From 16ad8701c41af82119d1c04c6b24795424e0775a Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 2 Mar 2025 23:13:02 -0600 Subject: [PATCH] remove for stage --- .../directus/templates/external-secret.yaml | 247 ---------- .../applications/directus/values.yaml | 206 -------- .../applications/element-web/Chart.yaml | 27 -- .../templates/external-secret.yaml | 23 - .../applications/element-web/values.yaml | 28 -- .../applications/freshrss/Chart.yaml | 33 -- .../freshrss/templates/external-secret.yaml | 192 -------- .../templates/replication-source.yaml | 37 -- .../applications/freshrss/values.yaml | 187 -------- .../applications/hoarder/Chart.yaml | 32 -- .../hoarder/templates/external-secret.yaml | 164 ------- .../hoarder/templates/replication-source.yaml | 27 -- .../applications/hoarder/values.yaml | 128 ----- .../immich/templates/external-secrets.yaml | 55 --- .../templates/persistent-volume-claim.yaml | 19 - .../immich/templates/persistent-volume.yaml | 25 - .../immich/templates/service-monitor.yaml | 25 - .../applications/immich/values.yaml | 251 ---------- .../applications/jellystat/Chart.yaml | 27 -- .../jellystat/templates/external-secret.yaml | 128 ----- .../templates/replication-source.yaml | 27 -- .../applications/jellystat/values.yaml | 112 ----- .../applications/lidarr2/Chart.yaml | 30 -- .../lidarr2/templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../lidarr2/templates/persistent-volume.yaml | 25 - .../lidarr2/templates/prometheus-rule.yaml | 34 -- .../lidarr2/templates/replication-source.yaml | 30 -- .../lidarr2/templates/service-monitor.yaml | 21 - .../applications/lidarr2/values.yaml | 143 ------ .../applications/lidatube/Chart.yaml | 22 - .../lidatube/templates/external-secret.yaml | 23 - .../templates/persistent-volume-claim.yaml | 19 - .../lidatube/templates/persistent-volume.yaml | 25 - .../applications/lidatube/values.yaml | 82 ---- .../outline/templates/external-secret.yaml | 226 --------- .../applications/outline/values.yaml | 209 -------- .../applications/overseerr/Chart.yaml | 21 - .../overseerr/templates/external-secret.yaml | 57 --- .../templates/replication-source.yaml | 27 -- .../applications/overseerr/values.yaml | 56 --- .../applications/photoview/Chart.yaml | 28 -- .../photoview/templates/external-secrets.yaml | 30 -- .../templates/persistent-volume-claim.yaml | 19 - .../templates/persistent-volume.yaml | 25 - .../applications/photoview/values.yaml | 108 ----- .../applications/prowlarr/Chart.yaml | 22 - .../prowlarr/templates/external-secret.yaml | 57 --- .../templates/replication-source.yaml | 37 -- .../applications/prowlarr/values.yaml | 84 ---- .../applications/radarr5-4k/Chart.yaml | 31 -- .../radarr5-4k/templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../templates/persistent-volume.yaml | 25 - .../radarr5-4k/templates/prometheus-rule.yaml | 34 -- .../templates/replication-source.yaml | 32 -- .../radarr5-4k/templates/service-monitor.yaml | 21 - .../applications/radarr5-4k/values.yaml | 141 ------ .../applications/radarr5-anime/Chart.yaml | 31 -- .../templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../templates/persistent-volume.yaml | 25 - .../templates/prometheus-rule.yaml | 34 -- .../templates/replication-source.yaml | 30 -- .../templates/service-monitor.yaml | 21 - .../applications/radarr5-anime/values.yaml | 139 ------ .../applications/radarr5-standup/Chart.yaml | 30 -- .../templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../templates/persistent-volume.yaml | 25 - .../templates/prometheus-rule.yaml | 34 -- .../templates/replication-source.yaml | 32 -- .../templates/service-monitor.yaml | 21 - .../applications/radarr5-standup/values.yaml | 139 ------ .../applications/radarr5/Chart.yaml | 30 -- .../radarr5/templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../radarr5/templates/persistent-volume.yaml | 25 - .../radarr5/templates/prometheus-rule.yaml | 34 -- .../radarr5/templates/replication-source.yaml | 32 -- .../radarr5/templates/service-monitor.yaml | 21 - .../applications/radarr5/values.yaml | 145 ------ .../applications/roundcube/Chart.yaml | 27 -- .../roundcube/templates/external-secret.yaml | 114 ----- .../templates/replication-source.yaml | 27 -- .../applications/roundcube/values.yaml | 238 ---------- .../applications/site-profile/Chart.yaml | 28 -- .../templates/external-secret.yaml | 23 - .../applications/site-profile/values.yaml | 32 -- .../applications/sonarr4-4k/Chart.yaml | 31 -- .../sonarr4-4k/templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../templates/persistent-volume.yaml | 25 - .../sonarr4-4k/templates/prometheus-rule.yaml | 34 -- .../templates/replication-source.yaml | 35 -- .../sonarr4-4k/templates/service-monitor.yaml | 21 - .../applications/sonarr4-4k/values.yaml | 144 ------ .../applications/sonarr4-anime/Chart.yaml | 30 -- .../templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../templates/persistent-volume.yaml | 25 - .../templates/prometheus-rule.yaml | 34 -- .../templates/replication-source.yaml | 35 -- .../templates/service-monitor.yaml | 21 - .../applications/sonarr4-anime/values.yaml | 144 ------ .../applications/sonarr4/Chart.yaml | 30 -- .../sonarr4/templates/external-secret.yaml | 89 ---- .../templates/persistent-volume-claim.yaml | 19 - .../sonarr4/templates/persistent-volume.yaml | 25 - .../sonarr4/templates/prometheus-rule.yaml | 34 -- .../sonarr4/templates/replication-source.yaml | 35 -- .../sonarr4/templates/service-monitor.yaml | 21 - .../applications/sonarr4/values.yaml | 147 ------ .../applications/vaultwarden/Chart.yaml | 34 -- .../templates/external-secret.yaml | 114 ----- .../templates/replication-source.yaml | 27 -- .../applications/vaultwarden/values.yaml | 67 --- .../management/argo-workflows/Chart.yaml | 31 -- .../templates/external-secret.yaml | 62 --- .../management/argo-workflows/values.yaml | 113 ----- .../management/headlamp/Chart.yaml | 20 - .../templates/cluster-role-binding.yaml | 19 - .../headlamp/templates/external-secret.yaml | 103 ---- .../headlamp/templates/http-route.yaml | 30 -- .../headlamp/templates/ingress.yaml | 32 -- .../headlamp/templates/namespace.yaml | 6 - .../templates/replication-source.yaml | 27 -- .../management/headlamp/values.yaml | 24 - .../management/komodo/Chart.yaml | 27 -- .../komodo/templates/external-secret.yaml | 83 ---- .../management/komodo/templates/service.yaml | 16 - .../management/komodo/values.yaml | 164 ------- .../monitoring/grafana/Chart.yaml | 21 - .../grafana/templates/external-secret.yaml | 121 ----- .../grafana/templates/replication-source.yaml | 30 -- .../monitoring/grafana/values.yaml | 151 ------ .../platform/authentik/Chart.yaml | 35 -- .../authentik/templates/config-map.yaml | 60 --- .../authentik/templates/external-secret.yaml | 80 ---- .../platform/authentik/templates/ingress.yaml | 32 -- .../platform/authentik/values.yaml | 81 ---- .../cl01tl-standby/platform/gitea/Chart.yaml | 37 -- .../gitea/templates/external-secret.yaml | 176 ------- .../platform/gitea/templates/ingress.yaml | 66 --- .../templates/persistent-volume-claim.yaml | 19 - .../gitea/templates/role-binding.yaml | 19 - .../platform/gitea/templates/role.yaml | 27 -- .../cl01tl-standby/platform/gitea/values.yaml | 193 -------- .../templates/external-secret.yaml | 449 ------------------ .../templates/replication-source.yaml | 91 ---- .../templates/service-monitor.yaml | 44 -- .../platform/matrix-synapse/values.yaml | 343 ------------- .../cl01tl-standby/platform/ollama/Chart.yaml | 30 -- .../ollama/templates/external-secret.yaml | 206 -------- .../ollama/templates/replication-source.yaml | 59 --- .../platform/ollama/templates/service.yaml | 34 -- .../platform/ollama/values.yaml | 274 ----------- .../stalwart/templates/external-secret.yaml | 114 ----- .../stalwart/templates/namespace.yaml | 8 - .../templates/replication-source.yaml | 27 -- .../platform/stalwart/values.yaml | 114 ----- .../cl01tl-standby/services/harbor/Chart.yaml | 29 -- .../harbor/templates/external-secret.yaml | 97 ---- .../services/harbor/templates/ingress.yaml | 59 --- .../services/harbor/values.yaml | 136 ------ .../cl01tl-standby/storage/pgadmin/Chart.yaml | 22 - .../pgadmin/templates/external-secret.yaml | 121 ----- .../pgadmin/templates/replication-source.yaml | 30 -- .../storage/pgadmin/values.yaml | 89 ---- 169 files changed, 11339 deletions(-) delete mode 100644 clusters/cl01tl-standby/applications/directus/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/directus/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/element-web/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/element-web/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/element-web/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/freshrss/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/freshrss/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/freshrss/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/freshrss/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/hoarder/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/hoarder/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/hoarder/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/hoarder/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/immich/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl-standby/applications/immich/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/immich/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/immich/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/immich/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/jellystat/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/jellystat/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/jellystat/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/jellystat/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidarr2/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidatube/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidatube/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/lidatube/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/outline/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/outline/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/overseerr/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/overseerr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/overseerr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/overseerr/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/photoview/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/photoview/templates/external-secrets.yaml delete mode 100644 clusters/cl01tl-standby/applications/photoview/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/photoview/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/photoview/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/prowlarr/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/prowlarr/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/prowlarr/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/prowlarr/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-4k/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-anime/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5-standup/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/radarr5/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/roundcube/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/roundcube/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/roundcube/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/roundcube/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/site-profile/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/site-profile/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/site-profile/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-4k/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4-anime/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/templates/prometheus-rule.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/applications/sonarr4/values.yaml delete mode 100644 clusters/cl01tl-standby/applications/vaultwarden/Chart.yaml delete mode 100644 clusters/cl01tl-standby/applications/vaultwarden/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/applications/vaultwarden/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/applications/vaultwarden/values.yaml delete mode 100644 clusters/cl01tl-standby/management/argo-workflows/Chart.yaml delete mode 100644 clusters/cl01tl-standby/management/argo-workflows/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/management/argo-workflows/values.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/Chart.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/templates/cluster-role-binding.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/templates/http-route.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/templates/ingress.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/templates/namespace.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/management/headlamp/values.yaml delete mode 100644 clusters/cl01tl-standby/management/komodo/Chart.yaml delete mode 100644 clusters/cl01tl-standby/management/komodo/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/management/komodo/templates/service.yaml delete mode 100644 clusters/cl01tl-standby/management/komodo/values.yaml delete mode 100644 clusters/cl01tl-standby/monitoring/grafana/Chart.yaml delete mode 100644 clusters/cl01tl-standby/monitoring/grafana/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/monitoring/grafana/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/monitoring/grafana/values.yaml delete mode 100644 clusters/cl01tl-standby/platform/authentik/Chart.yaml delete mode 100644 clusters/cl01tl-standby/platform/authentik/templates/config-map.yaml delete mode 100644 clusters/cl01tl-standby/platform/authentik/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/platform/authentik/templates/ingress.yaml delete mode 100644 clusters/cl01tl-standby/platform/authentik/values.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/Chart.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/templates/ingress.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/templates/persistent-volume-claim.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/templates/role-binding.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/templates/role.yaml delete mode 100644 clusters/cl01tl-standby/platform/gitea/values.yaml delete mode 100644 clusters/cl01tl-standby/platform/matrix-synapse/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/platform/matrix-synapse/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/platform/matrix-synapse/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl-standby/platform/matrix-synapse/values.yaml delete mode 100644 clusters/cl01tl-standby/platform/ollama/Chart.yaml delete mode 100644 clusters/cl01tl-standby/platform/ollama/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/platform/ollama/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/platform/ollama/templates/service.yaml delete mode 100644 clusters/cl01tl-standby/platform/ollama/values.yaml delete mode 100644 clusters/cl01tl-standby/platform/stalwart/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/platform/stalwart/templates/namespace.yaml delete mode 100644 clusters/cl01tl-standby/platform/stalwart/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/platform/stalwart/values.yaml delete mode 100644 clusters/cl01tl-standby/services/harbor/Chart.yaml delete mode 100644 clusters/cl01tl-standby/services/harbor/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/services/harbor/templates/ingress.yaml delete mode 100644 clusters/cl01tl-standby/services/harbor/values.yaml delete mode 100644 clusters/cl01tl-standby/storage/pgadmin/Chart.yaml delete mode 100644 clusters/cl01tl-standby/storage/pgadmin/templates/external-secret.yaml delete mode 100644 clusters/cl01tl-standby/storage/pgadmin/templates/replication-source.yaml delete mode 100644 clusters/cl01tl-standby/storage/pgadmin/values.yaml diff --git a/clusters/cl01tl-standby/applications/directus/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/directus/templates/external-secret.yaml deleted file mode 100644 index c61fed49d..000000000 --- a/clusters/cl01tl-standby/applications/directus/templates/external-secret.yaml +++ /dev/null @@ -1,247 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: admin-email - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: admin-email - - secretKey: admin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: admin-password - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: secret - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/config - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-valkey-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-valkey-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/valkey - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/valkey - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/directus - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/directus - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-minio-user-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-minio-user-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/minio/auth - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/minio/auth - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-minio-root-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-minio-root-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.env - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/minio/config - metadataPolicy: None - property: root-config.env - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-minio-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-minio-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.env - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/directus/minio/config - metadataPolicy: None - property: config.env - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/directus - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: directus-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/directus/values.yaml b/clusters/cl01tl-standby/applications/directus/values.yaml deleted file mode 100644 index 16fff3723..000000000 --- a/clusters/cl01tl-standby/applications/directus/values.yaml +++ /dev/null @@ -1,206 +0,0 @@ -directus: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: directus/directus - tag: 11.5.0 - pullPolicy: IfNotPresent - env: - - name: PUBLIC_URL - value: https://directus.alexlebens.dev - - name: WEBSOCKETS_ENABLED - value: true - - name: ADMIN_EMAIL - valueFrom: - secretKeyRef: - name: directus-config - key: admin-email - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: directus-config - key: admin-password - - name: SECRET - valueFrom: - secretKeyRef: - name: directus-config - key: secret - - name: KEY - valueFrom: - secretKeyRef: - name: directus-config - key: key - - name: DB_CLIENT - value: postgres - - name: DB_HOST - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: host - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: port - - name: DB_USER - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: directus-postgresql-17-cluster-app - key: password - - name: REDIS_ENABLED - value: true - - name: REDIS_HOST - value: directus-valkey-primary - - name: REDIS_PORT - value: 6379 - - name: REDIS_USERNAME - valueFrom: - secretKeyRef: - name: directus-valkey-config - key: user - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: directus-valkey-config - key: password - - name: STORAGE_LOCATIONS - value: s3 - - name: STORAGE_S3_DRIVER - value: s3 - - name: STORAGE_S3_KEY - valueFrom: - secretKeyRef: - name: directus-minio-user-secret - key: AWS_ACCESS_KEY_ID - - name: STORAGE_S3_SECRET - valueFrom: - secretKeyRef: - name: directus-minio-user-secret - key: AWS_SECRET_ACCESS_KEY - - name: STORAGE_S3_BUCKET - value: directus - - name: STORAGE_S3_REGION - value: us-east-1 - - name: STORAGE_S3_ENDPOINT - value: http://minio.directus:80 - - name: STORAGE_S3_FORCE_PATH_STYLE - value: "true" - - name: AUTH_PROVIDERS - value: AUTHENTIK - - name: AUTH_AUTHENTIK_DRIVER - value: openid - - name: AUTH_AUTHENTIK_CLIENT_ID - valueFrom: - secretKeyRef: - name: directus-oidc-secret - key: OIDC_CLIENT_ID - - name: AUTH_AUTHENTIK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: directus-oidc-secret - key: OIDC_CLIENT_SECRET - - name: AUTH_AUTHENTIK_SCOPE - value: openid profile email - - name: AUTH_AUTHENTIK_ISSUER_URL - value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration - - name: AUTH_AUTHENTIK_IDENTIFIER_KEY - value: email - - name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION - value: true - - name: AUTH_AUTHENTIK_LABEL - value: Authentik Login - - name: TELEMETRY - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8055 - protocol: TCP -minio: - existingSecret: - name: directus-minio-root-secret - tenant: - name: minio-directus - configuration: - name: directus-minio-config-secret - pools: - - servers: 3 - name: pool - volumesPerServer: 2 - size: 10Gi - storageClassName: ceph-block - mountPath: /export - subPath: /data - metrics: - enabled: true - port: 9000 - protocol: http - certificate: - requestAutoCert: false - ingress: - console: - enabled: true - ingressClassName: tailscale - tls: - - secretName: minio-directus-cl01tl - hosts: - - minio-directus-cl01tl - host: minio-directus-cl01tl - path: / - pathType: Prefix -valkey: - architecture: standalone - auth: - enabled: true - existingSecret: directus-valkey-config - existingSecretPasswordKey: password - usePasswordFiles: false - primary: - persistence: - enabled: false - replica: - persistence: - enabled: false -cloudflared-directus: - name: cloudflared-directus - existingSecretName: directus-cloudflared-secret -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster - endpointCredentials: directus-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/applications/element-web/Chart.yaml b/clusters/cl01tl-standby/applications/element-web/Chart.yaml deleted file mode 100644 index f4b68c2e8..000000000 --- a/clusters/cl01tl-standby/applications/element-web/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: element-web -version: 1.0.0 -description: Element Web -keywords: - - element-web - - chat - - matrix -home: https://wiki.alexlebens.dev/doc/element-web-R4dzXXspgr -sources: - - https://github.com/element-hq/element-web - - https://github.com/cloudflare/cloudflared - - https://hub.docker.com/r/vectorim/element-web - - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: element-web - version: 1.4.3 - repository: https://ananace.gitlab.io/charts - - name: cloudflared - alias: cloudflared - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/element.png -appVersion: v1.11.88 diff --git a/clusters/cl01tl-standby/applications/element-web/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/element-web/templates/external-secret.yaml deleted file mode 100644 index 3e65c22ac..000000000 --- a/clusters/cl01tl-standby/applications/element-web/templates/external-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: element-web-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: element-web-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/element - metadataPolicy: None - property: token diff --git a/clusters/cl01tl-standby/applications/element-web/values.yaml b/clusters/cl01tl-standby/applications/element-web/values.yaml deleted file mode 100644 index 0f7e21e1d..000000000 --- a/clusters/cl01tl-standby/applications/element-web/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -element-web: - replicaCount: 1 - image: - repository: vectorim/element-web - tag: v1.11.93 - pullPolicy: IfNotPresent - defaultServer: - url: https://matrix.alexlebens.dev - name: alexlebens.dev - identity_url: https://alexlebens.dev - config: - disable_3pid_login: true - brand: "Alex Lebens" - branding: - welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg - auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png - sso_redirect_options: - immediate: true - default_theme: dark - default_country_code: US - ingress: - enabled: false - resources: - requests: - cpu: 10m - memory: 128Mi -cloudflared: - existingSecretName: element-web-cloudflared-secret diff --git a/clusters/cl01tl-standby/applications/freshrss/Chart.yaml b/clusters/cl01tl-standby/applications/freshrss/Chart.yaml deleted file mode 100644 index 8d0556121..000000000 --- a/clusters/cl01tl-standby/applications/freshrss/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v2 -name: freshrss -version: 1.0.0 -description: FreshRSS -keywords: - - freshrss - - rss -home: https://wiki.alexlebens.dev/doc/freshrss-W6nFVTmKJw -sources: - - https://github.com/FreshRSS/FreshRSS - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/freshrss/freshrss - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared - - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: freshrss - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: cloudflared - alias: cloudflared - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/freshrss.png -appVersion: 1.24.3 diff --git a/clusters/cl01tl-standby/applications/freshrss/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/freshrss/templates/external-secret.yaml deleted file mode 100644 index d905dfadc..000000000 --- a/clusters/cl01tl-standby/applications/freshrss/templates/external-secret.