diff --git a/clusters/cl01tl/helm/code-server/Chart.yaml b/clusters/cl01tl/helm/code-server/Chart.yaml index e6d22baef..2de9f07a5 100644 --- a/clusters/cl01tl/helm/code-server/Chart.yaml +++ b/clusters/cl01tl/helm/code-server/Chart.yaml @@ -5,14 +5,14 @@ description: Code Server keywords: - code-server - code - - ide -home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d +home: https://docs.alexlebens.dev/applications/code-server/ sources: - https://github.com/coder/code-server - - https://github.com/cloudflare/cloudflared - - https://hub.docker.com/r/linuxserver/code-server + - https://github.com/linuxserver/docker-code-server + - https://github.com/linuxserver/docker-code-server/pkgs/container/code-server - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -28,5 +28,5 @@ dependencies: version: 0.8.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png -# renovate: datasource=github-releases depName=linuxserver/docker-code-server -appVersion: 4.108.1 +# renovate: datasource=github-releases depName=coder/code-server +appVersion: 4.112.0 diff --git a/clusters/cl01tl/helm/code-server/templates/external-secret.yaml b/clusters/cl01tl/helm/code-server/templates/external-secret.yaml index cd95a9840..bd08a7ecb 100644 --- a/clusters/cl01tl/helm/code-server/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/code-server/templates/external-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/code-server/auth - metadataPolicy: None property: PASSWORD - secretKey: SUDO_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/code-server/auth - metadataPolicy: None property: SUDO_PASSWORD diff --git a/clusters/cl01tl/helm/code-server/values.yaml b/clusters/cl01tl/helm/code-server/values.yaml index 985f3f084..664d60a78 100644 --- a/clusters/cl01tl/helm/code-server/values.yaml +++ b/clusters/cl01tl/helm/code-server/values.yaml @@ -4,16 +4,18 @@ code-server: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: ghcr.io/linuxserver/code-server tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b - pullPolicy: IfNotPresent env: - name: TZ - value: US/Central + value: America/Chicago - name: PUID value: 1000 - name: PGID @@ -26,7 +28,7 @@ code-server: resources: requests: cpu: 10m - memory: 128Mi + memory: 80Mi service: main: controller: main @@ -47,11 +49,8 @@ code-server: - code-server.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: code-server + - name: code-server port: 8443 - weight: 100 matches: - path: type: PathPrefix @@ -62,7 +61,6 @@ code-server: storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi - retain: true advancedMounts: main: main: diff --git a/clusters/cl01tl/helm/coredns/Chart.yaml b/clusters/cl01tl/helm/coredns/Chart.yaml index c71eee4f6..219be6a74 100644 --- a/clusters/cl01tl/helm/coredns/Chart.yaml +++ b/clusters/cl01tl/helm/coredns/Chart.yaml @@ -5,9 +5,7 @@ description: CoreDNS keywords: - coredns - dns - - network - - kubernetes -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/coredns/ sources: - https://github.com/coredns/coredns - https://github.com/coredns/helm @@ -17,6 +15,6 @@ dependencies: - name: coredns version: 1.45.2 repository: https://coredns.github.io/helm -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png +icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png # renovate: datasource=github-releases depName=coredns/coredns appVersion: v1.14.2 diff --git a/clusters/cl01tl/helm/coredns/values.yaml b/clusters/cl01tl/helm/coredns/values.yaml index e03747dbb..868df8482 100644 --- a/clusters/cl01tl/helm/coredns/values.yaml +++ b/clusters/cl01tl/helm/coredns/values.yaml @@ -1,23 +1,18 @@ coredns: image: repository: registry.k8s.io/coredns/coredns - tag: v1.14.2 + tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9 replicaCount: 3 resources: + limits: + cpu: null + memory: null requests: - cpu: 50m - memory: 128Mi - rollingUpdate: - maxUnavailable: 1 - maxSurge: 25% - terminationGracePeriodSeconds: 30 - serviceType: "ClusterIP" + cpu: 20m + memory: 32Mi prometheus: service: enabled: true - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9153" monitor: enabled: true namespace: kube-system @@ -29,18 +24,7 @@ coredns: serviceAccount: create: true name: coredns - rbac: - create: true - isClusterService: true priorityClassName: system-cluster-critical - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false servers: - zones: - zone: . @@ -77,6 +61,8 @@ coredns: - name: errors - name: cache parameters: 30 + - name: prometheus + parameters: :9153 - name: forward parameters: . 