From 5cf0638c16099736d755517f695235e469d84787 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 19:38:17 -0500 Subject: [PATCH] feat: add more --- .../helm/radarr-4k/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../helm/radarr-anime/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../radarr-standup/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../cl01tl/helm/radarr/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../radarr/templates/persistent-volume.yaml | 4 +- .../rclone/templates/external-secret.yaml | 58 +++++++++---------- clusters/cl01tl/helm/rclone/values.yaml | 10 +--- clusters/cl01tl/helm/reloader/Chart.yaml | 2 +- .../helm/rook-ceph/templates/namespace.yaml | 4 +- .../roundcube/templates/external-secret.yaml | 8 +-- clusters/cl01tl/helm/roundcube/values.yaml | 2 +- .../rybbit/templates/external-secret.yaml | 37 ++++++++---- clusters/cl01tl/helm/rybbit/values.yaml | 12 ++-- 20 files changed, 117 insertions(+), 84 deletions(-) diff --git a/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl index 10688fcef..81cb6a170 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-4k-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml index b1a1250f5..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-4k-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-4k-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-4k-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml index 07ded9aa5..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-4k-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-4k-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl index 10688fcef..a446db06e 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-anime-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml index 463913336..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-anime-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-anime-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-anime-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml index 4ff3d5b21..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-anime-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-anime-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl index 10688fcef..9e56f5fc8 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-standup-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml index 6c61d9abc..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-standup-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-standup-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-standup-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml index 2abc1a935..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-standup-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-standup-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/radarr/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr/templates/_helpers.tpl index 10688fcef..1ab2968a7 100644 --- a/clusters/cl01tl/helm/radarr/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml index e4702537e..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml index e11ad08ae..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml index e6613280b..de511fb9e 100644 --- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml @@ -9,7 +9,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ACCESS_KEY_ID remoteRef: @@ -25,12 +25,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -60,12 +60,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -95,12 +95,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -130,12 +130,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -165,12 +165,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -200,12 +200,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -235,11 +235,11 @@ spec: property: ACCESS_SECRET_KEY - secretKey: ENDPOINT_LOCAL remoteRef: - key: /garage/home-infra/openbao-backups + key: /garage/config property: ENDPOINT_LOCAL - secretKey: ENDPOINT_REMOTE remoteRef: - key: /garage/home-infra/openbao-backups + key: /garage/config property: ENDPOINT_REMOTE --- @@ -268,7 +268,3 @@ spec: remoteRef: key: /digital-ocean/home-infra/openbao-backups property: ACCESS_SECRET_KEY - - secretKey: ENDPOINT - remoteRef: - key: /digital-ocean/home-infra/openbao-backups - property: ENDPOINT diff --git a/clusters/cl01tl/helm/rclone/values.yaml b/clusters/cl01tl/helm/rclone/values.yaml index d2d7ef704..22765c63f 100644 --- a/clusters/cl01tl/helm/rclone/values.yaml +++ b/clusters/cl01tl/helm/rclone/values.yaml @@ -747,10 +747,7 @@ rclone: name: external-openbao-backups-secret key: ACCESS_REGION - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ENDPOINT + value: https://nyc3.digitaloceanspaces.com - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: true prune: @@ -786,9 +783,6 @@ rclone: name: external-openbao-backups-secret key: ACCESS_REGION - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ENDPOINT + value: https://nyc3.digitaloceanspaces.com - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: true diff --git a/clusters/cl01tl/helm/reloader/Chart.yaml b/clusters/cl01tl/helm/reloader/Chart.yaml index 669c0514d..b7002e307 100644 --- a/clusters/cl01tl/helm/reloader/Chart.yaml +++ b/clusters/cl01tl/helm/reloader/Chart.yaml @@ -5,7 +5,7 @@ description: Reloader keywords: - reloader - config-map -home: https://docs.alexlebens.dev/applications/rclone/ +home: https://docs.alexlebens.dev/applications/reloader/ sources: - https://github.com/stakater/Reloader - https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader diff --git a/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml b/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml index 82e9bf619..bbbe36926 100644 --- a/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml +++ b/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: rook-ceph + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: rook-ceph + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml index 89fdc892e..e4301aadb 100644 --- a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml @@ -1,17 +1,17 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: roundcube-key-secret + name: roundcube-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: roundcube-key-secret + app.kubernetes.io/name: roundcube-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: DES_KEY remoteRef: key: /cl01tl/roundcube/key - property: DES_KEY + property: des-key diff --git a/clusters/cl01tl/helm/roundcube/values.yaml b/clusters/cl01tl/helm/roundcube/values.yaml index 06150f268..88b25cd51 100644 --- a/clusters/cl01tl/helm/roundcube/values.yaml +++ b/clusters/cl01tl/helm/roundcube/values.yaml @@ -35,7 +35,7 @@ roundcube: - name: ROUNDCUBEMAIL_DES_KEY valueFrom: secretKeyRef: - name: roundcube-key-secret + name: roundcube-key key: DES_KEY - name: ROUNDCUBEMAIL_DEFAULT_HOST value: stalwart.stalwart diff --git a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml index cda4cae82..412771812 100644 --- a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml @@ -1,15 +1,38 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: rybbit-config-secret + name: rybbit-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: rybbit-config-secret + app.kubernetes.io/name: rybbit-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao + data: + - secretKey: better-auth-secret + remoteRef: + key: /cl01tl/rybbit/config + property: better-auth-secret + - secretKey: mapbox-token + remoteRef: + key: /cl01tl/rybbit/config + property: mapbox-token + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: rybbit-clickhouse-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: rybbit-clickhouse-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao data: - secretKey: clickhouse-user remoteRef: @@ -19,11 +42,3 @@ spec: remoteRef: key: /cl01tl/rybbit/clickhouse property: password - - secretKey: better-auth-secret - remoteRef: - key: /cl01tl/rybbit/auth - property: better-auth-secret - - secretKey: mapbox-token - remoteRef: - key: /cl01tl/rybbit/auth - property: mapbox-token diff --git a/clusters/cl01tl/helm/rybbit/values.yaml b/clusters/cl01tl/helm/rybbit/values.yaml index 31c9e9b0c..e86451199 100644 --- a/clusters/cl01tl/helm/rybbit/values.yaml +++ b/clusters/cl01tl/helm/rybbit/values.yaml @@ -19,12 +19,12 @@ rybbit: - name: CLICKHOUSE_USER valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-user - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-password - name: POSTGRES_HOST valueFrom: @@ -54,7 +54,7 @@ rybbit: - name: BETTER_AUTH_SECRET valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-config key: better-auth-secret - name: BASE_URL value: https://rybbit.alexlebens.dev @@ -65,7 +65,7 @@ rybbit: - name: MAPBOX_TOKEN valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-config key: mapbox-token probes: liveness: @@ -119,12 +119,12 @@ rybbit: - name: CLICKHOUSE_USER valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-user - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-password probes: liveness: