alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions 1 Activity

migrate
Some checks failed
lint-test-helm / helm-lint (push) Successful in 11s
Details
renovate / renovate (push) Successful in 1m18s
Details
render-manifests / render-manifests-helm (push) Failing after 2m22s
Details

Browse Source
This commit is contained in:
Alex Lebens
2025-12-01 20:50:19 -06:00
parent 6da426af29
commit b52d76cc58
207 changed files with 294 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/storage/backrest/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: backrest
version: 1.0.0
description: backrest
keywords:
- backrest
- backup
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/garethgeorge/backrest
- https://hub.docker.com/r/garethgeorge/backrest
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: backrest
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
appVersion: v1.10.1

28
clusters/cl01tl/storage/backrest/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-backrest
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-backrest
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- backrest.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: backrest
port: 80
weight: 100

36
clusters/cl01tl/storage/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: backrest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: backrest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: backrest-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: backrest-nfs-share
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: backrest-nfs-share
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: backrest-nfs-share
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

48
clusters/cl01tl/storage/backrest/templates/persistent-volume.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: backrest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: backrest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: backrest-nfs-share
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: backrest-nfs-share
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Share
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

14
clusters/cl01tl/storage/backrest/templates/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

84
clusters/cl01tl/storage/backrest/values.yaml
View File

@@ -1,84 +0,0 @@
backrest:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: garethgeorge/backrest
tag: v1.10.1
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: BACKREST_DATA
value: /data
- name: BACKREST_CONFIG
value: /config/config.json
- name: XDG_CACHE_HOME
value: /cache
- name: TMPDIR
value: /tmp
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 9898
protocol: TCP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
cache:
type: emptyDir
advancedMounts:
main:
main:
- path: /cache
readOnly: false
tmp:
type: emptyDir
advancedMounts:
main:
main:
- path: /tmp
readOnly: false
storage:
existingClaim: backrest-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/storage
readOnly: true
share:
existingClaim: backrest-nfs-share
advancedMounts:
main:
main:
- path: /mnt/share
readOnly: true

25
clusters/cl01tl/storage/cloudnative-pg/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: cloudnative-pg
version: 1.0.0
description: Cloudnative PG
keywords:
- cloudnative-pg
- operator
- postgresql
- kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources:
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.26.1
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.3.1
repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
appVersion: 1.26.0

16
clusters/cl01tl/storage/cloudnative-pg/values.yaml
View File

@@ -1,16 +0,0 @@
cloudnative-pg:
replicaCount: 2
monitoring:
podMonitorEnabled: true
plugin-barman-cloud:
replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.9.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.9.0
crds:
create: true

20
clusters/cl01tl/storage/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: democratic-csi-synology-iscsi
version: 1.0.0
description: Democratic CSI
keywords:
- democratic-csi-synology-iscsi
- iscsi
- kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources:
- https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi
maintainers:
- name: alexlebens
dependencies:
- name: democratic-csi
repository: https://democratic-csi.github.io/charts/
version: 0.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v1.9.4

21
clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: synology-iscsi-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: synology-iscsi-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: driver-config-file.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml

11
clusters/cl01tl/storage/democratic-csi-synology-iscsi/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: democratic-csi-synology-iscsi
labels:
app.kubernetes.io/name: democratic-csi-synology-iscsi
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

37
clusters/cl01tl/storage/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,37 +0,0 @@
democratic-csi:
driver:
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
enabled: true
rbac:
enabled: true
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
fsType: ext4
- name: synology-iscsi-retain
defaultClass: false
reclaimPolicy: Retain
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
fsType: ext4
node:
hostPID: true
driver:
extraEnv:
- name: ISCSIADM_HOST_STRATEGY
value: nsenter
- name: ISCSIADM_HOST_PATH
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: ""

21
clusters/cl01tl/storage/elastic-operator/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: elastic-operator
version: 1.0.0
description: Elastic Cloud on Kubernetes
keywords:
- elastic-operator
- operator
- elastic-search
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
maintainers:
- name: alexlebens
dependencies:
- name: eck-operator
version: 3.2.0
repository: https://helm.elastic.co
icon: https://helm.elastic.co/icons/eck.png
appVersion: 1.26.0