10.111.232.172 - zones: @@ -88,6 +74,8 @@ coredns: - name: errors - name: cache parameters: 30 + - name: prometheus + parameters: :9153 - name: forward parameters: . 10.97.20.219 nodeSelector: @@ -100,6 +88,4 @@ coredns: operator: Exists effect: NoSchedule deployment: - skipConfig: false - enabled: true name: coredns diff --git a/clusters/cl01tl/helm/dawarich/Chart.yaml b/clusters/cl01tl/helm/dawarich/Chart.yaml index 7798e8373..814b63e09 100644 --- a/clusters/cl01tl/helm/dawarich/Chart.yaml +++ b/clusters/cl01tl/helm/dawarich/Chart.yaml @@ -5,10 +5,13 @@ description: Dawarich keywords: - dawarich - location -home: https://wiki.alexlebens.dev/s/ +home: https://docs.alexlebens.dev/applications/dawarich/ sources: - https://github.com/Freika/dawarich + - https://hub.docker.com/r/freikin/dawarich - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml index b43be4179..7028d7fc0 100644 --- a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml @@ -14,10 +14,7 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/dawarich/key - metadataPolicy: None property: key --- @@ -37,15 +34,9 @@ spec: data: - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/dawarich - metadataPolicy: None property: client - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/dawarich - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/helm/dawarich/values.yaml b/clusters/cl01tl/helm/dawarich/values.yaml index f10d551a0..c127965a3 100644 --- a/clusters/cl01tl/helm/dawarich/values.yaml +++ b/clusters/cl01tl/helm/dawarich/values.yaml @@ -4,15 +4,20 @@ dawarich: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: freikin/dawarich - tag: 1.4.0 - pullPolicy: IfNotPresent - command: ["web-entrypoint.sh"] - args: ["bin/rails", "server", "-p", "3000", "-b", "::"] + tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 + command: + - "web-entrypoint.sh" + args: + - "bin/rails" + - "server" + - "-p" + - "3000" + - "-b" + - "::" env: - name: RAILS_ENV value: production @@ -86,14 +91,14 @@ dawarich: value: true probes: liveness: - enabled: false + enabled: true custom: true spec: exec: command: - /bin/sh - -c - - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"' + - "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" failureThreshold: 5 initialDelaySeconds: 60 periodSeconds: 10 @@ -102,14 +107,15 @@ dawarich: resources: requests: cpu: 10m - memory: 128Mi + memory: 750Mi sidekiq: image: repository: freikin/dawarich - tag: 1.4.0 - pullPolicy: IfNotPresent - command: ["sidekiq-entrypoint.sh"] - args: ["sidekiq"] + tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 + command: + - "sidekiq-entrypoint.sh" + args: + - "sidekiq" env: - name: RAILS_ENV value: production @@ -185,23 +191,19 @@ dawarich: value: true probes: liveness: - enabled: false + enabled: true custom: true spec: exec: command: - - /bin/sh - - -c - - pgrep -f sidekiq + - pgrep + - -f + - sidekiq failureThreshold: 5 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 128Mi service: main: controller: main @@ -238,11 +240,8 @@ dawarich: - dawarich.alexlebens.net rules: - backendRefs: - - group: "" - kind: Service - name: dawarich + - name: dawarich port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -253,7 +252,6 @@ dawarich: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -267,7 +265,6 @@ dawarich: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -281,7 +278,6 @@ dawarich: storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi - retain: true advancedMounts: main: main: @@ -313,32 +309,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 10 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external diff --git a/renovate.json b/renovate.json index 1a6077034..15f98e789 100644 --- a/renovate.json +++ b/renovate.json @@ -155,6 +155,22 @@ "/(^|/)(?dawarich|komodo|immich|home-assistant|element-web|cilium)/" ] }, + { + "description": "Group Bazarr dependencies", + "groupName": "bazarr", + "groupSlug": "unified-bazarr", + "matchPackageNames": [ + "bazarr$" + ] + }, + { + "description": "Group Code Server dependencies", + "groupName": "code-server", + "groupSlug": "unified-code-server", + "matchPackageNames": [ + "code-server$" + ] + }, { "description": "Group Rook-Ceph dependencies", "groupName": "rook-ceph",