Configure ArgoCD to ignore /status in diffs globally. Fixes
'terminatingReplicas: field not declared in schema' errors caused by
Kubernetes 1.32 adding new DaemonSet status fields that ArgoCD's
built-in schema doesn't know about.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restructure the argocd-deploy-key-init job so each step (known hosts,
deploy key registration, secret creation) is independently idempotent.
Add ssh-keyscan of Forgejo host key and patch ArgoCD known hosts
ConfigMap. Use kubectl apply with inline YAML to create the repo secret
with the argocd label in a single atomic step. Switch images from
bitnami/kubectl to alpine/k8s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Configure myks env-data with global repoURL pointing to Forgejo repo,
switch destination from cluster name to in-cluster server URL, and
disable placeholder cluster Secret generation. Add deploy key init Job
that generates an SSH keypair, registers it with Forgejo, and creates
the ArgoCD repository secret. Switch job images from bitnami/kubectl
to alpine/k8s.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use hostPort instead of NodePort for SSH access to avoid cross-node
asymmetric routing issues with kube-proxy nftables mode. Pin Forgejo
pod to node 3 (DNS target) and use port 222 to bypass ISP port 22
blocking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Configures `myks` for Helm chart rendering with `ytt` overlays to manage cluster applications.
Defines prototypes and environment-specific configurations for core applications including ArgoCD, Traefik, Cert-Manager, and Forgejo.
Adds comprehensive documentation covering cluster setup, GitOps structure, and development environment.
Integrates `direnv` for environment variable management, `gitignore` for file exclusion, and `sops` for secret encryption.
Includes rendered Kubernetes manifests and ArgoCD application resources for initial deployment.
