Hermes Agent service account
d561ac6e04
fix: Remove invalid configureUserSettings from harbor-core
...
The configureUserSettings field contained nginx configuration
('http2_push_preload on;') which was incorrectly being used as
CONFIG_OVERWRITE_JSON. This caused harbor-core to crash with a
JSON parse error.
CONFIG_OVERWRITE_JSON expects valid JSON for Harbor configuration
overrides, not nginx snippets. Removing this field to fix the
CrashLoopBackOff.
2026-06-04 21:08:27 -05:00
Hermes Agent service account
99bc31dee9
Simplify Harbor to standard deployment pattern
...
- ExternalSecret now pulls only HARBOR_ADMIN_PASSWORD from 1Password
- Removed database, redis, core, jobservice, registry secret references
- Harbor Helm chart auto-generates all internal secrets (standard pattern)
- Reduces complexity and aligns with Harbor best practices
This change removes dependency on 5 1Password fields that should be deleted:
- database-password
- redis-password
- core-secret
- jobservice-secret
- registry-password
Only harbor-admin-password field needed in 1Password item 'the-seas'
2026-06-04 20:44:32 -05:00
Hermes Agent service account
ac8e7acbd4
fix(harbor): add secret key names for database and redis passwords
...
Harbor Helm chart requires both existingSecret and existingSecretKey
parameters to properly reference credentials. Without the key names,
the chart creates secrets with empty passwords, causing authentication
failures between components.
Added:
- database.internal.existingSecretKey: DATABASE_PASSWORD
- redis.internal.existingSecretKey: REDIS_PASSWORD
2026-06-04 20:36:12 -05:00
Hermes Agent service account
0ad5dbe741
fix(harbor): remove invalid secretName parameter from core config
...
The secretName parameter was being used as a literal secret name
'CORE_SECRET' which doesn't exist. This caused harbor-core pods to
fail mounting volumes.
The correct approach is to use existingSecret for credential keys,
and let Harbor manage its own internal secrets.
2026-06-04 20:34:25 -05:00
Hermes Agent service account
7d9b054340
fix(harbor): correct secret key name for core secret
...
Harbor Helm chart expects 'secret' key not 'CORE_SECRET' for the
CORE_SECRET environment variable. This was causing jobservice pod
to fail with CreateContainerConfigError.
Fixes: harbor-jobservice-757bbf44cc-tvznq error
2026-06-04 20:32:40 -05:00
Hermes Agent service account
4b1e8a7cac
fix(harbor): correct naming convention and use staging certs
...
- Rename application/namespace: the-seas -> harbor
- Move directory: cluster/platform/the-seas -> cluster/platform/harbor
- Update all resource references (ExternalSecret, HTTPRoutes, Certificates)
- Switch to letsencrypt-staging issuer (avoid ACME rate limits during testing)
- Thematic name 'the-seas' remains in DNS hostnames and comments
2026-06-04 20:25:25 -05:00
Hermes Agent service account
8f190eb188
fix(the-seas): correct Harbor image tags to use v-prefix (v2.15.1)
...
Docker Hub Harbor images use v-prefix format (v2.15.1) not semantic
version format (2.15.1). Updated all component image tags to v2.15.1.
2026-06-04 20:22:34 -05:00
Hermes Agent service account
95ae6919b0
feat(platform): add Harbor container registry (the-seas) deployment
...
- Add Harbor v2.15.1 (chart 1.19.1) deployment to wave 7
- Service name: the-seas (EPCOT: The Seas with Nemo & Friends)
- Architecture: Embedded PostgreSQL, embedded Redis, single instance
- Storage: NFS via nfs-emporium StorageClass (130Gi total)
- Expose via Gateway API with dual DNS names
- Primary: the-seas.local.mk-labs.cloud
- Alternate: harbor.local.mk-labs.cloud
- ExternalSecret for 1Password integration (6 secrets)
- All image tags pinned to 2.15.1
- Resource requests/limits configured for homelab
- Multi-source ArgoCD application pattern
- TLS certificates via cert-manager (Let's Encrypt)
- Metrics and Trivy scanning enabled
Components:
- Portal, Core, Registry, JobService (1 replica each)
- Embedded PostgreSQL and Redis
- NGINX reverse proxy
- Trivy vulnerability scanner
- Prometheus metrics exporter
Refs: /mnt/mk-labs-pka/tony-stark-inbox/harbor-phase1-deployment.md
2026-06-04 20:20:51 -05:00
Hermes Agent service account
f4181349f8
feat: Deploy Firecrawl (spaceship-earth) to fastpass cluster
...
- Add Firecrawl application with full stack:
- Firecrawl API (main service)
- Firecrawl Worker (background jobs)
- Playwright Service (browser automation)
- Redis (cache & job queue)
- PostgreSQL (state management)
- RabbitMQ (message queue)
- Configure dual DNS names:
- Primary: spaceship-earth.local.mk-labs.cloud (EPCOT theme)
- Secondary: firecrawl.local.mk-labs.cloud
- Add Gateway API HTTPRoutes with TLS certificates
- Update ReferenceGrant for firecrawl namespace
- Configure ArgoCD application (wave 20)
- Set USE_DB_AUTHENTICATION=false for internal deployment
This provides JARVIS with web scraping and search capabilities.
2026-06-04 16:40:12 -05:00
c25c2a25ad
update referencegrant
2026-05-19 22:41:41 -05:00
562e102a9b
enable metrics
2026-05-19 21:34:46 -05:00
2ed70b4964
Deploy monitoring stack
2026-05-18 21:42:32 -05:00
1cfc9b5f5d
align gateway spec
2026-05-18 19:28:50 -05:00
c8f75bef8a
fix referencegrant
2026-05-18 19:25:41 -05:00
fc171b48e9
deploy gateway
2026-05-18 19:11:42 -05:00
5504d0c6f4
add gateway to external dns
2026-05-18 18:15:33 -05:00
06db61c6c0
enable nfs csi
2026-05-18 17:19:39 -05:00
1f7318f1c3
repo cleanup
2026-05-18 15:13:12 -05:00
cdc78955b1
cilium, argo
2026-05-18 13:20:42 -05:00
f1ef759206
fix(cilium): update LB pool API from v2alpha1 to v2
2026-05-18 00:59:17 -05:00
5f5f8cb173
fix argocd
2026-05-18 00:45:47 -05:00
eb93eb7352
fix(argocd): remove conflicting server patch, params-cm handles insecure mode
2026-05-18 00:39:43 -05:00
9cd9a30fbe
fix(argocd): switch to ingress-nginx, fix shared resource warning, add insecure mode
2026-05-18 00:34:21 -05:00
5a30521d66
fix(argocd): use env var for insecure mode instead of args
2026-05-18 00:23:03 -05:00
725d403d34
helm fix
2026-05-18 00:08:30 -05:00
9a604042ca
update cilium
2026-05-18 00:01:03 -05:00
10406e1705
remove gateway api
2026-05-17 23:48:22 -05:00
4717f63bc3
cilium
2026-05-17 23:46:44 -05:00
2ff74cdc7c
cilium TS
2026-05-17 23:39:11 -05:00
87f2d6bf95
fix cilium
2026-05-17 23:32:24 -05:00
88ec796267
ext dns and cert manager
2026-05-17 22:59:45 -05:00
344a29a374
fix directory for 1p
2026-05-17 22:55:32 -05:00
c7fbe8e963
fix(platform): move gateway and namespace into manifests/ directory
2026-05-17 22:48:51 -05:00
03acab784a
fix(argocd): use args not command for --insecure flag
2026-05-17 22:24:26 -05:00
3ce3ecac66
feat(platform): vendor gateway-api CRDs v1.2.1
2026-05-17 22:19:04 -05:00
bc24c00c50
final apps
2026-05-17 21:41:28 -05:00
3e9a843e1b
cert manager and 1p
2026-05-17 21:37:17 -05:00
5e99408c1f
change pattern for external secrets
2026-05-17 21:33:24 -05:00
e4a2c47da2
fix(platform): correct helm valueFiles field name for ArgoCD 3.x
2026-05-17 21:18:47 -05:00
13ebe67a35
update
2026-05-17 21:10:45 -05:00
ca1cdd0634
fix(argocd): restore SSH repo credentials for Gitea
2026-05-17 21:10:10 -05:00
74e53d1364
fix(platform): valuesFile → valuesFiles for ArgoCD 3.x compatibility
2026-05-17 21:04:21 -05:00
e946bd71f0
feat(platform): vendor gateway-api CRDs v1.2.1
2026-05-17 20:45:53 -05:00
905b4619d6
Initial argo deployment
2026-05-17 20:44:31 -05:00