From a205c8ae4f89eccf64bb9cc3a5bb9e510bc42051 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 23 Dec 2025 23:43:51 -0600 Subject: [PATCH] update chart --- .../cl01tl/helm/redis-operator/Chart.yaml | 1 + clusters/cl01tl/helm/reloader/Chart.yaml | 1 + clusters/cl01tl/helm/rook-ceph/Chart.yaml | 1 + .../helm/rook-ceph/templates/http-route.yaml | 58 ------------- clusters/cl01tl/helm/rook-ceph/values.yaml | 23 +++++ clusters/cl01tl/helm/roundcube/Chart.lock | 6 +- clusters/cl01tl/helm/roundcube/Chart.yaml | 3 +- .../roundcube/templates/external-secret.yaml | 67 --------------- .../helm/roundcube/templates/http-route.yaml | 28 ------ clusters/cl01tl/helm/roundcube/values.yaml | 65 ++++++++------ clusters/cl01tl/helm/s3-exporter/Chart.yaml | 1 + .../templates/service-monitor.yaml | 86 ------------------- clusters/cl01tl/helm/s3-exporter/values.yaml | 45 ++++++++++ .../helm/searxng/templates/http-route.yaml | 28 ------ .../searxng/templates/service-monitor.yaml | 26 ------ clusters/cl01tl/helm/searxng/values.yaml | 40 +++++++++ 16 files changed, 154 insertions(+), 325 deletions(-) delete mode 100644 clusters/cl01tl/helm/rook-ceph/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/roundcube/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/s3-exporter/templates/service-monitor.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/http-route.yaml delete mode 100644 clusters/cl01tl/helm/searxng/templates/service-monitor.yaml diff --git a/clusters/cl01tl/helm/redis-operator/Chart.yaml b/clusters/cl01tl/helm/redis-operator/Chart.yaml index 172c6dc75..4fffa2f70 100644 --- a/clusters/cl01tl/helm/redis-operator/Chart.yaml +++ b/clusters/cl01tl/helm/redis-operator/Chart.yaml @@ -18,4 +18,5 @@ dependencies: version: 0.22.2 repository: https://ot-container-kit.github.io/helm-charts/ icon: https://github.com/OT-CONTAINER-KIT/redis-operator/raw/main/static/redis-operator-logo.svg +# renovate: github=OT-CONTAINER-KIT/redis-operator appVersion: v0.21.0 diff --git a/clusters/cl01tl/helm/reloader/Chart.yaml b/clusters/cl01tl/helm/reloader/Chart.yaml index 1dab7108c..d3b45e934 100644 --- a/clusters/cl01tl/helm/reloader/Chart.yaml +++ b/clusters/cl01tl/helm/reloader/Chart.yaml @@ -17,4 +17,5 @@ dependencies: version: 2.2.7 repository: https://stakater.github.io/stakater-charts icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg +# renovate: github=stakater/Reloader appVersion: v1.4.11 diff --git a/clusters/cl01tl/helm/rook-ceph/Chart.yaml b/clusters/cl01tl/helm/rook-ceph/Chart.yaml index 12b2db3cd..9cb5c628d 100644 --- a/clusters/cl01tl/helm/rook-ceph/Chart.yaml +++ b/clusters/cl01tl/helm/rook-ceph/Chart.yaml @@ -26,4 +26,5 @@ dependencies: repository: oci://harbor.alexlebens.net/helm-charts version: 2.1.4 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png +# renovate: github=rook/rook appVersion: v1.18.8 diff --git a/clusters/cl01tl/helm/rook-ceph/templates/http-route.yaml b/clusters/cl01tl/helm/rook-ceph/templates/http-route.yaml deleted file mode 100644 index c2a115ff7..000000000 --- a/clusters/cl01tl/helm/rook-ceph/templates/http-route.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-rook-ceph - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-rook-ceph - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - ceph.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: rook-ceph-mgr-dashboard - port: 7000 - weight: 100 - ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-rook-ceph-rgw - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-rook-ceph-rgw - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - objects.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: rook-ceph-rgw-ceph-objectstore - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/rook-ceph/values.yaml b/clusters/cl01tl/helm/rook-ceph/values.yaml index 83a5e2630..1a8c658bf 100644 --- a/clusters/cl01tl/helm/rook-ceph/values.yaml +++ b/clusters/cl01tl/helm/rook-ceph/values.yaml @@ -91,6 +91,17 @@ rook-ceph-cluster: csi: readAffinity: enabled: true + route: + dashboard: + host: + name: ceph.alexlebens.net + path: "/" + pathType: PathPrefix + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik cephBlockPools: - name: ceph-blockpool spec: @@ -194,5 +205,17 @@ rook-ceph-cluster: volumeBindingMode: "Immediate" parameters: region: us-east-1 + route: + enabled: true + port: 80 + host: + name: objects.alexlebens.net + path: / + pathType: PathPrefix + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik cloudflared-rgw: name: rgw diff --git a/clusters/cl01tl/helm/roundcube/Chart.lock b/clusters/cl01tl/helm/roundcube/Chart.lock index b365079f6..88fbd607f 100644 --- a/clusters/cl01tl/helm/roundcube/Chart.lock +++ b/clusters/cl01tl/helm/roundcube/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.5.0 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.1.4 + version: 7.4.3 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.6.0 -digest: sha256:c531cfe041d66e9472dd51bca6f7c383821bb8227991d2fc1b72ae6680ec7133 -generated: "2025-12-21T19:06:41.167414266Z" +digest: sha256:1d825023fd1e58dd4464bbcf2ecd0063d0ccc8cdf192a328a61328a90f95b2c1 +generated: "2025-12-23T23:33:00.895483-06:00" diff --git a/clusters/cl01tl/helm/roundcube/Chart.yaml b/clusters/cl01tl/helm/roundcube/Chart.yaml index 3e31ab548..52d42ee64 100644 --- a/clusters/cl01tl/helm/roundcube/Chart.yaml +++ b/clusters/cl01tl/helm/roundcube/Chart.yaml @@ -21,11 +21,12 @@ dependencies: version: 4.5.0 - name: postgres-cluster alias: postgres-18-cluster - version: 7.1.4 + version: 7.4.3 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-data version: 0.6.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png +# renovate: github=roundcube/roundcubemail appVersion: 1.6.11 diff --git a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml index fbc4580e8..e77ee5256 100644 --- a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml @@ -19,70 +19,3 @@ spec: key: /cl01tl/roundcube/key metadataPolicy: None property: DES_KEY - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-18-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: roundcube-postgresql-18-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: roundcube-postgresql-18-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/roundcube/templates/http-route.yaml b/clusters/cl01tl/helm/roundcube/templates/http-route.yaml deleted file mode 100644 index b32e8fea1..000000000 --- a/clusters/cl01tl/helm/roundcube/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-mail - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-mail - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - mail.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: roundcube - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/roundcube/values.yaml b/clusters/cl01tl/helm/roundcube/values.yaml index 3f099be97..8d5610053 100644 --- a/clusters/cl01tl/helm/roundcube/values.yaml +++ b/clusters/cl01tl/helm/roundcube/values.yaml @@ -172,6 +172,27 @@ roundcube: port: 80 targetPort: 80 protocol: HTTP + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - roundcube.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: roundcube + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / persistence: config: enabled: true @@ -207,57 +228,45 @@ roundcube: readOnly: false postgres-18-cluster: mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: roundcube-postgresql-18-cluster-backup-secret-garage backup: objectStore: - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-18-cluster index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: roundcube-postgresql-18-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: external - # destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-18-cluster - # index: 1 - # retentionPolicy: "30d" - # isWALArchiver: false # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/roundcube/roundcube-postgresql-18-cluster # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: roundcube-postgresql-18-cluster-backup-secret-garage - # retentionPolicy: "30d" + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" # data: # compression: bzip2 - # jobs: 2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local - # - name: daily-backup - # suspend: false - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external # - name: weekly-backup # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external volsync-target-data: pvcTarget: roundcube-data diff --git a/clusters/cl01tl/helm/s3-exporter/Chart.yaml b/clusters/cl01tl/helm/s3-exporter/Chart.yaml index 81d760cb1..188932ac9 100644 --- a/clusters/cl01tl/helm/s3-exporter/Chart.yaml +++ b/clusters/cl01tl/helm/s3-exporter/Chart.yaml @@ -19,4 +19,5 @@ dependencies: alias: s3-exporter repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.5.0 +# renovate: github=molu8bits/s3bucket_exporter appVersion: 1.0.2 diff --git a/clusters/cl01tl/helm/s3-exporter/templates/service-monitor.yaml b/clusters/cl01tl/helm/s3-exporter/templates/service-monitor.yaml deleted file mode 100644 index f08c21e36..000000000 --- a/clusters/cl01tl/helm/s3-exporter/templates/service-monitor.