alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity

update chart
All checks were successful
lint-test-helm / lint-helm (push) Successful in 23s
Details
render-manifests-push / render-manifests-push (push) Successful in 1m17s
Details
renovate / renovate (push) Successful in 1m26s
Details

Browse Source
This commit is contained in:
Alex Lebens
2025-12-23 23:43:51 -06:00
parent 53962fb103
commit a205c8ae4f
16 changed files with 154 additions and 325 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/cl01tl/helm/redis-operator/Chart.yaml
View File

@@ -18,4 +18,5 @@ dependencies:
version: 0.22.2
repository: https://ot-container-kit.github.io/helm-charts/
icon: https://github.com/OT-CONTAINER-KIT/redis-operator/raw/main/static/redis-operator-logo.svg
# renovate: github=OT-CONTAINER-KIT/redis-operator
appVersion: v0.21.0

1
clusters/cl01tl/helm/reloader/Chart.yaml
View File

@@ -17,4 +17,5 @@ dependencies:
version: 2.2.7
repository: https://stakater.github.io/stakater-charts
icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg
# renovate: github=stakater/Reloader
appVersion: v1.4.11

1
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -26,4 +26,5 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
# renovate: github=rook/rook
appVersion: v1.18.8

58
clusters/cl01tl/helm/rook-ceph/templates/http-route.yaml
View File

@@ -1,58 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-rook-ceph
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-rook-ceph
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- ceph.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: rook-ceph-mgr-dashboard
port: 7000
weight: 100
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-rook-ceph-rgw
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-rook-ceph-rgw
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- objects.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: rook-ceph-rgw-ceph-objectstore
port: 80
weight: 100

23
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -91,6 +91,17 @@ rook-ceph-cluster:
csi:
readAffinity:
enabled: true
route:
dashboard:
host:
name: ceph.alexlebens.net
path: "/"
pathType: PathPrefix
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
cephBlockPools:
- name: ceph-blockpool
spec:
@@ -194,5 +205,17 @@ rook-ceph-cluster:
volumeBindingMode: "Immediate"
parameters:
region: us-east-1
route:
enabled: true
port: 80
host:
name: objects.alexlebens.net
path: /
pathType: PathPrefix
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
cloudflared-rgw:
name: rgw

6
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.4
version: 7.4.3
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.0
digest: sha256:c531cfe041d66e9472dd51bca6f7c383821bb8227991d2fc1b72ae6680ec7133
generated: "2025-12-21T19:06:41.167414266Z"
digest: sha256:1d825023fd1e58dd4464bbcf2ecd0063d0ccc8cdf192a328a61328a90f95b2c1
generated: "2025-12-23T23:33:00.895483-06:00"

3
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -21,11 +21,12 @@ dependencies:
version: 4.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.4
version: 7.4.3
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
# renovate: github=roundcube/roundcubemail
appVersion: 1.6.11

67
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -19,70 +19,3 @@ spec:
key: /cl01tl/roundcube/key
metadataPolicy: None
property: DES_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: roundcube-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: roundcube-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: roundcube-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: roundcube-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

28
clusters/cl01tl/helm/roundcube/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-mail
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-mail
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- mail.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: roundcube
port: 80
weight: 100

65
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -172,6 +172,27 @@ roundcube:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- roundcube.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: roundcube
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
enabled: true
@@ -207,57 +228,45 @@ roundcube:
readOnly: false
postgres-18-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-18-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: roundcube-postgresql-18-cluster-backup-secret-garage
backup:
objectStore:
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-18-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: roundcube-postgresql-18-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-18-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: roundcube-postgresql-18-cluster-backup-secret-garage
# retentionPolicy: "30d"
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# jobs: 2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: roundcube-data

1
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -19,4 +19,5 @@ dependencies:
alias: s3-exporter
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
# renovate: github=molu8bits/s3bucket_exporter
appVersion: 1.0.2

86
clusters/cl01tl/helm/s3-exporter/templates/service-monitor.yaml
View File

@@ -1,86 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: s3-exporter-digital-ocean
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: s3-exporter-digital-ocean
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter
app.kubernetes.io/instance: s3-exporter
app.kubernetes.io/service: s3-exporter-digital-ocean
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: s3-exporter-ceph-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: s3-exporter-ceph-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter
app.kubernetes.io/instance: s3-exporter
app.kubernetes.io/service: s3-exporter-ceph-directus
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: s3-exporter-garage-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: s3-exporter-garage-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter
app.kubernetes.io/instance: s3-exporter
app.kubernetes.io/service: s3-exporter-garage-local
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: s3-exporter-garage-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: s3-exporter-garage-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter
app.kubernetes.io/instance: s3-exporter
app.kubernetes.io/service: s3-exporter-garage-remote
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 5m
path: /metrics

45
clusters/cl01tl/helm/s3-exporter/values.yaml
View File

@@ -179,3 +179,48 @@ s3-exporter:
port: 9655
targetPort: 9655
protocol: TCP
serviceMonitor:
digital-ocean:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter-digital-ocean
app.kubernetes.io/instance: s3-exporter-digital-ocean
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics
ceph-directus:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter-ceph-directus
app.kubernetes.io/instance: s3-exporter-ceph-directus
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics
garage-local:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter-garage-local
app.kubernetes.io/instance: s3-exporter-garage-local
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics
garage-remote:
selector:
matchLabels:
app.kubernetes.io/name: s3-exporter-garage-remote
app.kubernetes.io/instance: s3-exporter-garage-remote
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 5m
scrapeTimeout: 120s
path: /metrics

28
clusters/cl01tl/helm/searxng/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-searxng
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- searxng.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: searxng-browser
port: 80
weight: 100

26
clusters/cl01tl/helm/searxng/templates/service-monitor.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: searxng-browser
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-browser
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: searxng-browser
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: mail
interval: 30s
scrapeTimeout: 15s
path: /metrics
basicAuth:
password:
name: searxng-browser-metrics-auth
key: metrics-password
username:
name: searxng-browser-metrics-auth
key: metrics-username

40
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -114,6 +114,46 @@ searxng:
port: 80
targetPort: 8080
protocol: HTTP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: searxng-browser
app.kubernetes.io/instance: searxng-browser
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: mail
interval: 30s
scrapeTimeout: 15s
path: /metrics
basicAuth:
password:
name: searxng-browser-metrics-auth
key: metrics-password
username:
name: searxng-browser-metrics-auth
key: metrics-username
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- searxng.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: searxng-browser
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
enabled: true