feat: add more

2026-04-22 20:12:26 -05:00
parent 5cf0638c16
commit 4cda238587
25 changed files with 173 additions and 107 deletions
--- a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml
@@ -1,42 +1,42 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: s3-do-home-infra-secret
+  name: digital-ocean-s3-exporter-credentials
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: s3-do-home-infra-secret
+    app.kubernetes.io/name: digital-ocean-s3-exporter-credentials
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: AWS_ACCESS_KEY_ID
      remoteRef:
-        key: /digital-ocean/home-infra/all-access
+        key: /digital-ocean/home-infra/s3-exporter
        property: AWS_ACCESS_KEY_ID
    - secretKey: AWS_SECRET_ACCESS_KEY
      remoteRef:
-        key: /digital-ocean/home-infra/all-access
+        key: /digital-ocean/home-infra/s3-exporter
        property: AWS_SECRET_ACCESS_KEY
    - secretKey: AWS_REGION
      remoteRef:
-        key: /digital-ocean/home-infra/prometheus-exporter
+        key: /digital-ocean/home-infra/s3-exporter
        property: AWS_REGION

 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: s3-garage-secret
+  name: garage-s3-exporter-credentials
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: s3-garage-secret
+    app.kubernetes.io/name: garage-s3-exporter-credentials
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: AWS_ACCESS_KEY_ID
      remoteRef:
@@ -46,3 +46,7 @@ spec:
      remoteRef:
        key: /garage/home-infra/s3-exporter
        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        key: /garage/home-infra/s3-exporter
+        property: ACCESS_REGION
--- a/clusters/cl01tl/helm/s3-exporter/values.yaml
+++ b/clusters/cl01tl/helm/s3-exporter/values.yaml
@@ -17,17 +17,17 @@ s3-exporter:
            - name: S3_ACCESS_KEY
              valueFrom:
                secretKeyRef:
-                  name: s3-do-home-infra-secret
+                  name: digital-ocean-s3-exporter-credentials
                  key: AWS_ACCESS_KEY_ID
            - name: S3_SECRET_KEY
              valueFrom:
                secretKeyRef:
-                  name: s3-do-home-infra-secret
+                  name: digital-ocean-s3-exporter-credentials
                  key: AWS_SECRET_ACCESS_KEY
            - name: S3_REGION
              valueFrom:
                secretKeyRef:
-                  name: s3-do-home-infra-secret
+                  name: digital-ocean-s3-exporter-credentials
                  key: AWS_REGION
            - name: LOG_LEVEL
              value: info
@@ -54,15 +54,18 @@ s3-exporter:
            - name: S3_ACCESS_KEY
              valueFrom:
                secretKeyRef:
-                  name: s3-garage-secret
+                  name: garage-s3-exporter-credentials
                  key: AWS_ACCESS_KEY_ID
            - name: S3_SECRET_KEY
              valueFrom:
                secretKeyRef:
-                  name: s3-garage-secret
+                  name: garage-s3-exporter-credentials
                  key: AWS_SECRET_ACCESS_KEY
            - name: S3_REGION
-              value: us-east-1
+              valueFrom:
+                secretKeyRef:
+                  name: garage-s3-exporter-credentials
+                  key: ACCESS_REGION
            - name: LOG_LEVEL
              value: debug
            - name: S3_FORCE_PATH_STYLE
--- a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml
@@ -1,10 +1,10 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: searxng-browser-metrics-auth
+  name: searxng-browser-metrics-credentials
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: searxng-browser-metrics-auth
+    app.kubernetes.io/name: searxng-browser-metrics-credentials
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
@@ -13,32 +13,9 @@ spec:
  data:
    - secretKey: metrics-password
      remoteRef:
-        key: cl01tl/searxng/browser
-        property: metrics-password
+        key: /cl01tl/searxng/metrics
+        property: password
    - secretKey: metrics-username
      remoteRef:
-        key: cl01tl/searxng/browser
-        property: metrics-username
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: searxng-api-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: searxng-api-config-secret
-    {{- include "custom.labels" . | nindent 4 }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: settings.yml
-      remoteRef:
-        key: /cl01tl/searxng/api/config
-        property: settings.yml
-    - secretKey: limiter.toml
-      remoteRef:
-        key: /cl01tl/searxng/api/config
-        property: limiter.toml
+        key: /cl01tl/searxng/metrics
+        property: username
--- a/clusters/cl01tl/helm/searxng/templates/secret-provider-class.yaml
+++ b/clusters/cl01tl/helm/searxng/templates/secret-provider-class.yaml
@@ -0,0 +1,22 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: searxng-api-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: searxng-api-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: searxng
+    objects: |
+      - objectName: limiter.toml
+        fileName: limiter.toml
+        secretPath: secret/data/cl01tl/searxng/api
+        secretKey: limiter.toml
+      - objectName: settings.yml
+        fileName: settings.yml
+        secretPath: secret/data/cl01tl/searxng/api
+        secretKey: settings.yml
--- a/clusters/cl01tl/helm/searxng/values.yaml
+++ b/clusters/cl01tl/helm/searxng/values.yaml
@@ -4,6 +4,8 @@ searxng:
      type: deployment
      replicas: 1
      strategy: Recreate
+      serviceAccount:
+        name: searxng
      containers:
        main:
          image:
@@ -58,6 +60,9 @@ searxng:
          image:
            repository: valkey/valkey
            tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5
+  serviceAccount:
+    searxng:
+      enabled: true
  service:
    api:
      controller: api
@@ -85,10 +90,10 @@ searxng:
          path: /metrics
          basicAuth:
            password:
-              name: searxng-browser-metrics-auth
+              name: searxng-browser-metrics-credentials
              key: metrics-password
            username:
-              name: searxng-browser-metrics-auth
+              name: searxng-browser-metrics-credentials
              key: metrics-username
  route:
    main:
@@ -110,20 +115,19 @@ searxng:
                value: /
  persistence:
    config:
-      enabled: true
-      type: secret
-      name: searxng-api-config-secret
+      type: custom
+      volumeSpec:
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: searxng-api-config
      advancedMounts:
        api:
          main:
-            - path: /etc/searxng/settings.yml
+            - path: /etc/searxng/
              readOnly: true
              mountPropagation: None
-              subPath: settings.yml
-            - path: /etc/searxng/limiter.toml
-              readOnly: true
-              mountPropagation: None
-              subPath: limiter.toml
    api-data:
      forceRename: searxng-api-data
      storageClass: ceph-block
--- a/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml
+++ b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml
@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: secrets-store-csi-driver
+  name: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: secrets-store-csi-driver
+    app.kubernetes.io/name: {{ .Release.Namespace }}
    {{- include "custom.labels" . | nindent 4 }}
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
--- a/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl
@@ -12,3 +12,16 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageImportNfsName" -}}
+shelfmark-import-nfs-storage
+{{- end -}}
+{{- define "custom.storageAudiobooksNfsName" -}}
+shelfmark-audiobooks-nfs-storage
+{{- end -}}
+{{- define "custom.storageDownloadsNfsName" -}}
+shelfmark-downloads-nfs-storage
+{{- end -}}
--- a/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml
@@ -1,24 +1,39 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: shelfmark-config-secret
+  name: shelfmark-grimmory-config
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-config-secret
+    app.kubernetes.io/name: shelfmark-grimmory-config
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: grimmory-user
      remoteRef:
-        key: /cl01tl/shelfmark/booklore
+        key: /cl01tl/grimmory/users/shelfmark
        property: user
    - secretKey: grimmory-password
      remoteRef:
-        key: /cl01tl/shelfmark/booklore
+        key: /cl01tl/grimmory/users/shelfmark
        property: password
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: shelfmark-prowlarr-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: shelfmark-prowlarr-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: openbao
+  data:
    - secretKey: prowlarr-key
      remoteRef:
        key: /cl01tl/prowlarr/key
--- a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: shelfmark-import-nfs-storage
+  name: {{ include "custom.storageImportNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-import-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageImportNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: shelfmark-import-nfs-storage
+  volumeName: {{ include "custom.storageImportNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -19,13 +19,13 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: shelfmark-audiobooks-nfs-storage
+  name: {{ include "custom.storageAudiobooksNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-audiobooks-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageAudiobooksNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: shelfmark-audiobooks-nfs-storage
+  volumeName: {{ include "custom.storageAudiobooksNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -37,13 +37,13 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: shelfmark-downloads-nfs-storage
+  name: {{ include "custom.storageDownloadsNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-downloads-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageDownloadsNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: shelfmark-downloads-nfs-storage
+  volumeName: {{ include "custom.storageDownloadsNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: shelfmark-import-nfs-storage
+  name: {{ include "custom.storageImportNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-import-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageImportNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain