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-digital-ocean - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-digital-ocean - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-digital-ocean - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-ceph-directus - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-ceph-directus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-ceph-directus - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-garage-local - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-garage-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-garage-local - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 120s - path: /metrics - ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: s3-exporter-garage-remote - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: s3-exporter-garage-remote - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/service: s3-exporter-garage-remote - endpoints: - - port: metrics - interval: 5m - scrapeTimeout: 5m - path: /metrics diff --git a/clusters/cl01tl/helm/s3-exporter/values.yaml b/clusters/cl01tl/helm/s3-exporter/values.yaml index 202f0febe..e12575777 100644 --- a/clusters/cl01tl/helm/s3-exporter/values.yaml +++ b/clusters/cl01tl/helm/s3-exporter/values.yaml @@ -179,3 +179,48 @@ s3-exporter: port: 9655 targetPort: 9655 protocol: TCP + serviceMonitor: + digital-ocean: + selector: + matchLabels: + app.kubernetes.io/name: s3-exporter-digital-ocean + app.kubernetes.io/instance: s3-exporter-digital-ocean + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: metrics + interval: 5m + scrapeTimeout: 120s + path: /metrics + ceph-directus: + selector: + matchLabels: + app.kubernetes.io/name: s3-exporter-ceph-directus + app.kubernetes.io/instance: s3-exporter-ceph-directus + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: metrics + interval: 5m + scrapeTimeout: 120s + path: /metrics + garage-local: + selector: + matchLabels: + app.kubernetes.io/name: s3-exporter-garage-local + app.kubernetes.io/instance: s3-exporter-garage-local + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: metrics + interval: 5m + scrapeTimeout: 120s + path: /metrics + garage-remote: + selector: + matchLabels: + app.kubernetes.io/name: s3-exporter-garage-remote + app.kubernetes.io/instance: s3-exporter-garage-remote + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: metrics + interval: 5m + scrapeTimeout: 120s + path: /metrics diff --git a/clusters/cl01tl/helm/searxng/templates/http-route.yaml b/clusters/cl01tl/helm/searxng/templates/http-route.yaml deleted file mode 100644 index 205106b74..000000000 --- a/clusters/cl01tl/helm/searxng/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-searxng - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-searxng - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - searxng.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: searxng-browser - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/searxng/templates/service-monitor.yaml b/clusters/cl01tl/helm/searxng/templates/service-monitor.yaml deleted file mode 100644 index 1157c8eda..000000000 --- a/clusters/cl01tl/helm/searxng/templates/service-monitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: searxng-browser - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-browser - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: searxng-browser - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: mail - interval: 30s - scrapeTimeout: 15s - path: /metrics - basicAuth: - password: - name: searxng-browser-metrics-auth - key: metrics-password - username: - name: searxng-browser-metrics-auth - key: metrics-username diff --git a/clusters/cl01tl/helm/searxng/values.yaml b/clusters/cl01tl/helm/searxng/values.yaml index 6b02f4477..8a1b4bdee 100644 --- a/clusters/cl01tl/helm/searxng/values.yaml +++ b/clusters/cl01tl/helm/searxng/values.yaml @@ -114,6 +114,46 @@ searxng: port: 80 targetPort: 8080 protocol: HTTP + serviceMonitor: + main: + selector: + matchLabels: + app.kubernetes.io/name: searxng-browser + app.kubernetes.io/instance: searxng-browser + serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' + endpoints: + - port: mail + interval: 30s + scrapeTimeout: 15s + path: /metrics + basicAuth: + password: + name: searxng-browser-metrics-auth + key: metrics-password + username: + name: searxng-browser-metrics-auth + key: metrics-username + route: + main: + kind: HTTPRoute + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - searxng.alexlebens.net + rules: + - backendRefs: + - group: '' + kind: Service + name: searxng-browser + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / persistence: config: enabled: true