alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

migration to next

Browse Source
This commit is contained in:
Alex Lebens
2025-03-02 16:56:16 -06:00
parent 1693ecd0ae
commit 9fe661cf24
342 changed files with 166 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/storage/cloudnative-pg/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: cloudnative-pg
version: 1.0.0
description: Cloudnative PG
keywords:
- cloudnative-pg
- operator
- postgresql
- kubernetes
home: https://wiki.alexlebens.dev/doc/cloudnative-pg-87MyLNw4xG
sources:
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.23.0
repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
appVersion: 1.24.1

4
clusters/cl01tl/storage/cloudnative-pg/values.yaml
View File

@@ -1,4 +0,0 @@
cloudnative-pg:
replicaCount: 2
monitoring:
podMonitorEnabled: true

20
clusters/cl01tl/storage/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: democratic-csi-synology-iscsi
version: 1.0.0
description: Democratic CSI
keywords:
- democratic-csi-synology-iscsi
- iscsi
- kubernetes
home: https://wiki.alexlebens.dev/doc/democratic-csi-tmkFKsYZm6
sources:
- https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi
maintainers:
- name: alexlebens
dependencies:
- name: democratic-csi
repository: https://democratic-csi.github.io/charts/
version: 0.14.7
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.14.7

23
clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: synology-iscsi-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: driver-config-file.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml

37
clusters/cl01tl/storage/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,37 +0,0 @@
democratic-csi:
driver:
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
enabled: true
rbac:
enabled: true
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
fsType: ext4
- name: synology-iscsi-retain
defaultClass: false
reclaimPolicy: Retain
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
fsType: ext4
node:
hostPID: true
driver:
extraEnv:
- name: ISCSIADM_HOST_STRATEGY
value: nsenter
- name: ISCSIADM_HOST_PATH
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /usr/local/etc/iscsi
iscsiDirHostPathType: ""

21
clusters/cl01tl/storage/local-path-provisioner/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: local-path-provisioner
version: 1.0.0
description: Local Path Provisioner
keywords:
- local-path-provisioner
- storage
- kubernetes
home: https://wiki.alexlebens.dev/doc/local-path-provisioner-40NQQKSDVu
sources:
- https://github.com/rancher/local-path-provisioner
- https://hub.docker.com/r/rancher/local-path-provisioner
- https://github.com/containeroo/helm-charts/tree/master/charts/local-path-provisioner
maintainers:
- name: alexlebens
dependencies:
- name: local-path-provisioner
version: 0.0.32
repository: https://charts.containeroo.ch
icon: https://avatars.githubusercontent.com/u/9343010?s=48&v=4
appVersion: v0.0.30

8
clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: local-path-provisioner
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

45
clusters/cl01tl/storage/local-path-provisioner/values.yaml
View File

@@ -1,45 +0,0 @@
local-path-provisioner:
image:
repository: rancher/local-path-provisioner
tag: v0.0.31
helperImage:
repository: busybox
tag: 1.37.0
storageClass:
create: true
defaultClass: false
defaultVolumeType: hostPath
name: local-path
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
nodePathMap:
- node: talos-5zy-00y
paths:
- /var/local-path-provisioner
- node: talos-6ht-r95
paths:
- /var/local-path-provisioner
- node: talos-q4m-8t4
paths:
- /var/local-path-provisioner
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- talos-5zy-00y
- talos-6ht-r95
- talos-q4m-8t4
configmap:
name: local-path-config
setup: |-
#!/bin/sh
set -eu
mkdir -m 0777 -p "$VOL_DIR"
teardown: |-
#!/bin/sh
set -eu
rm -rf "$VOL_DIR"

23
clusters/cl01tl/storage/minio-operator/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: minio-operator
version: 1.0.0
description: Minio Operator
keywords:
- minio-operator
- minio
- operator
- storage
- s3
- kubernetes
home: https://wiki.alexlebens.dev/doc/minio-operator-bEvMUpVreJ
sources:
- https://github.com/minio/operator
- https://github.com/minio/operator/tree/master/helm/operator
maintainers:
- name: alexlebens
dependencies:
- name: operator
version: 7.0.0
repository: https://operator.min.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/minio.png
appVersion: v6.0.4

7
clusters/cl01tl/storage/minio-operator/values.yaml
View File

@@ -1,7 +0,0 @@
operator:
operator:
env:
- name: OPERATOR_STS_ENABLED
value: "off"
- name: MINIO_CONSOLE_TLS_ENABLE
value: "off"

21
clusters/cl01tl/storage/nfs/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: nfs-subdir-external-provisioner
version: 1.0.0
description: NFS Subdir External Provisioner
keywords:
- nfs-subdir-external-provisioner
- nfs
- storage
- kubernetes
home: https://wiki.alexlebens.dev/doc/nfs-z7rfU2dz5C
sources:
- https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
- https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/charts/nfs-subdir-external-provisioner
maintainers:
- name: alexlebens
dependencies:
- name: nfs-subdir-external-provisioner
version: 4.0.18
repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 4.0.18

8
clusters/cl01tl/storage/nfs/values.yaml
View File

@@ -1,8 +0,0 @@
nfs-subdir-external-provisioner:
nfs:
server: 10.232.1.64
path: /volume2/Talos
mountOptions:
- hard
- vers=4
- minorversion=1

22
clusters/cl01tl/storage/pgadmin/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: pgadmin4
version: 1.0.0
description: pgAdmin
keywords:
- pgadmin4
- postgresql
- database
home: https://wiki.alexlebens.dev/doc/pgadmin-9OkcLS3mOt
sources:
- https://github.com/pgadmin-org/pgadmin4
- https://hub.docker.com/r/dpage/pgadmin4/
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: pgadmin4
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/pgadmin.png
appVersion: v8.14

121
clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml
View File

@@ -1,121 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: pgadmin-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: pgadmin-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: pgadmin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/auth
metadataPolicy: None
property: pgadmin-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: pgadmin-env-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: pgadmin-env-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/env
metadataPolicy: None
property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
- secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/env
metadataPolicy: None
property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
- secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/env
metadataPolicy: None
property: PGADMIN_CONFIG_OAUTH2_CONFIG
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: pgadmin-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: pgadmin-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key

30
clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml
View File

@@ -1,30 +0,0 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: pgadmin-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: pgadmin-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: pgadmin-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: pgadmin-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 5050
# runAsGroup: 5050
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

89
clusters/cl01tl/storage/pgadmin/values.yaml
View File

@@ -1,89 +0,0 @@
pgadmin4:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
initContainers:
init-chmod-data:
securityContext:
runAsUser: 0
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
/bin/chown -R 5050:5050 /var/lib/pgadmin
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
main:
securityContext:
runAsUser: 5050
runAsGroup: 5050
image:
repository: dpage/pgadmin4
tag: "9.1"
pullPolicy: IfNotPresent
env:
- name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
value: "False"
- name: PGADMIN_DEFAULT_EMAIL
value: alexanderlebens@gmail.com
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pgadmin-password-secret
key: pgadmin-password
envFrom:
- secretRef:
name: pgadmin-env-secret
resources:
requests:
cpu: 10m
memory: 256Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: TCP
ingress:
main:
enabled: true
className: tailscale
hosts:
- host: pgadmin-cl01tl
paths:
- path: /
pathType: Prefix
service:
name: pgadmin
port: 80
tls:
- secretName: pgadmin-cl01tl
hosts:
- pgadmin-cl01tl
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
init-chmod-data:
- path: /var/lib/pgadmin
readOnly: false
main:
- path: /var/lib/pgadmin
readOnly: false

25
clusters/cl01tl/storage/rook-ceph/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: rook-ceph
version: 1.0.0
description: Rook Ceph
keywords:
- rook-ceph
- ceph
- storage
- kubernetes
home: https://wiki.alexlebens.dev/doc/rook-ceph-C7G7SNuP5Z
sources:
- https://github.com/rook/rook
- https://quay.io/repository/ceph/ceph?tab=tags
- https://github.com/rook/rook/tree/master/deploy/charts
maintainers:
- name: alexlebens
dependencies:
- name: rook-ceph
version: v1.16.4
repository: https://charts.rook.io/release
- name: rook-ceph-cluster
version: v1.16.4
repository: https://charts.rook.io/release
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/rook.png
appVersion: v1.16.0

8
clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

146
clusters/cl01tl/storage/rook-ceph/values.yaml
View File

@@ -1,146 +0,0 @@
rook-ceph:
crds:
enabled: true
csi:
enableMetadata: true
provisionerReplicas: 3
serviceMonitor:
enabled: true
enableDiscoveryDaemon: true
monitoring:
enabled: true
rook-ceph-cluster:
operatorNamespace: rook-ceph
toolbox:
enabled: true
monitoring:
enabled: true
createPrometheusRules: true
cephClusterSpec:
cephVersion:
# https://quay.io/repository/ceph/ceph?tab=tags
image: quay.io/ceph/ceph:v19.2.1-20250202
mon:
count: 3
mgr:
count: 1
modules:
- name: pg_autoscaler
enabled: true
- name: rook
enabled: true
dashboard:
enabled: true
ssl: false
network:
connections:
encryption:
enabled: true
compression:
enabled: true
requireMsgr2: true
placement:
all:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/rook-osd-node
operator: Exists
mon:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/rook-mon-node
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- key: node-role.kubernetes.io/rook-mon-node
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
resources:
mgr:
limits:
cpu: 2000m
requests:
cpu: 100m
memory: 512Mi
mon:
limits:
cpu: 2000m
requests:
cpu: 200m
memory: 256Mi
osd:
limits:
cpu: 5000m
requests:
cpu: 100m
memory: 2Gi
prepareosd:
requests:
cpu: 100m
memory: 128Mi
storage:
useAllNodes: true
useAllDevices: true
deviceFilter: sda
config:
osdsPerDevice: "1"
csi:
readAffinity:
enabled: true
ingress:
dashboard:
ingressClassName: tailscale
host:
name: ceph-cl01tl
path: /
tls:
- secretName: ceph-cl01tl
hosts:
- ceph-cl01tl
rules:
- host: ceph-cl01tl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rook-ceph-mgr-dashboard
port:
name: http-dashboard
cephBlockPools:
- name: ceph-blockpool
spec:
failureDomain: host
replicated:
size: 3
enableRBDStats: false
storageClass:
enabled: true
name: ceph-block
isDefault: true
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: "Immediate"
parameters:
imageFormat: "2"
imageFeatures: layering,exclusive-lock,object-map,fast-diff
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/fstype: ext4
cephBlockPoolsVolumeSnapshotClass:
enabled: true
name: ceph-blockpool-snapshot
isDefault: false
deletionPolicy: Delete

22
clusters/cl01tl/storage/volsync/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: volsync
version: 1.0.0
description: Volsync
keywords:
- volsync
- backup
- storage
- s3
- kubernetes
home: https://wiki.alexlebens.dev/doc/volsync-iusm70xWOf
sources:
- https://github.com/backube/volsync
- https://github.com/backube/volsync/tree/main/helm/volsync
maintainers:
- name: alexlebens
dependencies:
- name: volsync
version: 0.11.0
repository: https://backube.github.io/helm-charts/
icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
appVersion: 0.11.1

17
clusters/cl01tl/storage/volsync/values.yaml
View File

@@ -1,17 +0,0 @@
volsync:
replicaCount: 3
manageCRDs: true
metrics:
disableAuth: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources:
limits:
cpu: 2000m
requests:
cpu: 10m
memory: 128Mi