feat: refactor apps
This commit is contained in:
@@ -4,15 +4,14 @@ version: 1.0.0
|
||||
description: Harbor
|
||||
keywords:
|
||||
- harbor
|
||||
- images
|
||||
- cache
|
||||
- kubernetes
|
||||
home: https://wiki.alexlebens.dev/s/7e132c13-afee-48ec-b3dd-efd656d240c9
|
||||
- image-registry
|
||||
home: https://docs.alexlebens.dev/applications/harbor/
|
||||
sources:
|
||||
- https://github.com/goharbor
|
||||
- https://github.com/cloudnative-pg/cloudnative-pg
|
||||
- https://github.com/orgs/goharbor/packages
|
||||
- https://github.com/goharbor/harbor-helm
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
|
||||
@@ -14,85 +14,49 @@ spec:
|
||||
data:
|
||||
- secretKey: HARBOR_ADMIN_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: admin-password
|
||||
- secretKey: secretKey
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: secretKey
|
||||
- secretKey: CSRF_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/core
|
||||
metadataPolicy: None
|
||||
property: CSRF_KEY
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/core
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
- secretKey: tls.crt
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/core
|
||||
metadataPolicy: None
|
||||
property: tls.crt
|
||||
- secretKey: tls.key
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/core
|
||||
metadataPolicy: None
|
||||
property: tls.key
|
||||
- secretKey: JOBSERVICE_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/jobservice
|
||||
metadataPolicy: None
|
||||
property: JOBSERVICE_SECRET
|
||||
- secretKey: REGISTRY_HTTP_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/registry
|
||||
metadataPolicy: None
|
||||
property: REGISTRY_HTTP_SECRET
|
||||
- secretKey: REGISTRY_REDIS_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/registry
|
||||
metadataPolicy: None
|
||||
property: REGISTRY_REDIS_PASSWORD
|
||||
- secretKey: REGISTRY_HTPASSWD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/registry
|
||||
metadataPolicy: None
|
||||
property: REGISTRY_HTPASSWD
|
||||
- secretKey: REGISTRY_CREDENTIAL_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/registry
|
||||
metadataPolicy: None
|
||||
property: REGISTRY_CREDENTIAL_PASSWORD
|
||||
- secretKey: REGISTRY_PASSWD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/registry
|
||||
metadataPolicy: None
|
||||
property: REGISTRY_CREDENTIAL_PASSWORD
|
||||
|
||||
@@ -21,13 +21,9 @@ harbor:
|
||||
size: 100Gi
|
||||
existingSecretAdminPassword: harbor-secret
|
||||
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
|
||||
internalTLS:
|
||||
enabled: false
|
||||
ipFamily:
|
||||
ipv6:
|
||||
enabled: false
|
||||
ipv4:
|
||||
enabled: true
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
existingSecretSecretKey: harbor-secret
|
||||
@@ -73,12 +69,12 @@ harbor:
|
||||
credentials:
|
||||
existingSecret: harbor-secret
|
||||
upload_purging:
|
||||
enabled: true
|
||||
age: 72h
|
||||
interval: 24h
|
||||
dryrun: false
|
||||
trivy:
|
||||
enabled: true
|
||||
image:
|
||||
repository: ghcr.io/goharbor/trivy-adapter-photon
|
||||
tag: v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba
|
||||
database:
|
||||
type: external
|
||||
external:
|
||||
@@ -109,32 +105,9 @@ postgres-18-cluster:
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 35 14 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
|
||||
@@ -5,8 +5,7 @@ description: Headlamp
|
||||
keywords:
|
||||
- headlamp
|
||||
- dashboard
|
||||
- kubernetes
|
||||
home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243
|
||||
home: https://docs.alexlebens.dev/applications/headlamp/
|
||||
sources:
|
||||
- https://github.com/headlamp-k8s/headlamp
|
||||
- https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp
|
||||
|
||||
@@ -14,43 +14,25 @@ spec:
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/headlamp
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/headlamp
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
- secretKey: OIDC_ISSUER_URL
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/headlamp
|
||||
metadataPolicy: None
|
||||
property: issuer
|
||||
- secretKey: OIDC_SCOPES
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/headlamp
|
||||
metadataPolicy: None
|
||||
property: scopes
|
||||
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/headlamp
|
||||
metadataPolicy: None
|
||||
property: validator-issuer-url
|
||||
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/headlamp
|
||||
metadataPolicy: None
|
||||
property: validator-client-id
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: headlamp
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: headlamp
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- headlamp.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: headlamp
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -1,5 +1,9 @@
|
||||
headlamp:
|
||||
replicaCount: 2
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: headlamp-k8s/headlamp
|
||||
tag: v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb
|
||||
config:
|
||||
oidc:
|
||||
secret:
|
||||
@@ -10,10 +14,30 @@ headlamp:
|
||||
watchPlugins: true
|
||||
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
|
||||
sessionTTL: null
|
||||
httpRoute:
|
||||
enabled: true
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- headlamp.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: headlamp
|
||||
port: 80
|
||||
weight: 100
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
cpu: 1m
|
||||
memory: 80Mi
|
||||
pluginsManager:
|
||||
enabled: true
|
||||
securityContext:
|
||||
|
||||
@@ -4,14 +4,13 @@ version: 1.0.0
|
||||
description: Home Assistant
|
||||
keywords:
|
||||
- home-assistant
|
||||
- home
|
||||
- automation
|
||||
home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca
|
||||
- home-automation
|
||||
home: https://docs.alexlebens.dev/applications/home-assistant/
|
||||
sources:
|
||||
- https://www.home-assistant.io/
|
||||
- https://github.com/home-assistant/core
|
||||
- https://github.com/home-assistant/core/pkgs/container/home-assistant
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
|
||||
@@ -14,17 +14,11 @@ spec:
|
||||
data:
|
||||
- secretKey: PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/home-assistant/code-server/auth
|
||||
metadataPolicy: None
|
||||
property: PASSWORD
|
||||
- secretKey: SUDO_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/home-assistant/code-server/auth
|
||||
metadataPolicy: None
|
||||
property: SUDO_PASSWORD
|
||||
|
||||
---
|
||||
@@ -44,8 +38,5 @@ spec:
|
||||
data:
|
||||
- secretKey: bearer-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/home-assistant/auth
|
||||
metadataPolicy: None
|
||||
property: bearer-token
|
||||
|
||||
@@ -4,28 +4,29 @@ home-assistant:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
pod:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/home-assistant/home-assistant
|
||||
tag: 2026.3.4
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 2026.3.4@sha256:916682086154a7390114a9788782b8efb199852d4f7d47066722c2bc5d1829e6
|
||||
env:
|
||||
- name: TZ
|
||||
value: US/Central
|
||||
value: America/Chicago
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 512Mi
|
||||
cpu: 1m
|
||||
memory: 400Mi
|
||||
code-server:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/code-server
|
||||
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
value: US/Central
|
||||
value: America/Chicago
|
||||
- name: PUID
|
||||
value: 1000
|
||||
- name: PGID
|
||||
@@ -35,10 +36,6 @@ home-assistant:
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: home-assistant-code-server-password-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
@@ -82,11 +79,8 @@ home-assistant:
|
||||
- home-assistant.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: home-assistant-main
|
||||
- name: home-assistant-main
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
@@ -102,11 +96,8 @@ home-assistant:
|
||||
- home-assistant-code-server.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: home-assistant-code-server
|
||||
- name: home-assistant-code-server
|
||||
port: 8443
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
|
||||
Reference in New Issue
Block a user