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: freshrss-install-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-install-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ADMIN_EMAIL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_EMAIL - - secretKey: ADMIN_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_PASSWORD - - secretKey: ADMIN_API_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/freshrss/config - metadataPolicy: None - property: ADMIN_API_PASSWORD - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: freshrss-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: secret - - secretKey: OIDC_CLIENT_CRYPTO_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/freshrss - metadataPolicy: None - property: crypto-key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: freshrss-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/freshrss - metadataPolicy: None - property: token - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: freshrss-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: freshrss-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: freshrss-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/freshrss/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/freshrss/templates/replication-source.yaml deleted file mode 100644 index 1145aad49..000000000 --- a/clusters/cl01tl-standby/applications/freshrss/templates/replication-source.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: freshrss-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: freshrss-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: freshrss-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: freshrss-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 568 -# runAsGroup: 568 -# fsGroup: 568 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/freshrss/values.yaml b/clusters/cl01tl-standby/applications/freshrss/values.yaml deleted file mode 100644 index 2b94ac95e..000000000 --- a/clusters/cl01tl-standby/applications/freshrss/values.yaml +++ /dev/null @@ -1,187 +0,0 @@ -freshrss: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-download-extension-1: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.21.3 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git; - cd cntools_FreshRssExtensions; - git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - resources: - requests: - cpu: 100m - memory: 128Mi - init-download-extension-2: - securityContext: - runAsUser: 0 - image: - repository: alpine - tag: 3.21.3 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git; - cd Extensions; - git sparse-checkout set --no-cone /xExtension-ImageProxy; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy - cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - main: - image: - repository: freshrss/freshrss - tag: 1.26.0 - pullPolicy: IfNotPresent - env: - - name: PGID - value: "568" - - name: PUID - value: "568" - - name: TZ - value: US/Central - - name: FRESHRSS_ENV - value: production - - name: CRON_MIN - value: 13,43 - - name: BASE_URL - value: https://rss.alexlebens.dev - - name: DB_HOST - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: host - - name: DB_BASE - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: dbname - - name: DB_USER - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: freshrss-postgresql-17-cluster-app - key: password - - name: FRESHRSS_INSTALL - value: | - --api-enabled - --base-url $(BASE_URL) - --db-base $(DB_BASE) - --db-host $(DB_HOST) - --db-password $(DB_PASSWORD) - --db-type pgsql - --db-user $(DB_USER) - --auth-type http_auth - --default-user admin - --language en - - name: FRESHRSS_USER - value: | - --api-password $(ADMIN_API_PASSWORD) - --email $(ADMIN_EMAIL) - --language en - --password $(ADMIN_PASSWORD) - --user admin - - name: OIDC_ENABLED - value: 1 - - name: OIDC_PROVIDER_METADATA_URL - value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration - - name: OIDC_X_FORWARDED_HEADERS - value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host - - name: OIDC_SCOPES - value: openid email profile - - name: OIDC_REMOTE_USER_CLAIM - value: preferred_username - envFrom: - - secretRef: - name: freshrss-oidc-secret - - secretRef: - name: freshrss-install-secret - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /var/www/FreshRSS/data - readOnly: false - extensions: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - init-download-extension-1: - - path: /var/www/FreshRSS/extensions - readOnly: false - init-download-extension-2: - - path: /var/www/FreshRSS/extensions - readOnly: false - main: - - path: /var/www/FreshRSS/extensions - readOnly: false -cloudflared: - existingSecretName: freshrss-cloudflared-secret -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster - endpointCredentials: freshrss-postgresql-17-cluster-backup-secret - backupIndex: 2 diff --git a/clusters/cl01tl-standby/applications/hoarder/Chart.yaml b/clusters/cl01tl-standby/applications/hoarder/Chart.yaml deleted file mode 100644 index e54e0a7b6..000000000 --- a/clusters/cl01tl-standby/applications/hoarder/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: hoarder -version: 1.0.0 -description: Hoarder -keywords: - - hoarder - - bookmarks -home: https://wiki.alexlebens.dev/doc/hoarder- -sources: - - https://github.com/hoarder-app/hoarder - - https://github.com/cloudflare/cloudflared - - https://github.com/meilisearch/meilisearch - - https://github.com/hoarder-app/hoarder/pkgs/container/hoarder - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared - - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: hoarder - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: meilisearch - version: 0.12.0 - repository: https://meilisearch.github.io/meilisearch-kubernetes - - name: cloudflared - alias: cloudflared - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/svg/hoarder.svg -appVersion: 0.19.0 diff --git a/clusters/cl01tl-standby/applications/hoarder/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/hoarder/templates/external-secret.yaml deleted file mode 100644 index e37107825..000000000 --- a/clusters/cl01tl-standby/applications/hoarder/templates/external-secret.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: hoarder-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: hoarder-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/hoarder/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: hoarder-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: hoarder-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AUTHENTIK_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/hoarder - metadataPolicy: None - property: client - - secretKey: AUTHENTIK_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/hoarder - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: hoarder-meilisearch-master-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: hoarder-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: meilisearch - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: MEILI_MASTER_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/hoarder/meilisearch - metadataPolicy: None - property: MEILI_MASTER_KEY - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: hoarder-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: hoarder-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/hoarder - metadataPolicy: None - property: token - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: hoarder-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: hoarder-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl-standby/applications/hoarder/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/hoarder/templates/replication-source.yaml deleted file mode 100644 index e8b1c82cc..000000000 --- a/clusters/cl01tl-standby/applications/hoarder/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: hoarder-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: hoarder-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: hoarder-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: hoarder-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/hoarder/values.yaml b/clusters/cl01tl-standby/applications/hoarder/values.yaml deleted file mode 100644 index cac77b311..000000000 --- a/clusters/cl01tl-standby/applications/hoarder/values.yaml +++ /dev/null @@ -1,128 +0,0 @@ -hoarder: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/hoarder-app/hoarder - tag: 0.22.0 - pullPolicy: IfNotPresent - env: - - name: DATA_DIR - value: /data - - name: NEXTAUTH_URL - value: https://hoarder.alexlebens.dev/ - - name: NEXTAUTH_SECRET - valueFrom: - secretKeyRef: - name: hoarder-key-secret - key: key - - name: MEILI_ADDR - value: http://hoarder-meilisearch.hoarder:7700 - - name: MEILI_MASTER_KEY - valueFrom: - secretKeyRef: - name: hoarder-meilisearch-master-key-secret - key: MEILI_MASTER_KEY - - name: BROWSER_WEB_URL - value: http://hoarder.hoarder:9222 - - name: DISABLE_SIGNUPS - value: false - - name: OAUTH_PROVIDER_NAME - value: "Authentik" - - name: OAUTH_WELLKNOWN_URL - value: https://auth.alexlebens.dev/application/o/hoarder/.well-known/openid-configuration - - name: OAUTH_SCOPE - value: "openid email profile" - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: hoarder-oidc-secret - key: AUTHENTIK_CLIENT_ID - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: hoarder-oidc-secret - key: AUTHENTIK_CLIENT_SECRET - - name: OLLAMA_BASE_URL - value: http://ollama-server-1.ollama:11434 - - name: OLLAMA_KEEP_ALIVE - value: 5m - - name: INFERENCE_TEXT_MODEL - value: llama3.1:8b - - name: INFERENCE_IMAGE_MODEL - value: llama3.2-vision:11b - - name: EMBEDDING_TEXT_MODEL - value: mxbai-embed-large - - name: INFERENCE_JOB_TIMEOUT_SEC - value: 720 - resources: - requests: - cpu: 10m - memory: 256Mi - chrome: - image: - repository: gcr.io/zenika-hub/alpine-chrome - tag: 124 - pullPolicy: IfNotPresent - args: - - --no-sandbox - - --disable-gpu - - --disable-dev-shm-usage - - --remote-debugging-address=0.0.0.0 - - --remote-debugging-port=9222 - - --hide-scrollbars - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP - chrome: - port: 9222 - targetPort: 9222 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false -meilisearch: - environment: - MEILI_NO_ANALYTICS: true - MEILI_ENV: production - auth: - existingMasterKeySecret: hoarder-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 - persistence: - enabled: true - storageClass: ceph-block - size: 10Gi - resources: - requests: - cpu: 10m - memory: 128Mi - serviceMonitor: - enabled: true -cloudflared: - existingSecretName: hoarder-cloudflared-secret diff --git a/clusters/cl01tl-standby/applications/immich/templates/external-secrets.yaml b/clusters/cl01tl-standby/applications/immich/templates/external-secrets.yaml deleted file mode 100644 index 005b7cfc1..000000000 --- a/clusters/cl01tl-standby/applications/immich/templates/external-secrets.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: immich-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: config - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: immich.json - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/immich/config - metadataPolicy: None - property: immich.json - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: immich-postgresql-16-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/immich/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/immich/templates/persistent-volume-claim.yaml deleted file mode 100644 index 1cdc938d9..000000000 --- a/clusters/cl01tl-standby/applications/immich/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: immich-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/immich/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/immich/templates/persistent-volume.yaml deleted file mode 100644 index 9a7c071c2..000000000 --- a/clusters/cl01tl-standby/applications/immich/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: immich-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Immich - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/immich/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/immich/templates/service-monitor.yaml deleted file mode 100644 index 353c1c2f2..000000000 --- a/clusters/cl01tl-standby/applications/immich/templates/service-monitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: immich - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: immich - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics-api - interval: 3m - scrapeTimeout: 1m - path: /metrics - - port: metrics-ms - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/immich/values.yaml b/clusters/cl01tl-standby/applications/immich/values.yaml deleted file mode 100644 index 759e0b76f..000000000 --- a/clusters/cl01tl-standby/applications/immich/values.yaml +++ /dev/null @@ -1,251 +0,0 @@ -immich: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/immich-app/immich-server - tag: v1.128.0 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: IMMICH_TELEMETRY_INCLUDE - value: all - - name: IMMICH_CONFIG_FILE - value: /config/immich.json - - name: IMMICH_MACHINE_LEARNING_URL - value: http://immich-machine-learning.immich:3003 - - name: REDIS_HOSTNAME - value: immich-valkey-primary - - name: DB_VECTOR_EXTENSION - value: pgvecto.rs - - name: DB_HOSTNAME - valueFrom: - secretKeyRef: - name: immich-postgresql-16-cluster-app - key: host - - name: DB_DATABASE_NAME - valueFrom: - secretKeyRef: - name: immich-postgresql-16-cluster-app - key: dbname - - name: DB_PORT - valueFrom: - secretKeyRef: - name: immich-postgresql-16-cluster-app - key: port - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: immich-postgresql-16-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: immich-postgresql-16-cluster-app - key: password - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: true - custom: true - spec: - httpGet: - path: /api/server/ping - port: 2283 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 30 - resources: - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 512Mi - limits: - gpu.intel.com/i915: 1 - cpu: 2 - machine-learning: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/immich-app/immich-machine-learning - tag: v1.128.0 - pullPolicy: IfNotPresent - env: - - name: TRANSFORMERS_CACHE - value: /cache - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 3003 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /ping - port: 3003 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - startup: - enabled: false - resources: - requests: - gpu.intel.com/i915: 1 - cpu: 10m - memory: 256Mi - limits: - gpu.intel.com/i915: 1 - cpu: 8 - memory: 10Gi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 2283 - targetPort: 2283 - protocol: TCP - metrics-api: - port: 8081 - targetPort: 8081 - protocol: TCP - metrics-ms: - port: 8082 - targetPort: 8082 - protocol: TCP - machine-learning: - controller: machine-learning - ports: - http: - port: 3003 - targetPort: 3003 - protocol: TCP - ingress: - main: - enabled: true - className: tailscale - hosts: - - host: immich-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: immich-main - port: 2283 - tls: - - hosts: - - immich-cl01tl - persistence: - config: - enabled: true - type: secret - name: immich-config-secret - advancedMounts: - main: - main: - - path: /config/immich.json - readOnly: true - mountPropagation: None - subPath: immich.json - media: - existingClaim: immich-nfs-storage - advancedMounts: - main: - main: - - path: /usr/src/app/upload - readOnly: false - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - machine-learning: - main: - - path: /cache - readOnly: false -valkey: - architecture: standalone - auth: - enabled: false - usePasswordFiles: false - primary: - persistence: - enabled: false - replica: - persistence: - enabled: false -postgres-16-cluster: - # Tensorchord - #--- https://github.com/immich-app/immich/discussions/9060 - #--- https://docs.pgvecto.rs/admin/kubernetes.html - #--- https://github.com/tensorchord/cloudnative-pgvecto.rs - type: tensorchord - mode: standalone - cluster: - image: - repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs - tag: 16.3-v0.2.1 - walStorage: - storageClass: local-path - storage: - storageClass: local-path - resources: - requests: - memory: 384Mi - cpu: 200m - monitoring: - enabled: true - postgresql: - parameters: - shared_buffers: 256MB - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster - endpointCredentials: immich-postgresql-16-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/applications/jellystat/Chart.yaml b/clusters/cl01tl-standby/applications/jellystat/Chart.yaml deleted file mode 100644 index 403cfb422..000000000 --- a/clusters/cl01tl-standby/applications/jellystat/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: jellystat -version: 1.0.0 -description: Jellystat -keywords: - - jellystat - - jellyfin -home: https://wiki.alexlebens.dev/doc/jellystat-0FixP7GqGZ -sources: - - https://github.com/CyferShepard/Jellystat - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/cyfershepard/jellystat - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: jellystat - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/jellystat.png -appVersion: 1.1.1 diff --git a/clusters/cl01tl-standby/applications/jellystat/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/jellystat/templates/external-secret.yaml deleted file mode 100644 index aaebffeee..000000000 --- a/clusters/cl01tl-standby/applications/jellystat/templates/external-secret.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: jellystat-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: secret-key - - secretKey: user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: user - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/jellystat/auth - metadataPolicy: None - property: password - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: jellystat-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: jellystat-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: jellystat-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/jellystat/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/jellystat/templates/replication-source.yaml deleted file mode 100644 index 4f536eac3..000000000 --- a/clusters/cl01tl-standby/applications/jellystat/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: jellystat-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: jellystat-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: jellystat-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: jellystat-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/jellystat/values.yaml b/clusters/cl01tl-standby/applications/jellystat/values.yaml deleted file mode 100644 index 1d50a5a6c..000000000 --- a/clusters/cl01tl-standby/applications/jellystat/values.yaml +++ /dev/null @@ -1,112 +0,0 @@ -jellystat: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: cyfershepard/jellystat - tag: 1.1.3 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: jellystat-secret - key: secret-key - - name: JS_USER - valueFrom: - secretKeyRef: - name: jellystat-secret - key: user - - name: JS_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-secret - key: password - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: dbname - - name: POSTGRES_IP - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: host - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - name: jellystat-postgresql-17-cluster-app - key: port - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: jellystat-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: jellystat - port: 3000 - tls: - - hosts: - - jellystat-cl01tl - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /app/backend/backup-data - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster - endpointCredentials: jellystat-postgresql-17-cluster-backup-secret - backupIndex: 1 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/lidarr2/Chart.yaml b/clusters/cl01tl-standby/applications/lidarr2/Chart.yaml deleted file mode 100644 index 27d78cc56..