6b8 feat: provision customer test 2026-04-03 23:37:46 +00:00
lunarfront-manager
6ff42ebe88 chore: deprovision customer test 2026-04-03 23:33:05 +00:00
lunarfront-manager
4635853af6 feat: provision customer test 2026-04-03 23:14:23 +00:00
Ryan Moon
3191f697b5 feat: add kustomization for image updater support 2026-04-03 15:33:25 -05:00
Ryan Moon
8badd440ed feat: use ArgoCD Image Updater for manager auto-deploy 2026-04-03 15:32:12 -05:00
lunarfront-bot
2b59d7733f chore: update manager image to v0.2.1 2026-04-03 20:28:37 +00:00
Ryan Moon
26170018e7 chore: pin manager image tag for auto-update 2026-04-03 15:27:19 -05:00
Ryan Moon
e5d7bf35b9 fix: update manager image path to match DOCR repo 2026-04-03 15:22:11 -05:00
Ryan Moon
7c590daa75 fix: remove nginx IP whitelist, access controlled by Cloudflare and JWT 2026-04-03 15:07:20 -05:00
Ryan Moon
0680d89474 feat: pull manager image from DOCR 2026-04-03 08:40:19 -05:00
Ryan Moon
8d53a603b0 fix: run haproxy as root to bind port 443 2026-04-03 08:04:10 -05:00
Ryan Moon
46fda1f393 fix: add NET_BIND_SERVICE capability to haproxy for port 443 2026-04-03 08:02:14 -05:00
Ryan Moon
0d18d36d18 fix: increase haproxy memory limit to 128Mi 2026-04-03 08:01:16 -05:00
Ryan Moon
0737bf0e69 fix: add haproxy sidecar to prepend PROXY protocol for registry pushes 
Routes git.lunarfront.tech:443 through a local haproxy that adds the
PROXY protocol header nginx requires, bypassing the DO LB hairpin.
 2026-04-03 07:59:25 -05:00
Ryan Moon
78e2a36859 feat: add JWT_SECRET env var to manager deployment 2026-04-03 07:41:40 -05:00
Ryan Moon
56cb7ce6dc fix: auto-register runner if .runner file missing, store state in /data 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 07:32:18 -05:00
Ryan Moon
a6926c4b04 fix: use nc TCP check for dind readiness instead of docker info 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 07:30:01 -05:00
Ryan Moon
f82fc1252c fix: move dind wait into runner container command to fix init deadlock 2026-04-03 07:23:43 -05:00
Ryan Moon
a7facce892 fix: use Recreate strategy for single-replica RWO PVC workloads (gitea, runner) 2026-04-03 07:17:49 -05:00
Ryan Moon
2af2ceb91c feat: pin all system workloads to system node pool 2026-04-03 07:12:15 -05:00
Ryan Moon
c82a533c61 feat: add manager db to pgbouncer 2026-04-03 06:51:55 -05:00
Ryan Moon
899dc7980f feat: add manager deployment manifests 2026-04-03 06:49:58 -05:00
Ryan Moon
bda73afa18 fix: add hostAliases for git.lunarfront.tech so dind can reach registry via nginx 2026-04-03 06:48:35 -05:00
Ryan Moon
705dab6e49 fix: add init container to wait for dind before starting runner 2026-04-03 06:37:57 -05:00
Ryan Moon
fd5be2805f fix: use internal Gitea service URL to avoid LB hairpin on gRPC 2026-04-03 06:36:39 -05:00
Ryan Moon
285ae3665c fix: route runner to nginx ClusterIP to avoid DO LB hairpin 2026-04-03 06:33:08 -05:00
Ryan Moon
87c0ed0931 chore: remove windmill pgbouncer config and values 2026-04-03 06:16:21 -05:00
Ryan Moon
9f3abebf32 chore: remove windmill 2026-04-03 06:15:15 -05:00
Ryan Moon
07899caa9c fix: increase windmill pool size to 10 to prevent query_wait_timeout 2026-04-03 06:13:37 -05:00
Ryan Moon
b0037459ee fix: use session pooling for windmill (prepared statements incompatible with transaction mode) 2026-04-02 22:29:58 -05:00
Ryan Moon
1cd7e9a818 fix: use session pooling for gitea (prepared statements incompatible with transaction mode) 2026-04-02 22:27:46 -05:00
Ryan Moon
969948691f fix: reduce pool size to 3, add server_reset_query for transaction mode 2026-04-02 22:26:17 -05:00
Ryan Moon
9858867bae fix: disable SSL for gitea→pgbouncer connection (pgbouncer handles TLS to DO) 2026-04-02 22:21:10 -05:00
Ryan Moon
964ddad2d0 feat: switch gitea+windmill to shared pgbouncer, disable windmill's built-in 2026-04-02 22:19:17 -05:00
Ryan Moon
1ba206283e fix: use correct pgbouncer binary path /opt/pgbouncer/pgbouncer 2026-04-02 22:17:28 -05:00
Ryan Moon
e85afcbe7a fix: override pgbouncer entrypoint to use config file directly 2026-04-02 22:16:21 -05:00
Ryan Moon
46c78cc11f fix: use pgbouncer/pgbouncer:latest image tag 2026-04-02 22:14:41 -05:00
Ryan Moon
54591c43ef feat: add shared PgBouncer deployment 2026-04-02 22:13:34 -05:00
Ryan Moon
ed98974c91 fix: enable PgBouncer to manage Postgres connection pool 2026-04-02 22:00:58 -05:00
Ryan Moon
ba667b9edd fix: use baseDomain/baseProtocol instead of baseUrl for Windmill ingress 2026-04-02 22:00:10 -05:00
Ryan Moon
951b9c15a7 fix: remove manual hosts from ingress, let chart derive from baseUrl 2026-04-02 21:58:25 -05:00
Ryan Moon
683f01213a fix: set 1 replica per worker group, lower resource requests 2026-04-02 21:56:16 -05:00
Ryan Moon
68ad0a744f fix: reduce Windmill worker resource requests 2026-04-02 21:52:12 -05:00
Ryan Moon
67def0a249 fix: correct Windmill helm chart repo URL 2026-04-02 21:42:22 -05:00
Ryan Moon
e3fe6bac3e feat: add Windmill deployment 2026-04-02 21:39:54 -05:00
Ryan Moon
6d73a50065 feat: add cert-manager-config ArgoCD app 2026-04-02 21:32:45 -05:00
Ryan Moon
4963f26cfc fix: use DNS-01 Cloudflare solver for cert-manager 2026-04-02 21:30:11 -05:00
Ryan Moon
2c2f18bb25 feat: switch to Let's Encrypt cert via cert-manager 2026-04-02 21:24:10 -05:00