diff --git a/clusters/cl01tl/helm/foldergram/values.yaml b/clusters/cl01tl/helm/foldergram/values.yaml index 85a128340..248e75994 100644 --- a/clusters/cl01tl/helm/foldergram/values.yaml +++ b/clusters/cl01tl/helm/foldergram/values.yaml @@ -4,6 +4,10 @@ foldergram: type: deployment replicas: 1 strategy: Recreate + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: diff --git a/clusters/cl01tl/helm/gatus/Chart.yaml b/clusters/cl01tl/helm/gatus/Chart.yaml index e243e46fd..0eeeee8ce 100644 --- a/clusters/cl01tl/helm/gatus/Chart.yaml +++ b/clusters/cl01tl/helm/gatus/Chart.yaml @@ -4,16 +4,14 @@ version: 1.0.0 description: Gatus keywords: - gatus - - healthcheck - - uptime - - metrics -home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2 + - uptime-monitor +home: https://docs.alexlebens.dev/applications/gatus/ sources: - https://github.com/TwiN/gatus - - https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/TwiN/gatus/pkgs/container/gatus - https://github.com/TwiN/helm-charts/tree/master/charts/gatus - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/gatus/templates/external-secret.yaml b/clusters/cl01tl/helm/gatus/templates/external-secret.yaml index a945378a7..194c26525 100644 --- a/clusters/cl01tl/helm/gatus/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/gatus/templates/external-secret.yaml @@ -14,10 +14,7 @@ spec: data: - secretKey: NTFY_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: token --- @@ -37,15 +34,9 @@ spec: data: - secretKey: OIDC_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/gatus - metadataPolicy: None property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/gatus - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/helm/gatus/values.yaml b/clusters/cl01tl/helm/gatus/values.yaml index d670f9cac..d396e12df 100644 --- a/clusters/cl01tl/helm/gatus/values.yaml +++ b/clusters/cl01tl/helm/gatus/values.yaml @@ -1,27 +1,16 @@ gatus: deployment: - strategy: Recreate - readinessProbe: - enabled: true - livenessProbe: - enabled: true + strategy: RollingUpdate + annotateConfigChecksum: true + revisionHistoryLimit: 3 image: repository: ghcr.io/twin/gatus - tag: v5.35.0 + tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d annotations: reloader.stakater.com/auto: "true" - service: - type: ClusterIP - port: 80 - targetPort: 8080 - portName: http - ingress: - enabled: false gateway: - apiVersion: gateway.networking.k8s.io/v1 route: enabled: true - path: / parentRefs: - group: gateway.networking.k8s.io kind: Gateway @@ -73,24 +62,13 @@ gatus: resources: requests: cpu: 10m - memory: 128Mi + memory: 20Mi persistence: enabled: true size: 1Gi - mountPath: /data - accessModes: - - ReadWriteOnce - finalizers: - - kubernetes.io/pvc-protection storageClassName: ceph-block serviceMonitor: enabled: true - interval: 1m - path: /metrics - scheme: http - scrapeTimeout: 30s - networkPolicy: - enabled: false config: metrics: true connectivity: @@ -425,35 +403,12 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 25 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-data: pvcTarget: gatus local: diff --git a/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml b/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml index 07e11d07f..26ef464b1 100644 --- a/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml +++ b/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml @@ -5,8 +5,7 @@ description: Generic Device Plugin keywords: - generic-device-plugin - device - - plugin -home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2 +home: https://docs.alexlebens.dev/applications/generic-device-plugin/ sources: - https://github.com/squat/generic-device-plugin - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin diff --git a/clusters/cl01tl/helm/gitea/Chart.lock b/clusters/cl01tl/helm/gitea/Chart.lock index 1b7fc6357..2d97a0dc8 100644 --- a/clusters/cl01tl/helm/gitea/Chart.lock +++ b/clusters/cl01tl/helm/gitea/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: gitea - repository: https://dl.gitea.io/charts/ + repository: https://dl.gitea.com/charts/ version: 12.5.0 - name: actions repository: https://dl.gitea.com/charts/ @@ -23,5 +23,5 @@ dependencies: - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:65910bce24fc36bd8e3e4ab0d79c2a18ae076b34aff28bfea8a60598707fe617 -generated: "2026-03-26T16:02:55.325421053Z" +digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39 +generated: "2026-03-26T20:59:30.690577-05:00" diff --git a/clusters/cl01tl/helm/gitea/Chart.yaml b/clusters/cl01tl/helm/gitea/Chart.yaml index 7fb2af836..cb8f851f8 100644 --- a/clusters/cl01tl/helm/gitea/Chart.yaml +++ b/clusters/cl01tl/helm/gitea/Chart.yaml @@ -5,29 +5,28 @@ description: Gitea keywords: - gitea - git - - code -home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd +home: https://docs.alexlebens.dev/applications/gitea/ sources: - https://github.com/go-gitea/gitea - https://github.com/renovatebot/renovate - https://github.com/Angatar/s3cmd - https://github.com/meilisearch/meilisearch - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - https://hub.docker.com/r/gitea/gitea - https://hub.docker.com/r/renovate/renovate - https://hub.docker.com/r/d3fk/s3cmd/ - https://gitea.com/gitea/helm-chart - - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.com/gitea/helm-actions - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: - name: gitea version: 12.5.0 - repository: https://dl.gitea.io/charts/ + repository: https://dl.gitea.com/charts/ - name: actions alias: gitea-actions repository: https://dl.gitea.com/charts/ @@ -54,6 +53,6 @@ dependencies: alias: volsync-target-storage version: 0.8.0 repository: oci://harbor.alexlebens.net/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png # renovate: datasource=github-releases depName=go-gitea/gitea appVersion: 1.25.5 diff --git a/clusters/cl01tl/helm/gitea/templates/external-secret.yaml b/clusters/cl01tl/helm/gitea/templates/external-secret.yaml index d3b79c7f8..0d1a10cad 100644 --- a/clusters/cl01tl/helm/gitea/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/gitea/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: username remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/auth/admin - metadataPolicy: None property: username - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/auth/admin - metadataPolicy: None property: password --- @@ -44,17 +38,11 @@ spec: data: - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/gitea - metadataPolicy: None property: secret - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/gitea - metadataPolicy: None property: client --- @@ -74,10 +62,7 @@ spec: data: - secretKey: token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/runner - metadataPolicy: None property: token --- @@ -97,38 +82,23 @@ spec: data: - secretKey: RENOVATE_ENDPOINT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: RENOVATE_ENDPOINT - secretKey: RENOVATE_GIT_AUTHOR remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: RENOVATE_GIT_AUTHOR - secretKey: RENOVATE_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: RENOVATE_TOKEN - secretKey: RENOVATE_GIT_PRIVATE_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: id_rsa - secretKey: RENOVATE_GITHUB_COM_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /github/gitea-cl01tl - metadataPolicy: None property: token --- @@ -148,24 +118,15 @@ spec: data: - secretKey: config remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: ssh_config - secretKey: id_rsa remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: id_rsa - secretKey: id_rsa.pub remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/renovate - metadataPolicy: None property: id_rsa.pub --- @@ -191,8 +152,5 @@ spec: data: - secretKey: MEILI_MASTER_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/gitea/meilisearch - metadataPolicy: None property: MEILI_MASTER_KEY diff --git a/clusters/cl01tl/helm/gitea/values.yaml b/clusters/cl01tl/helm/gitea/values.yaml index 3282fcb98..276e67b64 100644 --- a/clusters/cl01tl/helm/gitea/values.yaml +++ b/clusters/cl01tl/helm/gitea/values.yaml @@ -2,9 +2,14 @@ gitea: global: imageRegistry: registry.hub.docker.com replicaCount: 3 + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 1 image: repository: gitea/gitea - tag: 1.25.5 + tag: 1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472 service: http: type: ClusterIP @@ -14,8 +19,10 @@ gitea: type: ClusterIP port: 22 clusterIP: 10.103.160.140 - ingress: - enabled: false + resources: + requests: + cpu: 1000m + memory: 600Mi persistence: storageClass: ceph-filesystem size: 40Gi @@ -41,7 +48,7 @@ gitea: metrics: enabled: true serviceMonitor: - enabled: false + enabled: true oauth: - name: Authentik provider: openidConnect @@ -139,9 +146,10 @@ gitea-actions: replicas: 6 timezone: America/Chicago actRunner: - registry: "" + registry: registry.hub.docker.com repository: gitea/act_runner - tag: 0.2.13 + # renovate: datasource=docker depName=gitea/act_runner + tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762 config: | log: level: debug @@ -154,17 +162,19 @@ gitea-actions: - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04" dind: - registry: "" + registry: registry.hub.docker.com repository: docker - tag: 28.3.3-dind + # renovate: datasource=docker depName=docker + tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029 persistence: storageClass: ceph-block - size: 5Gi + size: 10Gi init: image: - registry: "" + registry: registry.hub.docker.com repository: busybox - tag: "1.37.0" + # renovate: datasource=docker depName=busybox + tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e existingSecret: gitea-runner-secret existingSecretKey: token giteaRootURL: http://gitea-http.gitea:3000 @@ -175,17 +185,14 @@ meilisearch: MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: existingMasterKeySecret: gitea-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 persistence: enabled: true storageClass: ceph-block size: 5Gi resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 160Mi serviceMonitor: enabled: true postgres-18-cluster: @@ -193,8 +200,8 @@ postgres-18-cluster: cluster: resources: requests: - memory: 1Gi - cpu: 200m + cpu: 100m + memory: 100Mi recovery: method: objectStore objectStore: @@ -206,41 +213,18 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 7 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external valkey-gitea: valkey: resources: requests: cpu: 20m - memory: 256Mi + memory: 2Gi dataStorage: requestedSize: 10Gi replica: