chemavx/k8s-manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56 Commits 1 Branch 0 Tags
792b53dee7ea3be39387e1ff1a680d31e1017aaa
Commit Graph

56 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
chemavx 792b53dee7 openclaw: añade kubectl-ro via initContainer setup-kubectl 
- initContainer bitnami/kubectl copia kubectl y crea wrapper kubectl-ro en emptyDir /opt/kube
- kubectl-ro deniega verbos destructivos (delete/apply/patch/edit/exec/scale/rollout/drain/...)
- Main container monta /opt/kube; SA token automontado para in-cluster auth
- Sin kubeconfig manual: kubectl detecta KUBERNETES_SERVICE_HOST/PORT automáticamente

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 14:33:17 +00:00
chemavx e176bb9810 openclaw: actualiza imagen a 2026.4.22 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 14:15:49 +00:00
chemavx 74b9a31352 openclaw: corrige mountPath a /home/node/.openclaw 
El config dir de OpenClaw es /home/node/.openclaw, no /data.
Monta el PVC en la ruta correcta para que openclaw.json persista.
Elimina OPENCLAW_DATA_DIR (no era el config dir).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 10:45:56 +00:00
chemavx f465f190d8 openclaw: reinstall limpio con Claude API y ArgoCD 
- Manifiestos limpios: namespace, rbac, pvc (5Gi local-path), deployment, service, ingress
- nodeSelector chemavx-k8 en deployment para fijar PVC en el nodo correcto
- Imagen fijada a ghcr.io/openclaw/openclaw:2026.4.12
- Sin initContainers ni secrets en el deployment (config post-arranque via exec)
- Elimina artefactos: configmap-kube-root-ca.crt.yaml, serviceaccount-default.yaml, pvc-openclaw-pvc.yaml, rbac-openclaw-agent.yaml
- Añade argocd/application-openclaw.yaml para gestión GitOps

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 10:40:08 +00:00
chemavx 8a8f33704c fix: smoke test grep to match compact JSON (no space after colon) 2026-04-23 09:22:53 +00:00
chemavx d3c03d5462 argocd: add PostSync smoke test hooks for polymarket-bot, n8n, portfolio 2026-04-23 09:14:12 +00:00
Gitea CI 6fdad3b667 ci: update n8n image to b9ce8e20 [skip ci] 2026-04-22 20:41:56 +00:00
Gitea CI e5e0d174b0 ci: update polymarket-bot images to ffd3ee2f [skip ci] 2026-04-22 20:37:12 +00:00
chemavx 62abb6134b registry-cache: switch upstream to mirror.gcr.io (bypass Cloudflare R2 block) 2026-04-22 20:29:11 +00:00
Gitea CI e895fc6104 ci: update polymarket-bot images to adf2917c [skip ci] 2026-04-22 16:38:04 +00:00
chemavx 0bf2e746dd feat(registry-cache): add Docker Hub pull-through cache + dind mirror config 
Deploy registry:2 as Docker Hub pull-through cache on chemavx-k8 (hostPort 5000,
ClusterIP 10.43.163.56:5000). Configures dind runner to use local mirror via
daemon.json to eliminate Docker Hub rate limit failures in CI/CD.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:35:43 +00:00
Gitea CI 25ea82f696 ci: update polymarket-bot images to 6d23e804 [skip ci] 2026-04-22 11:31:08 +00:00
Gitea CI bf7ac532de ci: update polymarket-bot images to 8a56bf77 [skip ci] 2026-04-22 11:11:47 +00:00
Gitea CI 47841eef19 ci: update polymarket-bot images to 8479a631 [skip ci] 2026-04-22 07:09:04 +00:00
Gitea CI 81b4c30fbb ci: update polymarket-bot images to 9a5be275 [skip ci] 2026-04-21 17:37:45 +00:00
Gitea CI 45495a78c7 ci: update polymarket-bot images to 9b62636a [skip ci] 2026-04-21 17:27:59 +00:00
Gitea CI 8ca403f0d3 ci: update polymarket-bot images to 46f8f4b7 [skip ci] 2026-04-21 09:50:40 +00:00
Gitea CI 986c74004b ci: update polymarket-bot images to e2fb697c [skip ci] 2026-04-21 09:41:33 +00:00
chemavx a5aac4dd83 chore(openclaw): golden config snapshot + RBAC manifest in git 
- Add openclaw/golden/ with stable copies of openclaw.json, SOUL.md,
  TOOLS.md, HOMELAB.md, kubectl-ro
- Fix HOMELAB.md model roles (qwen3-es:14b=primary, llama3.1-es:8b=fallback)
- Add rbac-openclaw-agent.yaml (ClusterRole read-only + binding + SA)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 09:18:39 +00:00
chemavx 8592a09bc7 fix(ollama): use Recreate strategy to avoid RWO PVC conflict 
RollingUpdate caused rollout deadlocks because the PVC (ReadWriteOnce)
cannot be mounted by two pods simultaneously.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 09:03:47 +00:00
chemavx 8b7d3c0659 feat(ollama): migrate GPU from AMD ROCm to NVIDIA CUDA (RTX 3060 via OCuLink) 
Switch from ollama/ollama:rocm + amd.com/gpu to standard CUDA image + nvidia.com/gpu.
RTX 3060 (GA106, 12GB) now used via NVIDIA GPU Operator on chemavx-k8.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-17 17:13:07 +00:00
Gitea CI b805c2c9e5 ci: update polymarket-bot images to d698544f [skip ci] 2026-04-17 10:46:27 +00:00
Gitea CI b0813bad40 ci: update polymarket-bot images to 9add52ab [skip ci] 2026-04-17 10:37:42 +00:00
Gitea CI 3076129d5a ci: update polymarket-bot images to ebdcff5a [skip ci] 2026-04-17 10:29:07 +00:00
Gitea CI 0e308d890a ci: update polymarket-bot images to 0cdb0758 [skip ci] 2026-04-17 10:10:12 +00:00
Gitea CI 704301032a ci: update polymarket-bot images to 411d3462 [skip ci] 2026-04-16 15:57:45 +00:00
Gitea CI a91f6226c2 ci: update polymarket-bot images to 63d9f637 [skip ci] 2026-04-16 15:37:23 +00:00
Gitea CI 6fc882f619 ci: update polymarket-bot images to a0cbdc02 [skip ci] 2026-04-16 14:35:02 +00:00
chemavx 72be7ebac8 feat(portfolio): add ChemaVX portfolio with Polymarket live metrics 2026-04-16 10:00:16 +00:00
chemavx a0d208db63 feat(grafana): add ChemaVX Homelab Overview dashboard as ConfigMap 2026-04-16 09:54:19 +00:00
chemavx 0927658f58 chore: pin ollama and cloudflare-ddns to exact running versions 
- ollama/ollama:latest → 0.20.7
- favonia/cloudflare-ddns:latest → 1.16.2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 08:13:13 +00:00
chemavx 22ae5d7d4b chore: pin all floating image tags to exact running versions 
- vaultwarden/server:latest → 1.35.4
- redis:alpine → 8.6.2-alpine (authentik)
- homarr-labs/homarr:latest → 1.0.0
- gitea/gitea:latest → 1.25.5
- uptime-kuma:1 → 1.23.17

