From 201eac78a4966703d139718722c52a08d06a23fd Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 2 Apr 2026 00:52:20 +0000 Subject: [PATCH] feat: refactor apps (#5399) Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5399 --- clusters/cl01tl/helm/gitea/values.yaml | 4 +- clusters/cl01tl/helm/houndarr/values.yaml | 1 - clusters/cl01tl/helm/immich/Chart.lock | 8 ++-- clusters/cl01tl/helm/immich/Chart.yaml | 4 +- clusters/cl01tl/helm/immich/values.yaml | 3 -- clusters/cl01tl/helm/jellyfin/Chart.yaml | 9 ++--- .../jellyfin/templates/external-secret.yaml | 6 --- clusters/cl01tl/helm/jellyfin/values.yaml | 31 +++++--------- clusters/cl01tl/helm/jellystat/Chart.lock | 6 +-- clusters/cl01tl/helm/jellystat/Chart.yaml | 6 +-- .../jellystat/templates/external-secret.yaml | 9 ----- clusters/cl01tl/helm/jellystat/values.yaml | 40 +++---------------- clusters/cl01tl/helm/karakeep/Chart.yaml | 7 ++-- .../karakeep/templates/external-secret.yaml | 24 ----------- clusters/cl01tl/helm/karakeep/values.yaml | 21 ++-------- 15 files changed, 41 insertions(+), 138 deletions(-) diff --git a/clusters/cl01tl/helm/gitea/values.yaml b/clusters/cl01tl/helm/gitea/values.yaml index 4e9679c3c..3809486be 100644 --- a/clusters/cl01tl/helm/gitea/values.yaml +++ b/clusters/cl01tl/helm/gitea/values.yaml @@ -191,8 +191,8 @@ meilisearch: size: 5Gi resources: requests: - cpu: 1m - memory: 160Mi + cpu: 10m + memory: 150Mi serviceMonitor: enabled: true postgres-18-cluster: diff --git a/clusters/cl01tl/helm/houndarr/values.yaml b/clusters/cl01tl/helm/houndarr/values.yaml index 89282d025..e4d0ad7ac 100644 --- a/clusters/cl01tl/helm/houndarr/values.yaml +++ b/clusters/cl01tl/helm/houndarr/values.yaml @@ -31,7 +31,6 @@ houndarr: http: port: 80 targetPort: 8877 - protocol: HTTP route: main: kind: HTTPRoute diff --git a/clusters/cl01tl/helm/immich/Chart.lock b/clusters/cl01tl/helm/immich/Chart.lock index 700d9456b..7930bafd0 100644 --- a/clusters/cl01tl/helm/immich/Chart.lock +++ b/clusters/cl01tl/helm/immich/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 4.6.2 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.1 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts - version: 0.4.0 + version: 0.5.0 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:b79ea8c506f0172deed820247a33c79329f34426435c8b5eb27b206ac8831b13 -generated: "2026-03-15T20:06:27.091094433Z" +digest: sha256:b52be61811b2c4b8f1ac733be19de51e33540589b71337af99fc97727a1894e8 +generated: "2026-04-01T19:49:30.408077-05:00" diff --git a/clusters/cl01tl/helm/immich/Chart.yaml b/clusters/cl01tl/helm/immich/Chart.yaml index a3d7fd079..a16bf6184 100644 --- a/clusters/cl01tl/helm/immich/Chart.yaml +++ b/clusters/cl01tl/helm/immich/Chart.yaml @@ -21,11 +21,11 @@ dependencies: version: 4.6.2 - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.1 repository: oci://harbor.alexlebens.net/helm-charts - name: valkey alias: valkey - version: 0.4.0 + version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-data diff --git a/clusters/cl01tl/helm/immich/values.yaml b/clusters/cl01tl/helm/immich/values.yaml index dc4302c00..cc46c9c37 100644 --- a/clusters/cl01tl/helm/immich/values.yaml +++ b/clusters/cl01tl/helm/immich/values.yaml @@ -93,15 +93,12 @@ immich: http: port: 2283 targetPort: 2283 - protocol: TCP metrics-api: port: 8081 targetPort: 8081 - protocol: TCP metrics-ms: port: 8082 targetPort: 8082 - protocol: TCP serviceMonitor: main: selector: diff --git a/clusters/cl01tl/helm/jellyfin/Chart.yaml b/clusters/cl01tl/helm/jellyfin/Chart.yaml index 21c02b053..30838573d 100644 --- a/clusters/cl01tl/helm/jellyfin/Chart.yaml +++ b/clusters/cl01tl/helm/jellyfin/Chart.yaml @@ -5,18 +5,15 @@ description: Jellyfin keywords: - jellyfin - media - - movies - - tv shows - - books - - music -home: https://wiki.alexlebens.dev/s/a58be5b0-7935-458a-b990-b45223e39d68 +home: https://docs.alexlebens.dev/applications/jellyfin/ sources: - https://github.com/jellyfin/jellyfin - https://github.com/rebelcore/jellyfin_exporter - - https://github.com/meilisearch/meilisearch - https://hub.docker.com/r/jellyfin/jellyfin - https://hub.docker.com/r/rebelcore/jellyfin-exporter - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml b/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml index e63c2f54d..0cd27057a 100644 --- a/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml @@ -14,10 +14,7 @@ spec: data: - secretKey: token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellyfin/exporter - metadataPolicy: None property: token --- @@ -37,8 +34,5 @@ spec: data: - secretKey: MEILI_MASTER_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellyfin/meilisearch - metadataPolicy: None property: MEILI_MASTER_KEY diff --git a/clusters/cl01tl/helm/jellyfin/values.yaml b/clusters/cl01tl/helm/jellyfin/values.yaml index 6e0c4a8f0..d6307e84e 100644 --- a/clusters/cl01tl/helm/jellyfin/values.yaml +++ b/clusters/cl01tl/helm/jellyfin/values.yaml @@ -4,16 +4,14 @@ jellyfin: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/jellyfin/jellyfin - tag: 10.11.7 - pullPolicy: IfNotPresent + tag: 10.11.7@sha256:2b93aa3830dcd0aab7185c635e20edef1f8dc5d2e999768baf1724e88c078004 env: - name: TZ - value: US/Central + value: America/Chicago - name: JELLYFIN_hostwebclient value: true - name: JELLYFIN_PublishedServerUrl @@ -24,12 +22,11 @@ jellyfin: requests: gpu.intel.com/i915: 1 cpu: 1 - memory: 2Gi + memory: 1Gi exporter: image: repository: rebelcore/jellyfin-exporter - tag: v1.4.0 - pullPolicy: IfNotPresent + tag: v1.4.0@sha256:dd35d901df663141025670b4b44a62a178b331e9fa084b17016f6fba46343ce9 args: - '--jellyfin.address=http://127.0.0.1:8096' - '--jellyfin.token=$(TOKEN)' @@ -47,11 +44,9 @@ jellyfin: http: port: 80 targetPort: 8096 - protocol: HTTP metrics: port: 9594 targetPort: 9594 - protocol: HTTP serviceMonitor: main: selector: @@ -77,11 +72,8 @@ jellyfin: - jellyfin.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: jellyfin + - name: jellyfin port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -92,14 +84,16 @@ jellyfin: storageClass: ceph-block accessMode: ReadWriteOnce size: 100Gi - retain: true advancedMounts: main: main: - path: /config readOnly: false cache: - type: emptyDir + forceRename: jellyfin-cache + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 20Gi advancedMounts: main: main: @@ -126,17 +120,14 @@ meilisearch: MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: existingMasterKeySecret: jellyfin-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 persistence: enabled: true - storageClass: local-path + storageClass: ceph-block size: 5Gi resources: requests: cpu: 10m - memory: 128Mi + memory: 1Gi serviceMonitor: enabled: true volsync-target-config: diff --git a/clusters/cl01tl/helm/jellystat/Chart.lock b/clusters/cl01tl/helm/jellystat/Chart.lock index a6cc3ebef..60f578f11 100644 --- a/clusters/cl01tl/helm/jellystat/Chart.lock +++ b/clusters/cl01tl/helm/jellystat/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.6.2 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.1 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:f779185ce82045b47fc75bf95c4a8215acbd387f44a4bdb764486406d9b03748 -generated: "2026-03-15T20:06:38.720993367Z" +digest: sha256:a5b2ddd5097971d246b0d1f519ffafb662594d9f84ddc854b8eedf8702d2035f +generated: "2026-04-01T19:49:45.674314-05:00" diff --git a/clusters/cl01tl/helm/jellystat/Chart.yaml b/clusters/cl01tl/helm/jellystat/Chart.yaml index c5a59fd55..b07726fa4 100644 --- a/clusters/cl01tl/helm/jellystat/Chart.yaml +++ b/clusters/cl01tl/helm/jellystat/Chart.yaml @@ -5,13 +5,13 @@ description: Jellystat keywords: - jellystat - jellyfin -home: https://wiki.alexlebens.dev/s/d3fd2bf1-d2ab-4e94-a127-ee35f2d90142 +home: https://docs.alexlebens.dev/applications/jellystat/ sources: - https://github.com/CyferShepard/Jellystat - - https://github.com/cloudnative-pg/cloudnative-pg - https://hub.docker.com/r/cyfershepard/jellystat - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -21,7 +21,7 @@ dependencies: version: 4.6.2 - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.1 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-data diff --git a/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml b/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml index 8771fdde5..ee87cd82d 100644 --- a/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: secret-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellystat/auth - metadataPolicy: None property: secret-key - secretKey: user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellystat/auth - metadataPolicy: None property: user - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellystat/auth - metadataPolicy: None property: password diff --git a/clusters/cl01tl/helm/jellystat/values.yaml b/clusters/cl01tl/helm/jellystat/values.yaml index cb90aac8b..72608a2ae 100644 --- a/clusters/cl01tl/helm/jellystat/values.yaml +++ b/clusters/cl01tl/helm/jellystat/values.yaml @@ -4,16 +4,14 @@ jellystat: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: - repository: cyfershepard/jellystat - tag: 1.1.8 - pullPolicy: IfNotPresent + repository: ghcr.io/cyfershepard/jellystat + tag: 1.1.8@sha256:c8c451704ba7985340142cd047e2364cabaf41b613669b6c5340688ed217f82a env: - name: TZ - value: US/Central + value: America/Chicago - name: JWT_SECRET valueFrom: secretKeyRef: @@ -57,7 +55,7 @@ jellystat: resources: requests: cpu: 10m - memory: 256Mi + memory: 400Mi service: main: controller: main @@ -65,7 +63,6 @@ jellystat: http: port: 80 targetPort: 3000 - protocol: HTTP route: main: kind: HTTPRoute @@ -78,11 +75,8 @@ jellystat: - jellystat.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: jellystat + - name: jellystat port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -93,7 +87,6 @@ jellystat: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -112,35 +105,12 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 45 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-data: pvcTarget: jellystat-data local: diff --git a/clusters/cl01tl/helm/karakeep/Chart.yaml b/clusters/cl01tl/helm/karakeep/Chart.yaml index 9e6bcecf8..e1a2bea5b 100644 --- a/clusters/cl01tl/helm/karakeep/Chart.yaml +++ b/clusters/cl01tl/helm/karakeep/Chart.yaml @@ -5,15 +5,16 @@ description: Karakeep keywords: - karakeep - bookmarks -home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad +home: https://docs.alexlebens.dev/applications/karakeep/ sources: - https://github.com/karakeep-app/karakeep - - https://github.com/cloudflare/cloudflared - - https://github.com/meilisearch/meilisearch + - https://github.com/jlandure/alpine-chrome - https://github.com/karakeep-app/karakeep/pkgs/container/karakeep + - https://console.cloud.google.com/artifacts/docker/zenika-hub/us/gcr.io/alpine-chrome - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml index 485dbff60..055cc9477 100644 --- a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/karakeep/key - metadataPolicy: None property: key - secretKey: prometheus-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/karakeep/key - metadataPolicy: None property: prometheus-token --- @@ -44,17 +38,11 @@ spec: data: - secretKey: AUTHENTIK_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/karakeep - metadataPolicy: None property: client - secretKey: AUTHENTIK_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/karakeep - metadataPolicy: None property: secret --- @@ -74,24 +62,15 @@ spec: data: - secretKey: ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/karakeep-assets - metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_SECRET_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/karakeep-assets - metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/karakeep-assets - metadataPolicy: None property: ACCESS_REGION --- @@ -111,8 +90,5 @@ spec: data: - secretKey: MEILI_MASTER_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/karakeep/meilisearch - metadataPolicy: None property: MEILI_MASTER_KEY diff --git a/clusters/cl01tl/helm/karakeep/values.yaml b/clusters/cl01tl/helm/karakeep/values.yaml index 890003953..12d3e2461 100644 --- a/clusters/cl01tl/helm/karakeep/values.yaml +++ b/clusters/cl01tl/helm/karakeep/values.yaml @@ -4,13 +4,11 @@ karakeep: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/karakeep-app/karakeep - tag: 0.31.0 - pullPolicy: IfNotPresent + tag: 0.31.0@sha256:20754dbdafb11dfe288bbb1c2342a7855081b08ea069e86fcf2d4a2d945d3653 env: - name: DATA_DIR value: /data @@ -91,12 +89,11 @@ karakeep: resources: requests: cpu: 10m - memory: 256Mi + memory: 500Mi chrome: image: repository: gcr.io/zenika-hub/alpine-chrome - tag: 124 - pullPolicy: IfNotPresent + tag: 124@sha256:1a0046448e0bb6c275c88f86e01faf0de62b02ec8572901256ada0a8c08be23f args: - --no-sandbox - --disable-gpu @@ -104,10 +101,6 @@ karakeep: - --remote-debugging-address=0.0.0.0 - --remote-debugging-port=9222 - --hide-scrollbars - resources: - requests: - cpu: 10m - memory: 128Mi service: main: controller: main @@ -115,11 +108,9 @@ karakeep: http: port: 3000 targetPort: 3000 - protocol: HTTP chrome: port: 9222 targetPort: 9222 - protocol: HTTP serviceMonitor: main: selector: @@ -142,7 +133,6 @@ karakeep: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi - retain: true advancedMounts: main: main: @@ -155,9 +145,6 @@ meilisearch: MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: existingMasterKeySecret: karakeep-meilisearch-master-key-secret - service: - type: ClusterIP - port: 7700 persistence: enabled: true storageClass: ceph-block @@ -165,7 +152,7 @@ meilisearch: resources: requests: cpu: 10m - memory: 128Mi + memory: 50Mi serviceMonitor: enabled: true volsync-target-data: