alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity

feat: migrate to openbao
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m7s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m18s
Details
render-manifests / render-manifests (pull_request) Successful in 2m3s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-19 20:02:09 -05:00
parent 775f408383
commit 8f3e489e94
27 changed files with 78 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.1 version: 9.5.2
digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78 digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
generated: "2026-04-16T15:57:15.168206017Z" generated: "2026-04-19T19:53:40.43789-05:00"

46
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,70 +1,42 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-oidc-secret name: argocd-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-oidc-secret app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /authentik/oidc/argocd key: /cl01tl/authentik/oidc/argocd
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /authentik/oidc/argocd key: /cl01tk/authentik/oidc/argocd
property: client property: client
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-notifications-secret name: argocd-notifications-ntfy
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-notifications-secret app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
key: /ntfy/user/cl01tl key: /cl01tl/ntfy/users/cl01tl
property: token property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: type
- secretKey: url
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: url
- secretKey: sshPrivateKey
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: sshPrivateKey

6
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -13,8 +13,8 @@ argo-cd:
connectors: connectors:
- config: - config:
issuer: https://authentik.alexlebens.net/application/o/argocd/ issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-secret:client clientID: $argocd-oidc-authentik:client
clientSecret: $argocd-oidc-secret:secret clientSecret: $argocd-oidc-authentik:secret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:
- openid - openid
@@ -205,7 +205,7 @@ argo-cd:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
name: argocd-notifications-secret name: argocd-notifications-ntfy
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

18
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,18 +1,24 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: audiobookshelf-apprise-config name: audiobookshelf-config-apprise
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-apprise-config app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
data: data:
- secretKey: ntfy-url - secretKey: internal-endpoint-credential
remoteRef: remoteRef:
key: /cl01tl/audiobookshelf/apprise key: /cl01tl/ntfy/users/cl01tl
property: ntfy-url property: internal-endpoint-credential

12
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -4,11 +4,11 @@ metadata:
name: audiobookshelf-books-nfs-storage name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-books-nfs-storage volumeName: {{ .Template.Name }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -23,11 +23,11 @@ metadata:
name: audiobookshelf-audiobooks-nfs-storage name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-audiobooks-nfs-storage volumeName: {{ .Template.Name }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -42,11 +42,11 @@ metadata:
name: audiobookshelf-podcasts-nfs-storage name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-podcasts-nfs-storage volumeName: {{ .Template.Name }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

6
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: audiobookshelf-books-nfs-storage name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -29,7 +29,7 @@ metadata:
name: audiobookshelf-audiobooks-nfs-storage name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -54,7 +54,7 @@ metadata:
name: audiobookshelf-podcasts-nfs-storage name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -40,7 +40,7 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS - name: APPRISE_STATELESS_URLS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: audiobookshelf-apprise-config name: audiobookshelf-config-apprise
key: ntfy-url key: ntfy-url
service: service:
main: main:

6
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,16 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: authentik-key-secret name: authentik-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-key-secret app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

2
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: authentik-tailscale name: authentik-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-tailscale app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics

2
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: allow-outpost-cross-namespace-access name: allow-outpost-cross-namespace-access
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

2
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY - name: AUTHENTIK_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authentik-key-secret name: authentik-key
key: key key: key
- name: AUTHENTIK_POSTGRESQL__HOST - name: AUTHENTIK_POSTGRESQL__HOST
valueFrom: valueFrom:

8
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -4,11 +4,11 @@ metadata:
name: backrest-nfs-storage name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: backrest-nfs-storage volumeName: {{ .Template.Name }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -23,11 +23,11 @@ metadata:
name: backrest-nfs-share name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-share app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: backrest-nfs-share volumeName: {{ .Template.Name }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

4
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: backrest-nfs-storage name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -29,7 +29,7 @@ metadata:
name: backrest-nfs-share name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: backrest-nfs-share app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

6
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,16 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: bazarr-key-secret name: bazarr-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-key-secret app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

4
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -4,11 +4,11 @@ metadata:
name: bazarr-nfs-storage name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: bazarr-nfs-storage volumeName: {{ .Template.Name }}
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

2
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: bazarr-nfs-storage name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-nfs-storage app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -39,7 +39,7 @@ bazarr:
- name: APIKEY - name: APIKEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: bazarr-key-secret name: bazarr-key
key: key key: key
- name: ENABLE_ADDITIONAL_METRICS - name: ENABLE_ADDITIONAL_METRICS
value: false value: false

2
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: letsencrypt-issuer name: letsencrypt-issuer
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: letsencrypt-issuer app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

6
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -4,15 +4,15 @@ metadata:
name: cloudflare-api-token name: cloudflare-api-token
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: cloudflare-api-token app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: api-token - secretKey: api-token
remoteRef: remoteRef:
key: /cloudflare/alexlebens.net/clusterissuer key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
property: token property: token

2
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
View File

@@ -4,7 +4,7 @@
# name: cilium-bgp-advertisements # name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
# labels: # labels:
# app.kubernetes.io/name: cilium-bgp-advertisements # app.kubernetes.io/name: {{ .Template.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: # spec:

2
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
View File

@@ -4,7 +4,7 @@
# name: cilium-bgp # name: cilium-bgp
# namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
# labels: # labels:
# app.kubernetes.io/name: cilium-bgp # app.kubernetes.io/name: {{ .Template.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: # spec:

2
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
View File

@@ -4,7 +4,7 @@
# name: cilium-peer # name: cilium-peer
# namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
# labels: # labels:
# app.kubernetes.io/name: cilium-peer # app.kubernetes.io/name: {{ .Template.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: # spec:

4
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: default-ip-pool name: default-ip-pool
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: default-ip-pool app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -19,7 +19,7 @@ metadata:
name: bgp-ip-pool name: bgp-ip-pool
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bgp-ip-pool app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

2
clusters/cl01tl/helm/cilium/templates/gateway.yaml
View File

@@ -4,7 +4,7 @@
# name: cilium-tls-gateway # name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
# labels: # labels:
# app.kubernetes.io/name: cilium-tls-gateway # app.kubernetes.io/name: {{ .Template.Name }}
# app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations: # annotations:

2
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: hubble name: hubble
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: hubble app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

16
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,16 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-key-secret name: dawarich-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-key-secret app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
@@ -21,22 +21,22 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-oidc-secret name: dawarich-oidc-authentik
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-oidc-secret app.kubernetes.io/name: {{ .Template.Name }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: openbao
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /authentik/oidc/dawarich key: /cl01tl/authentik/oidc/dawarich
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /authentik/oidc/dawarich key: /cl01tl/authentik/oidc/dawarich
property: secret property: secret

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -61,12 +61,12 @@ dawarich:
- name: OIDC_CLIENT_ID - name: OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-secret name: dawarich-oidc-authentik
key: client key: client
- name: OIDC_CLIENT_SECRET - name: OIDC_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-secret name: dawarich-oidc-authentik
key: secret key: secret
- name: OIDC_PROVIDER_NAME - name: OIDC_PROVIDER_NAME
value: Authentik value: Authentik
@@ -81,7 +81,7 @@ dawarich:
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-key-secret name: dawarich-key
key: key key: key
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true