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 08:11:22 +00:00
chemavx c1e57613ed chore(openclaw): update to 2026.4.12 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 07:58:37 +00:00
chemavx 0841d6bbe6 fix: add CreateOnly sync option to n8n-secret to prevent ArgoCD from overwriting encryption key 2026-04-14 20:30:36 +00:00
chemavx 7397c1d939 refactor: rewrite n8n manifests as clean GitOps specs, remove server-exported fields 2026-04-14 20:25:16 +00:00
chemavx 192a0bfa7a fix: delete secret-n8n-tls.yaml — kubernetes.io/tls type requires data fields, cert-manager manages this secret directly 2026-04-14 20:06:32 +00:00
chemavx f42cdee585 security: remove all REDACTED secrets from repo, add pre-commit guard 
- Delete 26 secret manifests containing REDACTED placeholder values
  (15 cert-manager TLS + 11 app secrets across 8 namespaces)
- REDACTED is valid base64 that decodes to non-UTF-8 bytes — ArgoCD
  applying these manifests corrupts live secrets in the cluster
- Add .githooks/pre-commit that rejects any .yaml with REDACTED
- Add README.md documenting secret management policy and manual
  creation commands for each service
- n8n secret manifests already fixed in previous commits (618b1e8, db04fd2)
 2026-04-14 20:02:51 +00:00
chemavx db04fd2cbc fix: remove REDACTED data from n8n-tls secret manifest, prevent ArgoCD from corrupting cert-manager TLS 2026-04-14 19:58:44 +00:00
chemavx 618b1e8d11 fix: remove sensitive data from secret manifest, prevent ArgoCD from overwriting encryption key 2026-04-14 19:09:41 +00:00
Gitea CI 13680d4811 ci: update n8n image to d171ce68 [skip ci] 2026-04-14 18:50:07 +00:00
Gitea CI 7c1617b392 ci: update polymarket-bot images to 9bdafaa5 [skip ci] 2026-04-14 17:21:46 +00:00
Gitea CI 49e92d64f8 ci: update polymarket-bot images to 324edbe4 [skip ci] 2026-04-14 13:05:21 +00:00
Gitea CI e4a43491be ci: update polymarket-bot images to 7b9c5751 [skip ci] 2026-04-14 12:55:26 +00:00
Gitea CI aa68b3c8c1 ci: update polymarket-bot images to 5a9c6add [skip ci] 2026-04-14 12:49:56 +00:00
Gitea CI 22dfa7bd2d ci: update polymarket-bot images to 82d6d357 [skip ci] 2026-04-14 12:43:55 +00:00
Gitea CI 165026eff6 ci: update polymarket-bot images to 33ad86f3 [skip ci] 2026-04-14 12:35:05 +00:00
Gitea CI 831debd5d8 ci: update polymarket-bot images to d642dbd9 [skip ci] 2026-04-14 08:38:24 +00:00
Gitea CI 25b38cd1de ci: update polymarket-bot images to 4dadd3c2 [skip ci] 2026-04-14 08:25:46 +00:00
Gitea CI b7a4542898 ci: update polymarket-bot images to 98e7f5fe [skip ci] 2026-04-14 08:17:46 +00:00
Gitea CI 374539f08d ci: update polymarket-bot images to b8d2b733 [skip ci] 2026-04-14 08:09:50 +00:00