Skip to content

Kubernetes folder best practices review #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Kubernetes folder best practices review #103

Copilot wants to merge 3 commits into from

Conversation

Copy link

Copilot AI commented Dec 26, 2025
edited
Loading

Review and fix Kubernetes manifests for homelab best practices, consistency, and correctness.

Security

  • cert-manager/cloudflare-api-token.yaml: Fix k8s-secret-sync annotations (providerprovider-name, refprovider-ref)
  • jellyfin/deployment.yaml: Add missing runAsNonRoot: true

Consistency

  • jellyfin/: Add missing kustomization.yaml
  • argocd/kustomization.yaml: Include secrets.yaml in resources
  • HTTPRoutes: Upgrade jellyfin/immich from v1beta1v1
  • argocd-root-application.yaml: Fix indentation, add standard sync policy

Best Practices

  • jellyfin/deployment.yaml: Add health probes, named ports, DirectoryOrCreate on hostPaths
  • otel-operator/node_exporter.yaml: Remove resource limits per repo guidelines
  • kustomization files: Replace deprecated commonLabels with labels
  • Remove stale immich/todo.txt

Example fix for secret annotations:

# Before (broken)
k8s-secret-sync.weinbender.io/provider: "op"
k8s-secret-sync.weinbender.io/ref: "op://..."

# After (correct)
k8s-secret-sync.weinbender.io/provider-name: "op"
k8s-secret-sync.weinbender.io/provider-ref: "op://..."
Original prompt

You are an experienced infrastructure and platform engineer. Review the Kubernetes folder for best practices in a homelab environment

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits December 26, 2025 19:31
@jackweinbender
fix: Apply Kubernetes best practices for homelab environment
312efdb 
- Fix cert-manager cloudflare secret annotations (incorrect annotation keys)
- Add missing kustomization.yaml for jellyfin
- Add runAsNonRoot to jellyfin deployment securityContext
- Add health probes (liveness/readiness) to jellyfin deployment
- Add port names to jellyfin deployment containers
- Add DirectoryOrCreate type to jellyfin hostPath volumes
- Include secrets.yaml in argocd kustomization.yaml
- Standardize HTTPRoute API versions to v1 (jellyfin, immich)
- Update argocd-root-application.yaml sync policy to match standard
- Remove resource limits from node_exporter (per repo guidelines)
- Remove leftover immich todo.txt
- Update kustomization files to use 'labels' instead of deprecated 'commonLabels'

Co-authored-by: jackweinbender <1544859+jackweinbender@users.noreply.github.com>
@jackweinbender
fix: Improve jellyfin probe configuration per code review
b0a9e89 
- Increase readiness probe periodSeconds to 15s (less aggressive for media server)
- Add failureThreshold: 3 to both probes for better reliability

Co-authored-by: jackweinbender <1544859+jackweinbender@users.noreply.github.com>
Copilot AI changed the title [WIP] Review Kubernetes folder for homelab best practices Kubernetes folder best practices review Dec 26, 2025
Copilot AI requested a review from jackweinbender December 26, 2025 19:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackweinbender jackweinbender Awaiting requested review from jackweinbender

Assignees

@jackweinbender jackweinbender

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jackweinbender