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: lidarr2 -version: 1.0.0 -description: Lidarr -keywords: - - lidarr - - servarr - - music - - metrics -home: https://wiki.alexlebens.dev/doc/lidarr-BIqpxux60p -sources: - - https://github.com/Lidarr/Lidarr - - https://github.com/linuxserver/docker-lidarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: lidarr2 - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/lidarr.png -appVersion: 2.8.2 diff --git a/clusters/cl01tl-standby/applications/lidarr2/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/lidarr2/templates/external-secret.yaml deleted file mode 100644 index 1fc6196a7..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: lidarr2-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: lidarr2-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: lidarr2-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr2-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume-claim.yaml deleted file mode 100644 index b71516dc2..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lidarr2-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr2-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: lidarr2-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume.yaml deleted file mode 100644 index 54f1429ad..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: lidarr2-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr2-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/lidarr2/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/lidarr2/templates/prometheus-rule.yaml deleted file mode 100644 index afddfd1ad..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: lidarr2 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr2 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: lidarr2 - rules: - - alert: ExportarrAbsent - annotations: - description: Lidarr Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*lidarr2.*"} == 1) - for: 5m - labels: - severity: critical - - alert: LidarrDown - annotations: - description: Lidarr service is down. - summary: Lidarr is down. - expr: | - lidarr_system_status{job=~".*lidarr2.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/lidarr2/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/lidarr2/templates/replication-source.yaml deleted file mode 100644 index 307531e07..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: lidarr2-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: lidarr2-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: lidarr2-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: lidarr2-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/lidarr2/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/lidarr2/templates/service-monitor.yaml deleted file mode 100644 index d1d72554a..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: lidarr2 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidarr2 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: lidarr2 - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/lidarr2/values.yaml b/clusters/cl01tl-standby/applications/lidarr2/values.yaml deleted file mode 100644 index 3cf66e946..000000000 --- a/clusters/cl01tl-standby/applications/lidarr2/values.yaml +++ /dev/null @@ -1,143 +0,0 @@ -lidarr2: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/lidarr - tag: version-2.8.2.4493@sha256:108ecf0fcbd8f77b6e8a513be6f3446feb47666dd1b45ea360569e9aac0960e4 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:8686/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["lidarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9792 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8686 - protocol: HTTP - metrics: - port: 9792 - targetPort: 9792 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: lidarr-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: lidarr2 - port: 80 - tls: - - hosts: - - lidarr-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: lidarr2-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - resources: - requests: - memory: 1Gi - cpu: 200m - monitoring: - enabled: true - bootstrap: - initdb: - postInitSQL: - - CREATE DATABASE "lidarr-main" OWNER "app"; - - CREATE DATABASE "lidarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster - endpointCredentials: lidarr2-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/lidatube/Chart.yaml b/clusters/cl01tl-standby/applications/lidatube/Chart.yaml deleted file mode 100644 index beb4aff08..000000000 --- a/clusters/cl01tl-standby/applications/lidatube/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: lidatube -version: 1.0.0 -description: LidaTube -keywords: - - lidatube - - music - - yt-dlp -home: https://wiki.alexlebens.dev/doc/lidatube-Rm5ioxwcaS -sources: - - https://github.com/TheWicklowWolf/LidaTube - - https://registry.hub.docker.com/r/thewicklowwolf/lidatube - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: lidatube - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 -icon: https://raw.githubusercontent.com/TheWicklowWolf/LidaTube/main/src/static/lidatube.png -appVersion: 0.2.9 diff --git a/clusters/cl01tl-standby/applications/lidatube/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/lidatube/templates/external-secret.yaml deleted file mode 100644 index 02cfb7c9a..000000000 --- a/clusters/cl01tl-standby/applications/lidatube/templates/external-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: lidatube-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: lidarr_api_key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/lidarr2/key - metadataPolicy: None - property: key diff --git a/clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume-claim.yaml deleted file mode 100644 index 5e496bed9..000000000 --- a/clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lidatube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: lidatube-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume.yaml deleted file mode 100644 index d44ab178e..000000000 --- a/clusters/cl01tl-standby/applications/lidatube/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: lidatube-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Music - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/lidatube/values.yaml b/clusters/cl01tl-standby/applications/lidatube/values.yaml deleted file mode 100644 index b95417bd8..000000000 --- a/clusters/cl01tl-standby/applications/lidatube/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -lidatube: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: thewicklowwolf/lidatube - tag: 0.2.16 - pullPolicy: IfNotPresent - env: - - name: PUID - value: 1000 - - name: PGID - value: 1000 - - name: lidarr_address - value: http://lidarr2.lidarr2:80 - - name: lidarr_api_key - valueFrom: - secretKeyRef: - name: lidatube-secret - key: lidarr_api_key - - name: sleep_interval - value: 360 - - name: sync_schedule - value: 4 - - name: attempt_lidarr_import - value: true - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5000 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: lidatube-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: lidatube - port: 80 - tls: - - hosts: - - lidatube-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /lidatube/config - readOnly: false - music: - existingClaim: lidatube-nfs-storage - advancedMounts: - main: - main: - - path: /lidatube/downloads - readOnly: false diff --git a/clusters/cl01tl-standby/applications/outline/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/outline/templates/external-secret.yaml deleted file mode 100644 index f00d96e0d..000000000 --- a/clusters/cl01tl-standby/applications/outline/templates/external-secret.yaml +++ /dev/null @@ -1,226 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/key - metadataPolicy: None - property: secret-key - - secretKey: utils-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/key - metadataPolicy: None - property: utils-key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/outline - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/outline - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-minio-user-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-minio-user-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/minio/auth - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/minio/auth - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-minio-root-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-minio-root-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.env - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/minio/config - metadataPolicy: None - property: root-config.env - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-minio-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-minio-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.env - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/outline/minio/config - metadataPolicy: None - property: config.env - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/outline - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-minio-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/outline-minio - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/outline/values.yaml b/clusters/cl01tl-standby/applications/outline/values.yaml deleted file mode 100644 index c47eb250b..000000000 --- a/clusters/cl01tl-standby/applications/outline/values.yaml +++ /dev/null @@ -1,209 +0,0 @@ -outline: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: outlinewiki/outline - tag: 0.82.0 - pullPolicy: IfNotPresent - env: - - name: NODE_ENV - value: production - - name: URL - value: https://wiki.alexlebens.dev - - name: PORT - value: 3000 - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: outline-key-secret - key: secret-key - - name: UTILS_SECRET - valueFrom: - secretKeyRef: - name: outline-key-secret - key: utils-key - - name: POSTGRES_USERNAME - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: password - - name: POSTGRES_DATABASE_NAME - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: dbname - - name: POSTGRES_DATABASE_HOST - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: host - - name: POSTGRES_DATABASE_PORT - valueFrom: - secretKeyRef: - name: outline-postgresql-17-cluster-app - key: port - - name: DATABASE_URL - value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME) - - name: DATABASE_URL_TEST - value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test - - name: DATABASE_CONNECTION_POOL_MIN - value: "2" - - name: DATABASE_CONNECTION_POOL_MAX - value: "20" - - name: PGSSLMODE - value: disable - - name: REDIS_URL - value: redis://outline-valkey-primary.outline:6379 - - name: FILE_STORAGE - value: s3 - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: outline-minio-user-secret - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: outline-minio-user-secret - key: AWS_SECRET_ACCESS_KEY - - name: AWS_REGION - value: us-east-1 - - name: AWS_S3_UPLOAD_BUCKET_NAME - value: outline - - name: AWS_S3_UPLOAD_BUCKET_URL - value: https://outline-storage.alexlebens.dev/outline - - name: AWS_S3_ACCELERATE_URL - value: https://outline-storage.alexlebens.dev/outline - - name: AWS_S3_FORCE_PATH_STYLE - value: false - - name: AWS_S3_ACL - value: private - - name: FILE_STORAGE_UPLOAD_MAX_SIZE - value: "26214400" - - name: FORCE_HTTPS - value: false - - name: ENABLE_UPDATES - value: false - - name: WEB_CONCURRENCY - value: 1 - - name: FILE_STORAGE_IMPORT_MAX_SIZE - value: 5120000 - - name: LOG_LEVEL - value: info - - name: DEFAULT_LANGUAGE - value: en_US - - name: RATE_LIMITER_ENABLED - value: false - - name: DEVELOPMENT_UNSAFE_INLINE_CSP - value: false - - name: OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: outline-oidc-secret - key: client - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: outline-oidc-secret - key: secret - - name: OIDC_AUTH_URI - value: https://auth.alexlebens.dev/application/o/authorize/ - - name: OIDC_TOKEN_URI - value: https://auth.alexlebens.dev/application/o/token/ - - name: OIDC_USERINFO_URI - value: https://auth.alexlebens.dev/application/o/userinfo/ - - name: OIDC_USERNAME_CLAIM - value: email - - name: OIDC_DISPLAY_NAME - value: Authentik - - name: OIDC_SCOPES - value: openid profile email - resources: - requests: - cpu: 10m - memory: 512Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 3000 - targetPort: 3000 - protocol: HTTP -minio: - existingSecret: - name: outline-minio-root-secret - tenant: - name: minio-outline - configuration: - name: outline-minio-config-secret - pools: - - servers: 3 - name: pool - volumesPerServer: 2 - size: 10Gi - storageClassName: ceph-block - mountPath: /export - subPath: /data - metrics: - enabled: true - port: 9000 - protocol: http - certificate: - requestAutoCert: false - ingress: - console: - enabled: true - ingressClassName: tailscale - tls: - - secretName: minio-outline-cl01tl - hosts: - - minio-outline-cl01tl - host: minio-outline-cl01tl - path: / - pathType: Prefix -valkey: - architecture: standalone - auth: - enabled: false - usePasswordFiles: false - primary: - persistence: - enabled: false - replica: - persistence: - enabled: false -cloudflared-outline: - existingSecretName: outline-cloudflared-secret - name: cloudflared-outline -cloudflared-minio: - existingSecretName: outline-minio-cloudflared-secret - name: cloudflared-minio -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster - endpointCredentials: outline-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/applications/overseerr/Chart.yaml b/clusters/cl01tl-standby/applications/overseerr/Chart.yaml deleted file mode 100644 index a4089a80b..000000000 --- a/clusters/cl01tl-standby/applications/overseerr/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: overseerr -version: 1.0.0 -description: Overseerr -keywords: - - overseer - - media - - request -home: https://wiki.alexlebens.dev/doc/overseerr-pCUN6XnGR5 -sources: - - https://github.com/sct/overseerr - - https://github.com/sct/overseerr/pkgs/container/overseerr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/overseerr.png -appVersion: 1.33.2 diff --git a/clusters/cl01tl-standby/applications/overseerr/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/overseerr/templates/external-secret.yaml deleted file mode 100644 index 7bd972059..000000000 --- a/clusters/cl01tl-standby/applications/overseerr/templates/external-secret.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: overseerr-main-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: overseerr-main-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl-standby/applications/overseerr/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/overseerr/templates/replication-source.yaml deleted file mode 100644 index 8056fdae7..000000000 --- a/clusters/cl01tl-standby/applications/overseerr/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: overseerr-main-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: overseerr-main-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: overseerr-main -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: overseerr-main-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/overseerr/values.yaml b/clusters/cl01tl-standby/applications/overseerr/values.yaml deleted file mode 100644 index 97fb3afd8..000000000 --- a/clusters/cl01tl-standby/applications/overseerr/values.yaml +++ /dev/null @@ -1,56 +0,0 @@ -app-template: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/sct/overseerr - tag: 1.33.2 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - resources: - requests: - cpu: 10m - memory: 512Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 5055 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: overseerr-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: overseerr - port: 80 - tls: - - hosts: - - overseerr-cl01tl - persistence: - main: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /app/config - readOnly: false diff --git a/clusters/cl01tl-standby/applications/photoview/Chart.yaml b/clusters/cl01tl-standby/applications/photoview/Chart.yaml deleted file mode 100644 index 6915ebff1..000000000 --- a/clusters/cl01tl-standby/applications/photoview/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: photoview -version: 1.0.0 -description: Photoview -keywords: - - photoview - - pictures -home: https://wiki.alexlebens.dev/doc/photoview-WSRscnhpwv -sources: - - https://github.com/immich-app/immich - - https://github.com/valkey-io/valkey - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/bitnami/charts/tree/main/bitnami/valkey - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: photoview - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png -appVersion: 2.4.0 diff --git a/clusters/cl01tl-standby/applications/photoview/templates/external-secrets.yaml b/clusters/cl01tl-standby/applications/photoview/templates/external-secrets.yaml deleted file mode 100644 index 6fac32ec5..000000000 --- a/clusters/cl01tl-standby/applications/photoview/templates/external-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: photoview-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/photoview/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/photoview/templates/persistent-volume-claim.yaml deleted file mode 100644 index 191161483..000000000 --- a/clusters/cl01tl-standby/applications/photoview/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: photoview-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: photoview-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/photoview/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/photoview/templates/persistent-volume.yaml deleted file mode 100644 index bcf22883d..000000000 --- a/clusters/cl01tl-standby/applications/photoview/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: photoview-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: photoview-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage/Pictures - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/photoview/values.yaml b/clusters/cl01tl-standby/applications/photoview/values.yaml deleted file mode 100644 index 3ef51bb0e..000000000 --- a/clusters/cl01tl-standby/applications/photoview/values.yaml +++ /dev/null @@ -1,108 +0,0 @@ -photoview: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - initContainers: - init-chmod-data: - securityContext: - runAsUser: 0 - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - /bin/chown -R 999:999 /app/cache - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - main: - image: - repository: photoview/photoview - tag: 2.4.0 - pullPolicy: IfNotPresent - env: - - name: PHOTOVIEW_DATABASE_DRIVER - value: postgres - - name: PHOTOVIEW_POSTGRES_URL - valueFrom: - secretKeyRef: - name: photoview-postgresql-17-cluster-app - key: uri - - name: PHOTOVIEW_MEDIA_CACHE - value: /app/cache - - name: PHOTOVIEW_VIDEO_HARDWARE_ACCELERATION - value: qsv - resources: - requests: - cpu: 10m - memory: 512Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - ingress: - main: - enabled: true - className: tailscale - hosts: - - host: photoview-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: photoview - port: 80 - tls: - - hosts: - - photoview-cl01tl - persistence: - media: - existingClaim: photoview-nfs-storage - advancedMounts: - main: - main: - - path: /photos - readOnly: true - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: false - advancedMounts: - main: - init-chmod-data: - - path: /app/cache - readOnly: false - main: - - path: /app/cache - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster - endpointCredentials: photoview-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/prowlarr/Chart.yaml b/clusters/cl01tl-standby/applications/prowlarr/Chart.yaml deleted file mode 100644 index d3f53c4c2..000000000 --- a/clusters/cl01tl-standby/applications/prowlarr/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: prowlarr -version: 1.0.0 -description: Prowlarr -keywords: - - prowlarr - - servarr - - trackers -home: https://wiki.alexlebens.dev/doc/prowlarr-ERparmlGES -sources: - - https://github.com/Prowlarr/Prowlarr - - https://github.com/onedr0p/containers/pkgs/container/prowlarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: prowlarr - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prowlarr.png -appVersion: 1.28.2.4885 diff --git a/clusters/cl01tl-standby/applications/prowlarr/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/prowlarr/templates/external-secret.yaml deleted file mode 100644 index 2b258e6a1..000000000 --- a/clusters/cl01tl-standby/applications/prowlarr/templates/external-secret.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: prowlarr-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: prowlarr-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl-standby/applications/prowlarr/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/prowlarr/templates/replication-source.yaml deleted file mode 100644 index 18a6b9806..000000000 --- a/clusters/cl01tl-standby/applications/prowlarr/templates/replication-source.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: prowlarr-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: prowlarr-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: prowlarr-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: prowlarr-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 568 -# runAsGroup: 568 -# fsGroup: 568 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block-delete -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/prowlarr/values.yaml b/clusters/cl01tl-standby/applications/prowlarr/values.yaml deleted file mode 100644 index 6d580fc79..000000000 --- a/clusters/cl01tl-standby/applications/prowlarr/values.yaml +++ /dev/null @@ -1,84 +0,0 @@ -prowlarr: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - containers: - main: - image: - repository: ghcr.io/onedr0p/prowlarr - tag: 1.31.2.4975 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:8686/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9696 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: prowlarr-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: prowlarr - port: 80 - tls: - - hosts: - - prowlarr-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 1Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/Chart.