chemavx/k8s-manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67 Commits 1 Branch 0 Tags
4facdd8515e691cb37d6eeee10445bf53eca9865
Commit Graph

7 Commits

Author SHA1 Message Date
chemavx 4facdd8515 fix(monitoring): correct alert rule pipeline to A→B(reduce)→C(threshold) 
Grafana threshold expression requires a scalar input, not a raw time
series. Added explicit reduce step (type: reduce, reducer: last) as
refId B between the Prometheus query (A) and the threshold check (C).

All 4 rules updated: CrashLoopBackOff, Disco >80%, RAM >85%, Pod Failed.
condition field changed from B → C on each rule.
 2026-04-26 15:46:39 +00:00
chemavx bb64cc9e62 fix(monitoring): hardcode chatid as string in Telegram contact point 
Grafana env var substitution of a numeric TELEGRAM_CHAT_ID caused
json unmarshal error (number into string field). chatid is not sensitive
so hardcode it directly; only bottoken uses ${TELEGRAM_BOT_TOKEN}.
 2026-04-26 15:40:21 +00:00
chemavx 94c059ccb9 feat(monitoring): Grafana alerting → Telegram for homelab 
- Secret grafana-telegram: bot token + chat ID (env var injection)
- ConfigMap grafana-alerting: provisioning files for contact point,
  notification policy, and 4 alert rules
  * Pod CrashLoopBackOff (for: 1m, noData: OK)
  * Disk > 80% on non-tmpfs filesystems (for: 5m)
  * RAM > 85% (for: 5m)
  * Pod Failed/Unknown (for: 3m, noData: OK)
- Deployment: TELEGRAM_* env vars from secret + alerting volume mount

Token interpolated via ${TELEGRAM_BOT_TOKEN} in provisioning YAML.
 2026-04-26 15:25:07 +00:00
chemavx a0d208db63 feat(grafana): add ChemaVX Homelab Overview dashboard as ConfigMap 2026-04-16 09:54:19 +00:00
chemavx 22ae5d7d4b chore: pin all floating image tags to exact running versions 
- vaultwarden/server:latest → 1.35.4
- redis:alpine → 8.6.2-alpine (authentik)
- homarr-labs/homarr:latest → 1.0.0
- gitea/gitea:latest → 1.25.5
- uptime-kuma:1 → 1.23.17

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 08:11:22 +00:00
chemavx f42cdee585 security: remove all REDACTED secrets from repo, add pre-commit guard 
- Delete 26 secret manifests containing REDACTED placeholder values
  (15 cert-manager TLS + 11 app secrets across 8 namespaces)
- REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD
  applying these manifests corrupts live secrets in the cluster
- Add .githooks/pre-commit that rejects any .yaml with REDACTED
- Add README.md documenting secret management policy and manual
  creation commands for each service
- n8n secret manifests already fixed in previous commits (618b1e8, db04fd2)
 2026-04-14 20:02:51 +00:00
chemavx ff2e6cc985 feat: export all K8 Plus cluster manifests 
Namespaces: argocd, authentik, backup-system, cloudflare-ddns,
gitea, homarr, monitoring, n8n, openclaw, polymarket-bot, vaultwarden
Cluster-wide: clusterissuers, namespaces
Secrets: redacted (structure only, data=REDACTED)
 2026-04-10 08:57:02 +00:00