14
clusters/cl01tl/storage/elastic-operator/values.yaml
View File

@@ -1,14 +0,0 @@
eck-operator:
managedNamespaces:
- tubearchivist
- stalwart
installCRDs: true
replicaCount: 2
telemetry:
disabled: true
config:
logVerbosity: "0"
metrics:
port: "9000"
podMonitor:
enabled: true

22
clusters/cl01tl/storage/garage/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: garage
version: 1.0.0
description: Garage
keywords:
- garage
- storage
- s3
home: https://wiki.alexlebens.dev/s/
sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://hub.docker.com/r/dxflrs/garage
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v2.1.0

35
clusters/cl01tl/storage/garage/templates/external-secret.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-token-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-token-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: GARAGE_RPC_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: rpc
- secretKey: GARAGE_ADMIN_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: admin
- secretKey: GARAGE_METRICS_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: metric

58
clusters/cl01tl/storage/garage/templates/http-route.yaml
View File

@@ -1,58 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-garage-webui
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-garage-webui
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- garage-webui.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: garage-webui
port: 3909
weight: 100
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-garage-s3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-garage-s3
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- garage-s3.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: garage-main
port: 3900
weight: 100

22
clusters/cl01tl/storage/garage/templates/service-monitor.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: admin
interval: 1m
scrapeTimeout: 30s
path: /metrics
bearerTokenSecret:
name: garage-token-secret
key: GARAGE_METRICS_TOKEN

154
clusters/cl01tl/storage/garage/values.yaml
View File

@@ -1,154 +0,0 @@
garage:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: dxflrs/garage
tag: v2.1.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 128Mi
webui:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: khairul169/garage-webui
tag: 1.1.0
pullPolicy: IfNotPresent
env:
- name: API_BASE_URL
value: http://garage-main.garage:3903
- name: S3_ENDPOINT_URL
value: http://garage-main.garage:3900
- name: API_ADMIN_KEY
valueFrom:
secretKeyRef:
name: garage-token-secret
key: GARAGE_ADMIN_TOKEN
resources:
requests:
cpu: 10m
memory: 128Mi
configMaps:
config:
enabled: true
data:
garage.toml: |
replication_factor = 1
metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data"
metadata_snapshots_dir = "/var/lib/garage/snapshots"
db_engine = "lmdb"
metadata_auto_snapshot_interval = "6h"
compression_level = 3
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "127.0.0.1:3901"
allow_world_readable_secrets = false
[s3_api]
s3_region = "us-east-1"
api_bind_addr = "[::]:3900"
root_domain = ".garage-s3.alexlebens.net"
[s3_web]
bind_addr = "[::]:3902"
root_domain = ".garage-s3.alexlebens.net"
[admin]
api_bind_addr = "[::]:3903"
metrics_require_token = true
service:
main:
controller: main
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
webui:
controller: webui
ports:
webui:
port: 3909
targetPort: 3909
protocol: HTTP
persistence:
config:
enabled: true
type: configMap
name: garage
advancedMounts:
main:
main:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage.toml
webui:
main:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage.toml
db:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /var/lib/garage/meta
readOnly: false
data:
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 800Gi
retain: true
advancedMounts:
main:
main:
- path: /var/lib/garage/data
readOnly: false
snapshots:
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
main:
main:
- path: /var/lib/garage/snapshots
readOnly: false

21
clusters/cl01tl/storage/local-path-provisioner/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: local-path-provisioner
version: 1.0.0
description: Local Path Provisioner
keywords:
- local-path-provisioner
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/fa4d4152-b9dd-4fdc-a6f2-93a2c0df7f4a
sources:
- https://github.com/rancher/local-path-provisioner
- https://hub.docker.com/r/rancher/local-path-provisioner
- https://github.com/containeroo/helm-charts/tree/master/charts/local-path-provisioner
maintainers:
- name: alexlebens
dependencies:
- name: local-path-provisioner
version: 0.0.33
repository: https://charts.containeroo.ch
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v0.0.31

11
clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: local-path-provisioner
labels:
app.kubernetes.io/name: local-path-provisioner
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

45
clusters/cl01tl/storage/local-path-provisioner/values.yaml
View File

@@ -1,45 +0,0 @@
local-path-provisioner:
image:
repository: rancher/local-path-provisioner
tag: v0.0.32
helperImage:
repository: busybox
tag: 1.37.0
storageClass:
create: true
defaultClass: false
defaultVolumeType: hostPath
name: local-path
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
nodePathMap:
- node: talos-2di-ktg
paths:
- /var/local-path-provisioner
- node: talos-9vs-6hh
paths:
- /var/local-path-provisioner
- node: talos-aoq-hpv
paths:
- /var/local-path-provisioner
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- talos-2di-ktg
- talos-9vs-6hh
- talos-aoq-hpv
configmap:
name: local-path-config
setup: |-
#!/bin/sh
set -eu
mkdir -m 0777 -p "$VOL_DIR"
teardown: |-
#!/bin/sh
set -eu
rm -rf "$VOL_DIR"

24
clusters/cl01tl/storage/mariadb-operator/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: mariadb-operator
version: 1.0.0
description: MariaDB Operator
keywords:
- mariadb-operator
- database
- storage
- kubernetes
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/mariadb-operator/mariadb-operator
- https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-operator
maintainers:
- name: alexlebens
dependencies:
- name: mariadb-operator
version: 25.10.2
repository: https://helm.mariadb.com/mariadb-operator
- name: mariadb-operator-crds
version: 25.10.2
repository: https://helm.mariadb.com/mariadb-operator
icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
appVersion: 25.10.2

11
clusters/cl01tl/storage/mariadb-operator/values.yaml
View File

@@ -1,11 +0,0 @@
mariadb-operator:
ha:
enabled: true
replicas: 3
metrics:
enabled: true
serviceMonitor:
enabled: true
pdb:
enabled: true
maxUnavailable: 1

21
clusters/cl01tl/storage/nfs/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: nfs-subdir-external-provisioner
version: 1.0.0
description: NFS Subdir External Provisioner
keywords:
- nfs-subdir-external-provisioner
- nfs
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/ac647404-3987-4875-a34c-9398ea75b841
sources:
- https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
- https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/charts/nfs-subdir-external-provisioner
maintainers:
- name: alexlebens
dependencies:
- name: nfs-subdir-external-provisioner
version: 4.0.18
repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 4.0.18

8
clusters/cl01tl/storage/nfs/values.yaml
View File

@@ -1,8 +0,0 @@
nfs-subdir-external-provisioner:
nfs:
server: 10.232.1.64
path: /volume2/Talos
mountOptions:
- hard
- vers=4
- minorversion=1

22
clusters/cl01tl/storage/pgadmin/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: pgadmin4
version: 1.0.0
description: pgAdmin
keywords:
- pgadmin4
- postgresql
- database
home: https://wiki.alexlebens.dev/s/afef464a-3d76-413a-80b1-b42596249a12
sources:
- https://github.com/pgadmin-org/pgadmin4/
- https://hub.docker.com/r/dpage/pgadmin4/
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: pgadmin4
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/pgadmin.png
appVersion: 9.3.0

115
clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml
View File

@@ -1,115 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: pgadmin-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: pgadmin-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: pgadmin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/auth
metadataPolicy: None
property: pgadmin-password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: pgadmin-env-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: pgadmin-env-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/env
metadataPolicy: None
property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
- secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/env
metadataPolicy: None
property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
- secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/pgadmin/env
metadataPolicy: None
property: PGADMIN_CONFIG_OAUTH2_CONFIG
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: pgadmin-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: pgadmin-data-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

28
clusters/cl01tl/storage/pgadmin/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-pgadmin
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-pgadmin
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- pgadmin.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: pgadmin
port: 80
weight: 100

28
clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: pgadmin-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: pgadmin-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: pgadmin-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: pgadmin-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 5050
runAsGroup: 5050
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

72
clusters/cl01tl/storage/pgadmin/values.yaml
View File

@@ -1,72 +0,0 @@
pgadmin4:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
initContainers:
init-chmod-data:
securityContext:
runAsUser: 0
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
/bin/chown -R 5050:5050 /var/lib/pgadmin
resources:
requests:
cpu: 10m
memory: 128Mi
containers:
main:
securityContext:
runAsUser: 5050
runAsGroup: 5050
image:
repository: dpage/pgadmin4
tag: "9.10"
pullPolicy: IfNotPresent
env:
- name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
value: "False"
- name: PGADMIN_DEFAULT_EMAIL
value: alexanderlebens@gmail.com
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pgadmin-password-secret
key: pgadmin-password
envFrom:
- secretRef:
name: pgadmin-env-secret
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: TCP
persistence:
data:
forceRename: pgadmin4-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
init-chmod-data:
- path: /var/lib/pgadmin
readOnly: false
main:
- path: /var/lib/pgadmin
readOnly: false

21
clusters/cl01tl/storage/redis-operator/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: redis-operator
version: 1.0.0
description: Redis on Kubernetes
keywords:
- redis-operator
- operator
- redis
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/OT-CONTAINER-KIT/redis-operator
- https://github.com/OT-CONTAINER-KIT/redis-operator/tree/main/charts/redis-operator
maintainers:
- name: alexlebens
dependencies:
- name: redis-operator
version: 0.22.2
repository: https://ot-container-kit.github.io/helm-charts/
icon: https://github.com/OT-CONTAINER-KIT/redis-operator/raw/main/static/redis-operator-logo.svg
appVersion: v0.21.0

16
clusters/cl01tl/storage/redis-operator/values.yaml
View File

@@ -1,16 +0,0 @@
redis-operator:
redisOperator:
imageName: ghcr.io/ot-container-kit/redis-operator/redis-operator
imageTag: v0.21.0
metrics:
enabled: true
resources:
requests:
cpu: 50m
memory: 128Mi
replicas: 2
certmanager:
enabled: false
manager:
config:
kubeClientTimeout: null

29
clusters/cl01tl/storage/rook-ceph/Chart.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v2
name: rook-ceph
version: 1.0.0
description: Rook Ceph
keywords:
- rook-ceph
- ceph
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/8592da1d-8168-4c6c-a3e4-106902fe878c
sources:
- https://github.com/rook/rook
- https://quay.io/repository/ceph/ceph?tab=tags
- https://github.com/rook/rook/tree/master/deploy/charts
maintainers:
- name: alexlebens
dependencies:
- name: rook-ceph
version: v1.18.7
repository: https://charts.rook.io/release
- name: rook-ceph-cluster
version: v1.18.7
repository: https://charts.rook.io/release
- name: cloudflared
alias: cloudflared-rgw
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
appVersion: v1.17.1

21
clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ceph-rgw-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ceph-rgw-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/ceph-rgw
metadataPolicy: None
property: token

58
clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml
View File

@@ -1,58 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-rook-ceph
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-rook-ceph
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- ceph.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: rook-ceph-mgr-dashboard
port: 7000
weight: 100
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-rook-ceph-rgw
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-rook-ceph-rgw
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- objects.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: rook-ceph-rgw-ceph-objectstore
port: 80
weight: 100

11
clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph
labels:
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

198
clusters/cl01tl/storage/rook-ceph/values.yaml
View File

@@ -1,198 +0,0 @@
rook-ceph:
crds:
enabled: true
csi:
rookUseCsiOperator: true
cephFSKernelMountOptions: "ms_mode=secure"
enableMetadata: true
provisionerReplicas: 3
serviceMonitor:
enabled: true
enableDiscoveryDaemon: true
monitoring:
enabled: true
rook-ceph-cluster:
toolbox:
enabled: true
monitoring:
enabled: true
createPrometheusRules: true
prometheusRuleOverrides:
CephNodeDiskspaceWarning:
disabled: true
cephImage:
# https://quay.io/repository/ceph/ceph?tab=tags
repository: quay.io/ceph/ceph
tag: v19.2.3-20250717
cephClusterSpec:
mgr:
count: 1
modules:
- name: pg_autoscaler
enabled: true
- name: rook
enabled: true
dashboard:
enabled: true
ssl: false
network:
connections:
encryption:
enabled: true
compression:
enabled: true
requireMsgr2: true
placement:
all:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/rook-osd-node
operator: Exists
mon:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/rook-mon-node
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- key: node-role.kubernetes.io/rook-mon-node
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
resources:
mgr:
requests:
cpu: 100m
memory: 512Mi
mon:
requests:
cpu: 200m
memory: 256Mi
osd:
requests:
cpu: 100m
memory: 2Gi
prepareosd:
requests:
cpu: 100m
memory: 128Mi
storage:
deviceFilter: sda
config:
osdsPerDevice: "1"
csi:
readAffinity:
enabled: true
cephBlockPools:
- name: ceph-blockpool
spec:
failureDomain: host
replicated:
size: 3
enableRBDStats: false
storageClass:
enabled: true
name: ceph-block
isDefault: true
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: "Immediate"
parameters:
imageFormat: "2"
imageFeatures: layering,exclusive-lock,object-map,fast-diff
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/fstype: ext4
cephFileSystems:
- name: ceph-filesystem
spec:
metadataPool:
replicated:
size: 3
dataPools:
- failureDomain: host
replicated:
size: 3
name: data0
metadataServer:
activeCount: 1
activeStandby: true
resources:
requests:
cpu: "1000m"
memory: "4Gi"
priorityClassName: system-cluster-critical
storageClass:
enabled: true
isDefault: false
name: ceph-filesystem
pool: data0
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: "Immediate"
parameters:
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/fstype: ext4
cephFileSystemVolumeSnapshotClass:
enabled: true
name: ceph-filesystem
isDefault: false
deletionPolicy: Delete
cephBlockPoolsVolumeSnapshotClass:
enabled: true
name: ceph-blockpool-snapshot
isDefault: true
deletionPolicy: Delete
cephObjectStores:
- name: ceph-objectstore
spec:
metadataPool:
failureDomain: host
replicated:
size: 3
dataPool:
failureDomain: host
erasureCoded:
dataChunks: 2
codingChunks: 1
parameters:
bulk: "true"
preservePoolsOnDelete: true
gateway:
port: 80
resources:
requests:
cpu: "1000m"
memory: "1Gi"
instances: 1
priorityClassName: system-cluster-critical
hosting:
dnsNames:
- objects.alexlebens.dev
- objects.alexlebens.net
storageClass:
enabled: true
name: ceph-bucket
reclaimPolicy: Delete
volumeBindingMode: "Immediate"
parameters:
region: us-east-1
cloudflared-rgw:
existingSecretName: ceph-rgw-cloudflared-secret
name: cloudflared-rgw

21
clusters/cl01tl/storage/snapshot-controller/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: snapshot-controller
version: 1.0.0
description: Snapshot Controller
keywords:
- snapshot-controller
- snapshots
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/67c065ac-bbc7-4d35-be62-af5b65ed8330
sources:
- https://github.com/kubernetes-csi/external-snapshotter
- https://github.com/piraeusdatastore/helm-charts/tree/main/charts/snapshot-controller
maintainers:
- name: alexlebens
dependencies:
- name: snapshot-controller
version: 4.2.0
repository: https://piraeus.io/helm-charts/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v8.2.1

15
clusters/cl01tl/storage/snapshot-controller/values.yaml
View File

@@ -1,15 +0,0 @@
snapshot-controller:
controller:
replicaCount: 3
args:
leaderElection: true
leaderElectionNamespace: snapshot-controller
image:
repository: registry.k8s.io/sig-storage/snapshot-controller
tag: v8.4.0
resources:
requests:
cpu: 50m
memory: 128Mi
serviceMonitor:
create: true

22
clusters/cl01tl/storage/volsync/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: volsync
version: 1.0.0
description: Volsync
keywords:
- volsync
- backup
- storage
- s3
- kubernetes
home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b
sources:
- https://github.com/backube/volsync
- https://github.com/backube/volsync/tree/main/helm/volsync
maintainers:
- name: alexlebens
dependencies:
- name: volsync
version: 0.14.0
repository: https://backube.github.io/helm-charts/
icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
appVersion: 0.12.1

15
clusters/cl01tl/storage/volsync/values.yaml
View File

@@ -1,15 +0,0 @@
volsync:
replicaCount: 3
manageCRDs: true
metrics:
disableAuth: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources:
requests:
cpu: 10m
memory: 128Mi

22
clusters/cl01tl/storage/whodb/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: whodb
version: 1.0.0
description: WhoDB
keywords:
- whodb
- postgresql
- database
home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786
sources:
- https://github.com/clidey/whodb
- https://hub.docker.com/r/clidey/whodb
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: whodb
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
appVersion: 0.53.0

28
clusters/cl01tl/storage/whodb/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-whodb
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-whodb
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- whodb.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: whodb
port: 80
weight: 100

29
clusters/cl01tl/storage/whodb/values.yaml
View File

@@ -1,29 +0,0 @@
whodb:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: clidey/whodb
tag: 0.80.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST
value: ollama-server-2.ollama
- name: WHODB_OLLAMA_PORT
value: 11434
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8080
protocol: TCP