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/Chart.yaml deleted file mode 100644 index 8ad1584c2..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v2 -name: radarr5-4k -version: 1.0.0 -description: Radarr v5 4K -keywords: - - radarr - - servarr - - movies - - 4k - - metrics -home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP -sources: - - https://github.com/Radarr/Radarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/containers/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr5-4k - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png -appVersion: 5.16.3 diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/templates/external-secret.yaml deleted file mode 100644 index c83379eeb..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr5-4k-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-4k-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: radarr5-4k-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-4k-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume-claim.yaml deleted file mode 100644 index c816361fb..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr5-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr5-4k-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume.yaml deleted file mode 100644 index 37cdb0dc6..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr5-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/templates/prometheus-rule.yaml deleted file mode 100644 index cbbde00cf..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr5-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr5-4k - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr5 4K Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr5_4k.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Radarr54kDown - annotations: - description: Radarr5 4K service is down. - summary: Radarr5 4K is down. - expr: | - radarr5_4k_system_status{job=~".*radarr5_4k.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/templates/replication-source.yaml deleted file mode 100644 index ddf9a5878..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/templates/replication-source.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr5-4k-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-4k-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr5-4k-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr5-4k-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/templates/service-monitor.yaml deleted file mode 100644 index 5e85f38ff..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr5-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr5-4k - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/radarr5-4k/values.yaml b/clusters/cl01tl-standby/applications/radarr5-4k/values.yaml deleted file mode 100644 index a855a1e16..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-4k/values.yaml +++ /dev/null @@ -1,141 +0,0 @@ -radarr5-4k: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: radarr-4k-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: radarr5-4k - port: 80 - tls: - - hosts: - - radarr-4k-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr5-4k-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster - endpointCredentials: radarr5-4k-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/Chart.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/Chart.yaml deleted file mode 100644 index afc7c9885..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v2 -name: radarr5-anime -version: 1.0.0 -description: Radarr v5 Anime -keywords: - - radarr - - servarr - - movies - - anime - - metrics -home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP -sources: - - https://github.com/Radarr/Radarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr5-anime - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png -appVersion: 5.16.3 diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/templates/external-secret.yaml deleted file mode 100644 index 17c63e296..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr5-anime-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-anime-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-anime/radarr5-anime-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: radarr5-anime-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-anime-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume-claim.yaml deleted file mode 100644 index 8ec11e013..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr5-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr5-anime-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume.yaml deleted file mode 100644 index bd1c7857c..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr5-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/templates/prometheus-rule.yaml deleted file mode 100644 index 6bf49e8e9..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr5-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr5-anime - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr5 Anime Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr5_anime.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Radarr5animeDown - annotations: - description: Radarr5 Anime service is down. - summary: Radarr5 Anime is down. - expr: | - radarr5_anime_system_status{job=~".*radarr5_anime.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/templates/replication-source.yaml deleted file mode 100644 index c25c8adfb..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr5-anime-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-anime-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr5-anime-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr5-anime-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/templates/service-monitor.yaml deleted file mode 100644 index 0a53e8c68..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr5-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr5-anime - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/radarr5-anime/values.yaml b/clusters/cl01tl-standby/applications/radarr5-anime/values.yaml deleted file mode 100644 index 83baa4a81..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-anime/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -radarr5-anime: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: radarr-anime-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: radarr5-anime - port: 80 - tls: - - hosts: - - radarr-anime-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr5-anime-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster - endpointCredentials: radarr5-anime-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/Chart.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/Chart.yaml deleted file mode 100644 index 9602effa7..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: radarr5-standup -version: 1.0.0 -description: Radarr v5 Stand Up -keywords: - - radarr - - servarr - - standup - - metrics -home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP -sources: - - https://github.com/Radarr/Radarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/linuxserver/docker-radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr5-standup - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png -appVersion: 5.16.3 diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/templates/external-secret.yaml deleted file mode 100644 index b09673e5b..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr5-standup-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-standup-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-standup/radarr5-standup-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: radarr5-standup-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-standup-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume-claim.yaml deleted file mode 100644 index de0e783bd..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr5-standup-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr5-standup-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume.yaml deleted file mode 100644 index 6eda67f3a..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr5-standup-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/templates/prometheus-rule.yaml deleted file mode 100644 index 104f6b351..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr5-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr5-standup - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr5 Stand Up Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr5_standup.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Radarr5StandUpDown - annotations: - description: Radarr5 Stand Up service is down. - summary: Radarr5 Stand Up is down. - expr: | - radarr5_standup_system_status{job=~".*radarr5_standup.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/templates/replication-source.yaml deleted file mode 100644 index d6a193851..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/templates/replication-source.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr5-standup-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-standup-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr5-standup-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr5-standup-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/templates/service-monitor.yaml deleted file mode 100644 index b26da20ac..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr5-standup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr5-standup - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/radarr5-standup/values.yaml b/clusters/cl01tl-standby/applications/radarr5-standup/values.yaml deleted file mode 100644 index dfd4277af..000000000 --- a/clusters/cl01tl-standby/applications/radarr5-standup/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -radarr5-standup: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: radarr-standup-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: radarr5-standup - port: 80 - tls: - - hosts: - - radarr-standup-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr5-standup-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster - endpointCredentials: radarr5-standup-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/radarr5/Chart.yaml b/clusters/cl01tl-standby/applications/radarr5/Chart.yaml deleted file mode 100644 index 108d49443..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: radarr5 -version: 1.0.0 -description: Radarr v5 -keywords: - - radarr - - servarr - - movies - - metrics -home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP -sources: - - https://github.com/Radarr/Radarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/containers/pkgs/container/radarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: radarr5 - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png -appVersion: 5.16.3.9541 diff --git a/clusters/cl01tl-standby/applications/radarr5/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/radarr5/templates/external-secret.yaml deleted file mode 100644 index a7cb1a9fe..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: radarr5-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5/radarr5-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: radarr5-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume-claim.yaml deleted file mode 100644 index e11dd4fe2..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: radarr5-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: radarr5-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume.yaml deleted file mode 100644 index d8c05c56d..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: radarr5-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/radarr5/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/radarr5/templates/prometheus-rule.yaml deleted file mode 100644 index fc59c8796..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: radarr5 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: radarr5 - rules: - - alert: ExportarrAbsent - annotations: - description: Radarr5 Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*radarr5.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Radarr5Down - annotations: - description: Radarr5 service is down. - summary: Radarr5 is down. - expr: | - radarr5_system_status{job=~".*radarr5.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/radarr5/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/radarr5/templates/replication-source.yaml deleted file mode 100644 index c97f2c9f9..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/templates/replication-source.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: radarr5-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: radarr5-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: radarr5-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: radarr5-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1000 -# runAsGroup: 1000 -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/radarr5/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/radarr5/templates/service-monitor.yaml deleted file mode 100644 index a03a62d55..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: radarr5 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: radarr5 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: radarr5 - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/radarr5/values.yaml b/clusters/cl01tl-standby/applications/radarr5/values.yaml deleted file mode 100644 index 354041dee..000000000 --- a/clusters/cl01tl-standby/applications/radarr5/values.yaml +++ /dev/null @@ -1,145 +0,0 @@ -radarr5: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - containers: - main: - image: - repository: ghcr.io/linuxserver/radarr - tag: 5.19.3@sha256:0a8020afc5e3dcad1413ba125a980729a2b16ff0d88d108b3e1779111ef1c896 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:7878/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["radarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9793 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 512Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 7878 - protocol: HTTP - metrics: - port: 9793 - targetPort: 9793 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: radarr-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: radarr5 - port: 80 - tls: - - hosts: - - radarr-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: radarr5-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - resources: - requests: - memory: 1Gi - cpu: 200m - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "radarr-main" OWNER "app"; - - CREATE DATABASE "radarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5/radarr5-postgresql-17-cluster - endpointCredentials: radarr5-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/roundcube/Chart.yaml b/clusters/cl01tl-standby/applications/roundcube/Chart.yaml deleted file mode 100644 index 9f205a9b6..000000000 --- a/clusters/cl01tl-standby/applications/roundcube/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: roundcube -version: 1.0.0 -description: Roundcube -keywords: - - roundcube - - email -home: https://wiki.alexlebens.dev/doc/roundcube-miG1qbYSPs -sources: - - https://github.com/roundcube/roundcubemail - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/roundcube/roundcubemail - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: roundcube - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/roundcube.png -appVersion: 1.6.9 diff --git a/clusters/cl01tl-standby/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/roundcube/templates/external-secret.yaml deleted file mode 100644 index 671db9665..000000000 --- a/clusters/cl01tl-standby/applications/roundcube/templates/external-secret.yaml +++ /dev/null @@ -1,114 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: roundcube-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: DES_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/roundcube/key - metadataPolicy: None - property: DES_KEY - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: roundcube-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: roundcube-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/roundcube/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/roundcube/templates/replication-source.yaml deleted file mode 100644 index a15375a82..000000000 --- a/clusters/cl01tl-standby/applications/roundcube/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: roundcube-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: roundcube-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: roundcube-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: roundcube-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/roundcube/values.yaml b/clusters/cl01tl-standby/applications/roundcube/values.yaml deleted file mode 100644 index cb494ba0f..000000000 --- a/clusters/cl01tl-standby/applications/roundcube/values.yaml +++ /dev/null @@ -1,238 +0,0 @@ -roundcube: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: roundcube/roundcubemail - tag: 1.6.10-fpm-alpine - pullPolicy: IfNotPresent - env: - - name: ROUNDCUBEMAIL_DB_TYPE - value: pgsql - - name: ROUNDCUBEMAIL_DB_HOST - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: host - - name: ROUNDCUBEMAIL_DB_NAME - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: dbname - - name: ROUNDCUBEMAIL_DB_USER - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: user - - name: ROUNDCUBEMAIL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: password - - name: ROUNDCUBEMAIL_DES_KEY - valueFrom: - secretKeyRef: - name: roundcube-key-secret - key: DES_KEY - - name: ROUNDCUBEMAIL_DEFAULT_HOST - value: stalwart.stalwart - - name: ROUNDCUBEMAIL_DEFAULT_PORT - value: 143 - - name: ROUNDCUBEMAIL_SMTP_SERVER - value: stalwart.stalwart - - name: ROUNDCUBEMAIL_SMTP_PORT - value: 25 - - name: ROUNDCUBEMAIL_SKIN - value: elastic - - name: ROUNDCUBEMAIL_PLUGINS - value: archive,zipdownload,newmail_notifier - resources: - requests: - cpu: 100m - memory: 256Mi - nginx: - image: - repository: nginx - tag: 1.27.4-alpine - pullPolicy: IfNotPresent - env: - - name: NGINX_HOST - value: mail.alexlebens.dev - - name: NGINX_PHP_CGI - value: roundcube.roundcube:9000 - resources: - requests: - cpu: 10m - memory: 128Mi - cleandb: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: 0 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - containers: - backup: - image: - repository: roundcube/roundcubemail - tag: 1.6.10-fpm-alpine - pullPolicy: IfNotPresent - env: - - name: ROUNDCUBEMAIL_DB_TYPE - value: pgsql - - name: ROUNDCUBEMAIL_DB_HOST - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: host - - name: ROUNDCUBEMAIL_DB_NAME - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: dbname - - name: ROUNDCUBEMAIL_DB_USER - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: user - - name: ROUNDCUBEMAIL_DB_PASSWORD - valueFrom: - secretKeyRef: - name: roundcube-postgresql-17-cluster-app - key: password - - name: ROUNDCUBEMAIL_DES_KEY - valueFrom: - secretKeyRef: - name: roundcube-key-secret - key: DES_KEY - - name: ROUNDCUBEMAIL_DEFAULT_HOST - value: tls://stalwart.stalwart - - name: ROUNDCUBEMAIL_SMTP_SERVER - value: tls://stalwart.stalwart - - name: ROUNDCUBEMAIL_SKIN - value: elastic - - name: ROUNDCUBEMAIL_PLUGINS - value: archive,zipdownload,newmail_notifier - args: - - bin/cleandb.sh - resources: - requests: - cpu: 100m - memory: 128Mi - serviceAccount: - create: true - configMaps: - config: - enabled: true - data: - default.conf: | - server { - listen 80 default_server; - server_name _; - root /var/www/html; - - location / { - try_files $uri /index.php$is_args$args; - } - - location ~ \.php(/|$) { - try_files $uri =404; - fastcgi_pass roundcube:9000; - fastcgi_read_timeout 300; - proxy_read_timeout 300; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; - } - - client_max_body_size 6m; - - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; - } - service: - main: - controller: main - ports: - mail: - port: 9000 - targetPort: 9000 - protocol: HTTP - web: - port: 80 - targetPort: 80 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: mail-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: roundcube - port: 80 - tls: - - hosts: - - mail-cl01tl - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /var/www/html - readOnly: false - nginx: - - path: /var/www/html - readOnly: false - temp: - type: emptyDir - advancedMounts: - main: - main: - - path: /tmp/roundcube-temp - readOnly: false - config: - enabled: true - type: configMap - name: roundcube-config - advancedMounts: - main: - nginx: - - path: /etc/nginx/conf.d/default.conf - readOnly: true - mountPropagation: None - subPath: default.conf -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster - endpointCredentials: roundcube-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/applications/site-profile/Chart.yaml b/clusters/cl01tl-standby/applications/site-profile/Chart.yaml deleted file mode 100644 index 172e1ef31..000000000 --- a/clusters/cl01tl-standby/applications/site-profile/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v2 -name: site-profile -version: 1.0.0 -description: Site Profile -keywords: - - site-profile - - astro -home: https://wiki.alexlebens.dev/doc/site-profile-uoqXo94Yzd -sources: - - https://github.com/alexlebens/site-profile - - https://github.com/withastro/astro - - https://github.com/cloudflare/cloudflared - - https://github.com/alexlebens/site-profile/pkgs/container/site-profile - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/cloudflared -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: site-profile - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: cloudflared - alias: cloudflared-site - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 -icon: https://d21zlbwtcn424f.cloudfront.net/icon_white.png -appVersion: 0.5.5 diff --git a/clusters/cl01tl-standby/applications/site-profile/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/site-profile/templates/external-secret.yaml deleted file mode 100644 index 94e0e0f0e..000000000 --- a/clusters/cl01tl-standby/applications/site-profile/templates/external-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: site-profile-cloudflared-api-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: site-profile-cloudflared-api-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/site-profile - metadataPolicy: None - property: token diff --git a/clusters/cl01tl-standby/applications/site-profile/values.yaml b/clusters/cl01tl-standby/applications/site-profile/values.yaml deleted file mode 100644 index ab473959e..000000000 --- a/clusters/cl01tl-standby/applications/site-profile/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -site-profile: - global: - fullnameOverride: site-profile - controllers: - main: - type: deployment - replicas: 3 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/alexlebens/site-profile - tag: 0.6.2 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 4321 - protocol: HTTP -cloudflared-site: - name: cloudflared-site - existingSecretName: site-profile-cloudflared-api-secret diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/Chart.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/Chart.yaml deleted file mode 100644 index d9982e7b6..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v2 -name: sonarr4-4k -version: 1.0.0 -description: Sonarr v4 4K -keywords: - - sonarr - - servarr - - tv shows - - 4k - - metrics -home: https://wiki.alexlebens.dev/doc/sonarr-AvJLY9PxEy -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/containers/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr4-4k - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/sonarr.png -appVersion: 4.0.11 diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/templates/external-secret.yaml deleted file mode 100644 index ee3a59114..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: sonarr4-4k-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr4-4k-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-4k/sonarr4-4k-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: sonarr4-4k-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-4k-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume-claim.yaml deleted file mode 100644 index c453fe08c..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr4-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr4-4k-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume.yaml deleted file mode 100644 index 91261233e..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr4-4k-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/templates/prometheus-rule.yaml deleted file mode 100644 index 495a5eedf..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr4-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr4-4k - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr4 4K Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr4_4k.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Sonarr44KDown - annotations: - description: Sonarr4 4K service is down. - summary: Sonarr4 4K is down. - expr: | - sonarr4_4k_system_status{job=~".*sonarr4_4k.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/templates/replication-source.yaml deleted file mode 100644 index b6311db93..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: sonarr4-4k-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr4-4k-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: sonarr4-4k-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: sonarr4-4k-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/templates/service-monitor.yaml deleted file mode 100644 index 978aabc59..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr4-4k - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr4-4k - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/sonarr4-4k/values.yaml b/clusters/cl01tl-standby/applications/sonarr4-4k/values.yaml deleted file mode 100644 index 01277da5f..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-4k/values.yaml +++ /dev/null @@ -1,144 +0,0 @@ -sonarr4-4k: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.13@sha256:4dfedb2598dc6bd51c40f4ecea2631dbe367840678ab109cd968f821d81a5327 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:8989/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: sonarr-4k-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: sonarr4-4k - port: 80 - tls: - - hosts: - - sonarr-4k-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr4-4k-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-4k/sonarr4-4k-postgresql-17-cluster - endpointCredentials: sonarr4-4k-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/Chart.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/Chart.yaml deleted file mode 100644 index 9cfa23e67..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: sonarr4-anime -version: 1.0.0 -description: Sonarr v4 Anime -keywords: - - sonarr - - servarr - - anime - - metrics -home: https://wiki.alexlebens.dev/doc/sonarr-AvJLY9PxEy -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/containers/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr4-anime - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/sonarr.png -appVersion: 4.0.11 diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/templates/external-secret.yaml deleted file mode 100644 index 69fb077a8..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: sonarr4-anime-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr4-anime-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4-anime/sonarr4-anime-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: sonarr4-anime-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-anime-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume-claim.yaml deleted file mode 100644 index b910b945a..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr4-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr4-anime-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume.yaml deleted file mode 100644 index b6e30e25f..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr4-anime-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/templates/prometheus-rule.yaml deleted file mode 100644 index b98739676..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr4-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr4-anime - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr4 Anime Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr4_anime.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Sonarr4AnimeDown - annotations: - description: Sonarr4 Anime service is down. - summary: Sonarr4 Anime is down. - expr: | - sonarr4_anime_system_status{job=~".*sonarr4_anime.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/templates/replication-source.yaml deleted file mode 100644 index f33d8b7d1..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: sonarr4-anime-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr4-anime-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: sonarr4-anime-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: sonarr4-anime-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/templates/service-monitor.yaml deleted file mode 100644 index 41ff7864b..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr4-anime - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr4-anime - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/sonarr4-anime/values.yaml b/clusters/cl01tl-standby/applications/sonarr4-anime/values.yaml deleted file mode 100644 index 8533a7a0c..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4-anime/values.yaml +++ /dev/null @@ -1,144 +0,0 @@ -sonarr4-anime: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.13@sha256:4dfedb2598dc6bd51c40f4ecea2631dbe367840678ab109cd968f821d81a5327 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:8989/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: sonarr-anime-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: sonarr4-anime - port: 80 - tls: - - hosts: - - sonarr-anime-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr4-anime-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4-anime/sonarr4-anime-postgresql-17-cluster - endpointCredentials: sonarr4-anime-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/sonarr4/Chart.yaml b/clusters/cl01tl-standby/applications/sonarr4/Chart.yaml deleted file mode 100644 index 56d071ed1..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: sonarr4 -version: 1.0.0 -description: Sonarr v4 -keywords: - - sonarr - - servarr - - tv shows - - metrics -home: https://wiki.alexlebens.dev/doc/sonarr-AvJLY9PxEy -sources: - - https://github.com/Sonarr/Sonarr - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/onedr0p/containers/pkgs/container/sonarr - - https://github.com/onedr0p/exportarr/pkgs/container/exportarr - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: sonarr4 - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/sonarr.png -appVersion: 4.0.11.2680 diff --git a/clusters/cl01tl-standby/applications/sonarr4/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/sonarr4/templates/external-secret.yaml deleted file mode 100644 index ec457c67c..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/templates/external-secret.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: sonarr4-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr4-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/sonarr4/sonarr4-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: sonarr4-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume-claim.yaml deleted file mode 100644 index 9d4e06d17..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sonarr4-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeName: sonarr4-nfs-storage - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume.yaml b/clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume.yaml deleted file mode 100644 index 82edb5205..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/templates/persistent-volume.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sonarr4-nfs-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - persistentVolumeReclaimPolicy: Retain - storageClassName: nfs-client - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - nfs: - path: /volume2/Storage - server: synologybond.alexlebens.net - mountOptions: - - vers=4 - - minorversion=1 - - noac diff --git a/clusters/cl01tl-standby/applications/sonarr4/templates/prometheus-rule.yaml b/clusters/cl01tl-standby/applications/sonarr4/templates/prometheus-rule.yaml deleted file mode 100644 index d260b61e9..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/templates/prometheus-rule.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: sonarr4 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - groups: - - name: sonarr4 - rules: - - alert: ExportarrAbsent - annotations: - description: Sonarr4 Exportarr has disappeared from Prometheus - service discovery. - summary: Exportarr is down. - expr: | - absent(up{job=~".*sonarr4.*"} == 1) - for: 5m - labels: - severity: critical - - alert: Sonarr4Down - annotations: - description: Sonarr4 service is down. - summary: Sonarr4 is down. - expr: | - sonarr4_system_status{job=~".*sonarr4.*"} == 0 - for: 5m - labels: - severity: critical diff --git a/clusters/cl01tl-standby/applications/sonarr4/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/sonarr4/templates/replication-source.yaml deleted file mode 100644 index c44c45dcd..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/templates/replication-source.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: sonarr4-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: sonarr4-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: sonarr4-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: sonarr4-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# fsGroup: 1000 -# fsGroupChangePolicy: OnRootMismatch -# supplementalGroups: -# - 44 -# - 100 -# - 109 -# - 65539 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/sonarr4/templates/service-monitor.yaml b/clusters/cl01tl-standby/applications/sonarr4/templates/service-monitor.yaml deleted file mode 100644 index a86d6fc63..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/templates/service-monitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: sonarr4 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: sonarr4 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: sonarr4 - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: metrics - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/applications/sonarr4/values.yaml b/clusters/cl01tl-standby/applications/sonarr4/values.yaml deleted file mode 100644 index 90f3b93ac..000000000 --- a/clusters/cl01tl-standby/applications/sonarr4/values.yaml +++ /dev/null @@ -1,147 +0,0 @@ -sonarr4: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 - containers: - main: - image: - repository: ghcr.io/linuxserver/sonarr - tag: 4.0.13@sha256:4dfedb2598dc6bd51c40f4ecea2631dbe367840678ab109cd968f821d81a5327 - pullPolicy: IfNotPresent - env: - - name: TZ - value: US/Central - - name: PUID - value: 1000 - - name: PGID - value: 1000 - probes: - liveness: - enabled: false - custom: true - spec: - exec: - command: - - /usr/bin/env - - bash - - -c - - curl --fail localhost:8989/api/v1/system/status?apiKey=`IFS=\> && while - read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml` - failureThreshold: 5 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 100m - memory: 256Mi - metrics: - image: - repository: ghcr.io/onedr0p/exportarr - tag: v2.0.1 - pullPolicy: IfNotPresent - args: ["sonarr"] - env: - - name: URL - value: http://localhost - - name: CONFIG - value: /config/config.xml - - name: PORT - value: 9794 - - name: ENABLE_ADDITIONAL_METRICS - value: false - - name: ENABLE_UNKNOWN_QUEUE_ITEMS - value: false - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8989 - protocol: HTTP - metrics: - port: 9794 - targetPort: 9794 - protocol: TCP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: sonarr-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: sonarr4 - port: 80 - tls: - - hosts: - - sonarr-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - retain: true - advancedMounts: - main: - main: - - path: /config - readOnly: false - metrics: - - path: /config - readOnly: true - media: - existingClaim: sonarr4-nfs-storage - advancedMounts: - main: - main: - - path: /mnt/store - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - resources: - requests: - memory: 512Mi - monitoring: - enabled: true - bootstrap: - initdb: - database: app - owner: app - postInitSQL: - - CREATE DATABASE "sonarr-main" OWNER "app"; - - CREATE DATABASE "sonarr-log" OWNER "app"; - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/sonarr4/sonarr4-postgresql-17-cluster - endpointCredentials: sonarr4-postgresql-17-cluster-backup-secret - backupIndex: 2 - retentionPolicy: "7d" diff --git a/clusters/cl01tl-standby/applications/vaultwarden/Chart.yaml b/clusters/cl01tl-standby/applications/vaultwarden/Chart.yaml deleted file mode 100644 index 4f5376f0f..000000000 --- a/clusters/cl01tl-standby/applications/vaultwarden/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v2 -name: vaultwarden -version: 1.0.0 -description: Vaultwarden -keywords: - - vaultwarden - - bitwarden - - password -home: https://wiki.alexlebens.dev/doc/vaultwarden-HFX1rsTgMD -sources: - - https://github.com/dani-garcia/vaultwarden - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/vaultwarden/server - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared - - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: vaultwarden - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: cloudflared - alias: cloudflared - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vaultwarden.png -appVersion: 1.32.6 diff --git a/clusters/cl01tl-standby/applications/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl-standby/applications/vaultwarden/templates/external-secret.yaml deleted file mode 100644 index 23f35a21e..000000000 --- a/clusters/cl01tl-standby/applications/vaultwarden/templates/external-secret.yaml +++ /dev/null @@ -1,114 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vaultwarden-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/vaultwarden - metadataPolicy: None - property: token - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: vaultwarden-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vaultwarden-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/vaultwarden/vaultwarden-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vaultwarden-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vaultwarden-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/applications/vaultwarden/templates/replication-source.yaml b/clusters/cl01tl-standby/applications/vaultwarden/templates/replication-source.yaml deleted file mode 100644 index b178ab7ea..000000000 --- a/clusters/cl01tl-standby/applications/vaultwarden/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: vaultwarden-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vaultwarden-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: vaultwarden-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: vaultwarden-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/applications/vaultwarden/values.yaml b/clusters/cl01tl-standby/applications/vaultwarden/values.yaml deleted file mode 100644 index ff838cacc..000000000 --- a/clusters/cl01tl-standby/applications/vaultwarden/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -vaultwarden: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: vaultwarden/server - tag: 1.33.2 - pullPolicy: IfNotPresent - env: - - name: DOMAIN - value: https://passwords.alexlebens.dev - - name: SIGNUPS_ALLOWED - value: "false" - - name: INVITATIONS_ALLOWED - value: "false" - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: vaultwarden-postgresql-17-cluster-app - key: uri - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false -cloudflared: - existingSecretName: vaultwarden-cloudflared-secret -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/vaultwarden/vaultwarden-postgresql-17-cluster - endpointCredentials: vaultwarden-postgresql-17-cluster-backup-secret - backupIndex: 2 diff --git a/clusters/cl01tl-standby/management/argo-workflows/Chart.yaml b/clusters/cl01tl-standby/management/argo-workflows/Chart.yaml deleted file mode 100644 index e8ca68be2..000000000 --- a/clusters/cl01tl-standby/management/argo-workflows/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v2 -name: argo-workflows -version: 1.0.0 -description: Argo Workflows -keywords: - - argo-workflows - - argo-events - - workflows - - events -home: https://wiki.alexlebens.dev/doc/argo-workflows-bRGiuUyLgj -sources: - - https://github.com/argoproj/argo-workflows - - https://github.com/argoproj/argo-events - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/argoproj/argo-helm/tree/main/charts - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: argo-workflows - version: 0.45.8 - repository: https://argoproj.github.io/argo-helm - - name: argo-events - version: 2.4.13 - repository: https://argoproj.github.io/argo-helm - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/argocd.png -appVersion: v3.6.2 diff --git a/clusters/cl01tl-standby/management/argo-workflows/templates/external-secret.yaml b/clusters/cl01tl-standby/management/argo-workflows/templates/external-secret.yaml deleted file mode 100644 index 46309f6b6..000000000 --- a/clusters/cl01tl-standby/management/argo-workflows/templates/external-secret.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: argo-workflows-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argo-workflows-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argo-workflows - metadataPolicy: None - property: secret - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argo-workflows - metadataPolicy: None - property: client - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: argo-workflows-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/management/argo-workflows/values.yaml b/clusters/cl01tl-standby/management/argo-workflows/values.yaml deleted file mode 100644 index 40378c02f..000000000 --- a/clusters/cl01tl-standby/management/argo-workflows/values.yaml +++ /dev/null @@ -1,113 +0,0 @@ -argo-workflows: - controller: - metricsConfig: - enabled: true - persistence: - connectionPool: - maxIdleConns: 100 - maxOpenConns: 0 - nodeStatusOffLoad: true - archive: true - postgresql: - host: argo-workflows-postgresql-17-cluster-rw - port: 5432 - database: app - tableName: app - userNameSecret: - name: argo-workflows-postgresql-17-cluster-app - key: username - passwordSecret: - name: argo-workflows-postgresql-17-cluster-app - key: password - ssl: false - sslMode: disable - workflowWorkers: 2 - workflowTTLWorkers: 1 - podCleanupWorkers: 1 - cronWorkflowWorkers: 1 - resources: - requests: - cpu: 10m - memory: 128Mi - serviceMonitor: - enabled: true - name: workflow-controller - workflowNamespaces: - - argocd - - argo-workflows - server: - authModes: - - sso - ingress: - enabled: true - ingressClassName: tailscale - hosts: - - argo-workflows-cl01tl - tls: - - secretName: argo-workflows-cl01tl - hosts: - - argo-workflows-cl01tl - sso: - enabled: true - issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argo-workflows/ - clientId: - name: argo-workflows-oidc-secret - key: client - clientSecret: - name: argo-workflows-oidc-secret - key: secret - redirectUrl: https://argo-workflows-cl01tl.boreal-beaufort.ts.net/oauth2/callback - rbac: - enabled: false - scopes: - - openid - - email - - profile - useStaticCredentials: true - artifactRepository: - archiveLogs: false - s3: {} - # accessKeySecret: - # name: "{{ .Release.Name }}-minio" - # key: accesskey - # secretKeySecret: - # name: "{{ .Release.Name }}-minio" - # key: secretkey - # insecure: true - # bucket: - # endpoint: - # region: - # encryptionOptions: - # enableEncryption: true - -argo-events: - controller: - resources: - requests: - cpu: 10m - memory: 128Mi - metrics: - enabled: true - serviceMonitor: - enabled: true - webhook: - enabled: true - resources: - requests: - cpu: 10m - memory: 128Mi -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster - endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/management/headlamp/Chart.yaml b/clusters/cl01tl-standby/management/headlamp/Chart.yaml deleted file mode 100644 index 7b681205a..000000000 --- a/clusters/cl01tl-standby/management/headlamp/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: headlamp -version: 1.0.0 -description: Headlamp -keywords: - - headlamp - - dashboard - - kubernetes -home: https://wiki.alexlebens.dev/doc/headlamp-Zp3NTU0KE8 -sources: - - https://github.com/headlamp-k8s/headlamp - - https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp -maintainers: - - name: alexlebens -dependencies: - - name: headlamp - version: 0.29.1 - repository: https://headlamp-k8s.github.io/headlamp/ -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes-dashboard.png -appVersion: 0.27.0 diff --git a/clusters/cl01tl-standby/management/headlamp/templates/cluster-role-binding.yaml b/clusters/cl01tl-standby/management/headlamp/templates/cluster-role-binding.yaml deleted file mode 100644 index 846bedf87..000000000 --- a/clusters/cl01tl-standby/management/headlamp/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cluster-admin-oidc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: User - name: alexanderlebens@gmail.com - apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl-standby/management/headlamp/templates/external-secret.yaml b/clusters/cl01tl-standby/management/headlamp/templates/external-secret.yaml deleted file mode 100644 index 0a2f7d1c4..000000000 --- a/clusters/cl01tl-standby/management/headlamp/templates/external-secret.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: headlamp-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: headlamp-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: secret - - secretKey: OIDC_ISSUER_URL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: issuer - - secretKey: OIDC_SCOPES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/headlamp - metadataPolicy: None - property: scopes - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: headlamp-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: headlamp-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/headlamp/headlamp" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl-standby/management/headlamp/templates/http-route.yaml b/clusters/cl01tl-standby/management/headlamp/templates/http-route.yaml deleted file mode 100644 index 07c8f9b65..000000000 --- a/clusters/cl01tl-standby/management/headlamp/templates/http-route.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# apiVersion: gateway.networking.k8s.io/v1 -# kind: HTTPRoute -# metadata: -# name: https-route-headlamp -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: https-route-headlamp -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# parentRefs: -# - group: gateway.networking.k8s.io -# kind: Gateway -# name: https-gateway -# namespace: kube-system -# hostnames: -# - headlamp.alexlebens.net -# rules: -# - matches: -# - path: -# type: PathPrefix -# value: / -# backendRefs: -# - group: '' -# kind: Service -# name: headlamp -# port: 80 -# weight: 100 diff --git a/clusters/cl01tl-standby/management/headlamp/templates/ingress.yaml b/clusters/cl01tl-standby/management/headlamp/templates/ingress.yaml deleted file mode 100644 index 42a12edb3..000000000 --- a/clusters/cl01tl-standby/management/headlamp/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: headlamp-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: headlamp-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer -spec: - ingressClassName: traefik - tls: - - hosts: - - headlamp.alexlebens.net - secretName: headlamp-tls-secret - rules: - - host: headlamp-cl01tl - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: headlamp - port: - number: 80 diff --git a/clusters/cl01tl-standby/management/headlamp/templates/namespace.yaml b/clusters/cl01tl-standby/management/headlamp/templates/namespace.yaml deleted file mode 100644 index 034e09860..000000000 --- a/clusters/cl01tl-standby/management/headlamp/templates/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: headlamp - labels: - https-gateway-access: "true" diff --git a/clusters/cl01tl-standby/management/headlamp/templates/replication-source.yaml b/clusters/cl01tl-standby/management/headlamp/templates/replication-source.yaml deleted file mode 100644 index 847d33af9..000000000 --- a/clusters/cl01tl-standby/management/headlamp/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: headlamp-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: headlamp-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: headlamp -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: headlamp-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/management/headlamp/values.yaml b/clusters/cl01tl-standby/management/headlamp/values.yaml deleted file mode 100644 index 40e444bae..000000000 --- a/clusters/cl01tl-standby/management/headlamp/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -headlamp: - config: - oidc: - secret: - create: false - externalSecret: - enabled: true - name: headlamp-oidc-secret - ingress: - enabled: true - ingressClassName: tailscale - hosts: - - host: headlamp-cl01tl - paths: - - path: / - type: ImplementationSpecific - tls: - - secretName: headlamp-cl01tl - hosts: - - headlamp-cl01tl - resources: - requests: - cpu: 10m - memory: 128Mi diff --git a/clusters/cl01tl-standby/management/komodo/Chart.yaml b/clusters/cl01tl-standby/management/komodo/Chart.yaml deleted file mode 100644 index 1ca3f3e29..000000000 --- a/clusters/cl01tl-standby/management/komodo/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: komodo -version: 1.0.0 -description: Komodo -keywords: - - komodo - - deployment - - dashboard - - docker-compose -home: https://wiki.alexlebens.dev/doc/komodo-j032vhVXlX -sources: - - https://github.com/mbecker20/komodo - - https://github.com/mbecker20/komodo/pkgs/container/komodo - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: komodo - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/komodo.webp -appVersion: v1.16.12 diff --git a/clusters/cl01tl-standby/management/komodo/templates/external-secret.yaml b/clusters/cl01tl-standby/management/komodo/templates/external-secret.yaml deleted file mode 100644 index c50c68450..000000000 --- a/clusters/cl01tl-standby/management/komodo/templates/external-secret.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: komodo-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: passkey - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/komodo/config - metadataPolicy: None - property: passkey - - secretKey: jwt - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/komodo/config - metadataPolicy: None - property: jwt - - secretKey: webhook - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/komodo/config - metadataPolicy: None - property: webhook - - secretKey: oidc-client-id - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/komodo - metadataPolicy: None - property: client - - secretKey: oidc-client-secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/komodo - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: komodo-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/management/komodo/templates/service.yaml b/clusters/cl01tl-standby/management/komodo/templates/service.yaml deleted file mode 100644 index 216b326e2..000000000 --- a/clusters/cl01tl-standby/management/komodo/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: komodo-periphery-ps10rp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: komodo-periphery-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: network - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: komodo-periphery-ps10rp.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl-standby/management/komodo/values.yaml b/clusters/cl01tl-standby/management/komodo/values.yaml deleted file mode 100644 index 71c3d6504..000000000 --- a/clusters/cl01tl-standby/management/komodo/values.yaml +++ /dev/null @@ -1,164 +0,0 @@ -komodo: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/mbecker20/komodo - tag: 1.16.12 - pullPolicy: IfNotPresent - env: - - name: COMPOSE_KOMODO_IMAGE_TAG - value: 1.16.12 - - name: COMPOSE_LOGGING_DRIVER - value: local - - name: KOMODO_HOST - value: https://komodo-cl01tl.boreal-beaufort.ts.net - - name: KOMODO_TITLE - value: Komodo - - name: PASSKEY - valueFrom: - secretKeyRef: - name: komodo-secret - key: passkey - - name: KOMODO_MONITORING_INTERVAL - value: 15-sec - - name: KOMODO_RESOURCE_POLL_INTERVAL - value: 5-min - - name: KOMODO_PASSKEY - valueFrom: - secretKeyRef: - name: komodo-secret - key: passkey - - name: KOMODO_WEBHOOK_SECRET - valueFrom: - secretKeyRef: - name: komodo-secret - key: webhook - - name: KOMODO_JWT_SECRET - valueFrom: - secretKeyRef: - name: komodo-secret - key: jwt - - name: KOMODO_LOCAL_AUTH - value: true - - name: KOMODO_ENABLE_NEW_USERS - value: true - - name: KOMODO_DISABLE_NON_ADMIN_CREATE - value: true - - name: KOMODO_TRANSPARENT_MODE - value: false - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: komodo-postgresql-17-cluster-app - key: user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: komodo-postgresql-17-cluster-app - key: password - - name: KOMODO_DATABASE_URI - value: mongodb://$(DB_USERNAME):$(DB_PASSWORD)@localhost:27017/komodo?authMechanism=PLAIN - - name: KOMODO_OIDC_ENABLED - value: true - - name: KOMODO_OIDC_PROVIDER - value: http://authentik-server.authentik/application/o/komodo/ - - name: KOMODO_OIDC_REDIRECT_HOST - value: https://auth-cl01tl.boreal-beaufort.ts.net - - name: KOMODO_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: komodo-secret - key: oidc-client-id - - name: KOMODO_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: komodo-secret - key: oidc-client-secret - - name: KOMODO_OIDC_USE_FULL_EMAIL - value: true - resources: - requests: - cpu: 10m - memory: 128Mi - ferretdb: - image: - repository: ghcr.io/ferretdb/ferretdb - tag: 1.24.0 - pullPolicy: IfNotPresent - env: - - name: FERRETDB_POSTGRESQL_URL - valueFrom: - secretKeyRef: - name: komodo-postgresql-17-cluster-app - key: uri - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 9120 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: komodo-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: komodo - port: 80 - tls: - - hosts: - - komodo-cl01tl - persistence: - cache: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /repo-cache - readOnly: false - syncs: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - main: - - path: /syncs - readOnly: false -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/komodo/komodo-postgresql-17-cluster - endpointCredentials: komodo-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/monitoring/grafana/Chart.yaml b/clusters/cl01tl-standby/monitoring/grafana/Chart.yaml deleted file mode 100644 index 6f2e99e3c..000000000 --- a/clusters/cl01tl-standby/monitoring/grafana/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: grafana -version: 1.0.0 -description: Grafana -keywords: - - grafana - - dashboard - - metrics - - logs -home: https://wiki.alexlebens.dev/doc/grafana-BFwY2bvVzt -sources: - - https://github.com/grafana/grafana - - https://github.com/grafana/helm-charts/tree/main/charts/grafana -maintainers: - - name: alexlebens -dependencies: - - name: grafana - version: 8.10.1 - repository: https://grafana.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png -appVersion: 11.4.0 diff --git a/clusters/cl01tl-standby/monitoring/grafana/templates/external-secret.yaml b/clusters/cl01tl-standby/monitoring/grafana/templates/external-secret.yaml deleted file mode 100644 index 1a0d1f9b4..000000000 --- a/clusters/cl01tl-standby/monitoring/grafana/templates/external-secret.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: grafana-auth-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: admin-user - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/grafana/auth - metadataPolicy: None - property: admin-user - - secretKey: admin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/grafana/auth - metadataPolicy: None - property: admin-password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: grafana-oauth-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/grafana - metadataPolicy: None - property: client - - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/grafana - metadataPolicy: None - property: secret - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: grafana-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: grafana-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/grafana/grafana" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl-standby/monitoring/grafana/templates/replication-source.yaml b/clusters/cl01tl-standby/monitoring/grafana/templates/replication-source.yaml deleted file mode 100644 index 04b72bd8a..000000000 --- a/clusters/cl01tl-standby/monitoring/grafana/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: grafana-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: grafana-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: grafana -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: grafana-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 472 -# runAsGroup: 472 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/monitoring/grafana/values.yaml b/clusters/cl01tl-standby/monitoring/grafana/values.yaml deleted file mode 100644 index 6387a3462..000000000 --- a/clusters/cl01tl-standby/monitoring/grafana/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -grafana: - deploymentStrategy: - type: Recreate - createConfigmap: true - serviceMonitor: - enabled: true - ingress: - enabled: true - ingressClassName: tailscale - hosts: - - grafana-cl01tl - tls: - - secretName: grafana-cl01tl - hosts: - - grafana-cl01tl - persistence: - enabled: true - storageClassName: ceph-block - admin: - existingSecret: grafana-auth-secret - userKey: admin-user - passwordKey: admin-password - envFromSecret: grafana-oauth-secret - plugins: - - grafana-clock-panel - - grafana-worldmap-panel - - grafana-lokiexplore-app - - isovalent-hubble-datasource - - marcusolsson-treemap-panel - - camptocamp-prometheus-alertmanager-datasource - datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - uid: prometheus - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/ - access: proxy - isDefault: true - jsonData: - timeInterval: 30s - - name: Loki - type: loki - url: http://loki.loki:3100 - jsonData: - httpHeaderName1: "X-Scope-OrgID" - secureJsonData: - httpHeaderValue1: "1" - dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: "app-gitea" - orgId: 1 - folder: "Application" - type: file - disableDeletion: true - editable: false - options: - path: /var/lib/grafana/dashboards/app-gitea - - name: "srv-gitea" - orgId: 1 - folder: "Service" - type: file - disableDeletion: true - editable: false - options: - path: /var/lib/grafana/dashboards/srv-gitea - - name: "sys-gitea" - orgId: 1 - folder: "System" - type: file - disableDeletion: true - editable: false - options: - path: /var/lib/grafana/dashboards/sys-gitea - dashboards: - app-gitea: - immich: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json - radarr: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json - sonarr: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json - srv-gitea: - alertmanager: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/alertmanager.json - argocd: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json - authentik: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/authentik.json - blocky: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json - cert-manager: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json - cloudnativepg: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnativepg.json - coredns: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/coredns.json - descheduler: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json - minio: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/minio.json - speedtest-exporter: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json - spegel: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json - traefik: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json - trivy: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json - unpoller: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json - vault: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/vault.json - volsync: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json - sys-gitea: - ceph: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json - etcd: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json - loki: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json - node-full: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json - node-short: - url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json - grafana.ini: - analytics: - check_for_updates: false - server: - domain: alexlebens.net - root_url: https://grafana-cl01tl.boreal-beaufort.ts.net - users: - auto_assign_org: true - auto_assign_org_id: 1 - auth: - disable_login_form: true - oauth_auto_login: true - signout_redirect_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/grafana/end-session/ - auth.generic_oauth: - enabled: true - name: Authentik - allow_sign_up: true - scopes: openid profile email - auth_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - token_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - api_url: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' diff --git a/clusters/cl01tl-standby/platform/authentik/Chart.yaml b/clusters/cl01tl-standby/platform/authentik/Chart.yaml deleted file mode 100644 index 49ec87553..000000000 --- a/clusters/cl01tl-standby/platform/authentik/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v2 -name: authentik -version: 1.0.0 -description: Authentik -keywords: - - authentik - - sso - - oidc - - ldap - - idp - - authentication -home: https://wiki.alexlebens.dev/doc/authentik-q2d4WDhqpe -sources: - - https://github.com/goauthentik/authentik - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/goauthentik/helm - - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared - - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: authentik - version: 2025.2.1 - repository: https://charts.goauthentik.io/ - - name: cloudflared - alias: cloudflared - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/authentik.png -appVersion: 2024.10.5 diff --git a/clusters/cl01tl-standby/platform/authentik/templates/config-map.yaml b/clusters/cl01tl-standby/platform/authentik/templates/config-map.yaml deleted file mode 100644 index f749d50f5..000000000 --- a/clusters/cl01tl-standby/platform/authentik/templates/config-map.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: authentik-custom-css - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -data: - custom.css: | - /* Change sign button color */ - .pf-c-button.pf-m-primary { - color: black; - background-color: white; - } - - /* Remove background */ - .pf-c-login__main { - background-color: rgba(3, 3, 3, 0.16); - } - - /* Remove specific height */ - .pf-c-brand { - height: auto; - } - - /* Center text */ - .pf-c-title { - text-align: center; - } - - /* Match text field to login button */ - .pf-c-form-control { - border-radius: 3px; - background-color: white; - color: black; - } - - /* Force border color */ - .pf-c-form-control { - border-color: white; - } - - /* Use default cursor on this div */ - .pf-c-form__label { - cursor: default; - } - - /* Hide required asterik */ - .pf-c-form__label-required { - display: none; - } - - /* Change link color to white */ - .a { - color: white; - } diff --git a/clusters/cl01tl-standby/platform/authentik/templates/external-secret.yaml b/clusters/cl01tl-standby/platform/authentik/templates/external-secret.yaml deleted file mode 100644 index 17ba4cf91..000000000 --- a/clusters/cl01tl-standby/platform/authentik/templates/external-secret.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: authentik-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/authentik/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: authentik-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/authentik - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: authentik-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/platform/authentik/templates/ingress.yaml b/clusters/cl01tl-standby/platform/authentik/templates/ingress.yaml deleted file mode 100644 index 30d5e6da4..000000000 --- a/clusters/cl01tl-standby/platform/authentik/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: authentik-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - labels: - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - auth-cl01tl - secretName: auth-cl01tl - rules: - - host: auth-cl01tl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: authentik-server - port: - number: 80 diff --git a/clusters/cl01tl-standby/platform/authentik/values.yaml b/clusters/cl01tl-standby/platform/authentik/values.yaml deleted file mode 100644 index f7f2e8b28..000000000 --- a/clusters/cl01tl-standby/platform/authentik/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -authentik: - global: - env: - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - name: authentik-key-secret - key: key - - name: AUTHENTIK_POSTGRESQL__HOST - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: host - - name: AUTHENTIK_POSTGRESQL__NAME - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: dbname - - name: AUTHENTIK_POSTGRESQL__USER - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: user - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - name: authentik-postgresql-17-cluster-app - key: password - server: - name: server - replicas: 1 - volumes: - - name: custom-css - configMap: - name: authentik-custom-css - volumeMounts: - - name: custom-css - mountPath: /web/dist/custom.css - subPath: custom.css - metrics: - enabled: true - serviceMonitor: - enabled: true - ingress: - enabled: true - ingressClassName: traefik - hosts: - - authentik.alexlebens.net - paths: - - / - tls: - - secretName: authentik-tls-secret - hosts: - - authentik.alexlebens.net - worker: - name: worker - replicas: 1 - prometheus: - rules: - enabled: true - postgresql: - enabled: false - redis: - enabled: true -cloudflared: - existingSecretName: authentik-cloudflared-secret -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster - endpointCredentials: authentik-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/platform/gitea/Chart.yaml b/clusters/cl01tl-standby/platform/gitea/Chart.yaml deleted file mode 100644 index 3378ad590..000000000 --- a/clusters/cl01tl-standby/platform/gitea/Chart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v2 -name: gitea -version: 1.0.0 -description: Gitea -keywords: - - gitea - - git - - code -home: https://wiki.alexlebens.dev/doc/gitea-OgqW6bQWrW -sources: - - https://github.com/go-gitea/gitea - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/gitea/gitea - - https://gitea.com/gitea/helm-chart - - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared - - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: gitea - version: 10.6.0 - repository: https://dl.gitea.io/charts/ - - name: cloudflared - alias: cloudflared - repository: http://alexlebens.github.io/helm-charts - version: 1.14.0 - - name: app-template - alias: backup - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png -appVersion: 1.22.4 diff --git a/clusters/cl01tl-standby/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl-standby/platform/gitea/templates/external-secret.yaml deleted file mode 100644 index f7e49dd6b..000000000 --- a/clusters/cl01tl-standby/platform/gitea/templates/external-secret.yaml +++ /dev/null @@ -1,176 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-admin-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-admin-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/auth/admin - metadataPolicy: None - property: username - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/auth/admin - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/gitea - metadataPolicy: None - property: secret - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/gitea - metadataPolicy: None - property: client - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/gitea - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-backup-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-backup-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/gitea-backup - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-s3cmd-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-s3cmd-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: .s3cfg - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/gitea/backup - metadataPolicy: None - property: s3cfg - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/platform/gitea/templates/ingress.yaml b/clusters/cl01tl-standby/platform/gitea/templates/ingress.yaml deleted file mode 100644 index e73ad5b01..000000000 --- a/clusters/cl01tl-standby/platform/gitea/templates/ingress.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer -spec: - ingressClassName: traefik - tls: - - hosts: - - gitea.alexlebens.net - secretName: gitea-tls-secret - rules: - - host: gitea.alexlebens.net - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: gitea-http - port: - number: 3000 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - labels: - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - gitea-cl01tl - secretName: gitea-cl01tl - rules: - - host: gitea-cl01tl - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: gitea-http - port: - name: http diff --git a/clusters/cl01tl-standby/platform/gitea/templates/persistent-volume-claim.yaml b/clusters/cl01tl-standby/platform/gitea/templates/persistent-volume-claim.yaml deleted file mode 100644 index e3c2e4704..000000000 --- a/clusters/cl01tl-standby/platform/gitea/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-nfs-storage-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-nfs-storage-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl-standby/platform/gitea/templates/role-binding.yaml b/clusters/cl01tl-standby/platform/gitea/templates/role-binding.yaml deleted file mode 100644 index 527cf0f94..000000000 --- a/clusters/cl01tl-standby/platform/gitea/templates/role-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gitea-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gitea-backup -subjects: - - kind: ServiceAccount - name: gitea-backup - namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl-standby/platform/gitea/templates/role.yaml b/clusters/cl01tl-standby/platform/gitea/templates/role.yaml deleted file mode 100644 index 56908b3c8..000000000 --- a/clusters/cl01tl-standby/platform/gitea/templates/role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gitea-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - list - - apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list diff --git a/clusters/cl01tl-standby/platform/gitea/values.yaml b/clusters/cl01tl-standby/platform/gitea/values.yaml deleted file mode 100644 index f250b5133..000000000 --- a/clusters/cl01tl-standby/platform/gitea/values.yaml +++ /dev/null @@ -1,193 +0,0 @@ -gitea: - image: - repository: gitea/gitea - tag: 1.23.4 - service: - http: - type: ClusterIP - port: 3000 - clusterIP: 10.103.160.139 - ssh: - type: ClusterIP - port: 2222 - clusterIP: 10.103.160.140 - ingress: - enabled: false - persistence: - storageClass: ceph-block - extraVolumes: - - name: gitea-nfs-storage-backup - persistentVolumeClaim: - claimName: gitea-nfs-storage-backup - extraVolumeMounts: - - mountPath: /opt/backup - name: gitea-nfs-storage-backup - readOnly: false - gitea: - # admin: - # existingSecret: gitea-admin-secret - metrics: - enabled: true - serviceMonitor: - enabled: true - oauth: - - name: Authentik - provider: openidConnect - existingSecret: gitea-oidc-secret - autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration - iconUrl: https://goauthentik.io/img/icon.png - scopes: "email profile" - config: - APP_NAME: Gitea - server: - PROTOCOL: http - DOMAIN: gitea.alexlebens.dev - ROOT_URL: https://gitea.alexlebens.dev - LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000 - START_SSH_SERVER: true - SSH_DOMAIN: gitea-ssh.gitea - SSH_PORT: 2222 - SSH_LISTEN_PORT: 2222 - ENABLE_PPROF: true - LANDING_PAGE: explore - database: - DB_TYPE: postgres - SCHEMA: public - oauth2_client: - ENABLE_AUTO_REGISTRATION: true - service: - REGISTER_MANUAL_CONFIRM: true - SHOW_REGISTRATION_BUTTON: false - ALLOW_ONLY_EXTERNAL_REGISTRATION: true - explore: - REQUIRE_SIGNIN_VIEW: true - webhook: - ALLOWED_HOST_LIST: private - mirror: - DEFAULT_INTERVAL: 10m - additionalConfigFromEnvs: - - name: GITEA__DATABASE__HOST - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: host - - name: GITEA__DATABASE__NAME - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: dbname - - name: GITEA__DATABASE__USER - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: user - - name: GITEA__DATABASE__PASSWD - valueFrom: - secretKeyRef: - name: gitea-postgresql-17-cluster-app - key: password - memcached: - enabled: true - redis: - enabled: false - redis-cluster: - enabled: false - postgresql: - enabled: false - postgresql-ha: - enabled: false - mysql: - enabled: false - mariadb: - enabled: false -cloudflared: - existingSecretName: gitea-cloudflared-secret -backup: - global: - fullnameOverride: gitea-backup - controllers: - backup: - type: cronjob - cronjob: - suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central - schedule: 0 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 3 - failedJobsHistory: 3 - backoffLimit: 3 - parallelism: 1 - initContainers: - backup: - image: - repository: bitnami/kubectl - tag: 1.32.2 - pullPolicy: IfNotPresent - command: - - sh - args: - - -ec - - | - kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip; - kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip; - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - s3: - image: - repository: d3fk/s3cmd - tag: latest@sha256:4bdc8e5817cbdd048e6dc487f42e3d96a6b58af69b4be6f256de5e2416da90e9 - pullPolicy: IfNotPresent - command: - - /bin/sh - args: - - -ec - - | - s3cmd put --no-check-md5 --no-check-certificate /opt/backup/gitea-backup.zip s3://gitea-backups-8ba8dae3674a2f53354c600e/cl01tl/cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; - mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; - envFrom: - - secretRef: - name: gitea-backup-s3 - resources: - requests: - cpu: 100m - memory: 128Mi - serviceAccount: - create: true - persistence: - config: - existingClaim: gitea-nfs-storage-backup - advancedMounts: - backup: - s3: - - path: /opt/backup - readOnly: false - s3cmd-config: - enabled: true - type: secret - name: gitea-s3cmd-config - advancedMounts: - backup: - s3: - - path: /root/.s3cfg - readOnly: true - mountPropagation: None - subPath: .s3cfg -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster - endpointCredentials: gitea-postgresql-17-cluster-backup-secret - backupIndex: 2 diff --git a/clusters/cl01tl-standby/platform/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl-standby/platform/matrix-synapse/templates/external-secret.yaml deleted file mode 100644 index 8353564e3..000000000 --- a/clusters/cl01tl-standby/platform/matrix-synapse/templates/external-secret.yaml +++ /dev/null @@ -1,449 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: matrix-synapse-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: oidc.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/config - metadataPolicy: None - property: oidc.yaml - - secretKey: config.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/config - metadataPolicy: None - property: config.yaml - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: matrix-hookshot-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-hookshot-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: config - - secretKey: registration.yml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: registration - - secretKey: hookshot-registration.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: registration - - secretKey: passkey.pem - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None - property: passkey - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: mautrix-discord-config-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-discord-config-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: config.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-discord -# metadataPolicy: None -# property: config -# - secretKey: mautrix-discord-registration.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-discord -# metadataPolicy: None -# property: registration - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: mautrix-whatsapp-config-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-whatsapp-config-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: config.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-whatsapp -# metadataPolicy: None -# property: config -# - secretKey: mautrix-whatsapp-registration.yaml -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/matrix-synapse/mautrix-whatsapp -# metadataPolicy: None -# property: registration - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: double-puppet-registration-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: double-puppet-registration-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: double-puppet-registration.yaml - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/double-puppet - metadataPolicy: None - property: registration - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: matrix-synapse-valkey-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-valkey-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/matrix-synapse/valkey - metadataPolicy: None - property: password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: matrix-synapse-cloudflared-synapse-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/matrix-synapse - metadataPolicy: None - property: token - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: matrix-synapse-cloudflared-hookshot-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/matrix-hookshot - metadataPolicy: None - property: token - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: matrix-synapse-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: matrix-synapse-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: mautrix-discord-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-discord-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: mautrix-whatsapp-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-whatsapp-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: matrix-synapse-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/platform/matrix-synapse/templates/replication-source.yaml b/clusters/cl01tl-standby/platform/matrix-synapse/templates/replication-source.yaml deleted file mode 100644 index b264a6144..000000000 --- a/clusters/cl01tl-standby/platform/matrix-synapse/templates/replication-source.yaml +++ /dev/null @@ -1,91 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: matrix-synapse-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: matrix-synapse-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: matrix-synapse -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: matrix-synapse-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot - -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: mautrix-discord-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-discord-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: mautrix-discord-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: mautrix-discord-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1337 -# runAsGroup: 1337 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot - -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: mautrix-whatsapp-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: mautrix-whatsapp-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: mautrix-whatsapp-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: mautrix-whatsapp-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1337 -# runAsGroup: 1337 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/platform/matrix-synapse/templates/service-monitor.yaml b/clusters/cl01tl-standby/platform/matrix-synapse/templates/service-monitor.yaml deleted file mode 100644 index c91d7b9fd..000000000 --- a/clusters/cl01tl-standby/platform/matrix-synapse/templates/service-monitor.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: matrix-synapse - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - targetPort: 9090 - interval: 3m - scrapeTimeout: 1m - path: /_synapse/metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: matrix-hookshot - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-hookshot - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: matrix-hookshot - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - targetPort: 9001 - interval: 3m - scrapeTimeout: 1m - path: /metrics diff --git a/clusters/cl01tl-standby/platform/matrix-synapse/values.yaml b/clusters/cl01tl-standby/platform/matrix-synapse/values.yaml deleted file mode 100644 index 2bafa7185..000000000 --- a/clusters/cl01tl-standby/platform/matrix-synapse/values.yaml +++ /dev/null @@ -1,343 +0,0 @@ -matrix-synapse: - serverName: alexlebens.dev - publicServerName: matrix.alexlebens.dev - argoCD: true - signingkey: - job: - enabled: false - config: - reportStats: false - enableRegistration: true - trustedKeyServers: [] - extraConfig: - enable_metrics: true - enable_registration_without_verification: true - password_config: - enabled: false - sso: - client_whitelist: - - https://chat.alexlebens.dev/ - update_profile_information: true - synapse: - strategy: - type: Recreate - extraVolumes: - - name: matrix-synapse-config-secret - secret: - secretName: matrix-synapse-config-secret - - name: matrix-hookshot-config-secret - secret: - secretName: matrix-hookshot-config-secret - # - name: mautrix-discord-config-secret - # secret: - # secretName: mautrix-discord-config-secret - # - name: mautrix-whatsapp-config-secret - # secret: - # secretName: mautrix-whatsapp-config-secret - - name: double-puppet-registration-secret - secret: - secretName: double-puppet-registration-secret - extraVolumeMounts: - - name: matrix-synapse-config-secret - mountPath: /synapse/config/conf.d/oidc.yaml - subPath: oidc.yaml - readOnly: true - - name: matrix-synapse-config-secret - mountPath: /synapse/config/conf.d/config.yaml - subPath: config.yaml - readOnly: true - - name: matrix-hookshot-config-secret - mountPath: /synapse/config/conf.d/hookshot-registration.yaml - subPath: hookshot-registration.yaml - readOnly: true - # - name: mautrix-discord-config-secret - # mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml - # subPath: mautrix-discord-registration.yaml - # readOnly: true - # - name: mautrix-whatsapp-config-secret - # mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml - # subPath: mautrix-whatsapp-registration.yaml - # readOnly: true - - name: double-puppet-registration-secret - mountPath: /synapse/config/conf.d/double-puppet-registration.yaml - subPath: double-puppet-registration.yaml - readOnly: true - resources: - requests: - cpu: 10m - memory: 128Mi - workers: - default: - replicaCount: 0 - generic_worker: - enabled: false - pusher: - enabled: false - appservice: - enabled: false - federation_sender: - enabled: false - media_repository: - enabled: false - user_dir: - enabled: false - wellknown: - enabled: true - server: - m.server: matrix.alexlebens.dev:443 - client: - m.homeserver: - base_url: https://matrix.alexlebens.dev - postgresql: - enabled: false - externalPostgresql: - host: matrix-synapse-postgresql-17-cluster-rw - port: 5432 - username: app - database: app - existingSecret: matrix-synapse-postgresql-17-cluster-app - existingSecretPasswordKey: password - redis: - enabled: false - externalRedis: - host: matrix-synapse-valkey-primary - port: 6379 - existingSecret: matrix-synapse-valkey-secret - existingSecretPasswordKey: password - persistence: - enabled: true - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - volumePermissions: - enabled: true - uid: 666 - gid: 666 - ingress: - enabled: false -matrix-hookshot: - global: - fullnameOverride: matrix-hookshot - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: halfshot/matrix-hookshot - tag: 6.0.3 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - webhook: - port: 9000 - targetPort: 9000 - protocol: HTTP - metrics: - port: 9001 - targetPort: 9001 - protocol: HTTP - appservice: - port: 9002 - targetPort: 9002 - protocol: HTTP - homeserver: - port: 9993 - targetPort: 9993 - protocol: HTTP - persistence: - config: - enabled: true - type: secret - name: matrix-hookshot-config-secret - advancedMounts: - main: - main: - - path: /data/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml - registration: - enabled: true - type: secret - name: matrix-hookshot-config-secret - advancedMounts: - main: - main: - - path: /data/registration.yml - readOnly: true - mountPropagation: None - subPath: registration.yml - passkey: - enabled: true - type: secret - name: matrix-hookshot-config-secret - advancedMounts: - main: - main: - - path: /data/passkey.pem - readOnly: true - mountPropagation: None - subPath: passkey.pem -mautrix-discord: - global: - fullnameOverride: mautrix-discord - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: dock.mau.dev/mautrix/discord - tag: v0.7.2 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 29334 - targetPort: 29334 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 500Mi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - config: - enabled: true - type: secret - name: mautrix-discord-config-secret - advancedMounts: - main: - main: - - path: /data/config.yaml - readOnly: true - mountPropagation: None - subPath: config.yaml -mautrix-whatsapp: - global: - fullnameOverride: mautrix-whatsapp - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: dock.mau.dev/mautrix/whatsapp - tag: v0.11.3 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 64Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 29333 - targetPort: 29333 - protocol: HTTP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 500Mi - retain: true - advancedMounts: - main: - main: - - path: /data - readOnly: false - config: - enabled: true - type: secret - name: mautrix-whatsapp-config-secret - advancedMounts: - main: - main: - - path: /data/config.yaml - readOnly: true - mountPropagation: None - subPath: config.yaml -valkey-synapse: - fullnameOverride: matrix-synapse-valkey - architecture: standalone - auth: - enabled: true - existingSecret: matrix-synapse-valkey-secret - existingSecretPasswordKey: password - primary: - persistence: - enabled: false - replica: - persistence: - enabled: false -valkey-hookshot: - fullnameOverride: matrix-hookshot-valkey - architecture: standalone - auth: - enabled: false - usePasswordFiles: false - primary: - persistence: - enabled: false - replica: - persistence: - enabled: false -cloudflared-synapse: - name: cloudflared-synapse - existingSecretName: matrix-synapse-cloudflared-synapse-secret -cloudflared-hookshot: - name: cloudflared-hookshot - existingSecretName: matrix-synapse-cloudflared-hookshot-secret -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - resources: - requests: - cpu: 200m - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster - endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/platform/ollama/Chart.yaml b/clusters/cl01tl-standby/platform/ollama/Chart.yaml deleted file mode 100644 index 04d05305a..000000000 --- a/clusters/cl01tl-standby/platform/ollama/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v2 -name: ollama -version: 1.0.0 -description: Ollama -keywords: - - ollama - - ai -home: https://wiki.alexlebens.dev/doc/ollama-Xmqe6T1P8v -sources: - - https://github.com/ollama/ollama - - https://github.com/open-webui/open-webui - - https://github.com/ai-dock/stable-diffusion-webui - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/ollama/ollama - - https://github.com/open-webui/open-webui/pkgs/container/open-webui - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: ollama - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://avatars.githubusercontent.com/u/151674099?s=48&v=4 -appVersion: 0.5.1 diff --git a/clusters/cl01tl-standby/platform/ollama/templates/external-secret.yaml b/clusters/cl01tl-standby/platform/ollama/templates/external-secret.yaml deleted file mode 100644 index 59df6090b..000000000 --- a/clusters/cl01tl-standby/platform/ollama/templates/external-secret.yaml +++ /dev/null @@ -1,206 +0,0 @@ - -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: ollama-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/ollama/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: ollama-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: auth - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/ollama - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/ollama - metadataPolicy: None - property: secret - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: ollama-root-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-root-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-root" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: ollama-web-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-web-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: ollama-web-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/platform/ollama/templates/replication-source.yaml b/clusters/cl01tl-standby/platform/ollama/templates/replication-source.yaml deleted file mode 100644 index a531ac9a4..000000000 --- a/clusters/cl01tl-standby/platform/ollama/templates/replication-source.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: ollama-root-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-root-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: ollama-root -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: ollama-root-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot - -# --- -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: ollama-web-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: ollama-web-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: ollama-web-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: ollama-web-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 1337 -# runAsGroup: 1337 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/platform/ollama/templates/service.yaml b/clusters/cl01tl-standby/platform/ollama/templates/service.yaml deleted file mode 100644 index 9ae241b10..000000000 --- a/clusters/cl01tl-standby/platform/ollama/templates/service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ollama-pd05wd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ollama-pd05wd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: network - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: ollama-pd05wd.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName - ---- -apiVersion: v1 -kind: Service -metadata: - name: stable-diffusion-pd05wd - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stable-diffusion-pd05wd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: network - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - tailscale.com/tailnet-fqdn: stable-diffusion-pd05wd.boreal-beaufort.ts.net -spec: - externalName: placeholder - type: ExternalName diff --git a/clusters/cl01tl-standby/platform/ollama/values.yaml b/clusters/cl01tl-standby/platform/ollama/values.yaml deleted file mode 100644 index ccf1e6166..000000000 --- a/clusters/cl01tl-standby/platform/ollama/values.yaml +++ /dev/null @@ -1,274 +0,0 @@ -ollama: - controllers: - server-1: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - pod: - labels: - ollama-type: server - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: ollama-type - operator: In - values: - - server - topologyKey: kubernetes.io/hostname - containers: - main: - image: - repository: ollama/ollama - tag: 0.5.12 - pullPolicy: IfNotPresent - env: - - name: OLLAMA_KEEP_ALIVE - value: 24h - - name: OLLAMA_HOST - value: 0.0.0.0 - resources: - requests: - cpu: 100m - memory: 1Gi - # gpu.intel.com/i915: 1 - limits: - cpu: 4 - # gpu.intel.com/i915: 1 - # server-2: - # type: deployment - # replicas: 1 - # strategy: Recreate - # revisionHistoryLimit: 3 - # pod: - # labels: - # ollama-type: server - # affinity: - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - labelSelector: - # matchExpressions: - # - key: ollama-type - # operator: In - # values: - # - server - # topologyKey: kubernetes.io/hostname - # containers: - # main: - # image: - # repository: ollama/ollama - # tag: 0.5.12 - # pullPolicy: IfNotPresent - # env: - # - name: OLLAMA_KEEP_ALIVE - # value: 24h - # - name: OLLAMA_HOST - # value: 0.0.0.0 - # resources: - # requests: - # cpu: 100m - # memory: 1Gi - # gpu.intel.com/i915: 1 - # limits: - # cpu: 4 - # gpu.intel.com/i915: 1 - # server-3: - # type: deployment - # replicas: 1 - # strategy: Recreate - # revisionHistoryLimit: 3 - # pod: - # labels: - # ollama-type: server - # affinity: - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - labelSelector: - # matchExpressions: - # - key: ollama-type - # operator: In - # values: - # - server - # topologyKey: kubernetes.io/hostname - # containers: - # main: - # image: - # repository: ollama/ollama - # tag: 0.5.12 - # pullPolicy: IfNotPresent - # env: - # - name: OLLAMA_KEEP_ALIVE - # value: 24h - # - name: OLLAMA_HOST - # value: 0.0.0.0 - # resources: - # requests: - # cpu: 100m - # memory: 1Gi - # gpu.intel.com/i915: 1 - # limits: - # cpu: 4 - # gpu.intel.com/i915: 1 - web: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: ghcr.io/open-webui/open-webui - tag: 0.5.16 - pullPolicy: IfNotPresent - env: - - name: ENV - value: prod - - name: WEBUI_AUTH - value: true - - name: WEBUI_NAME - value: Ollama - - name: WEBUI_URL - value: http://ollama-cl01tl.boreal-beaufort.ts.net - - name: ENABLE_LOGIN_FORM - value: false - - name: DEFAULT_USER_ROLE - value: admin - - name: WEBUI_SECRET_KEY - valueFrom: - secretKeyRef: - name: ollama-key-secret - key: key - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: ollama-web-postgresql-17-cluster-app - key: uri - - name: OLLAMA_BASE_URL - value: http://ollama-server-1.ollama:11434 - - name: ENABLE_OAUTH_SIGNUP - value: true - - name: OAUTH_USERNAME_CLAIM - value: preferred_username - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: ollama-oidc-secret - key: secret - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: ollama-oidc-secret - key: client - - name: OAUTH_PROVIDER_NAME - value: Authentik - - name: OPENID_PROVIDER_URL - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ollama/.well-known/openid-configuration - resources: - requests: - cpu: 10m - memory: 1Gi - serviceAccount: - create: true - service: - server-1: - controller: server-1 - ports: - http: - port: 11434 - targetPort: 11434 - protocol: HTTP - # server-2: - # controller: server-2 - # ports: - # http: - # port: 11434 - # targetPort: 11434 - # protocol: HTTP - # server-3: - # controller: server-3 - # ports: - # http: - # port: 11434 - # targetPort: 11434 - # protocol: HTTP - web: - controller: web - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - ingress: - main: - className: tailscale - hosts: - - host: ollama-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: ollama-web - port: 80 - tls: - - secretName: ollama-cl01tl - hosts: - - ollama-cl01tl - persistence: - server-1: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 40Gi - retain: true - advancedMounts: - server-1: - main: - - path: /root/.ollama - readOnly: false - # server-2: - # storageClass: ceph-block - # accessMode: ReadWriteOnce - # size: 40Gi - # retain: true - # advancedMounts: - # server-2: - # main: - # - path: /root/.ollama - # readOnly: false - # server-3: - # storageClass: ceph-block - # accessMode: ReadWriteOnce - # size: 40Gi - # retain: true - # advancedMounts: - # server-3: - # main: - # - path: /root/.ollama - # readOnly: false - web-data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - web: - main: - - path: /app/backend/data - readOnly: false -postgres-17-cluster: - nameOverride: ollama-web-postgresql-17 - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster - endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/platform/stalwart/templates/external-secret.yaml b/clusters/cl01tl-standby/platform/stalwart/templates/external-secret.yaml deleted file mode 100644 index 933057d0c..000000000 --- a/clusters/cl01tl-standby/platform/stalwart/templates/external-secret.yaml +++ /dev/null @@ -1,114 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: stalwart-elasticsearch-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ELASTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/stalwart/config - metadataPolicy: None - property: ELASTIC_PASSWORD - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: stalwart-config-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: stalwart-config-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/stalwart/stalwart-config" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: stalwart-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: stalwart-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/platform/stalwart/templates/namespace.yaml b/clusters/cl01tl-standby/platform/stalwart/templates/namespace.yaml deleted file mode 100644 index a7dd08e96..000000000 --- a/clusters/cl01tl-standby/platform/stalwart/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: stalwart - labels: - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl-standby/platform/stalwart/templates/replication-source.yaml b/clusters/cl01tl-standby/platform/stalwart/templates/replication-source.yaml deleted file mode 100644 index cca7da74e..000000000 --- a/clusters/cl01tl-standby/platform/stalwart/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: stalwart-config-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: stalwart-config-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: stalwart-config -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: stalwart-config-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/platform/stalwart/values.yaml b/clusters/cl01tl-standby/platform/stalwart/values.yaml deleted file mode 100644 index 6e8cdc56d..000000000 --- a/clusters/cl01tl-standby/platform/stalwart/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -stalwart: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: stalwartlabs/mail-server - tag: v0.11.6 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 128Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 8080 - protocol: HTTP - smtp: - port: 25 - targetPort: 25 - protocol: TCP - smtps: - port: 465 - targetPort: 465 - protocol: TCP - imap: - port: 143 - targetPort: 143 - protocol: TCP - imaps: - port: 993 - targetPort: 993 - protocol: TCP - ingress: - main: - className: tailscale - hosts: - - host: stalwart-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: stalwart - port: 80 - tls: - - secretName: stalwart-cl01tl - hosts: - - stalwart-cl01tl - persistence: - config: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - main: - - path: /opt/stalwart-mail - readOnly: false -valkey: - architecture: standalone - auth: - enabled: false - usePasswordFiles: false - primary: - persistence: - enabled: false - replica: - persistence: - enabled: false -elasticsearch: - global: - storageClass: ceph-block - extraEnvVars: - - name: discovery.type - value: single-node - - name: xpack.security.enabled - value: "true" - extraEnvVarsSecret: stalwart-elasticsearch-secret - master: - masterOnly: false - replicaCount: 1 - data: - replicaCount: 0 - coordinating: - replicaCount: 0 - ingest: - enabled: false - replicaCount: 0 -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/stalwart/stalwart-postgresql-17-cluster - endpointCredentials: stalwart-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/services/harbor/Chart.yaml b/clusters/cl01tl-standby/services/harbor/Chart.yaml deleted file mode 100644 index 75533dff4..000000000 --- a/clusters/cl01tl-standby/services/harbor/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: harbor -version: 1.0.0 -description: Harbor -keywords: - - harbor - - images - - cache - - kubernetes -home: https://wiki.alexlebens.dev/doc/harbor- -sources: - - https://github.com/goharborv - - https://github.com/goharbor/harbor-helm - - https://github.com/valkey-io/valkey - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/bitnami/charts/tree/main/bitnami/valkey - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: harbor - version: 1.16.2 - repository: https://helm.goharbor.io - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.2.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png -appVersion: v2.12.1 diff --git a/clusters/cl01tl-standby/services/harbor/templates/external-secret.yaml b/clusters/cl01tl-standby/services/harbor/templates/external-secret.yaml deleted file mode 100644 index 32024082b..000000000 --- a/clusters/cl01tl-standby/services/harbor/templates/external-secret.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: harbor-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: HARBOR_ADMIN_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: admin-password - - secretKey: secretKey - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: secretKey - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: secret - - secretKey: JOBSERVICE_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: jobservice-secret - - secretKey: REGISTRY_HTTP_SECRET - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: registry-http-secret - - secretKey: REGISTRY_PASSWD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: registry-password - - secretKey: REGISTRY_HTPASSWD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/harbor/config - metadataPolicy: None - property: registry-ht-password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: harbor-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl-standby/services/harbor/templates/ingress.yaml b/clusters/cl01tl-standby/services/harbor/templates/ingress.yaml deleted file mode 100644 index 310b5dd7b..000000000 --- a/clusters/cl01tl-standby/services/harbor/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: harbor-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: harbor-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - labels: - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - harbor-cl01tl - rules: - - host: harbor-cl01tl - http: - paths: - - backend: - service: - name: harbor-core - port: - number: 80 - path: /api/ - pathType: Prefix - - backend: - service: - name: harbor-core - port: - number: 80 - path: /service/ - pathType: Prefix - - backend: - service: - name: harbor-core - port: - number: 80 - path: /v2/ - pathType: Prefix - - backend: - service: - name: harbor-core - port: - number: 80 - path: /c/ - pathType: Prefix - - backend: - service: - name: harbor-portal - port: - number: 80 - path: / - pathType: Prefix diff --git a/clusters/cl01tl-standby/services/harbor/values.yaml b/clusters/cl01tl-standby/services/harbor/values.yaml deleted file mode 100644 index 2b4ba5929..000000000 --- a/clusters/cl01tl-standby/services/harbor/values.yaml +++ /dev/null @@ -1,136 +0,0 @@ -harbor: - expose: - type: ingress - ingress: - hosts: - core: harbor.alexlebens.net - className: traefik - labels: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer - externalURL: https://harbor-cl01tl.boreal-beaufort.ts.net - persistence: - enabled: true - resourcePolicy: "keep" - persistentVolumeClaim: - registry: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 20Gi - jobservice: - jobLog: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - redis: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - trivy: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - imageChartStorage: - type: filesystem - filesystem: - rootdirectory: /storage - existingSecretAdminPassword: harbor-secret - existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD - ipFamily: - ipv6: - enabled: false - ipv4: - enabled: true - updateStrategy: - type: Recreate - existingSecretSecretKey: harbor-secret - metrics: - enabled: true - core: - path: /metrics - port: 8001 - registry: - path: /metrics - port: 8001 - jobservice: - path: /metrics - port: 8001 - exporter: - path: /metrics - port: 8001 - serviceMonitor: - enabled: true - trace: - enabled: false - cache: - enabled: false - portal: - image: - repository: ghcr.io/goharbor/harbor-portal - tag: v2.12.2 - core: - image: - repository: ghcr.io/goharbor/harbor-core - tag: v2.12.2 - existingSecret: harbor-secret - jobservice: - image: - repository: ghcr.io/goharbor/harbor-jobservice - tag: v2.12.2 - existingSecret: harbor-secret - existingSecretKey: JOBSERVICE_SECRET - registry: - registry: - image: - repository: ghcr.io/goharbor/registry-photon - tag: v2.12.2 - controller: - image: - repository: ghcr.io/goharbor/harbor-registryctl - tag: v2.12.2 - existingSecret: harbor-secret - existingSecretKey: REGISTRY_HTTP_SECRET - relativeurls: false - credentials: - existingSecret: harbor-secret - upload_purging: - enabled: true - age: 168h - interval: 24h - dryrun: false - trivy: - enabled: false - database: - type: external - external: - host: harbor-postgresql-17-cluster-rw - port: "5432" - username: app - coreDatabase: app - existingSecret: harbor-postgresql-17-cluster-app - redis: - type: internal - internal: - image: - repository: goharbor/redis-photon - tag: v2.12.2 - exporter: - image: - repository: ghcr.io/goharbor/harbor-exporter - tag: v2.12.2 -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster - endpointCredentials: harbor-postgresql-17-cluster-backup-secret - backupIndex: 1 diff --git a/clusters/cl01tl-standby/storage/pgadmin/Chart.yaml b/clusters/cl01tl-standby/storage/pgadmin/Chart.yaml deleted file mode 100644 index 391163d31..000000000 --- a/clusters/cl01tl-standby/storage/pgadmin/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: pgadmin4 -version: 1.0.0 -description: pgAdmin -keywords: - - pgadmin4 - - postgresql - - database -home: https://wiki.alexlebens.dev/doc/pgadmin-9OkcLS3mOt -sources: - - https://github.com/pgadmin-org/pgadmin4 - - https://hub.docker.com/r/dpage/pgadmin4/ - - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: pgadmin4 - repository: https://bjw-s.github.io/helm-charts/ - version: 3.7.1 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/pgadmin.png -appVersion: v8.14 diff --git a/clusters/cl01tl-standby/storage/pgadmin/templates/external-secret.yaml b/clusters/cl01tl-standby/storage/pgadmin/templates/external-secret.yaml deleted file mode 100644 index 8410211b8..000000000 --- a/clusters/cl01tl-standby/storage/pgadmin/templates/external-secret.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: pgadmin-password-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: pgadmin-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: pgadmin-password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/auth - metadataPolicy: None - property: pgadmin-password - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: pgadmin-env-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: pgadmin-env-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/env - metadataPolicy: None - property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES - - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/env - metadataPolicy: None - property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER - - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/pgadmin/env - metadataPolicy: None - property: PGADMIN_CONFIG_OAUTH2_CONFIG - -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: pgadmin-data-backup-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: pgadmin-data-backup-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# target: -# template: -# mergePolicy: Merge -# engineVersion: v2 -# data: -# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data" -# data: -# - secretKey: BUCKET_ENDPOINT -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: S3_BUCKET_ENDPOINT -# - secretKey: RESTIC_PASSWORD -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: RESTIC_PASSWORD -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/volsync/restic/config -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: access_key -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/volsync-backups -# metadataPolicy: None -# property: secret_key diff --git a/clusters/cl01tl-standby/storage/pgadmin/templates/replication-source.yaml b/clusters/cl01tl-standby/storage/pgadmin/templates/replication-source.yaml deleted file mode 100644 index 2df835b78..000000000 --- a/clusters/cl01tl-standby/storage/pgadmin/templates/replication-source.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# apiVersion: volsync.backube/v1alpha1 -# kind: ReplicationSource -# metadata: -# name: pgadmin-data-backup-source -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: pgadmin-data-backup-source -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: backup -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# sourcePVC: pgadmin-data -# trigger: -# schedule: 0 0 */3 * * -# restic: -# pruneIntervalDays: 14 -# repository: pgadmin-data-backup-secret -# retain: -# hourly: 1 -# daily: 1 -# weekly: 1 -# monthly: 2 -# yearly: 4 -# moverSecurityContext: -# runAsUser: 5050 -# runAsGroup: 5050 -# copyMethod: Snapshot -# storageClassName: ceph-block -# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl-standby/storage/pgadmin/values.yaml b/clusters/cl01tl-standby/storage/pgadmin/values.yaml deleted file mode 100644 index 88b73a5ed..000000000 --- a/clusters/cl01tl-standby/storage/pgadmin/values.yaml +++ /dev/null @@ -1,89 +0,0 @@ -pgadmin4: - controllers: - main: - type: deployment - replicas: 1 - strategy: Recreate - initContainers: - init-chmod-data: - securityContext: - runAsUser: 0 - image: - repository: busybox - tag: 1.37.0 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - /bin/chown -R 5050:5050 /var/lib/pgadmin - resources: - requests: - cpu: 100m - memory: 128Mi - containers: - main: - securityContext: - runAsUser: 5050 - runAsGroup: 5050 - image: - repository: dpage/pgadmin4 - tag: "9.1" - pullPolicy: IfNotPresent - env: - - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION - value: "False" - - name: PGADMIN_DEFAULT_EMAIL - value: alexanderlebens@gmail.com - - name: PGADMIN_DEFAULT_PASSWORD - valueFrom: - secretKeyRef: - name: pgadmin-password-secret - key: pgadmin-password - envFrom: - - secretRef: - name: pgadmin-env-secret - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - create: true - service: - main: - controller: main - ports: - http: - port: 80 - targetPort: 80 - protocol: TCP - ingress: - main: - enabled: true - className: tailscale - hosts: - - host: pgadmin-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: pgadmin - port: 80 - tls: - - secretName: pgadmin-cl01tl - hosts: - - pgadmin-cl01tl - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 5Gi - retain: true - advancedMounts: - main: - init-chmod-data: - - path: /var/lib/pgadmin - readOnly: false - main: - - path: /var/lib/pgadmin - readOnly: false