alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions 1 Activity

feat: refactor apps
Some checks failed
lint-test-helm / lint-helm (pull_request) Failing after 48s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-01 19:47:16 -05:00
parent d8ca9614cb
commit 3f3977e48b
13 changed files with 34 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -191,8 +191,8 @@ meilisearch:
size: 5Gi size: 5Gi
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 160Mi memory: 150Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
postgres-18-cluster: postgres-18-cluster:

1
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -31,7 +31,6 @@ houndarr:
http: http:
port: 80 port: 80
targetPort: 8877 targetPort: 8877
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute

4
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -21,11 +21,11 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.10.0 version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.4.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

3
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -93,15 +93,12 @@ immich:
http: http:
port: 2283 port: 2283
targetPort: 2283 targetPort: 2283
protocol: TCP
metrics-api: metrics-api:
port: 8081 port: 8081
targetPort: 8081 targetPort: 8081
protocol: TCP
metrics-ms: metrics-ms:
port: 8082 port: 8082
targetPort: 8082 targetPort: 8082
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

9
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -5,18 +5,15 @@ description: Jellyfin
keywords: keywords:
- jellyfin - jellyfin
- media - media
- movies home: https://docs.alexlebens.dev/applications/jellyfin/
- tv shows
- books
- music
home: https://wiki.alexlebens.dev/s/a58be5b0-7935-458a-b990-b45223e39d68
sources: sources:
- https://github.com/jellyfin/jellyfin - https://github.com/jellyfin/jellyfin
- https://github.com/rebelcore/jellyfin_exporter - https://github.com/rebelcore/jellyfin_exporter
- https://github.com/meilisearch/meilisearch
- https://hub.docker.com/r/jellyfin/jellyfin - https://hub.docker.com/r/jellyfin/jellyfin
- https://hub.docker.com/r/rebelcore/jellyfin-exporter - https://hub.docker.com/r/rebelcore/jellyfin-exporter
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

6
clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml
View File

@@ -14,10 +14,7 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/exporter key: /cl01tl/jellyfin/exporter
metadataPolicy: None
property: token property: token
--- ---
@@ -37,8 +34,5 @@ spec:
data: data:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/meilisearch key: /cl01tl/jellyfin/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY property: MEILI_MASTER_KEY

31
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -4,16 +4,14 @@ jellyfin:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/jellyfin/jellyfin repository: ghcr.io/jellyfin/jellyfin
tag: 10.11.7 tag: 10.11.7@sha256:2b93aa3830dcd0aab7185c635e20edef1f8dc5d2e999768baf1724e88c078004
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: JELLYFIN_hostwebclient - name: JELLYFIN_hostwebclient
value: true value: true
- name: JELLYFIN_PublishedServerUrl - name: JELLYFIN_PublishedServerUrl
@@ -24,12 +22,11 @@ jellyfin:
requests: requests:
gpu.intel.com/i915: 1 gpu.intel.com/i915: 1
cpu: 1 cpu: 1
memory: 2Gi memory: 1Gi
exporter: exporter:
image: image:
repository: rebelcore/jellyfin-exporter repository: rebelcore/jellyfin-exporter
tag: v1.4.0 tag: v1.4.0@sha256:dd35d901df663141025670b4b44a62a178b331e9fa084b17016f6fba46343ce9
pullPolicy: IfNotPresent
args: args:
- '--jellyfin.address=http://127.0.0.1:8096' - '--jellyfin.address=http://127.0.0.1:8096'
- '--jellyfin.token=$(TOKEN)' - '--jellyfin.token=$(TOKEN)'
@@ -47,11 +44,9 @@ jellyfin:
http: http:
port: 80 port: 80
targetPort: 8096 targetPort: 8096
protocol: HTTP
metrics: metrics:
port: 9594 port: 9594
targetPort: 9594 targetPort: 9594
protocol: HTTP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -77,11 +72,8 @@ jellyfin:
- jellyfin.alexlebens.net - jellyfin.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: jellyfin
kind: Service
name: jellyfin
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -92,14 +84,16 @@ jellyfin:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 100Gi size: 100Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /config - path: /config
readOnly: false readOnly: false
cache: cache:
type: emptyDir forceRename: jellyfin-cache
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -126,17 +120,14 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: jellyfin-meilisearch-master-key-secret existingMasterKeySecret: jellyfin-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence: persistence:
enabled: true enabled: true
storageClass: local-path storageClass: ceph-block
size: 5Gi size: 5Gi
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 1Gi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
volsync-target-config: volsync-target-config:

6
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -5,13 +5,13 @@ description: Jellystat
keywords: keywords:
- jellystat - jellystat
- jellyfin - jellyfin
home: https://wiki.alexlebens.dev/s/d3fd2bf1-d2ab-4e94-a127-ee35f2d90142 home: https://docs.alexlebens.dev/applications/jellystat/
sources: sources:
- https://github.com/CyferShepard/Jellystat - https://github.com/CyferShepard/Jellystat
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/cyfershepard/jellystat - https://hub.docker.com/r/cyfershepard/jellystat
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.10.0 version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

9
clusters/cl01tl/helm/jellystat/templates/external-secret.yaml
View File

@@ -14,22 +14,13 @@ spec:
data: data:
- secretKey: secret-key - secretKey: secret-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/auth key: /cl01tl/jellystat/auth
metadataPolicy: None
property: secret-key property: secret-key
- secretKey: user - secretKey: user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/auth key: /cl01tl/jellystat/auth
metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/auth key: /cl01tl/jellystat/auth
metadataPolicy: None
property: password property: password

40
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -4,16 +4,14 @@ jellystat:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: cyfershepard/jellystat repository: ghcr.io/cyfershepard/jellystat
tag: 1.1.8 tag: 1.1.8@sha256:c8c451704ba7985340142cd047e2364cabaf41b613669b6c5340688ed217f82a
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: JWT_SECRET - name: JWT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -57,7 +55,7 @@ jellystat:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 256Mi memory: 400Mi
service: service:
main: main:
controller: main controller: main
@@ -65,7 +63,6 @@ jellystat:
http: http:
port: 80 port: 80
targetPort: 3000 targetPort: 3000
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -78,11 +75,8 @@ jellystat:
- jellystat.alexlebens.net - jellystat.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: jellystat
kind: Service
name: jellystat
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -93,7 +87,6 @@ jellystat:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -112,35 +105,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 45 14 * * *" schedule: "0 45 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: jellystat-data pvcTarget: jellystat-data
local: local:

7
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -5,15 +5,16 @@ description: Karakeep
keywords: keywords:
- karakeep - karakeep
- bookmarks - bookmarks
home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad home: https://docs.alexlebens.dev/applications/karakeep/
sources: sources:
- https://github.com/karakeep-app/karakeep - https://github.com/karakeep-app/karakeep
- https://github.com/cloudflare/cloudflared - https://github.com/jlandure/alpine-chrome
- https://github.com/meilisearch/meilisearch
- https://github.com/karakeep-app/karakeep/pkgs/container/karakeep - https://github.com/karakeep-app/karakeep/pkgs/container/karakeep
- https://console.cloud.google.com/artifacts/docker/zenika-hub/us/gcr.io/alpine-chrome
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

24
clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/key key: /cl01tl/karakeep/key
metadataPolicy: None
property: key property: key
- secretKey: prometheus-token - secretKey: prometheus-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/key key: /cl01tl/karakeep/key
metadataPolicy: None
property: prometheus-token property: prometheus-token
--- ---
@@ -44,17 +38,11 @@ spec:
data: data:
- secretKey: AUTHENTIK_CLIENT_ID - secretKey: AUTHENTIK_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/karakeep key: /authentik/oidc/karakeep
metadataPolicy: None
property: client property: client
- secretKey: AUTHENTIK_CLIENT_SECRET - secretKey: AUTHENTIK_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/karakeep key: /authentik/oidc/karakeep
metadataPolicy: None
property: secret property: secret
--- ---
@@ -74,24 +62,15 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
--- ---
@@ -111,8 +90,5 @@ spec:
data: data:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/meilisearch key: /cl01tl/karakeep/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY property: MEILI_MASTER_KEY

21
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -4,13 +4,11 @@ karakeep:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/karakeep-app/karakeep repository: ghcr.io/karakeep-app/karakeep
tag: 0.31.0 tag: 0.31.0@sha256:20754dbdafb11dfe288bbb1c2342a7855081b08ea069e86fcf2d4a2d945d3653
pullPolicy: IfNotPresent
env: env:
- name: DATA_DIR - name: DATA_DIR
value: /data value: /data
@@ -91,12 +89,11 @@ karakeep:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 256Mi memory: 500Mi
chrome: chrome:
image: image:
repository: gcr.io/zenika-hub/alpine-chrome repository: gcr.io/zenika-hub/alpine-chrome
tag: 124 tag: 124@sha256:1a0046448e0bb6c275c88f86e01faf0de62b02ec8572901256ada0a8c08be23f
pullPolicy: IfNotPresent
args: args:
- --no-sandbox - --no-sandbox
- --disable-gpu - --disable-gpu
@@ -104,10 +101,6 @@ karakeep:
- --remote-debugging-address=0.0.0.0 - --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222 - --remote-debugging-port=9222
- --hide-scrollbars - --hide-scrollbars
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -115,11 +108,9 @@ karakeep:
http: http:
port: 3000 port: 3000
targetPort: 3000 targetPort: 3000
protocol: HTTP
chrome: chrome:
port: 9222 port: 9222
targetPort: 9222 targetPort: 9222
protocol: HTTP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -142,7 +133,6 @@ karakeep:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -155,9 +145,6 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: karakeep-meilisearch-master-key-secret existingMasterKeySecret: karakeep-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block
@@ -165,7 +152,7 @@ meilisearch:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 50Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
volsync-target-data: volsync-target-data: