From a34db2de86a1ddd4a77f1d26d0ee7f3ed5ec7e63 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 4 Apr 2026 17:54:26 -0500 Subject: [PATCH] feat: refactor apps --- clusters/cl01tl/helm/homepage/values.yaml | 2 +- clusters/cl01tl/helm/music-grabber/Chart.yaml | 10 +- .../templates/external-secret.yaml | 24 ----- .../music-grabber/templates/namespace.yaml | 11 --- .../cl01tl/helm/music-grabber/values.yaml | 97 ++++--------------- clusters/cl01tl/helm/navidrome/Chart.yaml | 5 +- clusters/cl01tl/helm/navidrome/values.yaml | 29 +++--- .../helm/node-feature-discovery/Chart.yaml | 4 +- .../helm/node-feature-discovery/values.yaml | 26 +++-- 9 files changed, 66 insertions(+), 142 deletions(-) delete mode 100644 clusters/cl01tl/helm/music-grabber/templates/namespace.yaml diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index 9ebdc6577..94340a40e 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -843,7 +843,7 @@ homepage: siteMonitor: http://yubal.yubal:80 statusStyle: dot - Music Grabber: - icon: sh-music-service.webp + icon: sh-music-grabber.webp description: Replicate Music playlists href: https://music-grabber.alexlebens.net siteMonitor: http://music-grabber.music-grabber:80 diff --git a/clusters/cl01tl/helm/music-grabber/Chart.yaml b/clusters/cl01tl/helm/music-grabber/Chart.yaml index 131592116..991e43caf 100644 --- a/clusters/cl01tl/helm/music-grabber/Chart.yaml +++ b/clusters/cl01tl/helm/music-grabber/Chart.yaml @@ -5,11 +5,12 @@ description: Music Grabber keywords: - music-grabber - music -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/music-grabber/ sources: - https://gitlab.com/g33kphr33k/musicgrabber - - https://hub.docker.com/r/g33kphr33k/musicgrabber/tags + - https://hub.docker.com/r/g33kphr33k/musicgrabber - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -17,5 +18,10 @@ dependencies: alias: music-grabber repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 + - name: volsync-target + alias: volsync-target-data + version: 0.8.0 + repository: oci://harbor.alexlebens.net/helm-charts +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png # renovate: datasource=docker depName=g33kphr33k/musicgrabber appVersion: 2.5.5 diff --git a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml index d3b8adc10..7eafe9fb4 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml @@ -14,31 +14,19 @@ spec: data: - secretKey: navidrome-user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/navidrome/admin - metadataPolicy: None property: user - secretKey: navidrome-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/navidrome/admin - metadataPolicy: None property: password - secretKey: slskd-user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/slskd/auth - metadataPolicy: None property: user - secretKey: slskd-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/slskd/auth - metadataPolicy: None property: password --- @@ -58,29 +46,17 @@ spec: data: - secretKey: private-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: private-key - secretKey: preshared-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: preshared-key - secretKey: addresses remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: addresses - secretKey: input-ports remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: input-ports diff --git a/clusters/cl01tl/helm/music-grabber/templates/namespace.yaml b/clusters/cl01tl/helm/music-grabber/templates/namespace.yaml deleted file mode 100644 index 00ceb8566..000000000 --- a/clusters/cl01tl/helm/music-grabber/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: music-grabber - labels: - app.kubernetes.io/name: music-grabber - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/music-grabber/values.yaml b/clusters/cl01tl/helm/music-grabber/values.yaml index efadac086..5ec90de2b 100644 --- a/clusters/cl01tl/helm/music-grabber/values.yaml +++ b/clusters/cl01tl/helm/music-grabber/values.yaml @@ -4,13 +4,15 @@ music-grabber: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: g33kphr33k/musicgrabber - tag: 2.5.5 - pullPolicy: IfNotPresent + tag: 2.5.5@sha256:756ce91653b2f5f17f8f47e5c91f07df5af82162608acdf507e6209a16725373 env: - name: MUSIC_DIR value: /mnt/store/Music Grabber/ @@ -49,73 +51,7 @@ music-grabber: cpu: 100m requests: cpu: 10m - memory: 512Mi - # gluetun: - # image: - # repository: ghcr.io/qdm12/gluetun - # tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - # pullPolicy: IfNotPresent - # lifecycle: - # postStart: - # exec: - # command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] - # env: - # - name: VPN_SERVICE_PROVIDER - # value: airvpn - # - name: VPN_TYPE - # value: wireguard - # - name: WIREGUARD_PRIVATE_KEY - # valueFrom: - # secretKeyRef: - # name: music-grabber-wireguard-conf - # key: private-key - # - name: WIREGUARD_PRESHARED_KEY - # valueFrom: - # secretKeyRef: - # name: music-grabber-wireguard-conf - # key: preshared-key - # - name: WIREGUARD_ADDRESSES - # valueFrom: - # secretKeyRef: - # name: music-grabber-wireguard-conf - # key: addresses - # - name: FIREWALL_OUTBOUND_SUBNETS - # value: 10.0.0.0/8 - # - name: FIREWALL_INPUT_PORTS - # value: 8080 - # - name: DNS_UPSTREAM_RESOLVER_TYPE - # value: dot - # - name: HTTPPROXY - # value: "off" - # - name: SHADOWSOCKS - # value: "off" - # securityContext: - # privileged: True - # capabilities: - # add: - # - NET_ADMIN - # - SYS_MODULE - # probes: - # liveness: - # enabled: true - # custom: true - # spec: - # exec: - # command: - # - /gluetun-entrypoint - # - healthcheck - # failureThreshold: 5 - # initialDelaySeconds: 30 - # periodSeconds: 30 - # successThreshold: 1 - # timeoutSeconds: 15 - # resources: - # limits: - # devic.es/tun: "1" - # requests: - # devic.es/tun: "1" - # cpu: 10m - # memory: 128Mi + memory: 50Mi service: main: controller: main @@ -123,7 +59,6 @@ music-grabber: http: port: 80 targetPort: 8080 - protocol: HTTP route: main: kind: HTTPRoute @@ -136,21 +71,18 @@ music-grabber: - music-grabber.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: music-grabber + - name: music-grabber port: 80 - weight: 100 matches: - path: type: PathPrefix value: / persistence: - cache: + data: + forceRename: music-grabber-data storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi - retain: true advancedMounts: main: main: @@ -163,3 +95,14 @@ music-grabber: main: - path: /mnt/store/ readOnly: false +volsync-target-data: + pvcTarget: music-grabber-data + local: + enabled: true + schedule: 46 8 * * * + remote: + enabled: true + schedule: 46 9 * * * + external: + enabled: true + schedule: 46 10 * * * diff --git a/clusters/cl01tl/helm/navidrome/Chart.yaml b/clusters/cl01tl/helm/navidrome/Chart.yaml index 88981da02..3ed509793 100644 --- a/clusters/cl01tl/helm/navidrome/Chart.yaml +++ b/clusters/cl01tl/helm/navidrome/Chart.yaml @@ -6,11 +6,14 @@ keywords: - navidrome - feishin - music -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/navidrome/ sources: - https://github.com/navidrome/navidrome - https://github.com/jeffvli/feishin + - https://github.com/navidrome/navidrome/pkgs/container/navidrome + - https://github.com/jeffvli/feishin/pkgs/container/feishin - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/navidrome/values.yaml b/clusters/cl01tl/helm/navidrome/values.yaml index 2c56eeb14..c2e7aad4c 100644 --- a/clusters/cl01tl/helm/navidrome/values.yaml +++ b/clusters/cl01tl/helm/navidrome/values.yaml @@ -4,13 +4,15 @@ navidrome: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: - repository: deluan/navidrome + repository: ghcr.io/navidrome/navidrome tag: 0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b - pullPolicy: IfNotPresent env: - name: ND_MUSICFOLDER value: /music @@ -32,18 +34,16 @@ navidrome: requests: gpu.intel.com/i915: 1 cpu: 10m - memory: 128Mi + memory: 50Mi feishin: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/jeffvli/feishin - tag: 1.0.1-beta.1@sha256:61239641f23a33f99c2858419b14afb66683f3cd82010363fba92be3993fd894 - pullPolicy: IfNotPresent + tag: 1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07 env: - name: SERVER_NAME value: talos @@ -53,6 +53,9 @@ navidrome: value: navidrome - name: SERVER_URL value: https://navidrome.alexlebens.net + resources: + cpu: 1m + memory: 20Mi service: main: controller: main @@ -60,14 +63,12 @@ navidrome: http: port: 80 targetPort: 4533 - protocol: HTTP feishin: controller: feishin ports: http: port: 80 targetPort: 9180 - protocol: HTTP serviceMonitor: main: selector: @@ -94,11 +95,8 @@ navidrome: - navidrome.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: navidrome-main + - name: navidrome-main port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -114,11 +112,8 @@ navidrome: - feishin.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: navidrome-feishin + - name: navidrome-feishin port: 80 - weight: 100 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/helm/node-feature-discovery/Chart.yaml b/clusters/cl01tl/helm/node-feature-discovery/Chart.yaml index 31919f37b..b45267248 100644 --- a/clusters/cl01tl/helm/node-feature-discovery/Chart.yaml +++ b/clusters/cl01tl/helm/node-feature-discovery/Chart.yaml @@ -5,10 +5,10 @@ description: Node Feature Discovery keywords: - node-feature-discovery - labels - - kubernetes -home: https://wiki.alexlebens.dev/s/b6fb2588-8212-4dca-b4c6-3021020b2ae1 +home: https://docs.alexlebens.dev/applications/node-feature-discovery/ sources: - https://github.com/kubernetes-sigs/node-feature-discovery + - https://console.cloud.google.com/artifacts/docker/k8s-staging-nfd/us/gcr.io/node-feature-discovery - https://github.com/kubernetes-sigs/node-feature-discovery/tree/master/deployment/helm/node-feature-discovery maintainers: - name: alexlebens diff --git a/clusters/cl01tl/helm/node-feature-discovery/values.yaml b/clusters/cl01tl/helm/node-feature-discovery/values.yaml index 506d71af0..211afae31 100644 --- a/clusters/cl01tl/helm/node-feature-discovery/values.yaml +++ b/clusters/cl01tl/helm/node-feature-discovery/values.yaml @@ -1,12 +1,18 @@ node-feature-discovery: + image: + repository: gcr.io/k8s-staging-nfd/node-feature-discovery + tag: v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862 + pullPolicy: IfNotPresent featureGates: NodeFeatureGroupAPI: true master: - replicaCount: 2 + replicaCount: 1 resources: + limits: + memory: null requests: - cpu: 20m - memory: 60Mi + cpu: 10m + memory: 20Mi tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists @@ -60,17 +66,23 @@ node-feature-discovery: class: ["0300"] vendor: ["8086"] resources: + limits: + memory: null requests: - cpu: 20m - memory: 60Mi + cpu: 1m + memory: 20Mi tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule + topologyUpdater: + enable: false gc: resources: + limits: + memory: null requests: - cpu: 20m - memory: 60Mi + cpu: 1m + memory: 20Mi prometheus: enable: true