@@ -25,10 +25,10 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: shelfmark-audiobooks-nfs-storage
+  name: {{ include "custom.storageAudiobooksNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-audiobooks-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageAudiobooksNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain
@@ -49,10 +49,10 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: shelfmark-downloads-nfs-storage
+  name: {{ include "custom.storageDownloadsNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: shelfmark-downloads-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageDownloadsNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain
--- a/clusters/cl01tl/helm/shelfmark/values.yaml
+++ b/clusters/cl01tl/helm/shelfmark/values.yaml
@@ -35,12 +35,12 @@ shelfmark:
            - name: BOOKLORE_USERNAME
              valueFrom:
                secretKeyRef:
-                  name: shelfmark-config-secret
+                  name: shelfmark-grimmory-config
                  key: grimmory-user
            - name: BOOKLORE_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: shelfmark-config-secret
+                  name: shelfmark-grimmory-config
                  key: grimmory-password
            - name: BOOKLORE_DESTINATION
              value: library
@@ -67,7 +67,7 @@ shelfmark:
            - name: PROWLARR_API_KEY
              valueFrom:
                secretKeyRef:
-                  name: shelfmark-config-secret
+                  name: shelfmark-prowlarr-config
                  key: prowlarr-key
            - name: ABB_ENABLED
              value: true
--- a/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml
@@ -9,13 +9,13 @@ metadata:
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: SHELLY_HTTP_USERNAME
      remoteRef:
-        key: /shelly-plug/auth/it05sp
-        property: SHELLY_HTTP_USERNAME
+        key: /it05sp/auth
+        property: username
    - secretKey: SHELLY_HTTP_PASSWORD
      remoteRef:
-        key: /shelly-plug/auth/it05sp
-        property: SHELLY_HTTP_PASSWORD
+        key: /it05sp/auth
+        property: password
--- a/clusters/cl01tl/helm/slskd/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/slskd/templates/_helpers.tpl
@@ -12,3 +12,10 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageNfsName" -}}
+slskd-nfs-storage
+{{- end -}}
--- a/clusters/cl01tl/helm/slskd/templates/namespace.yaml
+++ b/clusters/cl01tl/helm/slskd/templates/namespace.yaml
@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: slskd
+  name: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: slskd
+    app.kubernetes.io/name: {{ .Release.Namespace }}
    {{- include "custom.labels" . | nindent 4 }}
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
--- a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: slskd-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: slskd-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: slskd-nfs-storage
+  volumeName: {{ include "custom.storageNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: slskd-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: slskd-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain
--- a/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl
@@ -12,3 +12,10 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageNfsName" -}}
+sonarr-4k-nfs-storage
+{{- end -}}
--- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: sonarr-4k-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sonarr-4k-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: sonarr-4k-nfs-storage
+  volumeName: {{ include "custom.storageNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: sonarr-4k-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sonarr-4k-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain
--- a/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl
@@ -12,3 +12,10 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageNfsName" -}}
+sonarr-anime-nfs-storage
+{{- end -}}
--- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: sonarr-anime-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sonarr-anime-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: sonarr-anime-nfs-storage
+  volumeName: {{ include "custom.storageNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: sonarr-anime-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sonarr-anime-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain
--- a/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl
@@ -12,3 +12,10 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageNfsName" -}}
+sonarr-nfs-storage
+{{- end -}}
--- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: sonarr-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sonarr-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
-  volumeName: sonarr-nfs-storage
+  volumeName: {{ include "custom.storageNfsName" . }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: sonarr-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sonarr-nfs-storage
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  persistentVolumeReclaimPolicy: Retain