diff --git a/CHANGELOG.md b/CHANGELOG.md index a3260fb..477a3ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Changelog -## [0.2.0] - 2024-11-20 +## [0.2.0] - 2024-11-23 + +### Added + +- Enable gzip compression on Ingress-NGINX +- Enable brotli compression on Ingress-NGINX + - Set brotli level to `6` + +## [0.1.3] - 2024-11-23 + +### Changed + +- Bump ingress-nginx Helm chart to version `4.11.3` + +## [0.1.2] - 2024-11-21 + +### Changed + +- Disable Cilium Envoy (`l7Proxy=false`) + +## [0.1.1] - 2024-11-20 ### Changed diff --git a/apps/hq/harbor.yaml b/apps/hq/harbor.yaml new file mode 100644 index 0000000..2e332ce --- /dev/null +++ b/apps/hq/harbor.yaml @@ -0,0 +1,87 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mareshq-registry + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "50" +spec: + project: hq + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + server: "https://kubernetes.default.svc" + namespace: hq-registry + source: + chart: harbor + repoURL: https://helm.goharbor.io + targetRevision: 1.16.0 + helm: + releaseName: harbor + valuesObject: + externalURL: https://oci.marespkg.com + expose: + type: ingress + tls: + enabled: true + certSource: secret + secret: + secretName: oci-marespkg-com-ingress-tls + ingress: + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns-production + external-dns.alpha.kubernetes.io/hostname: oci.marespkg.com + external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" + hosts: + core: oci.marespkg.com + database: + type: external + external: + host: postgres-rw.postgres.svc + port: 5432 + username: harbor + password: "YFC0tae.bpz2ncf!rye" + # existingSecret: harbor-user-credentials + coreDatabase: harbor + persistence: + enabled: false + imageChartStorage: + type: s3 + s3: + region: us-east-1 # see: https://developers.cloudflare.com/r2/api/s3/api/#bucket-region + bucket: marespkg-registry-storage + regionendpoint: https://f24333bb3c47d6db753e57e2a0c90082.r2.cloudflarestorage.com + accesskey: "e9d400c4f63375cc94f6f125724f3aa6" + secretkey: "5e1da29e9ab131c1c312add4bda82a4bdb75c4afe0f69c40dd384c5f0a6f8120" + metrics: + enabled: false + nginx: + nodeSelector: + kubernetes.io/arch: amd64 + portal: + nodeSelector: + kubernetes.io/arch: amd64 + core: + nodeSelector: + kubernetes.io/arch: amd64 + jobservice: + nodeSelector: + kubernetes.io/arch: amd64 + registry: + nodeSelector: + kubernetes.io/arch: amd64 + trivy: + nodeSelector: + kubernetes.io/arch: amd64 + extraEnvVars: + - name: SCANNER_TRIVY_DB_REPOSITORY + value: "oci.marespkg.com/library/trivy-db:2" + redis: + internal: + nodeSelector: + kubernetes.io/arch: amd64 diff --git a/apps/system/cilium.yaml b/apps/system/cilium.yaml index a3194ee..dce9867 100644 --- a/apps/system/cilium.yaml +++ b/apps/system/cilium.yaml @@ -31,3 +31,6 @@ spec: kubeProxyReplacement: true k8sServiceHost: "172.16.1.1" # internal IP (Hetzner Cloud Network) k8sServicePort: "6443" + + # Disable Envoy proxy + l7Proxy: false diff --git a/apps/system/ingress-nginx.yaml b/apps/system/ingress-nginx.yaml index af3af93..d0cd8ee 100644 --- a/apps/system/ingress-nginx.yaml +++ b/apps/system/ingress-nginx.yaml @@ -19,7 +19,7 @@ spec: source: chart: ingress-nginx repoURL: https://kubernetes.github.io/ingress-nginx - targetRevision: 4.11.2 + targetRevision: 4.11.3 helm: releaseName: ingress-nginx valuesObject: @@ -46,3 +46,7 @@ spec: use-proxy-protocol: "true" use-forwarded-headers: "true" enable-real-ip: "true" + use-gzip: "true" + enable-brotli: "true" + brotli-level: "6" + use-http2: "true"