Jobs are immutable in Kubernetes. Without Replace=true, ArgoCD fails
to sync when it tries to update an existing Job. This annotation tells
ArgoCD to delete and recreate the Job instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip SSH host key verification via insecure: "true" in the repository
secret. This avoids the chicken-and-egg problem where ArgoCD syncs its
own known hosts ConfigMap and overwrites runtime patches. Remove
configmaps RBAC and ssh-keyscan logic from the init job.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restructure the argocd-deploy-key-init job so each step (known hosts,
deploy key registration, secret creation) is independently idempotent.
Add ssh-keyscan of Forgejo host key and patch ArgoCD known hosts
ConfigMap. Use kubectl apply with inline YAML to create the repo secret
with the argocd label in a single atomic step. Switch images from
bitnami/kubectl to alpine/k8s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Configure myks env-data with global repoURL pointing to Forgejo repo,
switch destination from cluster name to in-cluster server URL, and
disable placeholder cluster Secret generation. Add deploy key init Job
that generates an SSH keypair, registers it with Forgejo, and creates
the ArgoCD repository secret. Switch job images from bitnami/kubectl
to alpine/k8s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use hostPort instead of NodePort for SSH access to avoid cross-node
asymmetric routing issues with kube-proxy nftables mode. Pin Forgejo
pod to node 3 (DNS target) and use port 222 to bypass ISP port 22
blocking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Configures `myks` for Helm chart rendering with `ytt` overlays to manage cluster applications.
Defines prototypes and environment-specific configurations for core applications including ArgoCD, Traefik, Cert-Manager, and Forgejo.
Adds comprehensive documentation covering cluster setup, GitOps structure, and development environment.
Integrates `direnv` for environment variable management, `gitignore` for file exclusion, and `sops` for secret encryption.
Includes rendered Kubernetes manifests and ArgoCD application resources for initial deployment.
